During the incident T367348: Incident: 2024-06-12 toolforge k8s control plane we had the theory that our kyverno policies (which are namespaced) could somehow be evaluated for resources outside their namespace, creating excessive load.
Given the amount of policies we have (3.5k policies with 2 rules each, total of 7k rules), this load could be exponential and fatal to the cluster.