libvirt-metal startup failure / race against Kyverno

I noticed this in a run where libvirt-metal failed to start:

      message: "Helm install failed for release sylva-system/libvirt-metal with chart
        libvirt-metal@0.1.0+9fd6bd889b95: 2 errors occurred:\n\t* admission webhook
        \"validate.kyverno.svc-fail\" denied the request: \n\nresource StatefulSet/default/libvirt-metal-management-cp-0
        was blocked due to the following policies \n\ndisallow-default-namespace:\n
        \ validate-podcontroller-namespace: 'validation error: Using ''default'' namespace\n
        \   is not allowed for pod controllers. rule validate-podcontroller-namespace
        failed\n    at path /metadata/namespace/'\n\n\t* admission webhook \"validate.kyverno.svc-fail\"
        denied the request: \n\nresource StatefulSet/default/libvirt-metal-workload-cp-0
        was blocked due to the following policies \n\ndisallow-default-namespace:\n
        \ validate-podcontroller-namespace: 'validation error: Using ''default'' namespace\n
        \   is not allowed for pod controllers. rule validate-podcontroller-namespace
        failed\n    at path /metadata/namespace/'"

My understanding is that, now that we added Kyverno in the bootstrap cluster, libvirt-metal will fail to start if it starts after Kyverno, because Kyverno will enforce the rule preventing the definition of Pods in the default namespace.