CAPM3 deployments failed - libvirt pod in default namespace are blocked by kyverno

Summary

Multiple capm3 deployments failed in CI:

https://gitlab.com/sylva-projects/sylva-core/-/pipelines/1192470471

artifacts(143).zip

Libvirt metal failed with thjis error:

sylva-system	libvirt-metal  	                        	False    	False	Helm install failed for release sylva-system/libvirt-metal with chart libvirt-metal@0.1.0+9fd6bd889b95: 2 errors occurred:	
            	               	                        	         	     		* admission webhook "validate.kyverno.svc-fail" denied the request:                                                       	
            	               	                        	         	     	                                                                                                                          	
            	               	                        	         	     	resource StatefulSet/default/libvirt-metal-workload-cp-0 was blocked due to the following policies                        	
            	               	                        	         	     	                                                                                                                          	
            	               	                        	         	     	disallow-default-namespace:                                                                                               	
            	               	                        	         	     	  validate-podcontroller-namespace: 'validation error: Using ''default'' namespace                                        	
            	               	                        	         	     	    is not allowed for pod controllers. rule validate-podcontroller-namespace failed                                      	
            	               	                        	         	     	    at path /metadata/namespace/'                                                                                         	
            	               	                        	         	     	                                                                                                                          	
            	               	                        	         	     		* admission webhook "validate.kyverno.svc-fail" denied the request:                                                       	
            	               	                        	         	     	                                                                                                                          	
            	               	                        	         	     	resource StatefulSet/default/libvirt-metal-management-cp-0 was blocked due to the following policies                      	
            	               	                        	         	     	                                                                                                                          	
            	               	                        	         	     	disallow-default-namespace:                                                                                               	
            	               	                        	         	     	  validate-podcontroller-namespace: 'validation error: Using ''default'' namespace                                        	
            	               	                        	         	     	    is not allowed for pod controllers. rule validate-podcontroller-namespace failed                                      	
            	               	                        	         	     	    at path /metadata

related references

Details