Allow enabling user namespaces in helm chart

[sebhoss]

Is your feature request related to a problem? Please describe.

Starting with Kubernetes 1.33, user namespaces are now enabled by default. We want to enable this feature for as many pods as possible

Describe the solution you'd like

It would be great if we could toggle the .spec.hostUsers field in all cert-manager deployments of the helm chart. It would be even nicer, if that helm chart would set this field to false by default so that we get increased security by default.

Describe alternatives you've considered

We currently apply a patch after rendering the helm chart to enable user namespaces for all cert-manager deployments.

Additional context

Environment details (remove if not applicable):

• Kubernetes version: 1.33.2
• Cloud-provider/provisioner: kubeadm
• cert-manager version: 1.18.2
• Install method: e.g., helm/static manifests: helm

/kind feature

[hjoshi123]

I would like to work on this
/assign

[wallrj-cyberark]

@sebhoss We have fixed this. Please test and feedback: https://github.com/cert-manager/cert-manager/releases/tag/v1.19.1

[sebhoss]

that's exactly what I wanted & it works perfectly - thanks!