Failed to upgrade the SCIM bridge to v2.0.x
Hi, I received email notifications asking me to upgrade my SCIM bridge from v1.6.2 to v2.0.2.
- The v1.6.2 is running all good, everything works, all checks showing green.
- However, when I trying to upgrade it to v2.0.2, it's showing some issue, please check the screenshots below.
- I also tried all v2.0.x versions, all the same issue.
- I even tried to delete the whole Kubernetes cluster and re-deploy, same issue, v1.6.2 works. but v2.0.2 doesn't
Any idea?
Thanks
Luke
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Thanks!!! Here is the details:
Name: op-scim-5c5567d887-nhzzg
Namespace: default
Priority: 0
Node: aks-agentpool-97944473-vmss000000/10.240.0.4
Start Time: Thu, 03 Jun 2021 16:57:16 +1000
Labels: app=op-scim
pod-template-hash=5c5567d887
Annotations:
Status: Running
IP: 10.244.0.12
IPs:
IP: 10.244.0.12
Controlled By: ReplicaSet/op-scim-5c5567d887
Containers:
op-scim:
Container ID: containerd://84f26ea351a9af5db13a77e1512837ffa7b8a666774d4510055284d0e196fc9d
Image: 1password/scim:v1.6.2
Image ID: docker.io/1password/scim@sha256:0bc0bb683ff659af0e74ed43186fae6c65f3e31794062e32de6f4bb747acb126
Port: 3002/TCP
Host Port: 0/TCP
Command:
/op-scim/op-scim
Args:
--session=/secret/scimsession
--letsencrypt-domain=scim-1password.========.net
State: Running
Started: Thu, 03 Jun 2021 16:57:32 +1000
Ready: True
Restart Count: 0
Environment:
update: 2
Mounts:
/secret from scimsession (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-mgxx8 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
scimsession:
Type: Secret (a volume populated by a Secret)
SecretName: scimsession
Optional: false
default-token-mgxx8:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-mgxx8
Optional: false
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:===================================================================
Name: op-scim-7cb95f74b8-lmjjj
Namespace: default
Priority: 0
Node: aks-agentpool-97944473-vmss000000/10.240.0.4
Start Time: Fri, 04 Jun 2021 09:37:44 +1000
Labels: app=op-scim
pod-template-hash=7cb95f74b8
Annotations:
Status: Running
IP: 10.244.0.16
IPs:
IP: 10.244.0.16
Controlled By: ReplicaSet/op-scim-7cb95f74b8
Containers:
op-scim:
Container ID: containerd://d54839fb21b1d4f36928e4712956a98b693ed5070ad1f9dacf2170b447bdecc6
Image: 1password/scim:v2.0.2
Image ID: docker.io/1password/scim@sha256:500e40a57ab94b7c74b2bd60a2cdb4507d5d8855733b8ce5971a501506d825cd
Port: 3002/TCP
Host Port: 0/TCP
Command:
/op-scim/op-scim
Args:
--session=/secret/scimsession
--letsencrypt-domain=scim-1password.========.net
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 1
Started: Fri, 04 Jun 2021 09:37:45 +1000
Finished: Fri, 04 Jun 2021 09:37:45 +1000
Ready: False
Restart Count: 1
Environment:
update: 2
Mounts:
/secret from scimsession (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-mgxx8 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
scimsession:
Type: Secret (a volume populated by a Secret)
SecretName: scimsession
Optional: false
default-token-mgxx8:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-mgxx8
Optional: false
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 9s default-scheduler Successfully assigned default/op-scim-7cb95f74b8-lmjjj to aks-agentpool-97944473-vmss000000
Normal Pulled 8s (x2 over 9s) kubelet Container image "1password/scim:v2.0.2" already present on machine
Normal Created 8s (x2 over 9s) kubelet Created container op-scim
Normal Started 8s (x2 over 9s) kubelet Started container op-scim
Warning BackOff 6s (x2 over 7s) kubelet Back-off restarting failed container===================================================================
Name: redis-756b4b8956-hdpqw
Namespace: default
Priority: 0
Node: aks-agentpool-97944473-vmss000000/10.240.0.4
Start Time: Thu, 03 Jun 2021 16:45:27 +1000
Labels: app=redis
pod-template-hash=756b4b8956
Annotations:
Status: Running
IP: 10.244.0.10
IPs:
IP: 10.244.0.10
Controlled By: ReplicaSet/redis-756b4b8956
Containers:
redis:
Container ID: containerd://7bb44783544d470ced913e91f67bcffe48922e5c37f9d9023aef5c4c14e8a1ac
Image: redis:latest
Image ID: docker.io/library/redis@sha256:7e2c6181ad5c425443b56c7c73a9cd6df24a122345847d1ea9bb86a5afc76325
Port: 6379/TCP
Host Port: 0/TCP
State: Running
Started: Thu, 03 Jun 2021 16:45:40 +1000
Ready: True
Restart Count: 0
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-mgxx8 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-mgxx8:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-mgxx8
Optional: false
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:0 -
Thanks DJ!
I followed this document and finally got everything back to work: https://github.com/1Password/scim-examples/tree/master/kubernetes
That covered some details not included in the 1Password support page: https://support.1password.com/scim-update/0 -
Awesome!
I'm happy to hear that you were able to get the SCIM bridge up and running.0
