diff --git a/k8s/core/prom-stack/grafana-values.yaml b/k8s/core/prom-stack/grafana-values.yaml
deleted file mode 100644
index 9f806ec..0000000
--- a/k8s/core/prom-stack/grafana-values.yaml
+++ /dev/null
@@ -1,85 +0,0 @@
-envFromSecret: grafana-admin
-nodeSelector:
-  kubernetes.io/hostname: master.tail2fe2d.ts.net
-
-admin:
-  existingSecret: grafana-admin
-  userKey: username
-  passwordKey: password
-
-grafana.ini:
-  auth:
-    signout_redirect_url: https://idm.hexor.cy/application/o/grafana/end-session/
-    # oauth_auto_login: true
-  auth.generic_oauth:
-    name: authentik
-    enabled: true
-    scopes: "openid profile email"
-    auth_url: https://idm.hexor.cy/application/o/authorize/
-    token_url: https://idm.hexor.cy/application/o/token/
-    api_url: https://idm.hexor.cy/application/o/userinfo/
-    role_attribute_path: >-
-      contains(groups, 'Grafana Admin') && 'Admin' ||
-      contains(groups, 'Grafana Editors') && 'Editor' ||
-      contains(groups, 'Grafana Viewer') && 'Viewer'
-  database:
-    type: postgres
-    host: psql.psql.svc:5432
-    name: grafana
-    user: grafana
-    ssl_mode: disable
-
-datasources:
-  datasources.yaml:
-    apiVersion: 1
-    datasources:
-      - name: Prometheus Local
-        type: prometheus
-        url: http://prometheus-kube-prometheus-prometheus.prometheus.svc:9090
-        access: proxy
-        isDefault: true
-      - name: Loki
-        type: loki
-        url: http://loki-gateway.prometheus.svc:80
-        access: proxy
-
-ingress:
-  enabled: true
-  ingressClassName: traefik
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
-  hosts:
-    - gf.hexor.cy
-  tls:
-    - secretName: grafana-tls
-      hosts:
-        - '*.hexor.cy'
-
-extraConfigmapMounts:
-  - name: grafana-alerting-rules
-    mountPath: /etc/grafana/provisioning/alerting/rules.yaml
-    configMap: grafana-alerting
-    subPath: rules.yaml
-    readOnly: true
-  - name: grafana-alerting-contactpoints
-    mountPath: /etc/grafana/provisioning/alerting/contactpoints.yaml
-    configMap: grafana-alerting
-    subPath: contactpoints.yaml
-    readOnly: true
-  - name: grafana-alerting-policies
-    mountPath: /etc/grafana/provisioning/alerting/policies.yaml
-    configMap: grafana-alerting
-    subPath: policies.yaml
-    readOnly: true
-
-envValueFrom:
-  TELEGRAM_BOT_TOKEN:
-    secretKeyRef:
-      name: grafana-telegram
-      key: bot-token
-  TELEGRAM_CHAT_ID:
-    secretKeyRef:
-      name: grafana-telegram
-      key: chat-id
-
diff --git a/k8s/core/prom-stack/kustomization.yaml b/k8s/core/prom-stack/kustomization.yaml
index 225c5e4..278c1e7 100644
--- a/k8s/core/prom-stack/kustomization.yaml
+++ b/k8s/core/prom-stack/kustomization.yaml
@@ -16,14 +16,6 @@ helmCharts:
     valuesFile: prom-values.yaml
     includeCRDs: true
 
-  - name: grafana
-    repo: https://grafana.github.io/helm-charts
-    version: 10.2.0
-    releaseName: grafana
-    namespace: prometheus
-    valuesFile: grafana-values.yaml
-    includeCRDs: true
-
   - name: loki
     repo: https://grafana.github.io/helm-charts
     version: 6.29.0
diff --git a/k8s/core/prom-stack/prom-values.yaml b/k8s/core/prom-stack/prom-values.yaml
index fff45e2..8c0cbfc 100644
--- a/k8s/core/prom-stack/prom-values.yaml
+++ b/k8s/core/prom-stack/prom-values.yaml
@@ -1,5 +1,4 @@
-grafana:
-  enabled: false
+
 
 alertmanager:
   config:
@@ -92,3 +91,83 @@ prometheus:
             requests:
               storage: 400Gi
 
+grafana:
+  enabled: true
+  
+  envFromSecret: grafana-admin
+  nodeSelector:
+    kubernetes.io/hostname: master.tail2fe2d.ts.net
+
+  admin:
+    existingSecret: grafana-admin
+    userKey: username
+    passwordKey: password
+
+  grafana.ini:
+    auth:
+      signout_redirect_url: https://idm.hexor.cy/application/o/grafana/end-session/
+    auth.generic_oauth:
+      name: authentik
+      enabled: true
+      scopes: "openid profile email"
+      auth_url: https://idm.hexor.cy/application/o/authorize/
+      token_url: https://idm.hexor.cy/application/o/token/
+      api_url: https://idm.hexor.cy/application/o/userinfo/
+      role_attribute_path: >-
+        contains(groups, 'Grafana Admin') && 'Admin' ||
+        contains(groups, 'Grafana Editors') && 'Editor' ||
+        contains(groups, 'Grafana Viewer') && 'Viewer'
+    database:
+      type: postgres
+      host: psql.psql.svc:5432
+      name: grafana
+      user: grafana
+      ssl_mode: disable
+
+  # The Loki datasource config needs to be preserved, 
+  # but instead of "datasources.datasources.yaml", we define it like this for the prometheus-stack chart:
+  additionalDataSources:
+    - name: Loki
+      type: loki
+      url: http://loki-gateway.prometheus.svc:80
+      access: proxy
+
+  ingress:
+    enabled: true
+    ingressClassName: traefik
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt
+      traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
+    hosts:
+      - gf.hexor.cy
+    tls:
+      - secretName: grafana-tls
+        hosts:
+          - '*.hexor.cy'
+
+  extraConfigmapMounts:
+    - name: grafana-alerting-rules
+      mountPath: /etc/grafana/provisioning/alerting/rules.yaml
+      configMap: grafana-alerting
+      subPath: rules.yaml
+      readOnly: true
+    - name: grafana-alerting-contactpoints
+      mountPath: /etc/grafana/provisioning/alerting/contactpoints.yaml
+      configMap: grafana-alerting
+      subPath: contactpoints.yaml
+      readOnly: true
+    - name: grafana-alerting-policies
+      mountPath: /etc/grafana/provisioning/alerting/policies.yaml
+      configMap: grafana-alerting
+      subPath: policies.yaml
+      readOnly: true
+
+  envValueFrom:
+    TELEGRAM_BOT_TOKEN:
+      secretKeyRef:
+        name: grafana-telegram
+        key: bot-token
+    TELEGRAM_CHAT_ID:
+      secretKeyRef:
+        name: grafana-telegram
+        key: chat-id