In the case where you have a hub template that is looking up a ManagedCluster object per cluster that the root policy applies to, it leads to a watch per cluster. If any of those ManagedCluster objects gets updated, it causes all propagated policies to get regenerated and compared with the existing replicated policies. In most cases, the same object is referenced for every cluster (like a single ConfigMap) so it's not much of an issue for that case.

A separate controller in the Propagator should be divided out that just handles updates to propagated policies. This means that the watches should be per propagated policy as opposed to all root policies. Additionally, when a replicated policy is deleted or has its spec updated, this controller should handle it to avoid all replicated policies to be regenerated.