Is your feature request related to a problem? Please describe.

The cert-manager Helm chart includes a ClusterRole ...-controller-challenges which includes permission to create Pods, here. There's a ClusterRoleBinding here which binds the cert-manager controller serviceaccount to that ClusterRole. This means the cert-manager controller would be able to create arbitrary pods in any namespace - which means that an attacker who compromised the cert-manager controller could probably escalate their privileges to cluster-admin level.

I understand that this ClusterRole is necessary for cert-manager to create pods to solve ACME HTTP-01 challenges. In my use case, I'm not using ACME (just self-signed certificates), and thus should be able to run cert-manager without this ClusterRole. But it seems the only way to turn it off is to set the Helm chart value global.rbac.create to false, thus turning off all the Roles, RoleBindings etc. for the controller, and then I'd have to maintain my own Roles, RoleBindings etc. I'd like to be able to avoid that extra effort.

Describe the solution you'd like

A mechanism to turn off the ...-controller-challenges ClusterRole (and possibly other ClusterRoles that are only needed in some use cases) via the Helm chart values, while still deploying the other essential RBAC-related resources via the Helm chart.

Describe alternatives you've considered

• Alternative: just use the Helm chart as-is and tolerate the risk of granting it permissions I don't need it to have.
• Alternative: set global.rbac.create to false, then write my own manifests (including Role, RoleBinding, ClusterRole and ClusterRoleBinding) to give cert-manager the specific permissions it needs for my use case.

Additional context

Environment details (remove if not applicable):

• Kubernetes version: 1.30
• Cloud-provider/provisioner: Amazon EKS
• cert-manager version: 1.17.1
• Install method: Helm

/kind feature