I am running the SCIM Bridge on AKS. I have just upgraded from 1.6.2 to 2.0.2, following the instructions to update the configuration, but the container no longer listens on port 8080 or 8443. The logs from the pod are below:
6:37PM INF 1Password SCIM bridge, starting up application=op-scim version=2.0.2 6:37PM INF registering new health component application=op-scim component=RedisCache service=health version=2.0.2 6:37PM INF starting to poll components for health reports application=op-scim service=health version=2.0.2 6:37PM INF registering new health component application=op-scim component=SetupServer service=health version=2.0.2 6:37PM INF starting setup server addr=:3002 application=op-scim service=SetupServer version=2.0.2 6:37PM INF LetsEncrypt not available on port :3002. Unless you are using a custom load balancer, ensure OP_LETSENCRYPT_DOMAIN is set in your configuration. Refer to the documentation for more information. addr=:3002 application=op-scim service=SetupServer version=2.0.2
My op-scim-config.yaml definitely contains the hostname I've chosen as OP_LETSENCRYPT_DOMAIN; If I exec into the container and
cat /proc/1/environ I can see that host name listed there as the value of OP_LETSENCRYPT_DOMAIN., so it's definitely making it into the container.
apiVersion: v1 kind: ConfigMap metadata: name: op-scim-configmap data: # Set this to the FQDN you've selected for your SCIM Bridge deployment OP_LETSENCRYPT_DOMAIN: "<my_hostname_redacted>" # (advanced) only change the options below if you need to OP_REDIS_URL: "redis://op-scim-redis:6379" OP_SESSION: "/secret/scimsession" OP_PRETTY_LOGS: "0" OP_DEBUG: "0"
I have updated the DNS entry for my hostname since the redeployment, to have the value of the LoadBalancer Ingress IP address returned by
kubectl describe service/op-scim-bridge
Even with OP_DEBUG set to "1" I don't get any more debugging information from the pod.
If I port forward port 3002 from the pod out to my local machine, in the browser I see the setup page, but entering my hostname gives:
Couldn't verify domain. Check your configuration and try again. Ensure the DNS record has had time to propagate, and that port 80 and 443 are open on your firewall.
But ports 80 and 443 forward to 8080 and 8443 as specified in the defailt op-scim-service.yaml, but neither of those are listening in the pod.
How can I find out what is going wrong?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:LetsEncrypt not available