diff --git a/charts/actions-runner-controller/templates/githubwebhook.role.yaml b/charts/actions-runner-controller/templates/githubwebhook.role.yaml
index 1c0d1523..d9d22908 100644
--- a/charts/actions-runner-controller/templates/githubwebhook.role.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.role.yaml
@@ -67,4 +67,16 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
 {{- end }}
diff --git a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml
index c144ea9f..c5368dfb 100644
--- a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml
@@ -12,6 +12,12 @@ spec:
   endpoints:
     - path: /metrics
       port: metrics-port
+      {{- if .Values.metrics.proxy.enabled }}
+      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      scheme: https
+      tlsConfig:
+        insecureSkipVerify: true
+      {{- end }}
   selector:
     matchLabels:
       {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 6 }}