feat: allow namespace overrides (#3797)

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>
2025-03-18 20:41:04 +00:00 · 2025-03-18 20:41:04 +00:00 · 3c1a323381
parent fb9b96bf75
commit 3c1a323381
56 changed files with 427 additions and 92 deletions
--- a/charts/actions-runner-controller/templates/NOTES.txt
+++ b/charts/actions-runner-controller/templates/NOTES.txt
@ -6,17 +6,17 @@
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "actions-runner-controller.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  export NODE_PORT=$(kubectl get --namespace {{ include "actions-runner-controller.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "actions-runner-controller.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ include "actions-runner-controller.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "actions-runner-controller.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "actions-runner-controller.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+           You can watch the status of by running 'kubectl get --namespace {{ include "actions-runner-controller.namespace" . }} svc -w {{ include "actions-runner-controller.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ include "actions-runner-controller.namespace" . }} {{ include "actions-runner-controller.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "actions-runner-controller.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  export POD_NAME=$(kubectl get pods --namespace {{ include "actions-runner-controller.namespace" . }} -l "app.kubernetes.io/name={{ include "actions-runner-controller.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ include "actions-runner-controller.namespace" . }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+  kubectl --namespace {{ include "actions-runner-controller.namespace" . }} port-forward $POD_NAME 8080:$CONTAINER_PORT
 {{- end }}
--- a/charts/actions-runner-controller/templates/_helpers.tpl
+++ b/charts/actions-runner-controller/templates/_helpers.tpl
@ -1,3 +1,14 @@
+{{/*
+Allow overriding the namespace for the resources.
+*/}}
+{{- define "actions-runner-controller.namespace" -}}
+{{- if .Values.namespaceOverride }}
+  {{- .Values.namespaceOverride }}
+{{- else }}
+  {{- .Release.Namespace }}
+{{- end }}
+{{- end }}
+
 {{/*
 Expand the name of the chart.
 */}}
--- a/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml
+++ b/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml
@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "actions-runner-controller-actions-metrics-server.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
 spec:
--- a/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml
+++ b/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml
@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ $fullName }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
  {{- with .Values.actionsMetricsServer.ingress.annotations }}
--- a/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml
+++ b/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml
@ -10,5 +10,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ include "actions-runner-controller-actions-metrics-server.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
+    namespace: {{ include "actions-runner-controller.namespace" . }}
 {{- end }}
--- a/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml
+++ b/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "actions-runner-controller-actions-metrics-server.secretName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
 type: Opaque
--- a/charts/actions-runner-controller/templates/actionsmetrics.service.yaml
+++ b/charts/actions-runner-controller/templates/actionsmetrics.service.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "actions-runner-controller-actions-metrics-server.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller-actions-metrics-server.selectorLabels" . | nindent 4 }}
 {{- if .Values.actionsMetricsServer.service.annotations }}
--- a/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml
+++ b/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "actions-runner-controller-actions-metrics-server.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
  {{- with .Values.actionsMetricsServer.serviceAccount.annotations }}
--- a/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml
+++ b/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml
@ -1,5 +1,5 @@
 {{- if and .Values.actionsMetricsServer.enabled .Values.actionsMetrics.serviceMonitor.enable }}
-{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default .Release.Namespace }}
+{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default (include "actions-runner-controller.namespace" .) }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
--- a/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml
+++ b/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml
@ -10,5 +10,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "actions-runner-controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
 {{- end }}
--- a/charts/actions-runner-controller/templates/certificate.yaml
+++ b/charts/actions-runner-controller/templates/certificate.yaml
@ -6,7 +6,7 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: {{ include "actions-runner-controller.selfsignedIssuerName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
 spec:
  selfSigned: {}
 ---
@ -14,11 +14,11 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: {{ include "actions-runner-controller.servingCertName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
 spec:
  dnsNames:
-  - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ .Release.Namespace }}.svc
-  - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ .Release.Namespace }}.svc.cluster.local
+  - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ include "actions-runner-controller.namespace" . }}.svc
+  - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ include "actions-runner-controller.namespace" . }}.svc.cluster.local
  issuerRef:
    kind: Issuer
    name: {{ include "actions-runner-controller.selfsignedIssuerName" . }}
--- a/charts/actions-runner-controller/templates/controller.metrics.service.yaml
+++ b/charts/actions-runner-controller/templates/controller.metrics.service.yaml
@ -4,7 +4,7 @@ metadata:
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
  name: {{ include "actions-runner-controller.metricsServiceName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  {{- with .Values.metrics.serviceAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
--- a/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml
+++ b/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml
@ -8,7 +8,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  name: {{ include "actions-runner-controller.serviceMonitorName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
 spec:
  endpoints:
    - path: /metrics
--- a/charts/actions-runner-controller/templates/controller.pdb.yaml
+++ b/charts/actions-runner-controller/templates/controller.pdb.yaml
@ -5,7 +5,7 @@ metadata:
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
  name: {{ include "actions-runner-controller.pdbName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
 spec:
  {{- if .Values.podDisruptionBudget.minAvailable }}
  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
--- a/charts/actions-runner-controller/templates/deployment.yaml
+++ b/charts/actions-runner-controller/templates/deployment.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "actions-runner-controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
 spec:
@ -56,7 +56,7 @@ spec:
        - "--docker-registry-mirror={{ .Values.dockerRegistryMirror }}"
        {{- end }}
        {{- if .Values.scope.singleNamespace }}
-        - "--watch-namespace={{ default .Release.Namespace .Values.scope.watchNamespace }}"
+        - "--watch-namespace={{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}"
        {{- end }}
        {{- if .Values.logLevel }}
        - "--log-level={{ .Values.logLevel }}"
--- a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml
@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "actions-runner-controller-github-webhook-server.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
 spec:
@ -43,7 +43,7 @@ spec:
        - "--log-level={{ .Values.githubWebhookServer.logLevel }}"
        {{- end }}
        {{- if .Values.scope.singleNamespace }}
-        - "--watch-namespace={{ default .Release.Namespace .Values.scope.watchNamespace }}"
+        - "--watch-namespace={{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}"
        {{- end }}
        {{- if .Values.runnerGithubURL  }}
        - "--runner-github-url={{ .Values.runnerGithubURL }}"
--- a/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml
@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ $fullName }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
  {{- with .Values.githubWebhookServer.ingress.annotations }}
--- a/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml
@ -5,7 +5,7 @@ metadata:
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
  name: {{ include "actions-runner-controller-github-webhook-server.pdbName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
 spec:
  {{- if .Values.githubWebhookServer.podDisruptionBudget.minAvailable }}
  minAvailable: {{ .Values.githubWebhookServer.podDisruptionBudget.minAvailable }}
--- a/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml
@ -10,5 +10,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ include "actions-runner-controller-github-webhook-server.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
+    namespace: {{ include "actions-runner-controller.namespace" . }}
 {{- end }}
--- a/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "actions-runner-controller-github-webhook-server.secretName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
 type: Opaque
--- a/charts/actions-runner-controller/templates/githubwebhook.service.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.service.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "actions-runner-controller-github-webhook-server.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 4 }}
 {{- if .Values.githubWebhookServer.service.annotations }}
--- a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml
@ -1,5 +1,5 @@
 {{- if and .Values.githubWebhookServer.enabled .Values.metrics.serviceMonitor.enable }}
-{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default .Release.Namespace }}
+{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default (include "actions-runner-controller.namespace" .) }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
--- a/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "actions-runner-controller-github-webhook-server.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
  {{- with .Values.githubWebhookServer.serviceAccount.annotations }}
--- a/charts/actions-runner-controller/templates/leader_election_role.yaml
+++ b/charts/actions-runner-controller/templates/leader_election_role.yaml
@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ include "actions-runner-controller.leaderElectionRoleName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
 rules:
 - apiGroups:
  - ""
--- a/charts/actions-runner-controller/templates/leader_election_role_binding.yaml
+++ b/charts/actions-runner-controller/templates/leader_election_role_binding.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "actions-runner-controller.leaderElectionRoleName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@ -10,4 +10,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "actions-runner-controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
--- a/charts/actions-runner-controller/templates/manager_role_binding.yaml
+++ b/charts/actions-runner-controller/templates/manager_role_binding.yaml
@ -9,4 +9,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "actions-runner-controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
--- a/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml
+++ b/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml
@ -6,7 +6,7 @@ kind: ClusterRoleBinding
 {{- end }}
 metadata:
  name: {{ include "actions-runner-controller.managerRoleName" . }}-secrets
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  {{- if .Values.scope.singleNamespace }}
@ -18,4 +18,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "actions-runner-controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
--- a/charts/actions-runner-controller/templates/manager_secrets.yaml
+++ b/charts/actions-runner-controller/templates/manager_secrets.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "actions-runner-controller.secretName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  {{- if .Values.authSecret.annotations }}
  annotations:
    {{ toYaml .Values.authSecret.annotations | nindent 4 }}
--- a/charts/actions-runner-controller/templates/serviceaccount.yaml
+++ b/charts/actions-runner-controller/templates/serviceaccount.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "actions-runner-controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
--- a/charts/actions-runner-controller/templates/webhook_configs.yaml
+++ b/charts/actions-runner-controller/templates/webhook_configs.yaml
@ -2,7 +2,7 @@
 We will use a self managed CA if one is not provided by cert-manager
 */}}
 {{- $ca := genCA "actions-runner-ca" 3650 }}
-{{- $cert := genSignedCert (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) .Release.Namespace) nil (list (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) .Release.Namespace)) 3650 $ca }}
+{{- $cert := genSignedCert (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) (include "actions-runner-controller.namespace" .)) nil (list (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) (include "actions-runner-controller.namespace" .))) 3650 $ca }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
@ -11,7 +11,7 @@ metadata:
  name: {{ include "actions-runner-controller.fullname" . }}-mutating-webhook-configuration
  {{- if .Values.certManagerEnabled }}
  annotations:
-    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "actions-runner-controller.servingCertName" . }}
+    cert-manager.io/inject-ca-from: {{ include "actions-runner-controller.namespace" . }}/{{ include "actions-runner-controller.servingCertName" . }}
  {{- end }}
 webhooks:
 - admissionReviewVersions:
@ -19,7 +19,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@ -29,7 +29,7 @@ webhooks:
    {{- end }}
    service:
      name: {{ include "actions-runner-controller.webhookServiceName" . }}
-      namespace: {{ .Release.Namespace }}
+      namespace: {{ include "actions-runner-controller.namespace" . }}
      path: /mutate-actions-summerwind-dev-v1alpha1-runner
  failurePolicy: Fail
  name: mutate.runner.actions.summerwind.dev
@ -50,7 +50,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@ -60,7 +60,7 @@ webhooks:
    {{- end }}
    service:
      name: {{ include "actions-runner-controller.webhookServiceName" . }}
-      namespace: {{ .Release.Namespace }}
+      namespace: {{ include "actions-runner-controller.namespace" . }}
      path: /mutate-actions-summerwind-dev-v1alpha1-runnerdeployment
  failurePolicy: Fail
  name: mutate.runnerdeployment.actions.summerwind.dev
@ -81,7 +81,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@ -91,7 +91,7 @@ webhooks:
    {{- end }}
    service:
      name: {{ include "actions-runner-controller.webhookServiceName" . }}
-      namespace: {{ .Release.Namespace }}
+      namespace: {{ include "actions-runner-controller.namespace" . }}
      path: /mutate-actions-summerwind-dev-v1alpha1-runnerreplicaset
  failurePolicy: Fail
  name: mutate.runnerreplicaset.actions.summerwind.dev
@ -112,7 +112,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@ -122,7 +122,7 @@ webhooks:
    {{- end }}
    service:
      name: {{ include "actions-runner-controller.webhookServiceName" . }}
-      namespace: {{ .Release.Namespace }}
+      namespace: {{ include "actions-runner-controller.namespace" . }}
      path: /mutate-runner-set-pod
  failurePolicy: Fail
  name: mutate-runner-pod.webhook.actions.summerwind.dev
@ -148,7 +148,7 @@ metadata:
  name: {{ include "actions-runner-controller.fullname" . }}-validating-webhook-configuration
  {{- if .Values.certManagerEnabled }}
  annotations:
-    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "actions-runner-controller.servingCertName" . }}
+    cert-manager.io/inject-ca-from: {{ include "actions-runner-controller.namespace" . }}/{{ include "actions-runner-controller.servingCertName" . }}
  {{- end }}
 webhooks:
 - admissionReviewVersions:
@ -156,7 +156,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@ -166,7 +166,7 @@ webhooks:
    {{- end }}
    service:
      name: {{ include "actions-runner-controller.webhookServiceName" . }}
-      namespace: {{ .Release.Namespace }}
+      namespace: {{ include "actions-runner-controller.namespace" . }}
      path: /validate-actions-summerwind-dev-v1alpha1-runner
  failurePolicy: Fail
  name: validate.runner.actions.summerwind.dev
@ -187,7 +187,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@ -197,7 +197,7 @@ webhooks:
    {{- end }}
    service:
      name: {{ include "actions-runner-controller.webhookServiceName" . }}
-      namespace: {{ .Release.Namespace }}
+      namespace: {{ include "actions-runner-controller.namespace" . }}
      path: /validate-actions-summerwind-dev-v1alpha1-runnerdeployment
  failurePolicy: Fail
  name: validate.runnerdeployment.actions.summerwind.dev
@ -218,7 +218,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@ -228,7 +228,7 @@ webhooks:
    {{- end }}
    service:
      name: {{ include "actions-runner-controller.webhookServiceName" . }}
-      namespace: {{ .Release.Namespace }}
+      namespace: {{ include "actions-runner-controller.namespace" . }}
      path: /validate-actions-summerwind-dev-v1alpha1-runnerreplicaset
  failurePolicy: Fail
  name: validate.runnerreplicaset.actions.summerwind.dev
@ -250,7 +250,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "actions-runner-controller.servingCertName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
 type: kubernetes.io/tls
--- a/charts/actions-runner-controller/templates/webhook_service.yaml
+++ b/charts/actions-runner-controller/templates/webhook_service.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "actions-runner-controller.webhookServiceName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "actions-runner-controller.namespace" . }}
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
  {{- with .Values.service.annotations }}
--- a/charts/actions-runner-controller/values.yaml
+++ b/charts/actions-runner-controller/values.yaml
@ -420,3 +420,6 @@ actionsMetricsServer:
    #      - chart-example.local
  terminationGracePeriodSeconds: 10
  lifecycle: {}
+
+# Add the option to deploy in another namespace rather than .Release.Namespace.
+namespaceOverride: ""
--- a/charts/gha-runner-scale-set-controller/templates/_helpers.tpl
+++ b/charts/gha-runner-scale-set-controller/templates/_helpers.tpl
@ -7,6 +7,17 @@ Expand the name of the chart.
 gha-rs-controller
 {{- end }}

+{{/*
+Allow overriding the namespace for the resources.
+*/}}
+{{- define "gha-runner-scale-set-controller.namespace" -}}
+{{- if .Values.namespaceOverride }}
+  {{- .Values.namespaceOverride }}
+{{- else }}
+  {{- .Release.Namespace }}
+{{- end }}
+{{- end }}
+
 {{- define "gha-runner-scale-set-controller.name" -}}
 {{- default (include "gha-base-name" .) .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
@ -57,7 +68,7 @@ Selector labels
 */}}
 {{- define "gha-runner-scale-set-controller.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "gha-runner-scale-set-controller.name" . }}
-app.kubernetes.io/namespace: {{ .Release.Namespace }}
+app.kubernetes.io/namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}

--- a/charts/gha-runner-scale-set-controller/templates/deployment.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/deployment.yaml
@ -2,10 +2,10 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "gha-runner-scale-set-controller.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
  labels:
    {{- include "gha-runner-scale-set-controller.labels" . | nindent 4 }}
-    actions.github.com/controller-service-account-namespace: {{ .Release.Namespace }}
+    actions.github.com/controller-service-account-namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
    actions.github.com/controller-service-account-name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }}
    {{- if .Values.flags.watchSingleNamespace }}
    actions.github.com/controller-watch-single-namespace: {{ .Values.flags.watchSingleNamespace }}
--- a/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml
@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ include "gha-runner-scale-set-controller.leaderElectionRoleName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
 rules:
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
--- a/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml
@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "gha-runner-scale-set-controller.leaderElectionRoleBinding" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@ -11,5 +11,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
 {{- end }}
--- a/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml
@ -10,5 +10,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
 {{- end }}
--- a/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ include "gha-runner-scale-set-controller.managerListenerRoleName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
 rules:
 - apiGroups:
  - ""
--- a/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "gha-runner-scale-set-controller.managerListenerRoleBinding" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@ -10,4 +10,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
--- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml
@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceRoleName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
 rules:
 - apiGroups:
  - actions.github.com
--- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml
@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceRoleBinding" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@ -11,5 +11,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
 {{- end }}
--- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml
@ -11,5 +11,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
 {{- end }}
--- a/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set-controller.namespace" . }}
  labels:
    {{- include "gha-runner-scale-set-controller.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
--- a/charts/gha-runner-scale-set-controller/tests/template_test.go
+++ b/charts/gha-runner-scale-set-controller/tests/template_test.go
@ -17,6 +17,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

 type Chart struct {
@ -1078,3 +1079,146 @@ func TestDeployment_excludeLabelPropagationPrefixes(t *testing.T) {
 	assert.Contains(t, container.Args, "--exclude-label-propagation-prefix=prefix.com/")
 	assert.Contains(t, container.Args, "--exclude-label-propagation-prefix=complete.io/label")
 }
+func TestNamespaceOverride(t *testing.T) {
+	t.Parallel()
+
+	chartPath := "../../gha-runner-scale-set-controller"
+
+	releaseName := "test"
+	releaseNamespace := "test-" + strings.ToLower(random.UniqueId())
+	namespaceOverride := "test-" + strings.ToLower(random.UniqueId())
+
+	tt := map[string]struct {
+		file          string
+		options       *helm.Options
+		wantNamespace string
+	}{
+		"deployment": {
+			file: "deployment.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride": namespaceOverride,
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+			wantNamespace: namespaceOverride,
+		},
+		"leader_election_role_binding": {
+			file: "leader_election_role_binding.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride": namespaceOverride,
+					"replicaCount":      "2",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+			wantNamespace: namespaceOverride,
+		},
+		"leader_election_role": {
+			file: "leader_election_role.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride": namespaceOverride,
+					"replicaCount":      "2",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+			wantNamespace: namespaceOverride,
+		},
+		"manager_listener_role_binding": {
+			file: "manager_listener_role_binding.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride": namespaceOverride,
+					"replicaCount":      "2",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+			wantNamespace: namespaceOverride,
+		},
+		"manager_listener_role": {
+			file: "manager_listener_role.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride": namespaceOverride,
+					"replicaCount":      "2",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+			wantNamespace: namespaceOverride,
+		},
+		"manager_single_namespace_controller_role": {
+			file: "manager_single_namespace_controller_role.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride":          namespaceOverride,
+					"flags.watchSingleNamespace": "true",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+			wantNamespace: namespaceOverride,
+		},
+		"manager_single_namespace_controller_role_binding": {
+			file: "manager_single_namespace_controller_role_binding.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride":          namespaceOverride,
+					"flags.watchSingleNamespace": "true",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+			wantNamespace: namespaceOverride,
+		},
+		"manager_single_namespace_watch_role": {
+			file: "manager_single_namespace_watch_role.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride":          namespaceOverride,
+					"flags.watchSingleNamespace": "target-ns",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+			wantNamespace: "target-ns",
+		},
+		"manager_single_namespace_watch_role_binding": {
+			file: "manager_single_namespace_watch_role_binding.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride":          namespaceOverride,
+					"flags.watchSingleNamespace": "target-ns",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+			wantNamespace: "target-ns",
+		},
+	}
+
+	for name, tc := range tt {
+		c := tc
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+			templateFile := filepath.Join("./templates", c.file)
+
+			output, err := helm.RenderTemplateE(t, c.options, chartPath, releaseName, []string{templateFile})
+			if err != nil {
+				t.Errorf("Error rendering template %s from chart %s: %s", c.file, chartPath, err)
+			}
+
+			type object struct {
+				Metadata metav1.ObjectMeta
+			}
+			var renderedObject object
+			helm.UnmarshalK8SYaml(t, output, &renderedObject)
+			assert.Equal(t, tc.wantNamespace, renderedObject.Metadata.Namespace)
+		})
+	}
+}
--- a/charts/gha-runner-scale-set-controller/values.yaml
+++ b/charts/gha-runner-scale-set-controller/values.yaml
@ -136,6 +136,9 @@ flags:
  # excludeLabelPropagationPrefixes:
  #   - "argocd.argoproj.io/instance"

-  ## Defines the K8s client rate limiter parameters.
+# Overrides the default `.Release.Namespace` for all resources in this chart.
+namespaceOverride: ""
+
+## Defines the K8s client rate limiter parameters.
  # k8sClientRateLimiterQPS: 20
  # k8sClientRateLimiterBurst: 30
--- a/charts/gha-runner-scale-set/templates/_helpers.tpl
+++ b/charts/gha-runner-scale-set/templates/_helpers.tpl
@ -43,7 +43,7 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 app.kubernetes.io/part-of: gha-rs
 actions.github.com/scale-set-name: {{ include "gha-runner-scale-set.scale-set-name" . }}
-actions.github.com/scale-set-namespace: {{ .Release.Namespace }}
+actions.github.com/scale-set-namespace: {{ include "gha-runner-scale-set.namespace" . }}
 {{- end }}

 {{/*
@ -481,8 +481,8 @@ volumeMounts:
      {{- $managerServiceAccountName = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-name") }}
    {{- end }}
  {{- else if gt $singleNamespaceCounter 0 }}
-    {{- if hasKey $singleNamespaceControllerDeployments .Release.Namespace }}
-      {{- $controllerDeployment = get $singleNamespaceControllerDeployments .Release.Namespace }}
+    {{- if hasKey $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }}
+      {{- $controllerDeployment = get $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }}
      {{- with $controllerDeployment.metadata }}
        {{- $managerServiceAccountName = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-name") }}
      {{- end }}
@ -538,8 +538,8 @@ volumeMounts:
      {{- $managerServiceAccountNamespace = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-namespace") }}
    {{- end }}
  {{- else if gt $singleNamespaceCounter 0 }}
-    {{- if hasKey $singleNamespaceControllerDeployments .Release.Namespace }}
-      {{- $controllerDeployment = get $singleNamespaceControllerDeployments .Release.Namespace }}
+    {{- if hasKey $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }}
+      {{- $controllerDeployment = get $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }}
      {{- with $controllerDeployment.metadata }}
        {{- $managerServiceAccountNamespace = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-namespace") }}
      {{- end }}
@ -553,3 +553,11 @@ volumeMounts:
 {{- $managerServiceAccountNamespace }}
 {{- end }}
 {{- end }}
+
+{{- define "gha-runner-scale-set.namespace" -}}
+{{- if .Values.namespaceOverride }}
+  {{- .Values.namespaceOverride }}
+{{- else }}
+  {{- .Release.Namespace }}
+{{- end }}
+{{- end }}
--- a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml
+++ b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml
@ -5,11 +5,11 @@ metadata:
  {{- if or (not (include "gha-runner-scale-set.scale-set-name" .)) (gt (len (include "gha-runner-scale-set.scale-set-name" .)) 45) }}
  {{ fail "Name must have up to 45 characters" }}
  {{- end }}
-  {{- if gt (len .Release.Namespace) 63 }}
+  {{- if gt (len (include "gha-runner-scale-set.namespace" .)) 63 }}
  {{ fail "Namespace must have up to 63 characters" }}
  {{- end }}
  name: {{ include "gha-runner-scale-set.scale-set-name" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set.namespace" . }}
  labels:
    {{- with .Values.labels }}
    {{- toYaml . | nindent 4 }}
--- a/charts/gha-runner-scale-set/templates/githubsecret.yaml
+++ b/charts/gha-runner-scale-set/templates/githubsecret.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "gha-runner-scale-set.githubsecret" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set.namespace" . }}
  labels:
    {{- with .Values.labels }}
    {{- toYaml . | nindent 4 }}
--- a/charts/gha-runner-scale-set/templates/kube_mode_role.yaml
+++ b/charts/gha-runner-scale-set/templates/kube_mode_role.yaml
@ -6,7 +6,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ include "gha-runner-scale-set.kubeModeRoleName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set.namespace" . }}
  labels:
    {{- with .Values.labels }}
    {{- toYaml . | nindent 4 }}
--- a/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml
+++ b/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml
@ -5,7 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "gha-runner-scale-set.kubeModeRoleBindingName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set.namespace" . }}
  labels:
    {{- with .Values.labels }}
    {{- toYaml . | nindent 4 }}
@ -35,5 +35,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set.namespace" . }}
 {{- end }}
--- a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml
+++ b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml
@ -5,8 +5,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
-
+  namespace: {{ include "gha-runner-scale-set.namespace" . }}
  {{- if or .Values.annotations $hasCustomResourceMeta }}
  annotations:
    {{- with .Values.annotations }}
--- a/charts/gha-runner-scale-set/templates/manager_role.yaml
+++ b/charts/gha-runner-scale-set/templates/manager_role.yaml
@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ include "gha-runner-scale-set.managerRoleName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set.namespace" . }}
  labels:
    {{- with .Values.labels }}
    {{- toYaml . | nindent 4 }}
--- a/charts/gha-runner-scale-set/templates/manager_role_binding.yaml
+++ b/charts/gha-runner-scale-set/templates/manager_role_binding.yaml
@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "gha-runner-scale-set.managerRoleBindingName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set.namespace" . }}
  labels:
    {{- with .Values.labels }}
    {{- toYaml . | nindent 4 }}
--- a/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml
+++ b/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml
@ -5,7 +5,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "gha-runner-scale-set.noPermissionServiceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "gha-runner-scale-set.namespace" . }}
  labels:
    {{- with .Values.labels }}
    {{- toYaml . | nindent 4 }}
--- a/charts/gha-runner-scale-set/tests/template_test.go
+++ b/charts/gha-runner-scale-set/tests/template_test.go
@ -6,6 +6,8 @@ import (
 	"strings"
 	"testing"

+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
 	v1alpha1 "github.com/actions/actions-runner-controller/apis/actions.github.com/v1alpha1"
 	actionsgithubcom "github.com/actions/actions-runner-controller/controllers/actions.github.com"
 	"github.com/gruntwork-io/terratest/modules/helm"
@ -2315,3 +2317,154 @@ func TestCustomAnnotations(t *testing.T) {
 	assert.Equal(t, wantCustomValue, noPermissionServiceAccount.Annotations[targetAnnotations])
 	assert.Equal(t, "npsa-custom-value", noPermissionServiceAccount.Annotations["npsa-custom"])
 }
+
+func TestNamespaceOverride(t *testing.T) {
+	t.Parallel()
+
+	chartPath := "../../gha-runner-scale-set"
+
+	releaseName := "test"
+	releaseNamespace := "test-" + strings.ToLower(random.UniqueId())
+	namespaceOverride := "test-" + strings.ToLower(random.UniqueId())
+
+	tt := map[string]struct {
+		file    string
+		options *helm.Options
+	}{
+		"manager_role": {
+			file: "manager_role.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride":                  namespaceOverride,
+					"controllerServiceAccount.name":      "foo",
+					"controllerServiceAccount.namespace": "bar",
+					"githubConfigSecret.github_token":    "gh_token12345",
+					"githubConfigUrl":                    "https://github.com",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+		},
+		"manager_role_binding": {
+			file: "manager_role_binding.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride":                  namespaceOverride,
+					"controllerServiceAccount.name":      "foo",
+					"controllerServiceAccount.namespace": "bar",
+					"githubConfigSecret.github_token":    "gh_token12345",
+					"githubConfigUrl":                    "https://github.com",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+		},
+		"no_permission_serviceaccount": {
+			file: "no_permission_serviceaccount.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride":                  namespaceOverride,
+					"controllerServiceAccount.name":      "foo",
+					"controllerServiceAccount.namespace": "bar",
+					"githubConfigSecret.github_token":    "gh_token12345",
+					"githubConfigUrl":                    "https://github.com",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+		},
+		"autoscalingrunnerset": {
+			file: "autoscalingrunnerset.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride":                  namespaceOverride,
+					"controllerServiceAccount.name":      "foo",
+					"controllerServiceAccount.namespace": "bar",
+					"githubConfigSecret.github_token":    "gh_token12345",
+					"githubConfigUrl":                    "https://github.com",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+		},
+		"githubsecret": {
+			file: "githubsecret.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride":                  namespaceOverride,
+					"controllerServiceAccount.name":      "foo",
+					"controllerServiceAccount.namespace": "bar",
+					"githubConfigSecret.github_token":    "gh_token12345",
+					"githubConfigUrl":                    "https://github.com",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+		},
+		"kube_mode_role": {
+			file: "kube_mode_role.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride":                  namespaceOverride,
+					"containerMode.type":                 "kubernetes",
+					"controllerServiceAccount.name":      "foo",
+					"controllerServiceAccount.namespace": "bar",
+					"githubConfigSecret.github_token":    "gh_token12345",
+					"githubConfigUrl":                    "https://github.com",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+		},
+		"kube_mode_role_binding": {
+			file: "kube_mode_role_binding.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride":                  namespaceOverride,
+					"containerMode.type":                 "kubernetes",
+					"controllerServiceAccount.name":      "foo",
+					"controllerServiceAccount.namespace": "bar",
+					"githubConfigSecret.github_token":    "gh_token12345",
+					"githubConfigUrl":                    "https://github.com",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+		},
+		"kube_mode_serviceaccount": {
+			file: "kube_mode_serviceaccount.yaml",
+			options: &helm.Options{
+				Logger: logger.Discard,
+				SetValues: map[string]string{
+					"namespaceOverride":                  namespaceOverride,
+					"containerMode.type":                 "kubernetes",
+					"controllerServiceAccount.name":      "foo",
+					"controllerServiceAccount.namespace": "bar",
+					"githubConfigSecret.github_token":    "gh_token12345",
+					"githubConfigUrl":                    "https://github.com",
+				},
+				KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace),
+			},
+		},
+	}
+
+	for name, tc := range tt {
+		c := tc
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+			templateFile := filepath.Join("./templates", c.file)
+
+			output, err := helm.RenderTemplateE(t, c.options, chartPath, releaseName, []string{templateFile})
+			if err != nil {
+				t.Errorf("Error rendering template %s from chart %s: %s", c.file, chartPath, err)
+			}
+
+			type object struct {
+				Metadata metav1.ObjectMeta
+			}
+			var renderedObject object
+			helm.UnmarshalK8SYaml(t, output, &renderedObject)
+			assert.Equal(t, namespaceOverride, renderedObject.Metadata.Namespace)
+		})
+	}
+}
--- a/charts/gha-runner-scale-set/values.yaml
+++ b/charts/gha-runner-scale-set/values.yaml
@ -216,6 +216,9 @@ template:
 #   namespace: arc-system
 #   name: test-arc-gha-runner-scale-set-controller

+# Overrides the default `.Release.Namespace` for all resources in this chart.
+namespaceOverride: ""
+
 ## Optional annotations and labels applied to all resources created by helm installation
 ##
 ## Annotations applied to all resources created by this helm chart. Annotations will not override the default ones, so make sure