outposts: remove node_port on V1ServicePort checks to prevent service creation loops

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2095

.vscode/settings.json

@@ -12,7 +12,8 @@
         "totp",
         "webauthn",
         "traefik",
-        "passwordless"
+        "passwordless",
+        "kubernetes"
     ],
     "python.linting.pylintEnabled": true,
     "todo-tree.tree.showCountsInTree": true,

authentik/outposts/controllers/k8s/utils.py

@@ -1,7 +1,7 @@
 """k8s utils"""
 from pathlib import Path
 
-from kubernetes.client.models.v1_container_port import V1ContainerPort
+from kubernetes.client.models.v1_service_port import V1ServicePort
 from kubernetes.config.incluster_config import SERVICE_TOKEN_FILENAME
 
 from authentik.outposts.controllers.k8s.triggers import NeedsRecreate
@@ -16,10 +16,13 @@ def get_namespace() -> str:
     return "default"
 
 
-def compare_ports(current: list[V1ContainerPort], reference: list[V1ContainerPort]):
+def compare_ports(current: list[V1ServicePort], reference: list[V1ServicePort]):
     """Compare ports of a list"""
     if len(current) != len(reference):
         raise NeedsRecreate()
     for port in reference:
+        # We don't need to compare node_ports
+        # https://github.com/goauthentik/authentik/issues/2095#issuecomment-1020674326
+        port.node_port = None
         if port not in current:
             raise NeedsRecreate()