diff --git a/CHANGELOG.md b/CHANGELOG.md
index 008fffa1..dcc94b38 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@
 * **Metrics**
   * [FIX] Set environment variable `MON_TLS_PATH_INGRESS` to ensure correct datasource connection between Grafana
 and Promethues in [Azure Deployment sample](samples/azure-deployment). (Fixes #614)
+  * [CHANGE] Replaced the ghostunnel sidecar proxy with Grafana's native TLS capabilities and eliminated ghostunnel from the project.
   * [UPGRADE] Kube-prometheus-stack Helm chart has been upgraded from version 54.0.1 to	56.6.2
   * [UPGRADE] Prometheus Operator has been upgraded from version 0.69.1 to 0.71.2
   * [UPGRADE] Prometheus has been upgraded from version 2.47.1 to 2.49.1
diff --git a/monitoring/tls/values-prom-operator-tls.yaml b/monitoring/tls/values-prom-operator-tls.yaml
index db8d2220..8f34cf06 100644
--- a/monitoring/tls/values-prom-operator-tls.yaml
+++ b/monitoring/tls/values-prom-operator-tls.yaml
@@ -56,82 +56,25 @@ grafana:
   readinessProbe:
     httpGet:
       scheme: HTTPS
-      port: 443
+      port: 3000
   livenessProbe:
     httpGet:
       scheme: HTTPS
-      port: 443
-  extraContainers: |
-    # Add square/ghosttunnel TLS proxy
-    - name: tls-proxy
-      args:
-      - server
-      - --listen=:443
-      - --target=127.0.0.1:3000
-      - --key=/cert/tls.key
-      - --cert=/cert/tls.crt
-      - --disable-authentication
-      image: ghostunnel/ghostunnel:v1.7.1
-      imagePullPolicy: IfNotPresent
-      ports:
-      - name: https
-        containerPort: 443 
-        protocol: TCP
-      resources: {}
-      securityContext:
-        allowPrivilegeEscalation: true
-        privileged: true
-        readOnlyRootFilesystem: true
-        runAsNonRoot: false
-        runAsUser: 0
-      terminationMessagePath: /dev/termination-log
-      terminationMessagePolicy: File
-      volumeMounts:
-      - mountPath: /cert
-        name: tls-proxy-secret
-        readOnly: true
-  extraContainerVolumes:
-  - name: tls-proxy-secret
-    secret:
-      defaultMode: 420
-      secretName: grafana-tls-secret
+      port: 3000
+  extraSecretMounts:
+  - name: grafana-tls
+    mountPath: /cert
+    secretName: grafana-tls-secret
+    readOnly: true
+    subPath: ""
   service:
-    port: 443
-    targetPort: 443
+    port: 3000
+    targetPort: 3000
   sidecar:
     datasources:
       defaultDatasourceEnabled: false
   "grafana.ini":
     server:
-      # Bind to localhost so https (tls-proxy) is the only way in
-      http_addr: 127.0.0.1
-
-# Commenting out for future reference with issue encountered when attempting to replace
-# ghostunnel with Grafanas native TLS.
-# Related GH Issue: https://github.com/prometheus-community/helm-charts/issues/3100
-# grafana:
-#   readinessProbe:
-#     httpGet:
-#       scheme: HTTPS
-#       port: 3000
-#   livenessProbe:
-#     httpGet:
-#       scheme: HTTPS
-#       port: 3000
-#   extraSecretMounts:
-#   - name: grafana-tls
-#     mountPath: /cert
-#     secretName: grafana-tls-secret
-#     readOnly: true
-#     subPath: ""
-#   service:
-#     port: 3000
-#     targetPort: 3000
-#   sidecar:
-#     datasources:
-#       defaultDatasourceEnabled: false
-#   "grafana.ini":
-#     server:
-#       protocol: https
-#       cert_file: /cert/tls.crt
-#       cert_key: /cert/tls.key
+      protocol: https
+      cert_file: /cert/tls.crt
+      cert_key: /cert/tls.key