diff --git a/charts/gha-runner-scale-set-experimental/templates/_defaults.tpl b/charts/gha-runner-scale-set-experimental/templates/_defaults.tpl
index f1ee037f..055c75a2 100644
--- a/charts/gha-runner-scale-set-experimental/templates/_defaults.tpl
+++ b/charts/gha-runner-scale-set-experimental/templates/_defaults.tpl
@@ -31,7 +31,7 @@ The name of the GitHub secret used for authentication.
 {{- if not (empty .Values.auth.secretName) -}}
   {{- .Values.auth.secretName -}}
 {{- else -}}
-  {{- include "autoscaling-runner-set.name" . }}-github-secret
+  {{- printf "%s-github-secret" (include "autoscaling-runner-set.name" .) -}}
 {{- end -}}
 {{- end }}
 
@@ -114,4 +114,22 @@ It defaults to ghcr.io/actions/actions-runner:latest if not specified.
   {{- fail "runner.container.command must be a list/array" -}}
 {{- end -}}
 {{- toJson $command -}}
+{{- end }}
+
+{{/*
+Hook extension ConfigMap name for kubernetes runner mode.
+
+If runner.kubernetesMode.extension.metadata.name is set, use it.
+Otherwise, default to a name derived from the scale set name.
+*/}}
+{{- define "runner-mode-kubernetes.extension-name" -}}
+{{- $runner := (.Values.runner | default dict) -}}
+{{- $kubeMode := (index $runner "kubernetesMode" | default dict) -}}
+{{- $extension := (index $kubeMode "extension" | default dict) -}}
+{{- $meta := (index $extension "metadata" | default dict) -}}
+{{- $name := (index $meta "name" | default "") -}}
+{{- if not (kindIs "string" $name) -}}
+  {{- fail "runner.kubernetesMode.extension.metadata.name must be a string" -}}
+{{- end -}}
+{{- default (printf "%s-hook-extension" (include "autoscaling-runner-set.name" .) | trunc 63 | trimSuffix "-") $name -}}
 {{- end }}
\ No newline at end of file
diff --git a/charts/gha-runner-scale-set-experimental/templates/_mode_kubernetes.tpl b/charts/gha-runner-scale-set-experimental/templates/_mode_kubernetes.tpl
index d9a637ab..8339c9e8 100644
--- a/charts/gha-runner-scale-set-experimental/templates/_mode_kubernetes.tpl
+++ b/charts/gha-runner-scale-set-experimental/templates/_mode_kubernetes.tpl
@@ -101,7 +101,7 @@ volumeMounts:
 {{- if $hasExtension }}
 - name: hook-extension
   configMap:
-    name: {{ if not (empty $extensionRef) }}{{ $extensionRef | quote }}{{ else }}{{ include "kube-mode-extension.name" . | quote }}{{ end }}
+    name: {{ if not (empty $extensionRef) }}{{ $extensionRef | quote }}{{ else }}{{ include "runner-mode-kubernetes.extension-name" . | quote }}{{ end }}
 {{- end }}
 
 {{- end }}
diff --git a/charts/gha-runner-scale-set-experimental/templates/hook_extension.yaml b/charts/gha-runner-scale-set-experimental/templates/hook_extension.yaml
index ec72bf28..f20426b6 100644
--- a/charts/gha-runner-scale-set-experimental/templates/hook_extension.yaml
+++ b/charts/gha-runner-scale-set-experimental/templates/hook_extension.yaml
@@ -14,7 +14,6 @@
 
   {{- $extensionMeta := dict -}}
   {{- $extensionName := "" -}}
-  {{- $extensionNamespace := "" -}}
   {{- $extensionYaml := "" -}}
   {{- if kindIs "map" $extension -}}
     {{- $extensionMeta = (index $extension "metadata" | default dict) -}}
@@ -22,16 +21,12 @@
       {{- fail "runner.kubernetesMode.extension.metadata must be an object" -}}
     {{- end -}}
     {{- $extensionName = (index $extensionMeta "name" | default "") -}}
-    {{- $extensionNamespace = (index $extensionMeta "namespace" | default "") -}}
     {{- $extensionYaml = (index $extension "yaml" | default "") -}}
   {{- end -}}
 
   {{- if not (kindIs "string" $extensionName) -}}
     {{- fail "runner.kubernetesMode.extension.metadata.name must be a string" -}}
   {{- end -}}
-  {{- if not (kindIs "string" $extensionNamespace) -}}
-    {{- fail "runner.kubernetesMode.extension.metadata.namespace must be a string" -}}
-  {{- end -}}
   {{- if not (kindIs "string" $extensionYaml) -}}
     {{- fail "runner.kubernetesMode.extension.yaml must be a string" -}}
   {{- end -}}
@@ -40,8 +35,8 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ default (printf "%s-hook-extension" (include "autoscaling-runner-set.name" .) | trunc 63 | trimSuffix "-") $extensionName | quote }}
-  namespace: {{ default (include "autoscaling-runner-set.namespace" .) $extensionNamespace | quote }}
+  name: {{ default (include "runner-mode-kubernetes.extension-name" .) $extensionName | quote }}
+  namespace: {{ include "autoscaling-runner-set.namespace" . | quote }}
   labels:
     {{- include "kube-mode-extension.labels" . | nindent 4 }}
   {{- $annotations := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}}
diff --git a/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_kubernetes_mode_hook_extension_test.yaml b/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_kubernetes_mode_hook_extension_test.yaml
index c1e79e4c..befb41cc 100644
--- a/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_kubernetes_mode_hook_extension_test.yaml
+++ b/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_kubernetes_mode_hook_extension_test.yaml
@@ -41,6 +41,30 @@ tests:
             subPath: extension
             readOnly: true
 
+  - it: should mount helper-derived default hook extension name when inline extension has no metadata.name
+    set:
+      scaleset.name: "test"
+      auth.url: "https://github.com/org"
+      auth.githubToken: "gh_token12345"
+      controllerServiceAccount.name: "arc"
+      controllerServiceAccount.namespace: "arc-system"
+      runner:
+        mode: "kubernetes"
+        kubernetesMode:
+          hookPath: "/home/runner/k8s/index.js"
+          extension:
+            yaml: "foo: bar"
+    release:
+      name: "test-name"
+      namespace: "test-namespace"
+    asserts:
+      - contains:
+          path: spec.template.spec.volumes
+          content:
+            name: hook-extension
+            configMap:
+              name: test-name-hook-extension
+
   - it: should mount hook extension ConfigMap when extensionRef is set
     set:
       scaleset.name: "test"
diff --git a/charts/gha-runner-scale-set-experimental/tests/hook_extension_configmap_test.yaml b/charts/gha-runner-scale-set-experimental/tests/hook_extension_configmap_test.yaml
index 47974d04..db243068 100644
--- a/charts/gha-runner-scale-set-experimental/tests/hook_extension_configmap_test.yaml
+++ b/charts/gha-runner-scale-set-experimental/tests/hook_extension_configmap_test.yaml
@@ -10,14 +10,14 @@ tests:
           extension:
             metadata:
               name: "my-hook-extension"
-              namespace: "test-namespace"
+              namespace: "ignored-by-chart"
             yaml: |
               foo: bar
               nested:
                 a: 1
     release:
       name: "test-name"
-      namespace: "ignored-by-test" # overridden by extension.metadata.namespace above
+      namespace: "test-namespace"
     asserts:
       - equal:
           path: apiVersion
@@ -38,6 +38,26 @@ tests:
             nested:
               a: 1
 
+  - it: should use helper-derived default name when extension metadata.name is empty
+    set:
+      runner:
+        mode: "kubernetes"
+        kubernetesMode:
+          extension:
+            metadata:
+              name: ""
+            yaml: "foo: bar"
+    release:
+      name: "test-name"
+      namespace: "test-namespace"
+    asserts:
+      - equal:
+          path: metadata.name
+          value: test-name-hook-extension
+      - equal:
+          path: metadata.namespace
+          value: test-namespace
+
   - it: should not render when extension.yaml is empty
     set:
       runner:
diff --git a/charts/gha-runner-scale-set-experimental/tests/hook_extension_namespace_test.yaml b/charts/gha-runner-scale-set-experimental/tests/hook_extension_namespace_test.yaml
new file mode 100644
index 00000000..08039c6d
--- /dev/null
+++ b/charts/gha-runner-scale-set-experimental/tests/hook_extension_namespace_test.yaml
@@ -0,0 +1,61 @@
+suite: "Hook extension namespace alignment"
+templates:
+  - autoscalingrunnserset.yaml
+  - hook_extension.yaml
+tests:
+  - it: should render hook extension ConfigMap in the same namespace as AutoscalingRunnerSet (Release namespace)
+    set:
+      scaleset.name: "test"
+      auth.url: "https://github.com/org"
+      auth.githubToken: "gh_token12345"
+      controllerServiceAccount.name: "arc"
+      controllerServiceAccount.namespace: "arc-system"
+      runner:
+        mode: "kubernetes"
+        kubernetesMode:
+          extension:
+            metadata:
+              name: "my-hook-extension"
+              namespace: "wrong-ns"
+            yaml: "foo: bar"
+    release:
+      name: "test-name"
+      namespace: "release-ns"
+    asserts:
+      - equal:
+          path: metadata.namespace
+          value: "release-ns"
+        template: autoscalingrunnserset.yaml
+      - equal:
+          path: metadata.namespace
+          value: "release-ns"
+        template: hook_extension.yaml
+
+  - it: should render hook extension ConfigMap in the same namespace as AutoscalingRunnerSet (namespaceOverride)
+    set:
+      namespaceOverride: "override-ns"
+      scaleset.name: "test"
+      auth.url: "https://github.com/org"
+      auth.githubToken: "gh_token12345"
+      controllerServiceAccount.name: "arc"
+      controllerServiceAccount.namespace: "arc-system"
+      runner:
+        mode: "kubernetes"
+        kubernetesMode:
+          extension:
+            metadata:
+              name: "my-hook-extension"
+              namespace: "wrong-ns"
+            yaml: "foo: bar"
+    release:
+      name: "test-name"
+      namespace: "release-ns"
+    asserts:
+      - equal:
+          path: metadata.namespace
+          value: "override-ns"
+        template: autoscalingrunnserset.yaml
+      - equal:
+          path: metadata.namespace
+          value: "override-ns"
+        template: hook_extension.yaml
diff --git a/charts/gha-runner-scale-set-experimental/values.yaml b/charts/gha-runner-scale-set-experimental/values.yaml
index b7c9a1e7..e1957018 100644
--- a/charts/gha-runner-scale-set-experimental/values.yaml
+++ b/charts/gha-runner-scale-set-experimental/values.yaml
@@ -115,7 +115,7 @@ resource:
     metadata:
       labels: {}
       annotations: {}
-      
+
   # Specifies metadata that will be applied to the no-permission ServiceAccount
   # (created for non-kubernetes runner modes).
   noPermissionServiceAccount:
@@ -152,12 +152,12 @@ runner:
   # - "" (default) - no additional configuration is applied
   # - "kubernetes" - configuration for running jobs in Kubernetes mode is applied
   # - "dind" - configuration for running jobs in Docker-in-Docker mode is
-  # 
+  #
   # For each mode, we provide configuration out of the box that works for most use
   # cases. You can customize our configuration by modifying the fields below,
   # or you can leave mode empty and provide your own complete configuration.
   mode: ""
-  
+
   pod:
     metadata:
       labels: {}
@@ -178,7 +178,7 @@ runner:
       containers: []
       initContainers: []
       volumes: []
-    
+
   # container field is applied to the container named "runner". You cannot override the name of the runner container
   container:
     image: "ghcr.io/actions/actions-runner:latest"
@@ -196,12 +196,14 @@ runner:
     serviceAccountName: ""
     hookPath: "/home/runner/k8s/index.js"
     requireJobContainer: true
-    extensionRef: ""
-    extension:
-      metadata:
-        name: ""
-        namespace: ""
-      yaml: ""
+    # extensionRef: ""
+    # extension:
+    ## metadata adds metadata to the config map configured for the hook extension
+    ## NOTE: namespace field is ignored.
+    #   metadata:
+    #     labels: ""
+    #     namespace: ""
+    #   yaml: ""
 
 ## A self-signed CA certificate for communication with the GitHub server can be
 ## provided using a config map key selector. If `runnerMountPath` is set, for