diff --git a/terraform-modules/aws/helm/kube-prometheus-stack/values.yaml b/terraform-modules/aws/helm/kube-prometheus-stack/values.yaml
index 594a47269..40317e87e 100644
--- a/terraform-modules/aws/helm/kube-prometheus-stack/values.yaml
+++ b/terraform-modules/aws/helm/kube-prometheus-stack/values.yaml
@@ -1,52 +1,70 @@
 ---
 namespaceOverride: monitoring
-# prometheusOperator:
-#   nodeSelector:
-#     app-type: my-app
-#   tolerations:
-#   - key: "app-type"
-#     operator: "Equal"
-#     value: "my-app"
-#     effect: "NoSchedule"
+
 # prometheus:
 #   prometheusSpec:
-#     nodeSelector:
-#       app-type: my-app
-#     tolerations:
-#     - key: "app-type"
-#       operator: "Equal"
-#       value: "my-app"
-#       effect: "NoSchedule"
-# alertmanager:
-#   enabled: true
-  # alertmanagerSpec:
-  #   nodeSelector:
-  #     app-type: my-app
-  #   tolerations:
-  #   - key: "app-type"
-  #     operator: "Equal"
-  #     value: "my-app"
-  #     effect: "NoSchedule"
-# nodeExporter:
-  # nodeSelector:
-  #   app-type: my-app
-  # tolerations:
-  # - key: "app-type"
-  #   operator: "Equal"
-  #   value: "my-app"
-  #   effect: "NoSchedule"
+#     storageSpec:
+#      volumeClaimTemplate:
+#        spec:
+#         #  storageClassName: gluster
+#          accessModes: ["ReadWriteOnce"]
+#          resources:
+#            requests:
+#              storage: 25Gi
+#     additionalScrapeConfigs:
+#     # Istio scrap endpoints
+#     # Doc: https://istio.io/latest/docs/ops/integrations/prometheus/#option-2-customized-scraping-configurations
+#     - job_name: 'istiod'
+#       kubernetes_sd_configs:
+#       - role: endpoints
+#         namespaces:
+#           names:
+#           - istio-system
+#       relabel_configs:
+#       - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
+#         action: keep
+#         regex: istiod;http-monitoring
+#     - job_name: 'envoy-stats'
+#       metrics_path: /stats/prometheus
+#       kubernetes_sd_configs:
+#       - role: pod
+
+#       relabel_configs:
+#       - source_labels: [__meta_kubernetes_pod_container_port_name]
+#         action: keep
+#         regex: '.*-envoy-prom'
+#     # End of istio scrape endpoints
+
 grafana:
   adminPassword: prom-operator
   ingress:
     enabled: true
     annotations:
-      kubernetes.io/ingress.class: ingress-external
+      kubernetes.io/ingress.class: istio
     hosts:
     - grafana.kubernetes-ops.com
-  # nodeSelector:
-  #   app-type: my-app
-  # tolerations:
-  # - key: "app-type"
-  #   operator: "Equal"
-  #   value: "my-app"
-  #   effect: "NoSchedule"
+    tls:
+    - hosts:
+      - grafana.kubernetes-ops.com # This should match a DNS name in the Certificate
+      # secretName: domain-wildcard # This should match the Certificate secretName
+  additionalDataSources:
+  - name: loki
+    access: proxy
+    basicAuth: false
+    basicAuthPassword: pass
+    basicAuthUser: daco
+    editable: false
+    jsonData:
+        tlsSkipVerify: true
+    orgId: 1
+    type: loki
+    url: http://loki-stack:3100
+    version: 1
+
+# Istio changes to not add the istio sidecar to the prometheus operator's addmission webhook patch
+# https://github.com/prometheus-community/helm-charts/issues/479#issuecomment-752709725
+prometheusOperator:
+  admissionWebhooks:
+    patch:
+      podAnnotations:
+        sidecar.istio.io/inject: "false"