Failed to upgrade the SCIM bridge to v2.0.x

Hi, I received email notifications asking me to upgrade my SCIM bridge from v1.6.2 to v2.0.2.

  1. The v1.6.2 is running all good, everything works, all checks showing green.
  2. However, when I trying to upgrade it to v2.0.2, it's showing some issue, please check the screenshots below.

  1. I also tried all v2.0.x versions, all the same issue.
  2. I even tried to delete the whole Kubernetes cluster and re-deploy, same issue, v1.6.2 works. but v2.0.2 doesn't

Any idea?

Thanks

Luke


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • DJ_1PDJ_1P 1Password Alumni

    Hi @Luke13!

    a CrashLoopBackOff reason may mean that the SCIM container could not make a connection to your redis container.
    Can you run the kubectl describe pods command within your cluster for additional details on what may be causing the error?

  • Thanks!!! Here is the details:

    Name: op-scim-5c5567d887-nhzzg
    Namespace: default
    Priority: 0
    Node: aks-agentpool-97944473-vmss000000/10.240.0.4
    Start Time: Thu, 03 Jun 2021 16:57:16 +1000
    Labels: app=op-scim
    pod-template-hash=5c5567d887
    Annotations:
    Status: Running
    IP: 10.244.0.12
    IPs:
    IP: 10.244.0.12
    Controlled By: ReplicaSet/op-scim-5c5567d887
    Containers:
    op-scim:
    Container ID: containerd://84f26ea351a9af5db13a77e1512837ffa7b8a666774d4510055284d0e196fc9d
    Image: 1password/scim:v1.6.2
    Image ID: docker.io/1password/[email protected]:0bc0bb683ff659af0e74ed43186fae6c65f3e31794062e32de6f4bb747acb126
    Port: 3002/TCP
    Host Port: 0/TCP
    Command:
    /op-scim/op-scim
    Args:
    --session=/secret/scimsession
    --letsencrypt-domain=scim-1password.========.net
    State: Running
    Started: Thu, 03 Jun 2021 16:57:32 +1000
    Ready: True
    Restart Count: 0
    Environment:
    update: 2
    Mounts:
    /secret from scimsession (rw)
    /var/run/secrets/kubernetes.io/serviceaccount from default-token-mgxx8 (ro)
    Conditions:
    Type Status
    Initialized True
    Ready True
    ContainersReady True
    PodScheduled True
    Volumes:
    scimsession:
    Type: Secret (a volume populated by a Secret)
    SecretName: scimsession
    Optional: false
    default-token-mgxx8:
    Type: Secret (a volume populated by a Secret)
    SecretName: default-token-mgxx8
    Optional: false
    QoS Class: BestEffort
    Node-Selectors:
    Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
    node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
    Events:

    ===================================================================

    Name: op-scim-7cb95f74b8-lmjjj
    Namespace: default
    Priority: 0
    Node: aks-agentpool-97944473-vmss000000/10.240.0.4
    Start Time: Fri, 04 Jun 2021 09:37:44 +1000
    Labels: app=op-scim
    pod-template-hash=7cb95f74b8
    Annotations:
    Status: Running
    IP: 10.244.0.16
    IPs:
    IP: 10.244.0.16
    Controlled By: ReplicaSet/op-scim-7cb95f74b8
    Containers:
    op-scim:
    Container ID: containerd://d54839fb21b1d4f36928e4712956a98b693ed5070ad1f9dacf2170b447bdecc6
    Image: 1password/scim:v2.0.2
    Image ID: docker.io/1password/[email protected]:500e40a57ab94b7c74b2bd60a2cdb4507d5d8855733b8ce5971a501506d825cd
    Port: 3002/TCP
    Host Port: 0/TCP
    Command:
    /op-scim/op-scim
    Args:
    --session=/secret/scimsession
    --letsencrypt-domain=scim-1password.========.net
    State: Waiting
    Reason: CrashLoopBackOff
    Last State: Terminated
    Reason: Error
    Exit Code: 1
    Started: Fri, 04 Jun 2021 09:37:45 +1000
    Finished: Fri, 04 Jun 2021 09:37:45 +1000
    Ready: False
    Restart Count: 1
    Environment:
    update: 2
    Mounts:
    /secret from scimsession (rw)
    /var/run/secrets/kubernetes.io/serviceaccount from default-token-mgxx8 (ro)
    Conditions:
    Type Status
    Initialized True
    Ready False
    ContainersReady False
    PodScheduled True
    Volumes:
    scimsession:
    Type: Secret (a volume populated by a Secret)
    SecretName: scimsession
    Optional: false
    default-token-mgxx8:
    Type: Secret (a volume populated by a Secret)
    SecretName: default-token-mgxx8
    Optional: false
    QoS Class: BestEffort
    Node-Selectors:
    Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
    node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
    Events:
    Type Reason Age From Message
    ---- ------ ---- ---- -------
    Normal Scheduled 9s default-scheduler Successfully assigned default/op-scim-7cb95f74b8-lmjjj to aks-agentpool-97944473-vmss000000
    Normal Pulled 8s (x2 over 9s) kubelet Container image "1password/scim:v2.0.2" already present on machine
    Normal Created 8s (x2 over 9s) kubelet Created container op-scim
    Normal Started 8s (x2 over 9s) kubelet Started container op-scim
    Warning BackOff 6s (x2 over 7s) kubelet Back-off restarting failed container

    ===================================================================
    Name: redis-756b4b8956-hdpqw
    Namespace: default
    Priority: 0
    Node: aks-agentpool-97944473-vmss000000/10.240.0.4
    Start Time: Thu, 03 Jun 2021 16:45:27 +1000
    Labels: app=redis
    pod-template-hash=756b4b8956
    Annotations:
    Status: Running
    IP: 10.244.0.10
    IPs:
    IP: 10.244.0.10
    Controlled By: ReplicaSet/redis-756b4b8956
    Containers:
    redis:
    Container ID: containerd://7bb44783544d470ced913e91f67bcffe48922e5c37f9d9023aef5c4c14e8a1ac
    Image: redis:latest
    Image ID: docker.io/library/[email protected]:7e2c6181ad5c425443b56c7c73a9cd6df24a122345847d1ea9bb86a5afc76325
    Port: 6379/TCP
    Host Port: 0/TCP
    State: Running
    Started: Thu, 03 Jun 2021 16:45:40 +1000
    Ready: True
    Restart Count: 0
    Environment:
    Mounts:
    /var/run/secrets/kubernetes.io/serviceaccount from default-token-mgxx8 (ro)
    Conditions:
    Type Status
    Initialized True
    Ready True
    ContainersReady True
    PodScheduled True
    Volumes:
    default-token-mgxx8:
    Type: Secret (a volume populated by a Secret)
    SecretName: default-token-mgxx8
    Optional: false
    QoS Class: BestEffort
    Node-Selectors:
    Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
    node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
    Events:

  • DJ_1PDJ_1P 1Password Alumni

    Thank you @Luke13!

    Are you using LetsEncrypt or are you using your own load balancer? I see that you have the SCIM bridge running on port :3002 but you also have the LetsEncrypt env variable filled in.

  • Thanks DJ!

    I followed this document and finally got everything back to work: https://github.com/1Password/scim-examples/tree/master/kubernetes
    That covered some details not included in the 1Password support page: https://support.1password.com/scim-update/

  • DJ_1PDJ_1P 1Password Alumni

    Awesome!
    I'm happy to hear that you were able to get the SCIM bridge up and running.

This discussion has been closed.