In the context of T279110: [infra] Replace PodSecurityPolicy in Toolforge Kubernetes, we need create some mechanism that can backfill existing tools with the new kyverno policies. Otherwise, maintain-kubeusers will only create them for new accounts.
Since this is a problem we have had in the past -and we'll have every time we change the maintain-kubueusers resources- we could make such mechanism generic.
See also: