OP SCIM Pod Error - Azure Kubernetes Service

I'm having issues after following your KBA on deploying the OP SCIM Bridge on AKS. When running kubectl get pods , the 'op-scim-bridge-x' pod was in a 'CrashLoopBackoff' status with 8 restarts within ~19m of being created. It then changed to a status of 'Error'.

When describing the pod, it seems like the issue with LetsEncrypt service timing out. You can find the last line of the describe output below:
6:45AM ??? Server: (failed to run 1Password SCIM bridge), Wrapped: (failed to GenerateCertificate), Network: (failed to getCertificateWithTimeout), Wrapped: (getCertificateWithTimeout timed out on certManager.GetCertificate), LetsEncrypt timed out application=op-scim build=201001 version=2.1.0

What can I be doing incorrectly? Or how can I go about getting this resolved?
Thanks in advance!

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • ag_alice_tag_alice_t

    Team Member

    Hello. Thank you for writing in, and apologies for the delayed response.

    There can be a number of reason why the SCIM bridge may be unable to receive a LetsEncrypt certificate. The two most common issues with the deployment is that the OP_LETSENCRYPT_DOMAIN variable is set incorrectly in op-scim-config.yaml, or that port 80 is not accessible from the internet. Another potential issue is that, if you use CloudFlare, HTTPS Rewrites can be set on CloudFlare DNS, which interferes with LetsEncrypt functionality, which you can fix by setting CloudFlare DNS to "DNS Only" mode.

    Without knowing more about your deployment, those are the three troubleshooting options I recommend to try first. If you've exhausted those, we can try some more advanced methods to get you up and running.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file