diff --git a/assets/kube-state-metrics/deployment.yaml b/assets/kube-state-metrics/deployment.yaml
index 568a8fe3d5..38e9115187 100644
--- a/assets/kube-state-metrics/deployment.yaml
+++ b/assets/kube-state-metrics/deployment.yaml
@@ -57,7 +57,22 @@ spec:
           ^kube_pod_completion_time$,
           ^kube_pod_status_scheduled$
         image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0
+        livenessProbe:
+          httpGet:
+            path: livez
+            port: 8443
+            scheme: HTTPS
         name: kube-state-metrics
+        ports:
+        - containerPort: 8443
+          name: metrics
+        - containerPort: 9443
+          name: self
+        readinessProbe:
+          httpGet:
+            path: metrics
+            port: 9443
+            scheme: HTTPS
         resources:
           requests:
             cpu: 2m
@@ -79,6 +94,7 @@ spec:
         - --tls-private-key-file=/etc/tls/private/tls.key
         - --client-ca-file=/etc/tls/client/client-ca.crt
         - --config-file=/etc/kube-rbac-policy/config.yaml
+        - --ignore-paths=/livez
         image: quay.io/brancz/kube-rbac-proxy:v0.17.1
         name: kube-rbac-proxy-main
         ports:
@@ -108,6 +124,7 @@ spec:
         - --tls-private-key-file=/etc/tls/private/tls.key
         - --client-ca-file=/etc/tls/client/client-ca.crt
         - --config-file=/etc/kube-rbac-policy/config.yaml
+        - --ignore-paths=/metrics
         image: quay.io/brancz/kube-rbac-proxy:v0.17.1
         name: kube-rbac-proxy-self
         ports:
diff --git a/jsonnet/components/kube-state-metrics.libsonnet b/jsonnet/components/kube-state-metrics.libsonnet
index accc1198bb..71eacc98e5 100644
--- a/jsonnet/components/kube-state-metrics.libsonnet
+++ b/jsonnet/components/kube-state-metrics.libsonnet
@@ -208,6 +208,7 @@ function(params)
                         '--tls-private-key-file=/etc/tls/private/tls.key',
                         '--client-ca-file=/etc/tls/client/client-ca.crt',
                         '--config-file=/etc/kube-rbac-policy/config.yaml',
+                        '--ignore-paths=' + std.join(',', if std.endsWith(c.name, '-self') then ['/metrics'] else ['/livez']),
                       ],
                       volumeMounts: [
                         {
@@ -266,6 +267,34 @@ function(params)
                           readOnly: true,
                         },
                       ],
+                      local mainPort = 8443,
+                      local selfPort = 9443,
+                      ports::: [
+                        {
+                          containerPort: mainPort,
+                          name: 'metrics',
+                        },
+                        {
+                          containerPort: selfPort,
+                          name: 'self',
+                        },
+                      ],
+                      local livenessProbePath = 'livez',
+                      local readinessProbePath = 'metrics',
+                      livenessProbe::: {
+                        httpGet: {
+                          path: livenessProbePath,
+                          port: mainPort,
+                          scheme: 'HTTPS',
+                        },
+                      },
+                      readinessProbe::: {
+                        httpGet: {
+                          path: readinessProbePath,
+                          port: selfPort,
+                          scheme: 'HTTPS',
+                        },
+                      },
                     },
                 super.containers,
               ),