diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index 5c5f0b84c..1ead4da68 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -1,2 +1,3 @@
 resources:
 - manager.yaml
+- metrics_service.yaml
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 87b3e7d11..0edf0c8e8 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -40,9 +40,6 @@ spec:
         - /manager
         args:
         - "--webhook-server-port=9443"
-        # If /config/default/manager_auth_proxy_patch.yaml is used, the port in
-        # --metrics-addr must match the value of --upstream passed to
-        # kube-rbac-proxy.
         - "--metrics-addr=:8080"
         - "--max-reconciles=10"
         - "--apiserver-qps-throttle=50"
diff --git a/config/rbac/auth_proxy_service.yaml b/config/manager/metrics_service.yaml
similarity index 68%
rename from config/rbac/auth_proxy_service.yaml
rename to config/manager/metrics_service.yaml
index d61e5469f..fb65291a0 100644
--- a/config/rbac/auth_proxy_service.yaml
+++ b/config/manager/metrics_service.yaml
@@ -2,8 +2,8 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    prometheus.io/port: "8443"
-    prometheus.io/scheme: https
+    prometheus.io/port: "8080"
+    prometheus.io/scheme: http
     prometheus.io/scrape: "true"
   labels:
     control-plane: controller-manager
@@ -11,8 +11,8 @@ metadata:
   namespace: system
 spec:
   ports:
-  - name: https
-    port: 8443
-    targetPort: https
+  - name: metrics
+    port: 8080
+    targetPort: metrics
   selector:
     control-plane: controller-manager
diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml
deleted file mode 100644
index 618f5e417..000000000
--- a/config/rbac/auth_proxy_role.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: proxy-role
-rules:
-- apiGroups: ["authentication.k8s.io"]
-  resources:
-  - tokenreviews
-  verbs: ["create"]
-- apiGroups: ["authorization.k8s.io"]
-  resources:
-  - subjectaccessreviews
-  verbs: ["create"]
diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml
deleted file mode 100644
index 48ed1e4b8..000000000
--- a/config/rbac/auth_proxy_role_binding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: proxy-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: proxy-role
-subjects:
-- kind: ServiceAccount
-  name: default
-  namespace: system
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
index 0440ab6fd..a37e78f1d 100644
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -4,9 +4,3 @@ resources:
 - hnc_admin.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-# Comment the following 3 lines if you want to disable
-# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-# which protects your /metrics endpoint.
-- auth_proxy_service.yaml
-- auth_proxy_role.yaml
-- auth_proxy_role_binding.yaml