diff --git a/.cicd/test.sh b/.cicd/test.sh
index b73ebfd..ec853bb 100755
--- a/.cicd/test.sh
+++ b/.cicd/test.sh
@@ -450,5 +450,37 @@ function check_creates_template() {
   check_no_setting "--set collectionExport.enabled=true" "name: EXPORT_PARALLELISM"
   check_setting_has_value "--set collectionExport.enabled=true --set collectionExport.envconfig.EXPORT_PARALLELISM=4" "name: EXPORT_PARALLELISM" "value: \"4\""
 
+  # Namespaces feature tests
+  # Default (namespaces disabled): none of the namespaces-coupled envs should be templated.
+  # REPLICATION_MAXIMUM_FACTOR is only forced by the namespaces block, so it must be absent by default.
+  check_no_setting "" "name: NAMESPACES_ENABLED"
+  check_no_setting "" "name: DISABLE_GRAPHQL"
+  check_no_setting "" "name: REPLICATION_MAXIMUM_FACTOR"
+  check_no_setting "--set namespaces.enabled=false" "name: NAMESPACES_ENABLED"
+  check_no_setting "--set namespaces.enabled=false" "name: DISABLE_GRAPHQL"
+  check_no_setting "--set namespaces.enabled=false" "name: REPLICATION_MAXIMUM_FACTOR"
+  # Namespaces enabled: flag emits all required envs. The server fatals on startup unless
+  # REPLICATION_MAXIMUM_FACTOR=1 when NAMESPACES_ENABLED=true, so the chart pins it to "1".
+  check_setting_has_value "--set namespaces.enabled=true" "name: NAMESPACES_ENABLED" "value: \"true\""
+  check_setting_has_value "--set namespaces.enabled=true" "name: DISABLE_GRAPHQL" "value: \"true\""
+  check_setting_has_value "--set namespaces.enabled=true" "name: REPLICATION_MAXIMUM_FACTOR" "value: \"1\""
+  # The pinned REPLICATION_MAXIMUM_FACTOR=1 is rendered after the generic env loop, so it overrides
+  # any user-supplied env.REPLICATION_MAXIMUM_FACTOR (Kubernetes keeps the last duplicate env entry).
+  check_setting_has_value "--set namespaces.enabled=true --set env.REPLICATION_MAXIMUM_FACTOR=3" "name: REPLICATION_MAXIMUM_FACTOR" "value: \"1\""
+  # Namespaces enabled end-to-end: flag + apikey + RBAC (configured via the chart's
+  # authentication/authorization values) must render cleanly together.
+  _settingNamespacesFull="--set namespaces.enabled=true --set authentication.apikey.enabled=true --set authentication.apikey.allowed_keys[0]=admin-key --set authentication.apikey.users[0]=admin --set authorization.rbac.enabled=true --set authorization.rbac.root_users[0]=admin"
+  check_setting_has_value "$_settingNamespacesFull" "name: NAMESPACES_ENABLED" "value: \"true\""
+  check_setting_has_value "$_settingNamespacesFull" "name: DISABLE_GRAPHQL" "value: \"true\""
+  check_setting_has_value "$_settingNamespacesFull" "name: REPLICATION_MAXIMUM_FACTOR" "value: \"1\""
+  check_string_existence "$_settingNamespacesFull" "allowed_keys:"
+  check_string_existence "$_settingNamespacesFull" "admin-key"
+  check_string_existence "$_settingNamespacesFull" "root_users:"
+  # OIDC namespace/global principal claims must propagate to the weaviate-config ConfigMap when set.
+  _settingOidcClaims="--set authentication.oidc.namespace_claim=weaviate_namespace --set authentication.oidc.global_principal_claim=weaviate_global --set authentication.oidc.skip_client_id_check=true"
+  check_string_existence "$_settingOidcClaims" "namespace_claim: weaviate_namespace"
+  check_string_existence "$_settingOidcClaims" "global_principal_claim: weaviate_global"
+  check_string_existence "$_settingOidcClaims" "skip_client_id_check: true"
+
   echo "Tests successful."
 )
diff --git a/weaviate/templates/weaviateStatefulset.yaml b/weaviate/templates/weaviateStatefulset.yaml
index 742aae5..ec0acbf 100644
--- a/weaviate/templates/weaviateStatefulset.yaml
+++ b/weaviate/templates/weaviateStatefulset.yaml
@@ -512,6 +512,14 @@ spec:
               {{- end }}
             {{- end }}
           {{- end }}
+          {{- if index .Values "namespaces" "enabled" }}
+          - name: NAMESPACES_ENABLED
+            value: "true"
+          - name: DISABLE_GRAPHQL
+            value: "true"
+          - name: REPLICATION_MAXIMUM_FACTOR
+            value: "1"
+          {{- end }}
           - name: CLUSTER_JOIN
             value: {{ .Values.service.name }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
         ports:
diff --git a/weaviate/values.yaml b/weaviate/values.yaml
index a1bfe87..a4eb83f 100644
--- a/weaviate/values.yaml
+++ b/weaviate/values.yaml
@@ -274,6 +274,9 @@ authentication:
     # username_claim: ''
     # groups_claim: ''
     # client_id: ''
+    # skip_client_id_check: false
+    # namespace_claim: ''
+    # global_principal_claim: ''
 
 authorization:
   rbac:
@@ -296,6 +299,9 @@ query_defaults:
   limit: 100
 debug: false
 
+# Enable namespaces support in the weaviate cluster. Once enabled, the cluster can't be migrated to a non-namespaced cluster and vice versa.
+namespaces:
+  enabled: false
 
 # Insert any custom environment variables or envSecrets by putting the exact name
 # and desired value into the settings below. Any env name passed will be automatically