diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 0000000..4521512
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1 @@
+* @dannykopping
\ No newline at end of file
diff --git a/README.md b/README.md
index 616428a..1a80c26 100644
--- a/README.md
+++ b/README.md
@@ -258,7 +258,7 @@ values which are defined [here](https://github.com/grafana/helm-charts/tree/main
 | global.dashboards.timerange | string | `"12h"` | how far back dashboards should look |
 | global.externalScheme | string | `"http"` |  |
 | global.externalZone | string | `"svc.cluster.local"` |  |
-| global.postgres | object | `{"alerts":{"groups":{"Basic":{"delay":"1m","enabled":true},"Connections":{"delay":"5m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}},"Notifications":{"delay":"15m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}}}},"database":"coder","exporter":{"image":"quay.io/prometheuscommunity/postgres-exporter"},"hostname":"localhost","mountSecret":"secret-postgres","password":null,"port":5432,"sslmode":"disable","username":"coder"}` | postgres connection information NOTE: these settings are global so we can parameterise some values which get rendered by subcharts |
+| global.postgres | object | `{"alerts":{"groups":{"Basic":{"delay":"1m","enabled":true},"Connections":{"delay":"5m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}},"Notifications":{"delay":"15m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}}}},"database":"coder","exporter":{"image":"quay.io/prometheuscommunity/postgres-exporter"},"hostname":"localhost","mountSecret":"secret-postgres","password":null,"port":5432,"sslmode":"disable","sslrootcert":null,"username":"coder","volumeMounts":[],"volumes":[]}` | postgres connection information NOTE: these settings are global so we can parameterise some values which get rendered by subcharts |
 | global.postgres.alerts | object | `{"groups":{"Basic":{"delay":"1m","enabled":true},"Connections":{"delay":"5m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}},"Notifications":{"delay":"15m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}}}}` | alerts for postgres |
 | global.telemetry | object | `{"metrics":{"scrape_interval":"15s","scrape_timeout":"12s"}}` | control telemetry collection |
 | global.telemetry.metrics | object | `{"scrape_interval":"15s","scrape_timeout":"12s"}` | control metric collection |
@@ -381,6 +381,7 @@ values which are defined [here](https://github.com/grafana/helm-charts/tree/main
 | grafana.extraConfigmapMounts[5].name | string | `"dashboards-prebuilds"` |  |
 | grafana.extraConfigmapMounts[5].readOnly | bool | `false` |  |
 | grafana.fullnameOverride | string | `"grafana"` |  |
+| grafana.image.tag | string | `"10.4.19"` |  |
 | grafana.persistence.enabled | bool | `true` |  |
 | grafana.persistence.size | string | `"10Gi"` |  |
 | grafana.replicas | int | `1` |  |
diff --git a/coder-observability/templates/_helpers.tpl b/coder-observability/templates/_helpers.tpl
index a182b3d..0d8578d 100644
--- a/coder-observability/templates/_helpers.tpl
+++ b/coder-observability/templates/_helpers.tpl
@@ -63,10 +63,22 @@ Create the name of the service account to use
 
 {{/* Postgres connector string */}}
 {{- define "postgres-connector-string" -}}
-{{- if .Values.global.postgres.password -}}
-postgresql://{{ .Values.global.postgres.username }}:{{ urlquery .Values.global.postgres.password }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/postgres?sslmode={{ .Values.global.postgres.sslmode }}
-{{- else if .Values.global.postgres.mountSecret -}}
-postgresql://{{ .Values.global.postgres.username }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/postgres?sslmode={{ .Values.global.postgres.sslmode }}
+{{- if and .Values.global.postgres.password (eq .Values.global.postgres.sslmode "disable") -}}
+postgresql://{{ .Values.global.postgres.username }}:{{ urlquery .Values.global.postgres.password }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}
+{{- else if and .Values.global.postgres.password (ne .Values.global.postgres.sslmode "disable") -}}
+{{- if .Values.global.postgres.sslrootcert -}}
+postgresql://{{ .Values.global.postgres.username }}:{{ urlquery .Values.global.postgres.password }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}&sslrootcert={{ .Values.global.postgres.sslrootcert }}
+{{- else -}}
+postgresql://{{ .Values.global.postgres.username }}:{{ urlquery .Values.global.postgres.password }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}
+{{- end -}}
+{{- else if and .Values.global.postgres.mountSecret (eq .Values.global.postgres.sslmode "disable") -}}
+postgresql://{{ .Values.global.postgres.username }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}
+{{- else if and .Values.global.postgres.mountSecret (ne .Values.global.postgres.sslmode "disable") -}}
+{{- if .Values.global.postgres.sslrootcert -}}
+postgresql://{{ .Values.global.postgres.username }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}&sslrootcert={{ .Values.global.postgres.sslrootcert }}
+{{- else -}}
+postgresql://{{ .Values.global.postgres.username }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}
+{{- end -}}
 {{- else -}}
 {{ fail "either postgres.password or postgres.mountSecret must be defined" }}
 {{- end -}}
diff --git a/coder-observability/templates/statefulset-postgres-exporter.yaml b/coder-observability/templates/statefulset-postgres-exporter.yaml
index 229c650..a1f6e55 100644
--- a/coder-observability/templates/statefulset-postgres-exporter.yaml
+++ b/coder-observability/templates/statefulset-postgres-exporter.yaml
@@ -29,4 +29,12 @@ spec:
           env:
             - name: DATA_SOURCE_NAME
               value: '{{ include "postgres-connector-string" . }}'
-          {{ include "postgres-secret-mount" . | nindent 10 }}
\ No newline at end of file
+          {{ include "postgres-secret-mount" . | nindent 10 }}
+          {{- if .Values.global.postgres.volumeMounts }}
+          volumeMounts:
+          {{ toYaml .Values.global.postgres.volumeMounts | nindent 12 }}
+          {{- end }}
+      {{- if .Values.global.postgres.volumes }}
+      volumes:
+      {{ toYaml .Values.global.postgres.volumes | nindent 8 }}
+      {{- end }}
\ No newline at end of file
diff --git a/coder-observability/values.yaml b/coder-observability/values.yaml
index f35e12b..6d06981 100644
--- a/coder-observability/values.yaml
+++ b/coder-observability/values.yaml
@@ -123,11 +123,18 @@ global:
     password:
     database: coder
     sslmode: disable
+    # SSL root certificate path - only required when sslmode != "disable"
+    sslrootcert:
+
     # ensure that your secret has a field named `PGPASSWORD`
     mountSecret: "secret-postgres"
     exporter:
       image: "quay.io/prometheuscommunity/postgres-exporter"
 
+    # volumes and volumeMounts for SSL certificates
+    volumes: []
+    volumeMounts: []
+
     # global.postgres.alerts -- alerts for postgres
     alerts:
       groups:
@@ -275,6 +282,8 @@ grafana-agent:
 
 grafana:
   enabled: true
+  image:
+    tag: 10.4.19
   fullnameOverride: grafana
   useStatefulSet: true
   replicas: 1
diff --git a/compiled/resources.yaml b/compiled/resources.yaml
index 6f4518e..aff5679 100644
--- a/compiled/resources.yaml
+++ b/compiled/resources.yaml
@@ -994,7 +994,7 @@ data:
     global:
     target:
       name: postgres
-      data_source_name: 'postgresql://coder@localhost:5432/postgres?sslmode=disable'
+      data_source_name: 'postgresql://coder@localhost:5432/coder?sslmode=disable'
       collectors:
         - notify
     collectors:
@@ -11247,8 +11247,8 @@ spec:
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: coder-observability
       annotations:
-        checksum/config: 4b5f6512e962f90e1dcdfbecb3713a10f3a998745141a4fc1adfcbb4cff23282
-        checksum/dashboards-json-config: 3f59a9bfe9e7e9b7e6ca4ea81afd7bac7a8d78eadb7edbb44be4a327efd1d931
+        checksum/config: 2828a490315379b00f2116ebe6a20dd3ca9a4d5ce5839f037c1eb0a4501ecb18
+        checksum/dashboards-json-config: 010b57348b6dd1f09007330c03d22a0570022534712646511cad39a9e3cb4bb7
         checksum/sc-dashboard-provider-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
         kubectl.kubernetes.io/default-container: grafana
     spec:
@@ -12215,7 +12215,7 @@ spec:
               name: exporter
           env:
             - name: DATA_SOURCE_NAME
-              value: 'postgresql://coder@localhost:5432/postgres?sslmode=disable'
+              value: 'postgresql://coder@localhost:5432/coder?sslmode=disable'
           envFrom:
             - secretRef:
                 name: secret-postgres
@@ -12270,7 +12270,7 @@ spec:
     metadata:
       annotations:
         prometheus.io/scrape: 'true'
-        checksum/config: e12c0044ef2cab3438ffdc8f5e16c24c5acf5ee36dcc8bee77294f27e53ce4a2
+        checksum/config: 71bb9e7579b6e138ae28c623aa29d72025be00387da6c1b8dd5aa168c96ca1e0
       labels:
         app: sql-exporter
         app.kubernetes.io/name: "database-stats"