diff --git a/config/crd/bases/redhatgov.io_giteas.yaml b/config/crd/bases/redhatgov.io_giteas.yaml
index ea8df73..ef5fbac 100644
--- a/config/crd/bases/redhatgov.io_giteas.yaml
+++ b/config/crd/bases/redhatgov.io_giteas.yaml
@@ -67,6 +67,12 @@ spec:
                         description: Defines SSL/TLS state, if your IngressController/Router supports it
                         type: boolean
                         default: True
+                      externalIp:
+                        description: |
+                          Defines whether the gitea service should request an external IP address.
+                          Required for external SSH.
+                        type: boolean
+                        default: False
                   image:
                     description: Defines the ways in which the Gitea image should be sourced and managed
                     type: object
diff --git a/playbooks/gitea-operator.yml b/playbooks/gitea-operator.yml
index 8e74c3f..354f01c 100644
--- a/playbooks/gitea-operator.yml
+++ b/playbooks/gitea-operator.yml
@@ -36,6 +36,7 @@
       _gitea_expose_method: "{{ gitea.expose.kind | default('Route') }}"
       _gitea_expose_uri: "{{ gitea.expose.uri | default('') }}"
       _gitea_ssl: "{{ gitea.expose.ssl | default(True) }}"
+      _gitea_external_ip: "{{ gitea.expose.external_ip | default(False) }}"
 
       _gitea_image: "{{ gitea.image.src | default('quay.io/redhatgov/gitea') }}"
       _gitea_image_tag: "{{ gitea.image.tag | default('latest') }}"
diff --git a/roles/gitea-ocp/templates/service.yml.j2 b/roles/gitea-ocp/templates/service.yml.j2
index 0bc83e7..848f027 100644
--- a/roles/gitea-ocp/templates/service.yml.j2
+++ b/roles/gitea-ocp/templates/service.yml.j2
@@ -18,4 +18,6 @@ spec:
     protocol: TCP
     targetPort: 2022
   sessionAffinity: None
-  type: ClusterIP
+{% if _gitea_external_ssh|bool %}
+  type: LoadBalancer
+{% endif %}