diff --git a/CHANGELOG.md b/CHANGELOG.md
index d977798e5c..e31b3eb46c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ IMPROVEMENTS:
   * Add support for labeling a Kubernetes service with `consul.hashicorp.com/service-ignore` to prevent services from being registered in Consul. [[GH-858](https://github.com/hashicorp/consul-k8s/pull/858)]
 * Helm Chart
   * Fail an installation/upgrade if WAN federation and Admin Partitions are both enabled. [[GH-892](https://github.com/hashicorp/consul-k8s/issues/892)]
+  * Add support for setting `ingressClassName` for UI. [[GH-909](https://github.com/hashicorp/consul-k8s/pull/909)]
 
 BUG FIXES:
 * Control Plane:
diff --git a/charts/consul/templates/ui-ingress.yaml b/charts/consul/templates/ui-ingress.yaml
index 28d3069768..7b6e6bab4f 100644
--- a/charts/consul/templates/ui-ingress.yaml
+++ b/charts/consul/templates/ui-ingress.yaml
@@ -25,6 +25,9 @@ metadata:
     {{ tpl .Values.ui.ingress.annotations . | nindent 4 | trim }}
   {{- end }}
 spec:
+  {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "18" ) }}
+  ingressClassName: {{ .Values.ui.ingress.ingressClassName }}
+  {{- end }}
   rules:
   {{ $global := .Values.global }}
   {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "19" ) }}
diff --git a/charts/consul/test/unit/ui-ingress.bats b/charts/consul/test/unit/ui-ingress.bats
index f26d181d2b..aaa4e56653 100755
--- a/charts/consul/test/unit/ui-ingress.bats
+++ b/charts/consul/test/unit/ui-ingress.bats
@@ -59,59 +59,73 @@ load _helpers
   [ "${actual}" = "foo.com" ]
 }
 
-@test "ui/Ingress: exposes single port 80 when global.tls.enabled=false" {
-# todo: test for Kube versions < 1.19 when helm supports --kube-version flag (https://github.com/helm/helm/pull/9040)
-#  local actual=$(helm template \
-#      -s templates/ui-ingress.yaml  \
-#      --set 'ui.ingress.enabled=true' \
-#      --set 'global.tls.enabled=false' \
-#      --set 'ui.ingress.hosts[0].host=foo.com' \
-#      --kube-version "1.18" \
-#      . | tee /dev/stderr |
-#      yq -r '.spec.rules[0].http.paths[0].backend.servicePort' | tee /dev/stderr)
+@test "ui/Ingress: exposes single port 80 when global.tls.enabled=false when Kube version < 1.19" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/ui-ingress.yaml  \
+      --set 'ui.ingress.enabled=true' \
+      --set 'global.tls.enabled=false' \
+      --set 'ui.ingress.hosts[0].host=foo.com' \
+      --kube-version "1.18" \
+      . | tee /dev/stderr |
+      yq -r '.spec.rules[0].http.paths[0].backend.servicePort' | tee /dev/stderr)
+  [ "${actual}" = "80" ]
+}
+
+@test "ui/Ingress: exposes single port 80 when global.tls.enabled=false when Kube version >= 1.19" {
   cd `chart_dir`
   local actual=$(helm template \
      -s templates/ui-ingress.yaml  \
      --set 'ui.ingress.enabled=true' \
      --set 'global.tls.enabled=false' \
      --set 'ui.ingress.hosts[0].host=foo.com' \
+     --kube-version "1.19" \
      . | tee /dev/stderr |
      yq -r '.spec.rules[0].http.paths[0].backend.service.port.number' | tee /dev/stderr)
   [ "${actual}" = "80" ]
 }
 
-@test "ui/Ingress: exposes single port 443 when global.tls.enabled=true and global.tls.httpsOnly=true" {
-# todo: test for Kube versions < 1.19 when helm supports --kube-version flag (https://github.com/helm/helm/pull/9040)
-#  local actual=$(helm template \
-#      -s templates/ui-ingress.yaml  \
-#      --set 'ui.ingress.enabled=true' \
-#      --set 'global.tls.enabled=true' \
-#      --set 'ui.ingress.hosts[0].host=foo.com' \
-#      --kube-version "1.18" \
-#      . | tee /dev/stderr |
-#      yq -r '.spec.rules[0].http.paths[0].backend.servicePort' | tee /dev/stderr)
+@test "ui/Ingress: exposes single port 443 when global.tls.enabled=true and global.tls.httpsOnly=true when Kube version < 1.19" {
+  cd `chart_dir`
+  local actual=$(helm template \
+    -s templates/ui-ingress.yaml  \
+    --set 'ui.ingress.enabled=true' \
+    --set 'global.tls.enabled=true' \
+    --set 'ui.ingress.hosts[0].host=foo.com' \
+    --kube-version "1.18" \
+    . | tee /dev/stderr |
+    yq -r '.spec.rules[0].http.paths[0].backend.servicePort' | tee /dev/stderr)
+  [ "${actual}" = "443" ]
+}
+
+@test "ui/Ingress: exposes single port 443 when global.tls.enabled=true and global.tls.httpsOnly=true when Kube version >= 1.19" {
   cd `chart_dir`
   local actual=$(helm template \
       -s templates/ui-ingress.yaml  \
       --set 'ui.ingress.enabled=true' \
       --set 'global.tls.enabled=true' \
       --set 'ui.ingress.hosts[0].host=foo.com' \
+      --kube-version "1.19" \
       . | tee /dev/stderr |
       yq -r '.spec.rules[0].http.paths[0].backend.service.port.number' | tee /dev/stderr)
   [ "${actual}" = "443" ]
 }
 
-@test "ui/Ingress: exposes the port 80 when global.tls.enabled=true and global.tls.httpsOnly=false" {
-# todo: test for Kube versions < 1.19 when helm supports --kube-version flag (https://github.com/helm/helm/pull/9040)
-#  local actual=$(helm template \
-#      -s templates/ui-ingress.yaml  \
-#      --set 'ui.ingress.enabled=true' \
-#      --set 'global.tls.enabled=true' \
-#      --set 'global.tls.httpsOnly=false' \
-#      --set 'ui.ingress.hosts[0].host=foo.com' \
-#      --kube-version "1.18" \
-#      . | tee /dev/stderr |
-#      yq -r '.spec.rules[0].http.paths[0].backend.servicePort' | tee /dev/stderr)
+@test "ui/Ingress: exposes the port 80 when global.tls.enabled=true and global.tls.httpsOnly=false when Kube version < 1.19" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/ui-ingress.yaml  \
+      --set 'ui.ingress.enabled=true' \
+      --set 'global.tls.enabled=true' \
+      --set 'global.tls.httpsOnly=false' \
+      --set 'ui.ingress.hosts[0].host=foo.com' \
+      --kube-version "1.18" \
+      . | tee /dev/stderr |
+      yq -r '.spec.rules[0].http.paths[0].backend.servicePort' | tee /dev/stderr)
+  [ "${actual}" = "80" ]
+}
+
+@test "ui/Ingress: exposes the port 80 when global.tls.enabled=true and global.tls.httpsOnly=false when Kube version >= 1.19" {
   cd `chart_dir`
   local actual=$(helm template \
       -s templates/ui-ingress.yaml  \
@@ -119,22 +133,27 @@ load _helpers
       --set 'global.tls.enabled=true' \
       --set 'global.tls.httpsOnly=false' \
       --set 'ui.ingress.hosts[0].host=foo.com' \
+      --kube-version "1.19" \
       . | tee /dev/stderr |
       yq -r '.spec.rules[0].http.paths[0].backend.service.port.number' | tee /dev/stderr)
   [ "${actual}" = "80" ]
 }
 
-@test "ui/Ingress: exposes the port 443 when global.tls.enabled=true and global.tls.httpsOnly=false" {
-# todo: test for Kube versions < 1.19 when helm supports --kube-version flag (https://github.com/helm/helm/pull/9040)
-#  local actual=$(helm template \
-#      -s templates/ui-ingress.yaml  \
-#      --set 'ui.ingress.enabled=true' \
-#      --set 'global.tls.enabled=true' \
-#      --set 'global.tls.httpsOnly=false' \
-#      --set 'ui.ingress.hosts[0].host=foo.com' \
-#      --kube-version "1.18" \
-#      . | tee /dev/stderr |
-#      yq -r '.spec.rules[0].http.paths[1].backend.servicePort' | tee /dev/stderr)
+@test "ui/Ingress: exposes the port 443 when global.tls.enabled=true and global.tls.httpsOnly=false when Kube version < 1.19" {
+  cd `chart_dir`
+  local actual=$(helm template \
+    -s templates/ui-ingress.yaml  \
+    --set 'ui.ingress.enabled=true' \
+    --set 'global.tls.enabled=true' \
+    --set 'global.tls.httpsOnly=false' \
+    --set 'ui.ingress.hosts[0].host=foo.com' \
+    --kube-version "1.18" \
+    . | tee /dev/stderr |
+    yq -r '.spec.rules[0].http.paths[1].backend.servicePort' | tee /dev/stderr)
+  [ "${actual}" = "443" ]
+}
+
+@test "ui/Ingress: exposes the port 443 when global.tls.enabled=true and global.tls.httpsOnly=false when Kube version >= 1.19" {
   cd `chart_dir`
   local actual=$(helm template \
       -s templates/ui-ingress.yaml  \
@@ -142,6 +161,7 @@ load _helpers
       --set 'global.tls.enabled=true' \
       --set 'global.tls.httpsOnly=false' \
       --set 'ui.ingress.hosts[0].host=foo.com' \
+      --kube-version "1.19" \
       . | tee /dev/stderr |
       yq -r '.spec.rules[0].http.paths[1].backend.service.port.number' | tee /dev/stderr)
   [ "${actual}" = "443" ]
@@ -234,3 +254,40 @@ load _helpers
     yq -r '.spec.rules[0].http.paths[0].pathType' | tee /dev/stderr)
   [ "${actual}" = "ImplementationSpecific" ]
 }
+
+#--------------------------------------------------------------------
+# ingressClassName
+
+@test "ui/Ingress: no ingressClassName by default" {
+  cd `chart_dir`
+  local actual=$(helm template \
+    -s templates/ui-ingress.yaml  \
+    --set 'ui.ingress.enabled=true' \
+    . | tee /dev/stderr |
+    yq -r '.spec.ingressClassName' | tee /dev/stderr)
+  [ "${actual}" = "null" ]
+}
+
+@test "ui/Ingress: can set ingressClassName" {
+  cd `chart_dir`
+  local actual=$(helm template \
+    -s templates/ui-ingress.yaml  \
+    --set 'ui.ingress.enabled=true' \
+    --set 'ui.ingress.ingressClassName=nginx' \
+    . | tee /dev/stderr |
+    yq -r '.spec.ingressClassName' | tee /dev/stderr)
+  [ "${actual}" = "nginx" ]
+}
+
+@test "ui/Ingress: cannot set ingressClassName for Kube version < 1.18" {
+  cd `chart_dir`
+  local actual=$(helm template \
+    -s templates/ui-ingress.yaml  \
+    --set 'ui.ingress.enabled=true' \
+    --set 'ui.ingress.ingressClassName=nginx' \
+    --kube-version "1.17" \
+    . | tee /dev/stderr |
+    yq -r '.spec.ingressClassName' | tee /dev/stderr)
+  [ "${actual}" = "null" ]
+}
+
diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml
index a6ab7223fe..c637b927a6 100644
--- a/charts/consul/values.yaml
+++ b/charts/consul/values.yaml
@@ -1222,6 +1222,9 @@ ui:
     # @type: boolean
     enabled: false
 
+    # Optionally set the ingressClassName.
+    ingressClassName: ""
+
     # pathType override - see: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types
     pathType: Prefix