Merge pull request #116309 from jiahuif-forks/feature/validating-admission-policy/skip-reconcile-unchanged-spec

skip reconcile for if Spec is unchanged.

staging/src/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/controller_reconcile.go

@@ -25,6 +25,7 @@ import (
 	v1 "k8s.io/api/admissionregistration/v1"
 	"k8s.io/api/admissionregistration/v1alpha1"
 	corev1 "k8s.io/api/core/v1"
+	apiequality "k8s.io/apimachinery/pkg/api/equality"
 	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -179,6 +180,12 @@ func (c *policyController) reconcilePolicyDefinition(namespace, name string, def
 		celmetrics.Metrics.ObserveDefinition(context.TODO(), "active", "deny")
 	}
 
+	// Skip reconcile if the spec of the definition is unchanged
+	if info.lastReconciledValue != nil && definition != nil &&
+		apiequality.Semantic.DeepEqual(info.lastReconciledValue.Spec, definition.Spec) {
+		return nil
+	}
+
 	var paramSource *v1alpha1.ParamKind
 	if definition != nil {
 		paramSource = definition.Spec.ParamKind
@@ -365,6 +372,12 @@ func (c *policyController) reconcilePolicyBinding(namespace, name string, bindin
 		c.bindingInfos[nn] = info
 	}
 
+	// Skip if the spec of the binding is unchanged.
+	if info.lastReconciledValue != nil && binding != nil &&
+		apiequality.Semantic.DeepEqual(info.lastReconciledValue.Spec, binding.Spec) {
+		return nil
+	}
+
 	var oldNamespacedDefinitionName namespacedName
 	if info.lastReconciledValue != nil {
 		// All validating policies are cluster-scoped so have empty namespace