diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml
index ed137168..9560cc41 100644
--- a/config/prometheus/kustomization.yaml
+++ b/config/prometheus/kustomization.yaml
@@ -1,2 +1,5 @@
+# Adds namespace to all resources.
+namespace: nnf-dm-system
+
 resources:
 - monitor.yaml
diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml
index d19136ae..55a96aa1 100644
--- a/config/prometheus/monitor.yaml
+++ b/config/prometheus/monitor.yaml
@@ -5,6 +5,7 @@ kind: ServiceMonitor
 metadata:
   labels:
     control-plane: controller-manager
+    prometheus-app: rabbit-nnf
   name: controller-manager-metrics-monitor
   namespace: system
 spec:
diff --git a/config/rbac/auth_proxy_client_clusterrole_binding.yaml b/config/rbac/auth_proxy_client_clusterrole_binding.yaml
new file mode 100644
index 00000000..f7d0f2fc
--- /dev/null
+++ b/config/rbac/auth_proxy_client_clusterrole_binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-reader-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metrics-reader
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
index dd8c44a1..8c4e0530 100644
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -19,6 +19,7 @@ resources:
 - auth_proxy_role.yaml
 - auth_proxy_role_binding.yaml
 - auth_proxy_client_clusterrole.yaml
+- auth_proxy_client_clusterrole_binding.yaml
 
 configurations:
   - kustomizeconfig.yaml
diff --git a/deploy.sh b/deploy.sh
index d23097c9..f626da0a 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -47,8 +47,15 @@ deploy)
         $KUSTOMIZE build $OVERLAY_DIR | kubectl apply -f -
         break
     done
+
+    # Deploy the ServiceMonitor resource if its CRD is found. The CRD would
+    # have been installed by a metrics service such as Prometheus.
+    if kubectl get crd servicemonitors.monitoring.coreos.com > /dev/null 2>&1; then
+        $KUSTOMIZE build config/prometheus | kubectl apply -f-
+    fi
     ;;
 undeploy)
+    $KUSTOMIZE build config/prometheus | kubectl delete --ignore-not-found -f-
     # When the DataMovementManager CRD gets deleted all related resource are also
     # removed, so the delete will always fail. We ignore all errors at our
     # own risk.