Description of problem:

While running a workload that creates and deletes namespaces on HCP OpenShift clusters managed by ACM in ROSA HCP, it was observed that policies that apply rolebindings to the HCP's namespaces attempt to apply even though the namespace is in terminating.  When at scale we are seeing a tremendous amount of API requests related to these policies which can rapidly grow the size of etcd before it compacts and can put a lot of load on the Kube-apiserver to the extent we have observed the occasional container restart in a KAS pod. It seems that the application of the policy to a terminating namespace is unnecessary and applying additional load during this workload, is it possible to prevent this unnecessary enforcement of the policy on a terminating namespace?

Example status update showing attempting to create a rolebinding in a terminating namespace

    - eventName: openshift-acm-policies.rbac-permissions-operator-config-sp.1866b7a415e08b00
      lastTimestamp: "2025-09-19T15:10:19Z"
      message: 'NonCompliant; violation - rolebindings [dedicated-admin-serviceaccounts-1]
        in namespace cluster-density-ms-23 is missing, and cannot be created, reason:
        `rolebindings.rbac.authorization.k8s.io "dedicated-admin-serviceaccounts-1"
        is forbidden: unable to create new content in namespace cluster-density-ms-23
        because it is being terminated`'

Version-Release number of selected component (if applicable):

ACM 2.13.4

Hub OCP - 4.19.6

HCP OCP - 4.19.11

How reproducible:

Always for this environment and this workload at scale.

Steps to Reproduce:

1.  
2.  
3. ...

Actual results:

Expected results:

Additional info:

Attached are the two policies output in yaml.