kyverno: [BUG] Kyverno may silently fail to generate resource

Software version numbers

• Kubernetes version: 1.21
• Kubernetes platform (if applicable; ex., EKS, GKE, OpenShift): EKS
• Kyverno version: 1.4.3

Describe the bug

I’m using generate policy from the public library (sync secrets into namespaces). When I create a bunch of namespaces at the same time, Kyverno will sometimes randomly fail to copy secret into a particular namespace, and the controller log will contain no errors whatsoever related to that namespace.

The only error I see is the throttling message, but the same message is also repeated for other requests as well:

I1017 17:42:01.521457       1 request.go:668] Waited for 1.380246817s due to client-side throttling, not priority and fairness, request: GET:https://10.100.0.1:443/api/v1/namespaces/argo-rollouts

I see no lines from GenerateController that contain that namespace name.

To Reproduce

I don’t know exactly how to reproduce it, besides trying to create namespaces over and over, and have multiple namespaces created at the same time (in my case, gitops controller Flux2 does that). The reproduction rate seems unstable, but it happens fairly often to be a problem.