From 533eb59a04cf588a35167ca75260683be2e2af15 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Wed, 8 Sep 2021 23:00:53 +0200
Subject: [PATCH] outposts/controllers: re-create service when mismatched ports
 to prevent errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/outposts/controllers/k8s/service.py | 47 +++++--------------
 1 file changed, 11 insertions(+), 36 deletions(-)

diff --git a/authentik/outposts/controllers/k8s/service.py b/authentik/outposts/controllers/k8s/service.py
index efec9b694..03a665c40 100644
--- a/authentik/outposts/controllers/k8s/service.py
+++ b/authentik/outposts/controllers/k8s/service.py
@@ -3,8 +3,8 @@ from typing import TYPE_CHECKING
 
 from kubernetes.client import CoreV1Api, V1Service, V1ServicePort, V1ServiceSpec
 
-from authentik.outposts.controllers.base import FIELD_MANAGER, DeploymentPort
-from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler, NeedsUpdate
+from authentik.outposts.controllers.base import FIELD_MANAGER
+from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler, NeedsRecreate
 from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler
 
 if TYPE_CHECKING:
@@ -21,44 +21,13 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]):
     def reconcile(self, current: V1Service, reference: V1Service):
         super().reconcile(current, reference)
         if len(current.spec.ports) != len(reference.spec.ports):
-            raise NeedsUpdate()
+            raise NeedsRecreate()
         for port in reference.spec.ports:
             if port not in current.spec.ports:
-                raise NeedsUpdate()
-
-    def get_embedded_reference_object(self) -> V1Service:
-        """Get Service for embedded outpost"""
-        selector_labels = {
-            "app.kubernetes.io/name": "authentik",
-            "app.kubernetes.io/component": "server",
-        }
-        meta = self.get_object_meta(name=self.name)
-        ports = []
-        for port in [
-            DeploymentPort(9000, "http", "tcp"),
-            DeploymentPort(9443, "https", "tcp"),
-        ]:
-            ports.append(
-                V1ServicePort(
-                    name=port.name,
-                    port=port.port,
-                    protocol=port.protocol.upper(),
-                    target_port=port.inner_port or port.port,
-                )
-            )
-        return V1Service(
-            metadata=meta,
-            spec=V1ServiceSpec(
-                ports=ports,
-                selector=selector_labels,
-                type=self.controller.outpost.config.kubernetes_service_type,
-            ),
-        )
+                raise NeedsRecreate()
 
     def get_reference_object(self) -> V1Service:
         """Get deployment object for outpost"""
-        if self.is_embedded:
-            return self.get_embedded_reference_object()
         meta = self.get_object_meta(name=self.name)
         ports = []
         for port in self.controller.deployment_ports:
@@ -70,7 +39,13 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]):
                     target_port=port.inner_port or port.port,
                 )
             )
-        selector_labels = DeploymentReconciler(self.controller).get_pod_meta()
+        if self.is_embedded:
+            selector_labels = {
+                "app.kubernetes.io/name": "authentik",
+                "app.kubernetes.io/component": "server",
+            }
+        else:
+            selector_labels = DeploymentReconciler(self.controller).get_pod_meta()
         return V1Service(
             metadata=meta,
             spec=V1ServiceSpec(