Calico/Tigera creating Kyverno load
We thought we had resolved this issue (see #1556 (closed)), but we can see that heavy Kyverno load is still present in calico namespace:
This is ~750 admission requests per minute.
There is a Calico bug (see https://github.com/tigera/operator/issues/3298) which we can hope to benefit from sometime in the future.
However we should probably implement a workaround.
The Kyverno load is due to https://gitlab.com/sylva-projects/sylva-core/-/blob/dd52da8cf7d1f0f1a14f2f9995def49830abb294/kustomize-units/kyverno-policies/generic/ensure-pdb-unhealthypodeviction.yaml I think that the namespace selection in that policy could easily be rewritten as a spec.webhookConfiguration.matchConditions item.