diff --git a/config/exporters/monitoring/grafana/base/prometheus-exporter-service.yaml b/config/exporters/monitoring/grafana/base/prometheus-exporter-service.yaml
index 24a1786e..8e16eefe 100644
--- a/config/exporters/monitoring/grafana/base/prometheus-exporter-service.yaml
+++ b/config/exporters/monitoring/grafana/base/prometheus-exporter-service.yaml
@@ -10,14 +10,24 @@ metadata:
   name: exporter-sa
   namespace: appstudio-grafana-datasource-exporter
 ---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: metrics-reader
+  namespace: appstudio-grafana-datasource-exporter
+  annotations:
+    kubernetes.io/service-account.name: exporter-sa
+type: kubernetes.io/service-account-token
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: exporter-cluster-role
 rules:
-- apiGroups: ['grafana.integreatly.org']
-  resources: ['grafanas']
-  verbs: ["get"]
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -41,9 +51,9 @@ metadata:
     app: grafana-datasource-exporter
 spec:
   ports:
-  - name: http
-    port: 8090
-    targetPort: http
+  - name: https
+    port: 8443
+    targetPort: https
   selector:
     app: grafana-datasource-exporter
 ---
@@ -67,8 +77,8 @@ spec:
       - name: grafana-datasource-exporter
         image: quay.io/redhat-appstudio/o11y-prometheus-exporters:v0.1
         ports:
-        - containerPort: 8090
-          name: http
+        - containerPort: 8443
+          name: https
         resources:
           limits:
             cpu: 100m
@@ -77,6 +87,7 @@ spec:
             cpu: 100m
             memory: 10Mi
         securityContext:
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
           runAsNonRoot: true
 ---
@@ -88,8 +99,13 @@ metadata:
 spec:
   endpoints:
   - path: /metrics
-    port: http
-    scheme: http
+    port: https
+    scheme: https
+    bearerTokenSecret:
+      name: "metrics-reader"
+      key: token
+    tlsConfig:
+      insecureSkipVerify: true
   selector:
     matchLabels:
       app: grafana-datasource-exporter
diff --git a/exporters/dsexporter/dsexporter.go b/exporters/dsexporter/dsexporter.go
index d46ed4de..0517aacf 100644
--- a/exporters/dsexporter/dsexporter.go
+++ b/exporters/dsexporter/dsexporter.go
@@ -43,7 +43,7 @@ func main() {
 	exporter := NewCustomCollector()
 	reg.MustRegister(exporter)
 
-	fmt.Println("Server is listening on http://localhost:8090/metrics")
+	fmt.Println("Server is listening on http://localhost:8443/metrics")
 
 	http.Handle("/metrics", promhttp.HandlerFor(
 		reg,
@@ -52,5 +52,5 @@ func main() {
 			Registry:          reg,
 		},
 	))
-	http.ListenAndServe(":8090", nil)
+	http.ListenAndServe(":8443", nil)
 }