diff --git a/values/kueue/manifests/clusterQueue.yaml b/values/kueue/manifests/clusterQueue.yaml
index 0958fef7..45bb9e86 100644
--- a/values/kueue/manifests/clusterQueue.yaml
+++ b/values/kueue/manifests/clusterQueue.yaml
@@ -54,6 +54,23 @@ metadata:
     argocd.argoproj.io/sync-wave: "2"
 spec:
   clusterQueue: cluster-queue
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: prod-queue
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
+---
+apiVersion: kueue.x-k8s.io/v1beta2
+kind: LocalQueue
+metadata:
+  name: prod-queue
+  namespace: prod-queue
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
+spec:
+  clusterQueue: cluster-queue
 # ---
 # apiVersion: kueue.x-k8s.io/v1beta2
 # kind: WorkloadPriorityClass
diff --git a/values/kueue/manifests/sorcerer-queue-access.yaml b/values/kueue/manifests/sorcerer-queue-access.yaml
new file mode 100644
index 00000000..1c7ee354
--- /dev/null
+++ b/values/kueue/manifests/sorcerer-queue-access.yaml
@@ -0,0 +1,117 @@
+# Cross-namespace RBAC: allow sorcerer ServiceAccounts to manage JobSets in dev-queue
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: beta-sorcerer-dev-queue
+  namespace: dev-queue
+rules:
+- apiGroups:
+  - jobset.x-k8s.io
+  resources:
+  - jobsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: beta-sorcerer-dev-queue
+  namespace: dev-queue
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: beta-sorcerer-dev-queue
+subjects:
+- kind: ServiceAccount
+  name: beta-sorcerer
+  namespace: beta-sorcerer
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: prod-sorcerer-dev-queue
+  namespace: dev-queue
+rules:
+- apiGroups:
+  - jobset.x-k8s.io
+  resources:
+  - jobsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: prod-sorcerer-dev-queue
+  namespace: dev-queue
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: prod-sorcerer-dev-queue
+subjects:
+- kind: ServiceAccount
+  name: prod-sorcerer
+  namespace: prod-sorcerer
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: staging-sorcerer-dev-queue
+  namespace: dev-queue
+rules:
+- apiGroups:
+  - jobset.x-k8s.io
+  resources:
+  - jobsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: staging-sorcerer-dev-queue
+  namespace: dev-queue
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: staging-sorcerer-dev-queue
+subjects:
+- kind: ServiceAccount
+  name: staging-sorcerer
+  namespace: staging-sorcerer