diff --git a/charts/spark-operator-chart/templates/controller/deployment.yaml b/charts/spark-operator-chart/templates/controller/deployment.yaml
index 75384d69..cfa89667 100644
--- a/charts/spark-operator-chart/templates/controller/deployment.yaml
+++ b/charts/spark-operator-chart/templates/controller/deployment.yaml
@@ -72,8 +72,11 @@ spec:
         {{- with .Values.controller.uiIngress.ingressClassName }}
         - --ingress-class-name={{ . }}
         {{- end }}
-        {{- with .Values.controller.uiIngress.ingressTLS }}
-        - --ingress-tls={{ . | toJson }}
+        {{- with .Values.controller.uiIngress.defaultIngressTLS }}
+        - --default-ingress-tls={{ . | toJson }}
+        {{- end }}
+        {{- with .Values.controller.uiIngress.defaultIngressAnnotations }}
+        - --default-ingress-annotations={{ . | toJson }}
         {{- end }}
         {{- end }}
         {{- if .Values.controller.batchScheduler.enable }}
diff --git a/charts/spark-operator-chart/values.yaml b/charts/spark-operator-chart/values.yaml
index 4ff8588e..1befaa6c 100644
--- a/charts/spark-operator-chart/values.yaml
+++ b/charts/spark-operator-chart/values.yaml
@@ -74,7 +74,13 @@ controller:
     urlFormat: ""
     # -- Optionally set the ingressClassName.
     ingressClassName: ""
-    ingressTLS: []
+    defaultIngressTLS: []
+    # - hosts:
+    #   - "*.example.com"
+    #   secretName: "example-secret"
+    defaultIngressAnnotations: {}
+      # key1: value1
+      # key2: value2
 
   batchScheduler:
     # -- Specifies whether to enable batch scheduler for spark jobs scheduling.
diff --git a/cmd/operator/controller/start.go b/cmd/operator/controller/start.go
index e5498686..a1e1b84d 100644
--- a/cmd/operator/controller/start.go
+++ b/cmd/operator/controller/start.go
@@ -86,10 +86,11 @@ var (
 	workqueueRateLimiterMaxDelay   time.Duration
 
 	// Batch scheduler
-	enableBatchScheduler  bool
-	kubeSchedulerNames    []string
-	defaultBatchScheduler string
-	ingressTLS            []networkingv1.IngressTLS
+	enableBatchScheduler      bool
+	kubeSchedulerNames        []string
+	defaultBatchScheduler     string
+	defaultIngressTLS         []networkingv1.IngressTLS
+	defaultIngressAnnotations map[string]string
 
 	// Spark web UI service and ingress
 	enableUIService  bool
@@ -132,7 +133,8 @@ func init() {
 }
 
 func NewStartCommand() *cobra.Command {
-	var ingressTLSstring string
+	var defaultIngressTLSstring string
+	var defaultIngressAnnotationsString string
 	var command = &cobra.Command{
 		Use:   "start",
 		Short: "Start controller and webhook",
@@ -140,12 +142,15 @@ func NewStartCommand() *cobra.Command {
 			development = viper.GetBool("development")
 		},
 		PreRunE: func(_ *cobra.Command, args []string) error {
-			if ingressTLSstring != "" {
-				err := json.Unmarshal([]byte(ingressTLSstring), &ingressTLS)
+			if defaultIngressTLSstring != "" {
+				err := json.Unmarshal([]byte(defaultIngressTLSstring), &defaultIngressTLS)
 				if err != nil {
 					return err
 				}
 			}
+			if defaultIngressAnnotationsString != "" {
+				return json.Unmarshal([]byte(defaultIngressAnnotationsString), &defaultIngressAnnotations)
+			}
 			return nil
 		},
 		Run: func(_ *cobra.Command, args []string) {
@@ -170,7 +175,8 @@ func NewStartCommand() *cobra.Command {
 	command.Flags().BoolVar(&enableUIService, "enable-ui-service", true, "Enable Spark Web UI service.")
 	command.Flags().StringVar(&ingressClassName, "ingress-class-name", "", "Set ingressClassName for ingress resources created.")
 	command.Flags().StringVar(&ingressURLFormat, "ingress-url-format", "", "Ingress URL format.")
-	command.Flags().StringVar(&ingressTLSstring, "ingress-tls", "", "JSON format string for the default TLS config on the Spark UI ingresses. e.g. '[{\"hosts\":[\"example.com\"],\"secretName\":\"example-secret\"}]' `ingressTLS` in the SparkApplication spec will override this value.")
+	command.Flags().StringVar(&defaultIngressTLSstring, "default-ingress-tls", "", "JSON format string for the default TLS config on the Spark UI ingresses. e.g. '[{\"hosts\":[\"*.example.com\"],\"secretName\":\"example-secret\"}]'. `ingressTLS` in the SparkApplication spec will override this value.")
+	command.Flags().StringVar(&defaultIngressAnnotationsString, "default-ingress-annotations", "", "JSON format string for the default ingress annotations for the Spark UI ingresses. e.g. '[{\"cert-manager.io/cluster-issuer\": \"letsencrypt\"}]'. `ingressAnnotations` in the SparkApplication spec will override this value.")
 
 	command.Flags().BoolVar(&enableLeaderElection, "leader-election", false, "Enable leader election for controller manager. "+
 		"Enabling this will ensure there is only one active controller manager.")
@@ -412,13 +418,13 @@ func newSparkApplicationReconcilerOptions() sparkapplication.Options {
 		sparkExecutorMetrics = metrics.NewSparkExecutorMetrics(metricsPrefix, metricsLabels)
 		sparkExecutorMetrics.Register()
 	}
-	logger.Info("Ingress TLS configuration", "ingressTLS", ingressTLS)
 	options := sparkapplication.Options{
 		Namespaces:                   namespaces,
 		EnableUIService:              enableUIService,
 		IngressClassName:             ingressClassName,
 		IngressURLFormat:             ingressURLFormat,
-		DefaultIngressTLS:            ingressTLS,
+		DefaultIngressTLS:            defaultIngressTLS,
+		DefaultIngressAnnotations:    defaultIngressAnnotations,
 		DefaultBatchScheduler:        defaultBatchScheduler,
 		DriverPodCreationGracePeriod: driverPodCreationGracePeriod,
 		SparkApplicationMetrics:      sparkApplicationMetrics,