diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md
index 0ae9f1fcc5..c1cc1e5af8 100644
--- a/deployments/helm-chart/README.md
+++ b/deployments/helm-chart/README.md
@@ -220,6 +220,7 @@ Parameter | Description | Default
 `controller.service.httpsPort.port` | The HTTPS port of the Ingress Controller service. | 443
 `controller.service.httpsPort.nodePort` | The custom NodePort for the HTTPS port. Requires `controller.service.type` set to `NodePort`.  | ""
 `controller.service.httpsPort.targetPort` | The target port of the HTTPS port of the Ingress Controller service. | 443
+`controller.serviceAccount.annotations` | The annotations of the Ingress Controller service account. | {}
 `controller.serviceAccount.name` | The name of the service account of the Ingress Controller pods. Used for RBAC. | Autogenerated
 `controller.serviceAccount.imagePullSecretName` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. | ""
 `controller.serviceMonitor.name` | The name of the serviceMonitor. | Autogenerated
diff --git a/deployments/helm-chart/templates/controller-serviceaccount.yaml b/deployments/helm-chart/templates/controller-serviceaccount.yaml
index c03c6a793b..e1a3b51a06 100644
--- a/deployments/helm-chart/templates/controller-serviceaccount.yaml
+++ b/deployments/helm-chart/templates/controller-serviceaccount.yaml
@@ -2,6 +2,9 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
+{{- if .Values.controller.serviceAccount.annotations }}
+  annotations: {{- toYaml .Values.controller.serviceAccount.annotations | nindent 4 }}
+{{- end }}
   name: {{ include "nginx-ingress.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml
index 3fdd157a83..9abb7072e4 100644
--- a/deployments/helm-chart/values.yaml
+++ b/deployments/helm-chart/values.yaml
@@ -312,6 +312,9 @@ controller:
     customPorts: []
 
   serviceAccount:
+    ## The annotations of the service account of the Ingress Controller pods.
+    annotations: {}
+
     ## The name of the service account of the Ingress Controller pods. Used for RBAC.
     ## Autogenerated if not set or set to "".
     # name: nginx-ingress