diff --git a/pkg/gitlab/internal/v1beta1/adapter_test.go b/pkg/gitlab/internal/v1beta1/adapter_test.go
index ad382cfe47b843fa1b86a00ed4aa2f048d176503..11ffd7b813591ba094c403abc66f1b2d3168ac71 100644
--- a/pkg/gitlab/internal/v1beta1/adapter_test.go
+++ b/pkg/gitlab/internal/v1beta1/adapter_test.go
@@ -98,8 +98,6 @@ var _ = Describe("GitLab Adapter [v1beta1]", func() {
 		_ = values.SetValue("global.hosts.domain", "greatexpectations.com")
 
 		/* Operator overrides these */
-		_ = values.SetValue("global.serviceAccount.enabled", false)
-		_ = values.SetValue("global.ingress.apiVersion", "networking.k8s.io/v1beta1")
 		_ = values.SetValue("gitlab-runner.install", true)
 		_ = values.SetValue("certmanager.install", true)
 
@@ -127,7 +125,9 @@ var _ = Describe("GitLab Adapter [v1beta1]", func() {
 
 	It("uses user-defined values over operator default values", func() {
 		values := support.Values{}
+		_ = values.SetValue("global.serviceAccount.enabled", false)
 		_ = values.SetValue("gitlab.webservice.serviceAccount.name", "great-service-account")
+		_ = values.SetValue("global.ingress.apiVersion", "networking.k8s.io/v1beta1")
 
 		a, err := NewAdapter(context.TODO(),
 			newGitLabResource(getChartVersion(), values))
@@ -136,6 +136,8 @@ var _ = Describe("GitLab Adapter [v1beta1]", func() {
 		Expect(a).NotTo(BeNil())
 
 		Expect(a.values.GetValue("gitlab.webservice.serviceAccount.name")).To(Equal("great-service-account"))
+		Expect(a.values.GetValue("global.ingress.apiVersion")).To(Equal("networking.k8s.io/v1beta1"))
+		Expect(a.values.GetValue("global.serviceAccount.enabled")).To(BeFalse())
 	})
 
 	It("wants default components and features when not specified otherwise", func() {
@@ -248,21 +250,20 @@ func addChartDefaultExamples(examples support.Values) {
 }
 
 func addOperatorDefaultExamples(examples support.Values) {
-	examples["certmanager-issuer.email"] = "admin@example.com"
-	examples["gitlab.webservice.serviceAccount.name"] = settings.AppNonRootServiceAccount
-}
-
-func addOperatorOverrideExamples(examples support.Values) {
 	examples["global.serviceAccount.name"] = settings.AppNonRootServiceAccount
 	examples["global.ingress.apiVersion"] = "networking.k8s.io/v1" // ""
 	examples["global.serviceAccount.enabled"] = true               // false
-	examples["certmanager.install"] = false                        // true
-	examples["gitlab-runner.install"] = false                      // true
-	examples["shared-secrets.securityContext.runAsUser"] = ""      // 1000
-	examples["shared-secrets.securityContext.fsGroup"] = ""        // 1000
+	examples["certmanager-issuer.email"] = "admin@example.com"
+	examples["shared-secrets.securityContext.runAsUser"] = "" // 1000
+	examples["shared-secrets.securityContext.fsGroup"] = ""   // 1000
 	examples["shared-secrets.serviceAccount.name"] = settings.ManagerServiceAccount
 }
 
+func addOperatorOverrideExamples(examples support.Values) {
+	examples["certmanager.install"] = false   // true
+	examples["gitlab-runner.install"] = false // true
+}
+
 func addUserDefinedExamples(examples, values support.Values) {
 	for key, val := range values {
 		examples[key] = val
diff --git a/pkg/gitlab/internal/v1beta1/default-values.tpl b/pkg/gitlab/internal/v1beta1/default-values.tpl
index 3866c0aed0c37ae436fd85439b2b118aaff74f69..c0ed67220498ee2c5a18ad71cd7d2eca6827e6f6 100644
--- a/pkg/gitlab/internal/v1beta1/default-values.tpl
+++ b/pkg/gitlab/internal/v1beta1/default-values.tpl
@@ -1,11 +1,68 @@
+global:
+  image:
+    pullPolicy: IfNotPresent
+
+  ingress:
+    apiVersion: networking.k8s.io/v1
+    {{ if .UseCertManager }}
+    annotations:
+      cert-manager.io/issuer: {{ .ReleaseName }}-issuer
+      acme.cert-manager.io/http01-edit-in-place: true
+    {{ end }}
+
+  serviceAccount:
+    enabled: true
+    create: false
+    name: {{ .Settings.AppNonRootServiceAccount }}
+
 certmanager-issuer:
   email: {{ .Settings.CertmanagerIssuerEmail }}
 
-gitlab:
-  webservice:
-    serviceAccount:
+postgresql:
+  serviceAccount:
+    enabled: true
+    create: false
+    name: {{ .Settings.AppNonRootServiceAccount }}
+  securityContext:
+    fsGroup: 1000
+    runAsUser: 1000
+
+redis:
+  serviceAccount:
+    name: {{ .Settings.AppNonRootServiceAccount }}
+  securityContext:
+    fsGroup: 1000
+    runAsUser: 1000
+
+shared-secrets:
+  serviceAccount:
+    create: false
+    name: {{ .Settings.ManagerServiceAccount }}
+  securityContext:
+    runAsUser: ''
+    fsGroup: ''
+
+prometheus:
+  rbac:
+    create: false
+  serviceAccounts:
+    server:
+      create: false
+      name: {{ .Settings.PrometheusServiceAccount }}
+    alertmanager:
+      create: false
+      name: {{ .Settings.AppNonRootServiceAccount }}
+    nodeExporter:
+      create: false
+      name: {{ .Settings.AppNonRootServiceAccount }}
+    pushgateway:
+      create: false
       name: {{ .Settings.AppNonRootServiceAccount }}
 
+gitlab-zoekt:
+  serviceAccount:
+    create: false
+    name: {{ .Settings.AppNonRootServiceAccount }}
 
 nginx-ingress:
   labels:
diff --git a/pkg/gitlab/internal/v1beta1/override-values.tpl b/pkg/gitlab/internal/v1beta1/override-values.tpl
index 859d1268c4d1240b4ecdc7c26e36c31004bccf33..83aed92ae50eb71d57b4bf020217419366d9ce9e 100644
--- a/pkg/gitlab/internal/v1beta1/override-values.tpl
+++ b/pkg/gitlab/internal/v1beta1/override-values.tpl
@@ -4,6 +4,13 @@ certmanager:
 gitlab-runner:
   install: false
 
+global:
+  common:
+    labels:
+      app.kubernetes.io/name: {{ .ReleaseName }}
+      app.kubernetes.io/part-of: gitlab
+      app.kubernetes.io/managed-by: gitlab-operator
+
 gitlab:
   gitaly:
     common:
@@ -71,29 +78,6 @@ gitlab:
         app.kubernetes.io/component: webservice
         app.kubernetes.io/instance: {{ .ReleaseName }}-webservice
 
-global:
-  common:
-    labels:
-      app.kubernetes.io/name: {{ .ReleaseName }}
-      app.kubernetes.io/part-of: gitlab
-      app.kubernetes.io/managed-by: gitlab-operator
-
-  image:
-    pullPolicy: IfNotPresent
-
-  ingress:
-    apiVersion: networking.k8s.io/v1
-    {{ if .UseCertManager }}
-    annotations:
-      cert-manager.io/issuer: {{ .ReleaseName }}-issuer
-      acme.cert-manager.io/http01-edit-in-place: true
-    {{ end }}
-
-  serviceAccount:
-    enabled: true
-    create: false
-    name: {{ .Settings.AppNonRootServiceAccount }}
-
 minio:
   common:
     labels:
@@ -103,22 +87,10 @@ minio:
 postgresql:
   commonLabels:
     gitlab.io/component: postgresql
-  serviceAccount:
-    enabled: true
-    create: false
-    name: {{ .Settings.AppNonRootServiceAccount }}
-  securityContext:
-    fsGroup: 1000
-    runAsUser: 1000
 
 redis:
   commonLabels:
     gitlab.io/component: redis
-  serviceAccount:
-    name: {{ .Settings.AppNonRootServiceAccount }}
-  securityContext:
-    fsGroup: 1000
-    runAsUser: 1000
 
 registry:
   common:
@@ -126,32 +98,3 @@ registry:
       app.kubernetes.io/component: registry
       app.kubernetes.io/instance: {{ .ReleaseName }}-registry
 
-shared-secrets:
-  serviceAccount:
-    create: false
-    name: {{ .Settings.ManagerServiceAccount }}
-  securityContext:
-    runAsUser: ''
-    fsGroup: ''
-
-prometheus:
-  rbac:
-    create: false
-  serviceAccounts:
-    server:
-      create: false
-      name: {{ .Settings.PrometheusServiceAccount }}
-    alertmanager:
-      create: false
-      name: {{ .Settings.AppNonRootServiceAccount }}
-    nodeExporter:
-      create: false
-      name: {{ .Settings.AppNonRootServiceAccount }}
-    pushgateway:
-      create: false
-      name: {{ .Settings.AppNonRootServiceAccount }}
-
-gitlab-zoekt:
-  serviceAccount:
-    create: false
-    name: {{ .Settings.AppNonRootServiceAccount }}