diff --git a/charts/simplyblock-operator/templates/controlplane_certificates.yaml b/charts/simplyblock-operator/templates/controlplane_certificates.yaml
index 029ebc1..501abe8 100644
--- a/charts/simplyblock-operator/templates/controlplane_certificates.yaml
+++ b/charts/simplyblock-operator/templates/controlplane_certificates.yaml
@@ -58,6 +58,22 @@ spec:
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
+metadata:
+  name: simplyblock-prometheus-client
+  namespace: {{ .Release.Namespace }}
+spec:
+  commonName: simplyblock-prometheus
+  secretName: simplyblock-prometheus-client-tls
+  issuerRef:
+    kind: ClusterIssuer
+    name: simplyblock-certificate-authority-issuer
+  usages:
+    - digital signature
+    - key encipherment
+    - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
 metadata:
   name: simplyblock-operator-client
   namespace: {{ .Release.Namespace }}
diff --git a/charts/simplyblock-operator/templates/controlplane_configmap.yaml b/charts/simplyblock-operator/templates/controlplane_configmap.yaml
index 25270c8..ee72bd7 100644
--- a/charts/simplyblock-operator/templates/controlplane_configmap.yaml
+++ b/charts/simplyblock-operator/templates/controlplane_configmap.yaml
@@ -118,6 +118,15 @@ data:
           - targets: ['simplyblock-webappapi:5000']
         honor_labels: true
         metrics_path: '/api/v1/cluster/metrics'
+        {{- if .Values.tls.enabled }}
+        scheme: https
+        tls_config:
+          insecure_skip_verify: true
+          {{- if .Values.tls.mutual_enabled }}
+          cert_file: /etc/prometheus/certs/tls.crt
+          key_file: /etc/prometheus/certs/tls.key
+          {{- end }}
+        {{- end }}
         basic_auth:
           username:
           password:
diff --git a/charts/simplyblock-operator/values.yaml b/charts/simplyblock-operator/values.yaml
index e60a821..ab27ac9 100755
--- a/charts/simplyblock-operator/values.yaml
+++ b/charts/simplyblock-operator/values.yaml
@@ -509,9 +509,16 @@ prometheus:
       - name: objstore-config
         configMap:
           name: simplyblock-objstore-config
+      - name: prometheus-client-tls
+        secret:
+          secretName: simplyblock-prometheus-client-tls
+          optional: true
     extraVolumeMounts:
       - name: simplyblock-prometheus-config
         mountPath: /etc/simplyblock-config
+      - name: prometheus-client-tls
+        mountPath: /etc/prometheus/certs
+        readOnly: true
   alertmanager:
     enabled: false