diff --git a/component/loki.libsonnet b/component/loki.libsonnet
index 2ed7d92..a37f0b4 100644
--- a/component/loki.libsonnet
+++ b/component/loki.libsonnet
@@ -116,6 +116,23 @@ local aggregate_loki_log_access = kube.ClusterRole('syn:loki:cluster-reader') {
   ],
 };
 
+// Generate missing metrics SA token for Loki Operator
+local operator_metrics_sa_token =
+  kube.Secret('loki-operator-controller-manager-metrics-token') {
+    metadata+: {
+      // Loki operator is deployed in openshift-operators-redhat
+      namespace: 'openshift-operators-redhat',
+      annotations+: {
+        'kubernetes.io/service-account.name': 'loki-operator-controller-manager-metrics-reader',
+        // disable argocd prune/delete so removing the workaround should be
+        // fairly easy in case the Loki Operator OLM install fixes the issue.
+        'argocd.argoproj.io/sync-options': 'Prune=false,Delete=false',
+      },
+    },
+    data:: {},
+    type: 'kubernetes.io/service-account-token',
+  };
+
 // Define outputs below
 if loki.enabled then
   {
@@ -123,6 +140,7 @@ if loki.enabled then
     '50_loki_logstore': logstore,
     '50_loki_netpol': [ netpol_viewplugin, netpol_lokigateway ],
     '50_loki_rbac': [ aggregate_loki_log_access ],
+    '50_loki_operator_metrics_token': [ operator_metrics_sa_token ],
   }
 else
   std.trace(
diff --git a/tests/golden/defaults/openshift4-logging/openshift4-logging/50_loki_operator_metrics_token.yaml b/tests/golden/defaults/openshift4-logging/openshift4-logging/50_loki_operator_metrics_token.yaml
new file mode 100644
index 0000000..0b86fe6
--- /dev/null
+++ b/tests/golden/defaults/openshift4-logging/openshift4-logging/50_loki_operator_metrics_token.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=false,Delete=false
+    kubernetes.io/service-account.name: loki-operator-controller-manager-metrics-reader
+  labels:
+    name: loki-operator-controller-manager-metrics-token
+  name: loki-operator-controller-manager-metrics-token
+  namespace: openshift-operators-redhat
+type: kubernetes.io/service-account-token
diff --git a/tests/golden/master/openshift4-logging/openshift4-logging/50_loki_operator_metrics_token.yaml b/tests/golden/master/openshift4-logging/openshift4-logging/50_loki_operator_metrics_token.yaml
new file mode 100644
index 0000000..0b86fe6
--- /dev/null
+++ b/tests/golden/master/openshift4-logging/openshift4-logging/50_loki_operator_metrics_token.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=false,Delete=false
+    kubernetes.io/service-account.name: loki-operator-controller-manager-metrics-reader
+  labels:
+    name: loki-operator-controller-manager-metrics-token
+  name: loki-operator-controller-manager-metrics-token
+  namespace: openshift-operators-redhat
+type: kubernetes.io/service-account-token
diff --git a/tests/golden/multilineerr/openshift4-logging/openshift4-logging/50_loki_operator_metrics_token.yaml b/tests/golden/multilineerr/openshift4-logging/openshift4-logging/50_loki_operator_metrics_token.yaml
new file mode 100644
index 0000000..0b86fe6
--- /dev/null
+++ b/tests/golden/multilineerr/openshift4-logging/openshift4-logging/50_loki_operator_metrics_token.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=false,Delete=false
+    kubernetes.io/service-account.name: loki-operator-controller-manager-metrics-reader
+  labels:
+    name: loki-operator-controller-manager-metrics-token
+  name: loki-operator-controller-manager-metrics-token
+  namespace: openshift-operators-redhat
+type: kubernetes.io/service-account-token