diff --git a/charts/ingress/CHANGELOG.md b/charts/ingress/CHANGELOG.md
index 9e3cbe660..deca9814e 100644
--- a/charts/ingress/CHANGELOG.md
+++ b/charts/ingress/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Changelog
 
+## Unreleased
+
+### Improvements
+
+- Controller Pods now include annotations to exempt the gateway admin API port
+  from Kuma and Istio mesh interception. Controller to admin API configuration
+  uses its own mTLS configuration, which is not compatible with mesh mTLS.
+  [#913](https://github.com/Kong/charts/pull/913)
+
 ## 0.7.0
 
 - Bumped dependency `kong/kong` minimum to `2.28.1`. Review the [kong chart
diff --git a/charts/ingress/values.yaml b/charts/ingress/values.yaml
index f067adb0e..4b64c9c8f 100644
--- a/charts/ingress/values.yaml
+++ b/charts/ingress/values.yaml
@@ -19,6 +19,14 @@ controller:
       enabled: true
       generateAdminApiService: true
 
+  podAnnotations:
+    kuma.io/gateway: enabled
+    # This port must match your Kong admin API port. 8444 is the default.
+    # If you set gateway.admin.tls.containerPort, change these annotations
+    # to use that value.
+    traffic.kuma.io/exclude-outbound-ports: "8444"
+    traffic.sidecar.istio.io/excludeOutboundPorts: "8444"
+
 gateway:
   enabled: true
   deployment: