diff --git a/deploy/charts/kube-oidc-proxy/templates/deployment.yaml b/deploy/charts/kube-oidc-proxy/templates/deployment.yaml
index 66aa0a24f..5de2869b1 100644
--- a/deploy/charts/kube-oidc-proxy/templates/deployment.yaml
+++ b/deploy/charts/kube-oidc-proxy/templates/deployment.yaml
@@ -25,6 +25,9 @@ spec:
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         ports:
+        {{- if and .Values.metrics.enabled }}
+        - containerPort: {{ .Values.metrics.port }}
+        {{ end }}
         - containerPort: 443
         - containerPort: 8080
         readinessProbe:
@@ -74,6 +77,9 @@ spec:
           {{- range $key, $value := .Values.extraArgs -}}
           - "--{{ $key }}={{ $value -}}"
           {{ end }}
+          {{- if and .Values.metrics.enabled }}
+          - "--metrics-serving-address={{ .Values.metrics.address }}:{{ .Values.metrics.port }}"
+          {{ end }}
         resources:
           {{- toYaml .Values.resources | nindent 12 }}
         env:
diff --git a/deploy/charts/kube-oidc-proxy/values.yaml b/deploy/charts/kube-oidc-proxy/values.yaml
index e85214a28..0a3de9b05 100644
--- a/deploy/charts/kube-oidc-proxy/values.yaml
+++ b/deploy/charts/kube-oidc-proxy/values.yaml
@@ -96,6 +96,13 @@ podDisruptionBudget:
   enabled: false
   minAvailable: 1
 
+# Set the Prometheus metrics listen address. Setting an empty address string
+# will disable the metrics server.
+metrics:
+  enabled: true
+  port: 80
+  address: "0.0.0.0"
+
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
diff --git a/deploy/yaml/kube-oidc-proxy.yaml b/deploy/yaml/kube-oidc-proxy.yaml
index ad033219c..f0e4d9725 100644
--- a/deploy/yaml/kube-oidc-proxy.yaml
+++ b/deploy/yaml/kube-oidc-proxy.yaml
@@ -26,6 +26,10 @@ spec:
     metadata:
       labels:
         app: kube-oidc-proxy
+      annotations:
+        prometheus.io/path: /metrics
+        prometheus.io/port: "80"
+        prometheus.io/scrape: "true"
     spec:
       serviceAccountName: kube-oidc-proxy
       containers:
@@ -33,6 +37,7 @@ spec:
         ports:
         - containerPort: 443
         - containerPort: 8080
+        - containerPort: 80
         readinessProbe:
           httpGet:
             path: /ready