diff --git a/.github/configs/updatecli.d/grafana.yaml b/.github/configs/updatecli.d/grafana.yaml
new file mode 100644
index 0000000..511f9b9
--- /dev/null
+++ b/.github/configs/updatecli.d/grafana.yaml
@@ -0,0 +1,30 @@
+name: Bump grafana version specified in the values.yaml
+sources:
+    latestGrafanaRelease:
+        name: Get latest grafana release on Github
+        kind: githubrelease
+        spec:
+            owner: grafana
+            repository: grafana
+            token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}'
+            versionfilter:
+                kind: latest
+        transformers:
+          - trimprefix: "v"
+conditions:
+    grafanaImagePublished:
+        name: Ensure the latest Grafana is published on DockerHub
+        kind: dockerimage
+        source-id: latestGrafanaRelease
+        spec:
+            image: "grafana/grafana"
+targets:
+    grafana:
+        name: Update Grafana version in values.yaml
+        kind: helmchart
+        spec:
+            file: values.yaml
+            key: $.grafana.version
+            name: charts/meta-monitoring
+            versionincrement: none
+        sourceid: latestGrafanaRelease
diff --git a/.github/workflows/check-for-dependency-updates.yaml b/.github/workflows/check-for-dependency-updates.yaml
index dbcdd6f..afd8b4d 100644
--- a/.github/workflows/check-for-dependency-updates.yaml
+++ b/.github/workflows/check-for-dependency-updates.yaml
@@ -175,3 +175,35 @@ jobs:
                 labels: dependencies
                 branch: chore/update-minio
                 delete-branch: true
+
+    updateGrafana:
+        name: Update the Grafana version
+        runs-on: "ubuntu-latest"
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v2
+
+            - name: Install Updatecli
+              uses: updatecli/updatecli-action@v2
+
+            - name: Run Updatecli
+              id: update-grafana
+              run: |
+                updatecli apply --config ${UPDATECLI_CONFIG_DIR}/grafana.yaml
+                if ! git diff --exit-code > /dev/null; then
+                  echo "changed=true" >> "${GITHUB_OUTPUT}"
+                fi
+
+            - name: Create pull request
+              if: steps.update-grafana.outputs.changed == 'true'
+              uses: peter-evans/create-pull-request@v5
+              with:
+                title: "[dependency] Update the Grafana version"
+                body: "Updates the Grafana version"
+                base: main
+                author: "${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>"
+                committer: "GitHub <noreply@github.com>"
+                commit-message: Update Grafana version
+                labels: dependencies
+                branch: chore/update-minio
+                delete-branch: true
diff --git a/charts/meta-monitoring/Chart.lock b/charts/meta-monitoring/Chart.lock
index 807fdb8..27d90e5 100644
--- a/charts/meta-monitoring/Chart.lock
+++ b/charts/meta-monitoring/Chart.lock
@@ -10,9 +10,9 @@ dependencies:
   version: 5.3.0
 - name: tempo-distributed
   repository: https://grafana.github.io/helm-charts
-  version: 1.9.7
+  version: 1.9.9
 - name: minio
   repository: https://charts.min.io
   version: 5.2.0
-digest: sha256:297f462812b6436834d8b82a028840bd55bd9e935b3d0a3e8206ac54a113be01
-generated: "2024-05-07T08:22:11.44263682Z"
+digest: sha256:5328702b5f6b0487aba8f7bc77d6abfcd5e094569e9205cd725971e3e31255dd
+generated: "2024-05-08T07:03:21.797461955Z"
diff --git a/charts/meta-monitoring/Chart.yaml b/charts/meta-monitoring/Chart.yaml
index 2837710..3f0a687 100644
--- a/charts/meta-monitoring/Chart.yaml
+++ b/charts/meta-monitoring/Chart.yaml
@@ -33,7 +33,7 @@ dependencies:
   condition: local.metrics.enabled
 - name: tempo-distributed
   repository: https://grafana.github.io/helm-charts
-  version: 1.9.7
+  version: 1.9.9
   condition: local.traces.enabled
 - name: minio
   repository: https://charts.min.io
diff --git a/charts/meta-monitoring/charts/tempo-distributed-1.9.7.tgz b/charts/meta-monitoring/charts/tempo-distributed-1.9.7.tgz
deleted file mode 100644
index f00a519..0000000
Binary files a/charts/meta-monitoring/charts/tempo-distributed-1.9.7.tgz and /dev/null differ
diff --git a/charts/meta-monitoring/charts/tempo-distributed-1.9.9.tgz b/charts/meta-monitoring/charts/tempo-distributed-1.9.9.tgz
new file mode 100644
index 0000000..89e4106
Binary files /dev/null and b/charts/meta-monitoring/charts/tempo-distributed-1.9.9.tgz differ
diff --git a/charts/meta-monitoring/templates/agent/_helpers-agent.tpl b/charts/meta-monitoring/templates/agent/_helpers-agent.tpl
index ac7e80a..d8d6642 100644
--- a/charts/meta-monitoring/templates/agent/_helpers-agent.tpl
+++ b/charts/meta-monitoring/templates/agent/_helpers-agent.tpl
@@ -48,7 +48,7 @@
 {{- define "agent.tempo_write_targets" -}}
 {{- $list := list }}
 {{- if .Values.local.traces.enabled }}
-{{- $list = append $list ("otelcol.exporter.otlp.local.input") }}
+{{- $list = append $list ("otelcol.exporter.otlphttp.local.input") }}
 {{- end }}
 {{- if .Values.cloud.traces.enabled }}
 {{- $list = append $list ("otelcol.exporter.otlphttp.cloud.input") }}
diff --git a/charts/meta-monitoring/templates/agent/config.yaml b/charts/meta-monitoring/templates/agent/config.yaml
index cf22a80..55e6963 100644
--- a/charts/meta-monitoring/templates/agent/config.yaml
+++ b/charts/meta-monitoring/templates/agent/config.yaml
@@ -294,9 +294,7 @@ data:
       // We don't technically need this, but it shows how to change listen address and incoming port.
       // In this case, the Agent is listening on all available bindable addresses on port 4317 (which is the
       // default OTLP gRPC port) for the OTLP protocol.
-      grpc {
-        endpoint = "0.0.0.0:4317"
-      }
+      grpc {}
 
       // We define where to send the output of all ingested traces. In this case, to the OpenTelemetry batch processor
       // named 'default'.
@@ -345,6 +343,14 @@ data:
     }
     {{- end }}
 
+    {{- if .Values.local.traces.enabled }}
+    otelcol.exporter.otlphttp "local" {
+        client {
+            endpoint = "http://{{- .Release.Name -}}-tempo-distributor.svc:4318"
+        }
+    }
+    {{- end }}
+
     {{- if .Values.cloud.logs.enabled }}
     loki.write "cloud" {
       endpoint {
diff --git a/charts/meta-monitoring/templates/grafana/grafana.yaml b/charts/meta-monitoring/templates/grafana/grafana.yaml
index e30c61c..4fe45a2 100644
--- a/charts/meta-monitoring/templates/grafana/grafana.yaml
+++ b/charts/meta-monitoring/templates/grafana/grafana.yaml
@@ -32,7 +32,7 @@ spec:
           - 0
       containers:
         - name: grafana
-          image: grafana/grafana:10.0.0
+          image: grafana/grafana:{{- .Values.grafana.version }}
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 3000
diff --git a/charts/meta-monitoring/templates/ruler/ruler.yaml b/charts/meta-monitoring/templates/ruler/ruler.yaml
index c3af965..090267c 100644
--- a/charts/meta-monitoring/templates/ruler/ruler.yaml
+++ b/charts/meta-monitoring/templates/ruler/ruler.yaml
@@ -49,6 +49,9 @@ spec:
             - containerPort: 7946
               name: memberlist
               protocol: TCP
+          envFrom:
+          - secretRef:
+             name: minio
           readinessProbe:
             failureThreshold: 3
             httpGet:
diff --git a/charts/meta-monitoring/values.yaml b/charts/meta-monitoring/values.yaml
index 613b663..72ca259 100644
--- a/charts/meta-monitoring/values.yaml
+++ b/charts/meta-monitoring/values.yaml
@@ -172,7 +172,7 @@ metrics:
   - promtail_custom_bad_words_total
   # Additional metrics to retain
   extraMetrics: []
-# Set enabled = true to add the default logs/metrics/traces dashboards to the local Grafana
+# Set enabled = true to add the default logs dashboards to the local Grafana
 dashboards:
   logs:
     enabled: true
@@ -180,10 +180,6 @@ dashboards:
     enabled: true
   traces:
     enabled: true
-global:
-  minio:
-    rootUser: "rootuser"
-    rootPassword: "rootpassword"
 kubeStateMetrics:
   # Scrape https://github.com/kubernetes/kube-state-metrics by default
   enabled: true
@@ -217,9 +213,9 @@ loki:
       common:
         storage:
           s3:
-            access_key_id: "{{ .Values.global.minio.rootUser }}"
+            access_key_id: "${rootUser}"
             endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000"
-            secret_access_key: "{{ .Values.global.minio.rootPassword }}"
+            secret_access_key: "${rootPassword}"
       compactor:
         retention_enabled: true
         delete_request_store: s3
@@ -242,8 +238,24 @@ loki:
         installOperator: false
     lokiCanary:
       enabled: false
-  test:
-    enabled: false
+  write:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "minio"
+  read:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "minio"
+  backend:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "minio"
 alloy:
   alloy:
     clustering:
@@ -278,30 +290,31 @@ alloy:
 mimir-distributed:
   minio:
     enabled: false
+  global:
+    extraEnvFrom:
+    - secretRef:
+        name: "minio"
   mimir:
     structuredConfig:
       alertmanager_storage:
         s3:
           bucket_name: mimir-ruler
-          access_key_id: "{{ .Values.global.minio.rootUser }}"
-          endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000"
-          secret_access_key: "{{ .Values.global.minio.rootPassword }}"
-          insecure: true
       blocks_storage:
         backend: s3
         s3:
           bucket_name: mimir-tsdb
-          access_key_id: "{{ .Values.global.minio.rootUser }}"
-          endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000"
-          secret_access_key: "{{ .Values.global.minio.rootPassword }}"
-          insecure: true
       ruler_storage:
         s3:
           bucket_name: mimir-ruler
-          access_key_id: "{{ .Values.global.minio.rootUser }}"
-          endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000"
-          secret_access_key: "{{ .Values.global.minio.rootPassword }}"
-          insecure: true
+      common:
+        storage:
+          backend: s3
+          s3:
+            bucket_name: mimir-ruler
+            access_key_id: "${rootUser}"
+            endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000"
+            secret_access_key: "${rootPassword}"
+            insecure: true
       limits:
         compactor_blocks_retention_period: 30d
 tempo-distributed:
@@ -313,12 +326,39 @@ tempo-distributed:
           s3:
             bucket: tempo
             endpoint: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc:9000"
-            access_key: "{{ .Values.global.minio.rootUser }}"
-            secret_key: "{{ .Values.global.minio.rootPassword }}"
+            access_key: "${rootUser}"
+            secret_key: "${rootPassword}"
             insecure: true
-      compactor:
-        compaction:
-          block_retention: 30d
+  distributor:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "minio"
+  ingester:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "minio"
+  compactor:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "minio"
+  querier:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "minio"
+  queryFrontend:
+    extraArgs:
+    - "-config.expand-env=true"
+    extraEnvFrom:
+    - secretRef:
+        name: "minio"
   traces:
     otlp:
       http:
@@ -326,8 +366,7 @@ tempo-distributed:
       grpc:
         enabled: true
 minio:
-  rootUser: rootuser
-  rootPassword: rootpassword
+  existingSecret: "minio"
   buckets:
     - name: loki-chunks
       policy: none
diff --git a/docs/installation.md b/docs/installation.md
index e827d5c..c49b2b1 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -25,17 +25,17 @@
    ```
    kubectl create secret generic logs -n meta \
     --from-literal=username=<logs username> \
-    --from-literal=password=<token>
+    --from-literal=password=<token> \
     --from-literal=endpoint='https://logs-prod-us-central1.grafana.net/loki/api/v1/push'
 
    kubectl create secret generic metrics -n meta \
     --from-literal=username=<metrics username> \
-    --from-literal=password=<token>
+    --from-literal=password=<token> \
     --from-literal=endpoint='https://prometheus-us-central1.grafana.net/api/prom/push'
 
    kubectl create secret generic traces -n meta \
     --from-literal=username=<OTLP instance ID> \
-    --from-literal=password=<token>
+    --from-literal=password=<token> \
     --from-literal=endpoint='https://otlp-gateway-prod-us-east-0.grafana.net/otlp'
    ```
 
@@ -67,6 +67,14 @@
    kubectl create namespace meta
    ```
 
+1. Create a secret named `minio` with the user and password for the local Minio:
+
+   ```
+   kubectl create secret generic minio -n meta \
+    --from-literal=rootPassword=<password> \
+    --from-literal=rootUser=<user>
+   ```
+
 1. Create a values.yaml file based on the [default one](../charts/meta-monitoring/values.yaml). An example minimal values.yaml looks like this:
 
    ```