diff --git a/charts/actions-runner-controller/templates/_github_webhook_server_helpers.tpl b/charts/actions-runner-controller/templates/_github_webhook_server_helpers.tpl
index 6aaa8a6c..29640459 100644
--- a/charts/actions-runner-controller/templates/_github_webhook_server_helpers.tpl
+++ b/charts/actions-runner-controller/templates/_github_webhook_server_helpers.tpl
@@ -54,3 +54,7 @@ Create the name of the service account to use
 {{- define "actions-runner-controller-github-webhook-server.roleName" -}}
 {{- include "actions-runner-controller-github-webhook-server.fullname" . }}
 {{- end }}
+
+{{- define "actions-runner-controller-github-webhook-server.serviceMonitorName" -}}
+{{- include "actions-runner-controller-github-webhook-server.fullname" . | trunc 47 }}-service-monitor
+{{- end }}
diff --git a/charts/actions-runner-controller/templates/_helpers.tpl b/charts/actions-runner-controller/templates/_helpers.tpl
index bc91388b..1aa9eabd 100644
--- a/charts/actions-runner-controller/templates/_helpers.tpl
+++ b/charts/actions-runner-controller/templates/_helpers.tpl
@@ -92,10 +92,14 @@ Create the name of the service account to use
 {{- include "actions-runner-controller.fullname" . | trunc 55 }}-webhook
 {{- end }}
 
-{{- define "actions-runner-controller.authProxyServiceName" -}}
+{{- define "actions-runner-controller.metricsServiceName" -}}
 {{- include "actions-runner-controller.fullname" . | trunc 47 }}-metrics-service
 {{- end }}
 
+{{- define "actions-runner-controller.serviceMonitorName" -}}
+{{- include "actions-runner-controller.fullname" . | trunc 47 }}-service-monitor
+{{- end }}
+
 {{- define "actions-runner-controller.selfsignedIssuerName" -}}
 {{- include "actions-runner-controller.fullname" . }}-selfsigned-issuer
 {{- end }}
diff --git a/charts/actions-runner-controller/templates/auth_proxy_role.yaml b/charts/actions-runner-controller/templates/auth_proxy_role.yaml
index 7a12456f..24f0ce58 100644
--- a/charts/actions-runner-controller/templates/auth_proxy_role.yaml
+++ b/charts/actions-runner-controller/templates/auth_proxy_role.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.metrics.proxy.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -11,3 +12,4 @@ rules:
   resources:
   - subjectaccessreviews
   verbs: ["create"]
+{{- end }}
diff --git a/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml b/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml
index f0dbbcfd..b3061f76 100644
--- a/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml
+++ b/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.metrics.proxy.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -10,3 +11,4 @@ subjects:
 - kind: ServiceAccount
   name: {{ include "actions-runner-controller.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/actions-runner-controller/templates/auth_proxy_service.yaml b/charts/actions-runner-controller/templates/controller.metrics.service.yaml
similarity index 61%
rename from charts/actions-runner-controller/templates/auth_proxy_service.yaml
rename to charts/actions-runner-controller/templates/controller.metrics.service.yaml
index da703245..dee332c7 100644
--- a/charts/actions-runner-controller/templates/auth_proxy_service.yaml
+++ b/charts/actions-runner-controller/templates/controller.metrics.service.yaml
@@ -3,12 +3,12 @@ kind: Service
 metadata:
   labels:
     {{- include "actions-runner-controller.labels" . | nindent 4 }}
-  name: {{ include "actions-runner-controller.authProxyServiceName" . }}
+  name: {{ include "actions-runner-controller.metricsServiceName" . }}
   namespace: {{ .Release.Namespace }}
 spec:
   ports:
-  - name: https
-    port: 8443
-    targetPort: https
+  - name: metrics-port
+    port: {{ .Values.metrics.port }}
+    targetPort: metrics-port
   selector:
     {{- include "actions-runner-controller.selectorLabels" . | nindent 4 }}
diff --git a/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml b/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml
new file mode 100644
index 00000000..3b4eca44
--- /dev/null
+++ b/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.metrics.serviceMonitor }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    {{- include "actions-runner-controller.labels" . | nindent 4 }}
+  name: {{ include "actions-runner-controller.serviceMonitorName" . }}
+spec:
+  endpoints:
+    - path: /metrics
+      port: metrics-port
+  selector:
+    matchLabels:
+      {{- include "actions-runner-controller.selectorLabels" . | nindent 6 }}
+{{- end }}
diff --git a/charts/actions-runner-controller/templates/deployment.yaml b/charts/actions-runner-controller/templates/deployment.yaml
index f0c8cb8b..8175ac8e 100644
--- a/charts/actions-runner-controller/templates/deployment.yaml
+++ b/charts/actions-runner-controller/templates/deployment.yaml
@@ -31,8 +31,9 @@ spec:
       {{- end }}
       containers:
       - args:
-        {{- $metricsHost := .Values.kube_rbac_proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }}
-        - "--metrics-addr={{ $metricsHost }}:8080"
+        {{- $metricsHost := .Values.metrics.proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }}
+        {{- $metricsPort := .Values.metrics.proxy.enabled | ternary "8080" .Values.metrics.port }}
+        - "--metrics-addr={{ $metricsHost }}:{{ $metricsPort }}"
         - "--enable-leader-election"
         - "--sync-period={{ .Values.syncPeriod }}"
         - "--docker-image={{ .Values.image.dindSidecarRepositoryAndTag }}"
@@ -79,9 +80,9 @@ spec:
         - containerPort: 9443
           name: webhook-server
           protocol: TCP
-        {{- if not .Values.kube_rbac_proxy.enabled }}
-        - containerPort: 9443
-          name: https
+        {{- if not .Values.metrics.proxy.enabled }}
+        - containerPort: {{ .Values.metrics.port }}
+          name: metrics-port
           protocol: TCP
         {{- end }}
         resources:
@@ -97,18 +98,18 @@ spec:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
-      {{- if .Values.kube_rbac_proxy.enabled }}
+      {{- if .Values.metrics.proxy.enabled }}
       - args:
-        - "--secure-listen-address=0.0.0.0:8443"
+        - "--secure-listen-address=0.0.0.0:{{ .Values.metrics.port }}"
         - "--upstream=http://127.0.0.1:8080/"
         - "--logtostderr=true"
         - "--v=10"
-        image: "{{ .Values.kube_rbac_proxy.image.repository }}:{{ .Values.kube_rbac_proxy.image.tag }}"
+        image: "{{ .Values.metrics.proxy.image.repository }}:{{ .Values.metrics.proxy.image.tag }}"
         name: kube-rbac-proxy
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         ports:
-        - containerPort: 8443
-          name: https
+        - containerPort: {{ .Values.metrics.port }}
+          name: metrics-port
         resources:
           {{- toYaml .Values.resources | nindent 12 }}
         securityContext:
diff --git a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml
index 5655fed0..68756ba3 100644
--- a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml
@@ -32,7 +32,9 @@ spec:
       {{- end }}
       containers:
       - args:
-        - "--metrics-addr=127.0.0.1:8080"
+        {{- $metricsHost := .Values.metrics.proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }}
+        {{- $metricsPort := .Values.metrics.proxy.enabled | ternary "8080" .Values.metrics.port }}
+        - "--metrics-addr={{ $metricsHost }}:{{ $metricsPort }}"
         - "--sync-period={{ .Values.githubWebhookServer.syncPeriod }}"
         {{- if .Values.githubWebhookServer.logLevel }}
         - "--log-level={{ .Values.githubWebhookServer.logLevel }}"
@@ -57,25 +59,32 @@ spec:
         - containerPort: 8000
           name: http
           protocol: TCP
+        {{- if not .Values.metrics.proxy.enabled }}
+        - containerPort: {{ .Values.metrics.port }}
+          name: metrics-port
+          protocol: TCP
+        {{- end }}
         resources:
           {{- toYaml .Values.githubWebhookServer.resources | nindent 12 }}
         securityContext:
           {{- toYaml .Values.githubWebhookServer.securityContext | nindent 12 }}
+      {{- if .Values.metrics.proxy.enabled }}
       - args:
-        - "--secure-listen-address=0.0.0.0:8443"
+        - "--secure-listen-address=0.0.0.0:{{ .Values.metrics.port }}"
         - "--upstream=http://127.0.0.1:8080/"
         - "--logtostderr=true"
         - "--v=10"
-        image: "{{ .Values.kube_rbac_proxy.image.repository }}:{{ .Values.kube_rbac_proxy.image.tag }}"
+        image: "{{ .Values.metrics.proxy.image.repository }}:{{ .Values.metrics.proxy.image.tag }}"
         name: kube-rbac-proxy
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         ports:
-        - containerPort: 8443
-          name: https
+        - containerPort: {{ .Values.metrics.port }}
+          name: metrics-port
         resources:
           {{- toYaml .Values.resources | nindent 12 }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
+      {{- end }}
       terminationGracePeriodSeconds: 10
       {{- with .Values.githubWebhookServer.nodeSelector }}
       nodeSelector:
diff --git a/charts/actions-runner-controller/templates/githubwebhook.service.yaml b/charts/actions-runner-controller/templates/githubwebhook.service.yaml
index 63bb2af1..336e3cfa 100644
--- a/charts/actions-runner-controller/templates/githubwebhook.service.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.service.yaml
@@ -12,6 +12,11 @@ spec:
     {{ range $_, $port := .Values.githubWebhookServer.service.ports -}}
     - {{ $port | toYaml | nindent 6 }}
     {{- end }}
+    {{- if .Values.metrics.serviceMonitor }}
+    - name: metrics-port
+      port: {{ .Values.metrics.port }}
+      targetPort: metrics-port
+    {{- end }}
   selector:
     {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 4 }}
 {{- end }}
diff --git a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml
new file mode 100644
index 00000000..6b4bec73
--- /dev/null
+++ b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.githubWebhookServer.enabled .Values.metrics.serviceMonitor }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    {{- include "actions-runner-controller.labels" . | nindent 4 }}
+  name: {{ include "actions-runner-controller-github-webhook-server.serviceMonitorName" . }}
+spec:
+  endpoints:
+    - path: /metrics
+      port: metrics-port
+  selector:
+    matchLabels:
+      {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 6 }}
+{{- end }}
diff --git a/charts/actions-runner-controller/values.yaml b/charts/actions-runner-controller/values.yaml
index e24dd2b2..551f5bd3 100644
--- a/charts/actions-runner-controller/values.yaml
+++ b/charts/actions-runner-controller/values.yaml
@@ -30,12 +30,6 @@ image:
   dindSidecarRepositoryAndTag: "docker:dind"
   pullPolicy: IfNotPresent
 
-kube_rbac_proxy:
-  enabled: true
-  image:
-    repository: quay.io/brancz/kube-rbac-proxy
-    tag: v0.8.0
-
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
@@ -68,6 +62,15 @@ service:
   type: ClusterIP
   port: 443
 
+metrics:
+  serviceMonitor: false
+  port: 8443
+  proxy:
+    enabled: true
+    image:
+      repository: quay.io/brancz/kube-rbac-proxy
+      tag: v0.8.0
+
 resources:
   {}
   # We usually recommend not to specify default resources and to leave this as a conscious