diff --git a/charts/dex/Chart.yaml b/charts/dex/Chart.yaml
index e319f2be..6f2f163f 100644
--- a/charts/dex/Chart.yaml
+++ b/charts/dex/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 type: application
 name: dex
-version: 0.14.1
+version: 0.14.2
 appVersion: "2.36.0"
 kubeVersion: ">=1.14.0-0"
 description: OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors.
@@ -22,7 +22,9 @@ maintainers:
 annotations:
   artifacthub.io/changes: |
     - kind: added
-      description: "Supporting template evaluation in ingress hosts"
+      description: "Supporting custom labels/annotations on deployment/pod"
+    - kind: added
+      description: "Add metricRelabelings, scheme, tlsConfig, bearerTokenFile and relabelings to ServiceMonitor"
   artifacthub.io/images: |
     - name: dex
       image: ghcr.io/dexidp/dex:v2.36.0
diff --git a/charts/dex/README.md b/charts/dex/README.md
index cb755154..d46f7a61 100644
--- a/charts/dex/README.md
+++ b/charts/dex/README.md
@@ -1,6 +1,6 @@
 # dex
 
-![version: 0.14.1](https://img.shields.io/badge/version-0.14.1-informational?style=flat-square) ![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![app version: 2.36.0](https://img.shields.io/badge/app%20version-2.36.0-informational?style=flat-square) ![kube version: >=1.14.0-0](https://img.shields.io/badge/kube%20version->=1.14.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-dex-informational?style=flat-square)](https://artifacthub.io/packages/helm/dex/dex)
+![version: 0.14.2](https://img.shields.io/badge/version-0.14.2-informational?style=flat-square) ![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![app version: 2.36.0](https://img.shields.io/badge/app%20version-2.36.0-informational?style=flat-square) ![kube version: >=1.14.0-0](https://img.shields.io/badge/kube%20version->=1.14.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-dex-informational?style=flat-square)](https://artifacthub.io/packages/helm/dex/dex)
 
 OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors.
 
@@ -134,7 +134,10 @@ ingress:
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
 | rbac.create | bool | `true` | Specifies whether RBAC resources should be created. If disabled, the operator is responsible for creating the necessary resources based on the templates. |
 | rbac.createClusterScoped | bool | `true` | Specifies which RBAC resources should be created. If disabled, the operator is responsible for creating the necessary resources (ClusterRole and RoleBinding or CRD's) |
+| deploymentAnnotations | object | `{}` | Annotations to be added to deployment. |
+| deploymentLabels | object | `{}` | Labels to be added to deployment. |
 | podAnnotations | object | `{}` | Annotations to be added to pods. |
+| podLabels | object | `{}` | Labels to be added to pods. |
 | podDisruptionBudget.enabled | bool | `false` | Enable a [pod distruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to help dealing with [disruptions](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/). It is **highly recommended** for webhooks as disruptions can prevent launching new pods. |
 | podDisruptionBudget.minAvailable | int/percentage | `nil` | Number or percentage of pods that must remain available. |
 | podDisruptionBudget.maxUnavailable | int/percentage | `nil` | Number or percentage of pods that can be unavailable. |
@@ -160,6 +163,12 @@ ingress:
 | serviceMonitor.interval | duration | `nil` | Prometheus scrape interval. |
 | serviceMonitor.scrapeTimeout | duration | `nil` | Prometheus scrape timeout. |
 | serviceMonitor.labels | object | `{}` | Labels to be added to the ServiceMonitor. |
+| serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. |
+| serviceMonitor.scheme | string | `""` | HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. |
+| serviceMonitor.tlsConfig | object | `{}` | TLS configuration to use when scraping the endpoint. For example if using istio mTLS. |
+| serviceMonitor.bearerTokenFile | string | `nil` | Prometheus scrape bearerTokenFile |
+| serviceMonitor.metricRelabelings | list | `[]` | Prometheus scrape metric relabel configs to apply to samples before ingestion. |
+| serviceMonitor.relabelings | list | `[]` | Relabel configs to apply to samples before ingestion. |
 | resources | object | No requests or limits. | Container resource [requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) for details. |
 | autoscaling | object | Disabled by default. | Autoscaling configuration (see [values.yaml](values.yaml) for details). |
 | nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) configuration. |
diff --git a/charts/dex/ci/pod-annotations-values.yaml b/charts/dex/ci/label-annotations-values.yaml
similarity index 60%
rename from charts/dex/ci/pod-annotations-values.yaml
rename to charts/dex/ci/label-annotations-values.yaml
index d08cdb17..876c699f 100644
--- a/charts/dex/ci/pod-annotations-values.yaml
+++ b/charts/dex/ci/label-annotations-values.yaml
@@ -6,5 +6,14 @@ config:
 
   enablePasswordDB: true
 
+deploymentAnnotations:
+  reloader.stakater.com/auto: "true"
+
 podAnnotations:
   vault.security.banzaicloud.io/vault-addr: "https://vault.vault:8200"
+
+deploymentLabels:
+  hello: world
+
+podLabels:
+  hello: world
diff --git a/charts/dex/templates/deployment.yaml b/charts/dex/templates/deployment.yaml
index 1f3ad4b8..145aa0af 100644
--- a/charts/dex/templates/deployment.yaml
+++ b/charts/dex/templates/deployment.yaml
@@ -4,6 +4,13 @@ metadata:
   name: {{ include "dex.fullname" . }}
   labels:
     {{- include "dex.labels" . | nindent 4 }}
+    {{ with .Values.deploymentLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{ with .Values.deploymentAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicaCount }}
@@ -26,6 +33,9 @@ spec:
       {{- end }}
       labels:
         {{- include "dex.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
diff --git a/charts/dex/templates/servicemonitor.yaml b/charts/dex/templates/servicemonitor.yaml
index 34e161e8..ce96e5be 100644
--- a/charts/dex/templates/servicemonitor.yaml
+++ b/charts/dex/templates/servicemonitor.yaml
@@ -2,6 +2,10 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
+  {{- with .Values.serviceMonitor.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   name: {{ include "dex.fullname" . }}
   {{- with .Values.serviceMonitor.namespace }}
   namespace: {{ . }}
@@ -17,9 +21,29 @@ spec:
       {{- with .Values.serviceMonitor.interval }}
       interval: {{ . }}
       {{- end }}
+      {{- with .Values.serviceMonitor.scheme }}
+      scheme: {{ . }}
+      {{- end }}
+      {{- with .Values.serviceMonitor.bearerTokenFile }}
+      bearerTokenFile: {{ . }}
+      {{- end }}
+      {{- with .Values.serviceMonitor.tlsConfig }}
+      tlsConfig:
+        {{- toYaml .| nindent 6 }}
+      {{- end }}
       {{- with .Values.serviceMonitor.scrapeTimeout }}
       scrapeTimeout: {{ . }}
       {{- end }}
+      path: {{ .Values.serviceMonitor.path }}
+      honorLabels: {{ .Values.serviceMonitor.honorLabels }}
+      {{- with .Values.serviceMonitor.metricRelabelings }}
+      metricRelabelings:
+        {{- tpl (toYaml . | nindent 6) $ }}
+      {{- end }}
+      {{- with .Values.serviceMonitor.relabelings }}
+      relabelings:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
   jobLabel: {{ include "dex.fullname" . }}
   selector:
     matchLabels:
diff --git a/charts/dex/values.yaml b/charts/dex/values.yaml
index 756d49ef..18127074 100644
--- a/charts/dex/values.yaml
+++ b/charts/dex/values.yaml
@@ -107,9 +107,18 @@ rbac:
   # If disabled, the operator is responsible for creating the necessary resources (ClusterRole and RoleBinding or CRD's)
   createClusterScoped: true
 
+# -- Annotations to be added to deployment.
+deploymentAnnotations: {}
+
+# -- Labels to be added to deployment.
+deploymentLabels: {}
+
 # -- Annotations to be added to pods.
 podAnnotations: {}
 
+# -- Labels to be added to pods.
+podLabels: {}
+
 podDisruptionBudget:
   # -- Enable a [pod distruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to help dealing with [disruptions](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/).
   # It is **highly recommended** for webhooks as disruptions can prevent launching new pods.
@@ -214,8 +223,44 @@ serviceMonitor:
   scrapeTimeout:
 
   # -- Labels to be added to the ServiceMonitor.
+  ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
   labels: {}
 
+  # -- Annotations to be added to the ServiceMonitor.
+  ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+  annotations: {}
+
+  # -- HTTP scheme to use for scraping.
+  # Can be used with `tlsConfig` for example if using istio mTLS.
+  scheme: ""
+
+  # -- TLS configuration to use when scraping the endpoint.
+  # For example if using istio mTLS.
+  ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
+  tlsConfig: {}
+
+  # -- Prometheus scrape bearerTokenFile
+  bearerTokenFile:
+
+  # -- Prometheus scrape metric relabel configs
+  # to apply to samples before ingestion.
+  ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
+  metricRelabelings: []
+  # - action: keep
+  #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+  #   sourceLabels: [__name__]
+
+  # -- Relabel configs to apply
+  # to samples before ingestion.
+  ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
+  relabelings: []
+  # - sourceLabels: [__meta_kubernetes_pod_node_name]
+  #   separator: ;
+  #   regex: ^(.*)$
+  #   targetLabel: nodename
+  #   replacement: $1
+  #   action: replace
+
 # -- Container resource [requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) for details.
 # @default -- No requests or limits.