cluster-node-deletion-timeout-fix - ReconciliationFailed, Kyverno does not know Machine CRD

Frédéric Leroy shared this issue on Slack:

⢀⡱ Kustomization/cluster-node-deletion-timeout-fix - ReconciliationFailed - Policy/sylva-system/cluster-machine-node-deletion-timeout-mutating dry-run failed: admission webhook "validate-policy.kyverno.svc" denied the request: path: spec.rules[0].match.any[0].kinds: the kind defined in the all match resource is invalid: unable to convert GVK to GVR for kinds cluster.x-k8s.io/*/Machine, err: failed to find resource (cluster.x-k8s.io/*/Machine/)

This error would typically arise when kyverno is started while a CRD isn't defined yet (here CAPI Machine CRD), and usually resolves on its own after some time; which can be a long time (1h??) because of a Kyverno cache issue (solved recently, we have a Kyverno version fixed on main).

We can improve dependencies (have this unit depend on capi) which might avoid this corner case.