diff --git a/ansible/roles/noble_kyverno_policies/defaults/main.yml b/ansible/roles/noble_kyverno_policies/defaults/main.yml
new file mode 100644
index 0000000..547b128
--- /dev/null
+++ b/ansible/roles/noble_kyverno_policies/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+# After the operator chart, the validating webhook can still be a few seconds behind Helm --wait.
+noble_kyverno_policies_endpoint_wait_retries: 60
+noble_kyverno_policies_endpoint_wait_delay: 5
+
+# Transient "failed calling webhook ... context deadline exceeded" while admission warms up.
+noble_kyverno_policies_helm_retries: 12
+noble_kyverno_policies_helm_delay: 20
diff --git a/ansible/roles/noble_kyverno_policies/tasks/main.yml b/ansible/roles/noble_kyverno_policies/tasks/main.yml
index 8ddd94e..6ae181f 100644
--- a/ansible/roles/noble_kyverno_policies/tasks/main.yml
+++ b/ansible/roles/noble_kyverno_policies/tasks/main.yml
@@ -1,4 +1,38 @@
 ---
+# Helm --wait on the operator does not guarantee the first policyvalidate call from apiserver succeeds.
+- name: Wait for Kyverno admission controller Deployment rollout
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - rollout
+      - status
+      - deployment/kyverno-admission-controller
+      - -n
+      - kyverno
+      - --timeout=300s
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  changed_when: false
+
+- name: Wait for Kyverno webhook Service (kyverno-svc) to have endpoints
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - get
+      - endpoints
+      - kyverno-svc
+      - -n
+      - kyverno
+      - -o
+      - 'jsonpath={range .subsets[*].addresses[*]}{.ip}{"\n"}{end}'
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  register: noble_kyverno_policies_ep
+  until: (noble_kyverno_policies_ep.stdout | default('') | trim | length) > 0
+  retries: "{{ noble_kyverno_policies_endpoint_wait_retries }}"
+  delay: "{{ noble_kyverno_policies_endpoint_wait_delay }}"
+  changed_when: false
+
 - name: Install Kyverno policy chart (PSS baseline, Audit)
   ansible.builtin.command:
     argv:
@@ -19,4 +53,8 @@
       - 10m
   environment:
     KUBECONFIG: "{{ noble_kubeconfig }}"
+  register: noble_kyverno_policies_helm
+  retries: "{{ noble_kyverno_policies_helm_retries }}"
+  delay: "{{ noble_kyverno_policies_helm_delay }}"
+  until: noble_kyverno_policies_helm.rc == 0
   changed_when: true