Is your feature request related to a problem? Please describe.

Cert-manager supports limiting its scope to a single namespace via the --namespace command-line:

If set, this limits the scope of cert-manager to a single namespace and ClusterIssuers are disabled. If not specified, all namespaces will be watched

However, this deployment mode is not currently supported by the Helm chart, and there are no automated tests to catch any potential issues introduced by changes in the code base.

Describe the solution you'd like

This request is to add official support for namespaced deployments by:

• Introduce a Helm variable for namespaced deployment "mode".
• In namespaced deployment
  • Update the Helm chart's RBAC configuration to use Role and RoleBinding instead of ClusterRole and ClusterRoleBinding.
  • Disable webhook.
• Add periodic e2e test for namespaced deployments to detect regressions (a subset of e2e).

Describe alternatives you've considered

Additional context

This feature was discussed in #7678 (comment).

In the past there has been a case where regression has occurred and it was not catched by existing tests, see #5524 and #7676.

Environment details (remove if not applicable):

• Kubernetes version:
• Cloud-provider/provisioner:
• cert-manager version: main
• Install method: helm

/kind feature