diff --git a/sonobuoy/templates/pod-api.yaml b/sonobuoy/templates/pod-api.yaml
index 9b119da2..f1ab849d 100644
--- a/sonobuoy/templates/pod-api.yaml
+++ b/sonobuoy/templates/pod-api.yaml
@@ -19,11 +19,13 @@ limitations under the License.
 
 {{- $serviceAccountName := "sonobuoy-serviceaccount" }}
 {{ tuple $envAll "sonobuoy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+
+{{ $controllerName := printf "%s-%s" .Release.Namespace $serviceAccountName }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ $serviceAccountName }}
+  name: {{ $controllerName | quote }}
 rules:
 - apiGroups:
   - '*'
@@ -35,11 +37,11 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ $serviceAccountName }}-heptio-sonobuoy
+  name: {{ $controllerName | quote }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ $serviceAccountName }}
+  name: {{ $controllerName | quote }}
 subjects:
 - kind: ServiceAccount
   name: {{ $serviceAccountName }}
diff --git a/sonobuoy/templates/secret-etc.yaml b/sonobuoy/templates/secret-etc.yaml
index 96045aec..e08fcd26 100644
--- a/sonobuoy/templates/secret-etc.yaml
+++ b/sonobuoy/templates/secret-etc.yaml
@@ -18,6 +18,9 @@ limitations under the License.
 {{- if empty .Values.conf.sonobuoy.WorkerImage -}}
 {{- $_ := set .Values.conf.sonobuoy "WorkerImage" .Values.images.tags.sonobuoy_api -}}
 {{- end -}}
+{{- if empty .Values.conf.sonobuoy.Namespace -}}
+{{- $_ := set .Values.conf.sonobuoy "Namespace" .Release.Namespace -}}
+{{- end -}}
 ---
 apiVersion: v1
 kind: Secret
diff --git a/sonobuoy/templates/serviceaccount-readonly.yaml b/sonobuoy/templates/serviceaccount-readonly.yaml
index e0b1b566..2604523c 100644
--- a/sonobuoy/templates/serviceaccount-readonly.yaml
+++ b/sonobuoy/templates/serviceaccount-readonly.yaml
@@ -59,13 +59,13 @@ may be referenced to list pods, etc.
 {{- if .Values.manifests.serviceaccount_readonly }}
 {{- $envAll := . }}
 
-{{- $serviceAccountName := "sonobuoy-readonly-serviceaccount" }}
-{{ tuple $envAll "sonobuoy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+{{- $controllerName := printf "%s-%s" $envAll.Release.Namespace "sonobuoy-readonly-serviceaccount" }}
+{{ tuple $envAll "sonobuoy" $controllerName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: sonobuoy-readonly-clusterrole
+  name: {{ $controllerName | quote }}
 rules:
 - apiGroups:
   - "*"
@@ -79,24 +79,24 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: sonobuoy-readonly-clusterrolebinding
+  name: {{ $controllerName | quote }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: sonobuoy-readonly-clusterrole
+  name: {{ $controllerName | quote }}
 subjects:
 - kind: ServiceAccount
-  name: {{ $serviceAccountName }}
+  name: {{ $controllerName | quote }}
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: v1
 kind: Secret
 type: kubernetes.io/service-account-token
 metadata:
-  name: {{ $serviceAccountName }}-token-secret
+  name: sonobuoy-readonly-serviceaccount-token-secret
   namespace: {{ .Release.Namespace }}
   annotations:
-    kubernetes.io/service-account.name: {{ $serviceAccountName }}
+    kubernetes.io/service-account.name: {{ $controllerName }}
     {{/*
     post-install hook is required to cause ServiceAccount to be deployed
     before creating a secret token for it. By default helm deploys secrets
diff --git a/sonobuoy/values.yaml b/sonobuoy/values.yaml
index e272cedb..fb7dd423 100644
--- a/sonobuoy/values.yaml
+++ b/sonobuoy/values.yaml
@@ -126,6 +126,8 @@ conf:
     Limits:
       PodLogs:
         SizeLimitBytes: 10000
+    # NOTE: the Namespace should not be defined and is set in sonobuoy-etc
+    Namespace: null
     # NOTE: the WorkerImage should not be defined and is set in sonobuoy-etc
     WorkerImage: null
     ImagePullPolicy: IfNotPresent
diff --git a/tools/gate/scripts/sonobuoy.sh b/tools/gate/scripts/sonobuoy.sh
index cc8272bb..d8929351 100755
--- a/tools/gate/scripts/sonobuoy.sh
+++ b/tools/gate/scripts/sonobuoy.sh
@@ -19,5 +19,12 @@ set -xe
 helm dependency update sonobuoy
 helm upgrade --install sonobuoy sonobuoy \
     --namespace=heptio-sonobuoy \
-    --set endpoints.identity.namespace=openstack
+    --set endpoints.identity.namespace=openstack \
+    --set manifests.serviceaccount_readonly=true
 helm test sonobuoy
+
+helm upgrade --install another-sonobuoy sonobuoy \
+    --namespace=sonobuoy \
+    --set endpoints.identity.namespace=openstack \
+    --set manifests.serviceaccount_readonly=true
+helm test another-sonobuoy