diff --git a/app/scripts/modules/kubernetes/help/kubernetes.help.ts b/app/scripts/modules/kubernetes/help/kubernetes.help.ts
index 6687a307910..308e33ab92b 100644
--- a/app/scripts/modules/kubernetes/help/kubernetes.help.ts
+++ b/app/scripts/modules/kubernetes/help/kubernetes.help.ts
@@ -127,6 +127,7 @@ const helpContents: {[key: string]: string} = {
   'kubernetes.ingress.rules.host': 'The fully qualified domain name of a network host. Any traffic routed to this host matches this rule. May not be an IP address, or contain port information.',
   'kubernetes.ingress.rules.path': 'POSIX regex (IEE Std 1003.1) matched against the path of an incoming request.',
   'kubernetes.ingress.rules.port': 'The port on the specifed load balancer to route traffic to.',
+  'kubernetes.ingress.rules.secret': '(Optional) The Kubernetes secret that contains the TLS certificate with which to secure connections to the security group. Note that Spinnaker will not create this secret, it will be assumed to exist.',
 };
 
 export const KUBERNETES_HELP = 'spinnaker.kubernetes.help.contents';
diff --git a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/advancedSettings.html b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/advancedSettings.html
new file mode 100644
index 00000000000..b9b2c13b1d2
--- /dev/null
+++ b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/advancedSettings.html
@@ -0,0 +1,8 @@
+<form class="container-fluid form-horizontal" name="advancedSettings">
+  <div class="col-md-12">
+    <map-editor model="securityGroup.annotations" label="Annotations" add-button-label="Add Annotations" labels-left="true"></map-editor>
+  </div>
+  <div class="col-md-12">
+    <map-editor model="securityGroup.labels" label="Labels" add-button-label="Add Labels" labels-left="true"></map-editor>
+  </div>
+</form>
diff --git a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/createWizard.html b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/createWizard.html
index b91522e7119..9114ac828e3 100644
--- a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/createWizard.html
+++ b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/createWizard.html
@@ -8,6 +8,9 @@
   <v2-wizard-page key="rules" label="Rules">
     <ng-include src="pages.rules"></ng-include>
   </v2-wizard-page>
+  <v2-wizard-page key="Advanced Settings" label="Advanced Settings">
+    <ng-include src="pages.advancedSettings"></ng-include>
+  </v2-wizard-page>
 </v2-modal-wizard>
 <div class="modal-footer">
   <button ng-disabled="taskMonitor.submitting" class="btn btn-default"
diff --git a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/editWizard.html b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/editWizard.html
index 9f7454ba927..df0078022a8 100644
--- a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/editWizard.html
+++ b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/editWizard.html
@@ -8,6 +8,9 @@
   <v2-wizard-page key="rules" label="Rules">
     <ng-include src="pages.rules"></ng-include>
   </v2-wizard-page>
+  <v2-wizard-page key="Advanced Settings" label="Advanced Settings">
+    <ng-include src="pages.advancedSettings"></ng-include>
+  </v2-wizard-page>
 </v2-modal-wizard>
 <div class="modal-footer">
   <button ng-disabled="taskMonitor.submitting" class="btn btn-default"
diff --git a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/rules.html b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/rules.html
index 01d2a14cc4d..3a58420331b 100644
--- a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/rules.html
+++ b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/rules.html
@@ -17,6 +17,15 @@
           </button>
         </div>
       </div>
+      <div class="form-group">
+        <div class="col-md-3 sm-label-right">
+          Secret
+          <help-field key="kubernetes.ingress.rules.secret"></help-field>
+        </div>
+        <div class="col-md-6">
+          <input type="text" class="form-control input-sm" name="details" ng-model="rule.secret"/>
+        </div>
+      </div>
       <br/>
 			<div ng-repeat="path in rule.value.http.paths">
 				<hr ng-if="$index > 0">
diff --git a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/upsert.controller.js b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/upsert.controller.js
index d181230e5db..327bcd18e14 100644
--- a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/upsert.controller.js
+++ b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/upsert.controller.js
@@ -34,6 +34,7 @@ module.exports = angular.module('spinnaker.securityGroup.kubernetes.create.contr
       basicSettings: require('./basicSettings.html'),
       backend: require('./backend.html'),
       rules: require('./rules.html'),
+      advancedSettings: require('./advancedSettings.html'),
     };
 
     $scope.state = {
@@ -181,6 +182,16 @@ module.exports = angular.module('spinnaker.securityGroup.kubernetes.create.contr
             cloudProvider: 'kubernetes',
             region: $scope.securityGroup.namespace,
           };
+
+          // Write TLS property so clouddriver understands it and our certs get configured
+          $scope.securityGroup.tls = [];
+          for (var idx in $scope.securityGroup.rules) {
+            let rule = $scope.securityGroup.rules[idx];
+            if (typeof rule.secret !== 'undefined' && rule.secret !== '') {
+              $scope.securityGroup.tls.push({ hosts: [rule.host], secretName: rule.secret });
+            }
+          }
+
           return securityGroupWriter.upsertSecurityGroup($scope.securityGroup, application, descriptor, params);
         }
       );