diff --git a/salt/metalk8s/addons/dex/deployed/chart.sls b/salt/metalk8s/addons/dex/deployed/chart.sls
index 1cc656c7b8..6ed4251e0b 100644
--- a/salt/metalk8s/addons/dex/deployed/chart.sls
+++ b/salt/metalk8s/addons/dex/deployed/chart.sls
@@ -1,75 +1,10 @@
 #!jinja | metalk8s_kubernetes
+
 {%- from "metalk8s/repo/macro.sls" import build_image_name with context %}
+{%- set dex = salt.metalk8s_service_configuration.get_service_conf('metalk8s-auth', 'metalk8s-dex-config') %}
 
 {% raw %}
 
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: dex
-    app.kubernetes.io/managed-by: salt
-    app.kubernetes.io/name: dex
-    app.kubernetes.io/part-of: metalk8s
-    app.kubernetes.io/version: 2.19.0
-    helm.sh/chart: dex-2.4.0
-    heritage: metalk8s
-  name: dex
-  namespace: metalk8s-auth
-stringData:
-  config.yaml: |-
-    issuer: {% endraw %}https://{{ grains.metalk8s.control_plane_ip }}:8443/oidc{% raw %}
-    storage:
-      config:
-        inCluster: true
-      type: kubernetes
-    logger:
-      level: debug
-    web:
-      https: 0.0.0.0:5556
-      tlsCert: /etc/dex/tls/https/server/tls.crt
-      tlsKey: /etc/dex/tls/https/server/tls.key
-    oauth2:
-      alwaysShowLoginScreen: true
-      responseTypes:
-      - code
-      - token
-      - id_token
-      skipApprovalScreen: true
-    staticClients:
-    - id: oidc-auth-client
-      name: oidc-auth-client
-      redirectURIs:
-      - urn:ietf:wg:oauth:2.0:oob
-      secret: lkfa9jaf3kfakqyeoikfjakf93k2l
-      trustedPeers:
-      - metalk8s-ui
-      - grafana-ui
-    - id: metalk8s-ui
-      name: MetalK8s UI
-      redirectURIs:
-      - '{% endraw %}https://{{ grains.metalk8s.control_plane_ip }}:8443/oauth2/callback{%
-        raw %}'
-      secret: ybrMJpVMQxsiZw26MhJzCjA2ut
-    - id: grafana-ui
-      name: Grafana UI
-      redirectURIs:
-      - '{% endraw %}https://{{ grains.metalk8s.control_plane_ip }}:8443/grafana/login/generic_oauth{%
-        raw %}'
-      secret: 4lqK98NcsWG5qBRHJUqYM1
-    enablePasswordDB: true
-    staticPasswords:
-    - email: admin@metalk8s.invalid
-      hash: $2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W
-      userID: 08a8684b-db88-4b73-90a9-3cd1661f5466
-      username: admin
-    expiry:
-      idTokens: 24h
-      signingKeys: 6h
-    frontend:
-      issuer: MetalK8s
-      theme: scality
----
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -147,8 +82,7 @@ metadata:
   name: dex
   namespace: metalk8s-auth
 spec:
-  clusterIP: '{% endraw %}{{ salt.metalk8s_network.get_oidc_service_ip() }}{% raw
-    %}'
+  clusterIP: {% endraw -%}{{ salt.metalk8s_network.get_oidc_service_ip() }}{%- raw %}
   ports:
   - name: https
     port: 32000
@@ -174,7 +108,7 @@ metadata:
   name: dex
   namespace: metalk8s-auth
 spec:
-  replicas: 2
+  replicas: {% endraw -%}{{ dex.spec.deployment.replicas }}{%- raw %}
   selector:
     matchLabels:
       app.kubernetes.io/component: dex
@@ -188,7 +122,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: 278f2b27e9441887e4070365aa3df2ccf668da0025ebf565605555c2b7b16042
+        checksum/config: de3d826b4063dcf4c5baf2dab1e00c82fc418afa4f52c8f4468b823736f0b3c9
       labels:
         app.kubernetes.io/component: dex
         app.kubernetes.io/instance: dex
@@ -200,7 +134,7 @@ spec:
         - serve
         - /etc/dex/cfg/config.yaml
         env: []
-        image: '{% endraw %}{{ build_image_name("dex", False) }}{% raw %}:v2.19.0'
+        image: {% endraw -%}{{ build_image_name("dex", False) }}{%- raw %}:v2.19.0
         imagePullPolicy: IfNotPresent
         name: main
         ports: