diff --git a/charts/aro-clf-blob/Chart.yaml b/charts/aro-clf-blob/Chart.yaml
index 69526af..1976489 100644
--- a/charts/aro-clf-blob/Chart.yaml
+++ b/charts/aro-clf-blob/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: aro-clf-blob
 description: A Helm chart for Kubernetes
 type: application
-version: 0.1.3
+version: 0.2.0
 home: https://github.com/rh-mobb/helm-charts
 maintainers:
   - name: paulczar
diff --git a/charts/aro-clf-blob/templates/grafana/grafana-datasource-application.yaml b/charts/aro-clf-blob/templates/grafana/grafana-datasource-application.yaml
new file mode 100644
index 0000000..5442697
--- /dev/null
+++ b/charts/aro-clf-blob/templates/grafana/grafana-datasource-application.yaml
@@ -0,0 +1,34 @@
+# https://github.com/grafana/loki/blob/main/operator/hack/addon_grafana_gateway_ocp_oauth.yaml
+{{ if .Values.clf.application }}
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDatasource
+metadata:
+  name: {{ include "aro-clf-blob.fullname" . }}-application
+  labels:
+    {{- include "aro-clf-blob.labels" . | nindent 4 }}
+spec:
+  valuesFrom:
+    - targetPath: "secureJsonData.httpHeaderValue2"
+      valueFrom:
+        secretKeyRef:
+          name: "loki-token"
+          key: "BEARER_TOKEN"
+  instanceSelector:
+    matchLabels:
+      dashboards: grafana
+  datasource:
+    name: Loki (Application)
+    type: loki
+    editable: true
+    access: proxy
+    url: https://logging-loki-gateway-http.openshift-logging.svc.cluster.local:8080/api/logs/v1/application/
+    jsonData:
+      httpHeaderName1: X-Scope-OrgID
+      httpHeaderName2: Authorization
+      oauthPassThru: true
+      # tlsAuthWithCACert: true
+      tlsSkipVerify: true
+    secureJsonData:
+      httpHeaderValue1: application
+      httpHeaderValue2: "Bearer ${BEARER_TOKEN}"
+  {{ end }}
diff --git a/charts/aro-clf-blob/templates/grafana/grafana-datasource-audit.yaml b/charts/aro-clf-blob/templates/grafana/grafana-datasource-audit.yaml
new file mode 100644
index 0000000..b95f961
--- /dev/null
+++ b/charts/aro-clf-blob/templates/grafana/grafana-datasource-audit.yaml
@@ -0,0 +1,34 @@
+# https://github.com/grafana/loki/blob/main/operator/hack/addon_grafana_gateway_ocp_oauth.yaml
+{{ if .Values.clf.audit }}
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDatasource
+metadata:
+  name: {{ include "aro-clf-blob.fullname" . }}-audit
+  labels:
+    {{- include "aro-clf-blob.labels" . | nindent 4 }}
+spec:
+  valuesFrom:
+    - targetPath: "secureJsonData.httpHeaderValue2"
+      valueFrom:
+        secretKeyRef:
+          name: "loki-token"
+          key: "BEARER_TOKEN"
+  instanceSelector:
+    matchLabels:
+      dashboards: grafana
+  datasource:
+    name: Loki (Audit)
+    type: loki
+    editable: true
+    access: proxy
+    url: https://logging-loki-gateway-http.openshift-logging.svc.cluster.local:8080/api/logs/v1/audit/
+    jsonData:
+      httpHeaderName1: X-Scope-OrgID
+      httpHeaderName2: Authorization
+      oauthPassThru: true
+      # tlsAuthWithCACert: true
+      tlsSkipVerify: true
+    secureJsonData:
+      httpHeaderValue1: audit
+      httpHeaderValue2: "Bearer ${BEARER_TOKEN}"
+  {{ end }}
diff --git a/charts/aro-clf-blob/templates/grafana/grafana-datasource-infrastructure.yaml b/charts/aro-clf-blob/templates/grafana/grafana-datasource-infrastructure.yaml
new file mode 100644
index 0000000..166055d
--- /dev/null
+++ b/charts/aro-clf-blob/templates/grafana/grafana-datasource-infrastructure.yaml
@@ -0,0 +1,34 @@
+# https://github.com/grafana/loki/blob/main/operator/hack/addon_grafana_gateway_ocp_oauth.yaml
+{{ if .Values.clf.infrastructure }}
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDatasource
+metadata:
+  name: {{ include "aro-clf-blob.fullname" . }}-infrastructure
+  labels:
+    {{- include "aro-clf-blob.labels" . | nindent 4 }}
+spec:
+  valuesFrom:
+    - targetPath: "secureJsonData.httpHeaderValue2"
+      valueFrom:
+        secretKeyRef:
+          name: "loki-token"
+          key: "BEARER_TOKEN"
+  instanceSelector:
+    matchLabels:
+      dashboards: grafana
+  datasource:
+    name: Loki (Infrastructure)
+    type: loki
+    editable: true
+    access: proxy
+    url: https://logging-loki-gateway-http.openshift-logging.svc.cluster.local:8080/api/logs/v1/infrastructure/
+    jsonData:
+      httpHeaderName1: X-Scope-OrgID
+      httpHeaderName2: Authorization
+      oauthPassThru: true
+      # tlsAuthWithCACert: true
+      tlsSkipVerify: true
+    secureJsonData:
+      httpHeaderValue1: infrastructure
+      httpHeaderValue2: "Bearer ${BEARER_TOKEN}"
+  {{ end }}
diff --git a/charts/aro-clf-blob/templates/grafana/grafana-rbac.yaml b/charts/aro-clf-blob/templates/grafana/grafana-rbac.yaml
index 75b4fe5..13e05ab 100644
--- a/charts/aro-clf-blob/templates/grafana/grafana-rbac.yaml
+++ b/charts/aro-clf-blob/templates/grafana/grafana-rbac.yaml
@@ -10,7 +10,7 @@ roleRef:
   name: system:auth-delegator
 subjects:
 - kind: ServiceAccount
-  name: grafana-serviceaccount
+  name: {{ .Values.serviceaccount }}-sa
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -27,3 +27,35 @@ subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
   name: system:authenticated
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: logs-reader
+rules:
+  - apiGroups:
+      - loki.grafana.com
+    resourceNames:
+      - logs
+    resources:
+      - application
+      - infrastructure
+      - audit
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "aro-clf-blob.fullname" . }}-logs-reader
+  labels:
+    {{- include "aro-clf-blob.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: logs-reader
+subjects:
+- kind: ServiceAccount
+  name: grafana
+  namespace: openshift-logging
+  
\ No newline at end of file
diff --git a/charts/aro-clf-blob/templates/secret.yaml b/charts/aro-clf-blob/templates/secret.yaml
index f90b68f..20d20ed 100644
--- a/charts/aro-clf-blob/templates/secret.yaml
+++ b/charts/aro-clf-blob/templates/secret.yaml
@@ -8,3 +8,12 @@ stringData:
   account_key: "{{ .Values.azure.storageAccountKey }}"
   container: "{{ .Values.azure.storageContainer }}"
   environment: "AzureGlobal"
+---
+kind: Secret
+apiVersion: v1
+metadata:
+  name: loki-token
+  namespace: {{ .Release.Namespace }}
+stringData:
+  BEARER_TOKEN: {{ .Values.bearertoken }}
+type: Opaque
\ No newline at end of file
diff --git a/charts/aro-clf-blob/values.yaml b/charts/aro-clf-blob/values.yaml
index db3c813..7a08bec 100644
--- a/charts/aro-clf-blob/values.yaml
+++ b/charts/aro-clf-blob/values.yaml
@@ -10,5 +10,9 @@ clf:
   application: true
   audit: false
 
+serviceaccount: "aro-thanos-af-grafana-cr"
+
+bearertoken: ""
+
 lokiStack:
   storageClassName: managed-csi