auditpolicycontroller: avoid unnecesary applyconfigmap calls

pkg/operator/apiserver/controller/auditpolicy/auditpolicy_controller.go

@@ -2,6 +2,7 @@ package auditpolicy
 
 import (
 	"context"
+	"reflect"
 	"time"
 
 	applyoperatorv1 "github.com/openshift/client-go/operator/applyconfigurations/operator/v1"
@@ -17,17 +18,20 @@ import (
 	"github.com/openshift/library-go/pkg/operator/resource/resourceapply"
 	"github.com/openshift/library-go/pkg/operator/v1helpers"
 	v1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
 	kubeinformers "k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
+	corev1listers "k8s.io/client-go/listers/core/v1"
 	"sigs.k8s.io/yaml"
 )
 
 type auditPolicyController struct {
 	controllerInstanceName               string
 	apiserverConfigLister                configv1listers.APIServerLister
 	kubeClient                           kubernetes.Interface
+	configMapLister                      corev1listers.ConfigMapNamespaceLister
 	operatorClient                       v1helpers.OperatorClient
 	targetNamespace, targetConfigMapName string
 }
@@ -41,23 +45,34 @@ func NewAuditPolicyController(
 	operatorClient v1helpers.OperatorClient,
 	kubeClient kubernetes.Interface,
 	configInformers configinformers.SharedInformerFactory,
-	kubeInformersForTargetNamesace kubeinformers.SharedInformerFactory,
+	kubeInformersForTargetNamespace kubeinformers.SharedInformerFactory,
+	configMapLister corev1listers.ConfigMapNamespaceLister,
 	eventRecorder events.Recorder,
 ) factory.Controller {
 	c := &auditPolicyController{
 		controllerInstanceName: factory.ControllerInstanceName(name, "AuditPolicy"),
 		operatorClient:         operatorClient,
 		apiserverConfigLister:  configInformers.Config().V1().APIServers().Lister(),
 		kubeClient:             kubeClient,
+		configMapLister:        configMapLister,
 		targetNamespace:        targetNamespace,
 		targetConfigMapName:    targetConfigMapName,
 	}
 
-	return factory.New().WithSync(c.sync).WithControllerInstanceName(c.controllerInstanceName).ResyncEvery(1*time.Minute).WithInformers(
-		configInformers.Config().V1().APIServers().Informer(),
-		kubeInformersForTargetNamesace.Core().V1().ConfigMaps().Informer(),
-		operatorClient.Informer(),
-	).ToController(
+	return factory.New().
+		WithSync(c.sync).
+		WithControllerInstanceName(c.controllerInstanceName).
+		ResyncEvery(1*time.Minute).
+		WithFilteredEventsInformers(func(obj interface{}) bool {
+			if cm, ok := obj.(*v1.ConfigMap); ok {
+				return cm.Namespace == targetNamespace && cm.Name == targetConfigMapName
+			}
+			return true
+		},
+			configInformers.Config().V1().APIServers().Informer(),
+			kubeInformersForTargetNamespace.Core().V1().ConfigMaps().Informer(),
+			operatorClient.Informer(),
+		).ToController(
 		"auditPolicyController", // don't change what is passed here unless you also remove the old FooDegraded condition
 		eventRecorder.WithComponentSuffix("audit-policy-controller"),
 	)
@@ -120,7 +135,7 @@ func (c *auditPolicyController) syncAuditPolicy(ctx context.Context, config conf
 		return err
 	}
 
-	cm := &v1.ConfigMap{
+	desiredConfigMap := &v1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: c.targetNamespace,
 			Name:      c.targetConfigMapName,
@@ -129,7 +144,17 @@ func (c *auditPolicyController) syncAuditPolicy(ctx context.Context, config conf
 			"policy.yaml": string(bs),
 		},
 	}
+	actualConfigMap, err := c.configMapLister.Get(c.targetConfigMapName)
+	if !apierrors.IsNotFound(err) {
+		if err != nil {
+			return err
+		}
+		actualPolicy, ok := actualConfigMap.Data["policy.yaml"]
+		if ok && reflect.DeepEqual(actualPolicy, string(bs)) {
+			return nil
+		}
+	}
 
-	_, _, err = resourceapply.ApplyConfigMap(ctx, c.kubeClient.CoreV1(), recorder, cm)
+	_, _, err = resourceapply.ApplyConfigMap(ctx, c.kubeClient.CoreV1(), recorder, desiredConfigMap)
 	return err
 }

pkg/operator/apiserver/controllerset/apiservercontrollerset.go

@@ -3,10 +3,11 @@ package apiservercontrollerset
 import (
 	"context"
 	"fmt"
-	"k8s.io/utils/clock"
 	"regexp"
 	"time"
 
+	"k8s.io/utils/clock"
+
 	configv1 "github.com/openshift/api/config/v1"
 	configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	openshiftconfigclientv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
@@ -31,6 +32,7 @@ import (
 	"github.com/openshift/library-go/pkg/operator/status"
 	"github.com/openshift/library-go/pkg/operator/unsupportedconfigoverridescontroller"
 	"github.com/openshift/library-go/pkg/operator/v1helpers"
+	corev1listers "k8s.io/client-go/listers/core/v1"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
@@ -405,7 +407,8 @@ func (cs *APIServerControllerSet) WithAuditPolicyController(
 	targetNamespace string,
 	targetConfigMapName string,
 	configInformers configinformers.SharedInformerFactory,
-	kubeInformersForTargetNamesace kubeinformers.SharedInformerFactory,
+	kubeInformersForTargetNamespace kubeinformers.SharedInformerFactory,
+	configMapLister corev1listers.ConfigMapNamespaceLister,
 	kubeClient kubernetes.Interface,
 ) *APIServerControllerSet {
 	cs.auditPolicyController.controller = auditpolicy.NewAuditPolicyController(
@@ -415,7 +418,8 @@ func (cs *APIServerControllerSet) WithAuditPolicyController(
 		cs.operatorClient,
 		kubeClient,
 		configInformers,
-		kubeInformersForTargetNamesace,
+		kubeInformersForTargetNamespace,
+		configMapLister,
 		cs.eventRecorder,
 	)
 	return cs