Google Cloud SCIM Bridge Upgrade

xeomonk
xeomonk
Community Member
edited June 2023 in SCIM Bridge

Hi,
I'm following these instructions to upgrade our SCIM bridge in GCP https://support.1password.com/scim-update/#google-cloud-platform but I am running into an issue when I set the image.

ty@cloudshell:~ (it-gag)$ kubectl set image deploy/op-scim-bridge-3-op-scim-bridge op-scim-bridge-3-op-scim-bridge=1password/scim:v2.8.1 -n 1password
error: unable to find container named "op-scim-bridge-3-op-scim-bridge"
ty@cloudshell:~ (tt-gag)$

The container exists, but I'm not sure why I am getting this error.

ty@cloudshell:~ (it-gag)$ kubectl get deployments -n 1password
NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
op-scim-bridge-3-op-scim-bridge   1/1     1            1           59d
op-scim-bridge-3-op-scim-redis    1/1     1            1           59d
ty@cloudshell:~ (it-gag)$

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • hemal.g_1p
    hemal.g_1p
    1Password Alumni

    Hi @xeomonk ,

    Thank you for reaching out.
    You would need to modify your command slightly.
    To get your container name, use this command: "kubectl describe deployment {deployment-name}"
    Then run command "kubectl set image deploy/op-scim-bridge-1-op-scim-bridge {container_Name}=1password/scim:v2.8.1 -n 1password"

    Give this a try and let us know how it goes.

  • xeomonk
    xeomonk
    Community Member
    edited May 2023

    The commands you suggested did not work. When I enter in "kubectl describe deployment op-scim-bridge-3-op-scim-bridge", this is the output below.

    ty@cloudshell:~ (it-gag)$ kubectl describe deployment op-scim-bridge-3-op-scim-bridge
Error from server (NotFound): deployments.apps "op-scim-bridge-3-op-scim-bridge" not found
ty@cloudshell:~ (it-gag)$

    In order to get that command to work I would need to call the 1password namespace. which would be "kubectl describe deployment op-scim-bridge-3-op-scim-bridge -n 1password"

    ty@cloudshell:~ (it-gag)$ kubectl describe deployment op-scim-bridge-3-op-scim-bridge -n 1password
Name:               op-scim-bridge-3-op-scim-bridge
Namespace:          1password
CreationTimestamp:  Tue, 02 Nov 2021 21:56:00 +0000
Labels:             app=op-scim-bridge-3-op-scim-bridge
                    app.kubernetes.io/component=op-scim-bridge
                    app.kubernetes.io/name=op-scim-bridge-3
Annotations:        deployment.kubernetes.io/revision: 1
Selector:           app=op-scim-bridge-3-op-scim-bridge,app.kubernetes.io/component=op-scim-bridge,app.kubernetes.io/name=op-scim-bridge-3
Replicas:           1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType:       Recreate
MinReadySeconds:    0
Pod Template:
  Labels:  app=op-scim-bridge-3-op-scim-bridge
           app.kubernetes.io/component=op-scim-bridge
           app.kubernetes.io/name=op-scim-bridge-3
  Init Containers:
   scimuser-permissions:
    Image:      alpine:3.13
    Port:       <none>
    Host Port:  <none>
    Command:
      /bin/sh
      -c
    Args:
      mkdir -p /home/scimuser && chown -R 999 /home/scimuser
    Environment:  <none>
    Mounts:
      /home from op-scim-bridge-3-scimsession (rw)
  Containers:
   op-scim-bridge:
    Image:       gcr.io/cloud-marketplace/agilebits-public/op-scim-bridge:2.2.1
    Ports:       8080/TCP, 8443/TCP
    Host Ports:  0/TCP, 0/TCP
    Command:
      /op-scim/op-scim
    Environment:
      OP_PORT:       8080
      OP_SESSION:    /home/xxxx/scimsession
      OP_REDIS_URL:  redis://op-scim-bridge-3-op-scim-redis-svc:6379
      OP_ONE_CLICK:  true
      OP_DOMAIN:     xxxxxx.1password.com
    Mounts:
      /home from op-scim-bridge-3-scimsession (rw)
  Volumes:
   op-scim-bridge-3-scimsession:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  op-scim-bridge-3-op-scim-bridge-pvc
    ReadOnly:   false
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Progressing    True    NewReplicaSetAvailable
  Available      True    MinimumReplicasAvailable
OldReplicaSets:  <none>
NewReplicaSet:   op-scim-bridge-3-op-scim-bridge-76fb9597b6 (1/1 replicas created)
Events:          <none>
ty@cloudshell:~ (it-gag)$

    With the container name identified as "op-scim-bridge". I modified your command and added the container name. "kubectl set image deploy/op-scim-bridge-1-op-scim-bridge op-scim-bridge=1password/scim:v2.8.1 -n 1password" and it still failed to run

    ty@cloudshell:~ (it-gag)$ kubectl set image deploy/op-scim-bridge-1-op-scim-bridge op-scim-bridge=1password/scim:v2.8.1 -n 1password
Error from server (NotFound): deployments.apps "op-scim-bridge-1-op-scim-bridge" not found
ty@cloudshell:~ (it-gag)$

    I have an open case with support. That case is 137107

  • hemal.g_1p
    hemal.g_1p
    1Password Alumni
    edited May 2023

    Hi there,
    Sorry to know the commands didn't work.
    Could you please try "kubectl set image deployment/op-scim-bridge-3-op-scim-bridge op-scim-bridge=1password/scim:v2.8.1 -n 1password"

  • xeomonk
    xeomonk
    Community Member

    That worked. Now the second part of the upgrade. I can't get the command to work either.

    kubectl patch applications.app.k8s.io op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' -n 1password --type='json'

    ty@cloudshell:~ (it-gag)$ kubectl patch applications.app.k8s.io op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' -n 1password --type='json'
Error from server (NotFound): applications.app.k8s.io "op-scim-bridge" not found
ty@cloudshell:~ (it-gag)$
  • hemal.g_1p
    hemal.g_1p
    1Password Alumni
    edited May 2023

    For that you'd need to modify command with full name of deployment.
    Try "kubectl patch applications.app.k8s.io op-scim-bridge-3-op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' -n 1password --type='json' "

  • xeomonk
    xeomonk
    Community Member

    I tried that as well and it didn't work. Below is the output.

    ty@cloudshell:~ (it-gag)$ kubectl patch applications.app.k8s.io op-scim-bridge-3-op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' --type='json'
Error from server (NotFound): applications.app.k8s.io "op-scim-bridge-3-op-scim-bridge" not found
ty@cloudshell:~ (it-gag)$
  • hemal.g_1p
    hemal.g_1p
    1Password Alumni

    Ok. Error is related to Kubernetes and not Scim.
    Let us first confirm SCIM bridge is successfully updated.
    Could you run "kubectl describe deployment --namespace 1password" ? Under deployment you may look for "Image: 1password/scim:v2.8.1" . Then confirm you're connected with cluster where your SCIM bridge lives and rerun "kubectl patch applications.app.k8s.io {your-deploymnet-name} -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' --type='json' --namespace 1password"

  • xeomonk
    xeomonk
    Community Member

    Below is the output of "kubectl describe deployment --namespace 1password" and I am connected to the correct cluster. The Image does show "Image: 1password/scim:v2.8.1" so that's correct.

    ty@cloudshell:~ (it-gag)$  kubectl describe deployment --namespace 1password
Name:               op-scim-bridge-3-op-scim-bridge
Namespace:          1password
CreationTimestamp:  Tue, 02 Nov 2021 15:56:00 -0600
Labels:             app=op-scim-bridge-3-op-scim-bridge
                    app.kubernetes.io/component=op-scim-bridge
                    app.kubernetes.io/name=op-scim-bridge-3
Annotations:        deployment.kubernetes.io/revision: 3
Selector:           app=op-scim-bridge-3-op-scim-bridge,app.kubernetes.io/component=op-scim-bridge,app.kubernetes.io/name=op-scim-bridge-3
Replicas:           1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType:       Recreate
MinReadySeconds:    0
Pod Template:
  Labels:  app=op-scim-bridge-3-op-scim-bridge
           app.kubernetes.io/component=op-scim-bridge
           app.kubernetes.io/name=op-scim-bridge-3
  Init Containers:
   scimuser-permissions:
    Image:      alpine:3.13
    Port:       <none>
    Host Port:  <none>
    Command:
      /bin/sh
      -c
    Args:
      mkdir -p /home/scimuser && chown -R 999 /home/scimuser
    Environment:  <none>
    Mounts:
      /home from op-scim-bridge-3-scimsession (rw)
  Containers:
   op-scim-bridge:
    Image:       1password/scim:v2.8.1
    Ports:       8080/TCP, 8443/TCP
    Host Ports:  0/TCP, 0/TCP
    Command:
      /op-scim/op-scim
    Environment:
      OP_PORT:       8080
      OP_SESSION:    /home/scim/scimsession
      OP_REDIS_URL:  redis://op-scim-bridge-3-op-scim-redis-svc:6379
      OP_ONE_CLICK:  true
      OP_DOMAIN:     xxxxxx.1password.com
    Mounts:
      /home from op-scim-bridge-3-scimsession (rw)
  Volumes:
   op-scim-bridge-3-scimsession:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  op-scim-bridge-3-op-scim-bridge-pvc
    ReadOnly:   false
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      True    MinimumReplicasAvailable
  Progressing    True    NewReplicaSetAvailable
OldReplicaSets:  op-scim-bridge-3-op-scim-bridge-76fb9597b6 (0/0 replicas created), op-scim-bridge-3-op-scim-bridge-694cc8cd65 (0/0 replicas created)
NewReplicaSet:   op-scim-bridge-3-op-scim-bridge-bb4f65b7 (1/1 replicas created)
Events:          <none>


Name:                   op-scim-bridge-3-op-scim-redis
Namespace:              1password
CreationTimestamp:      Tue, 02 Nov 2021 15:56:00 -0600
Labels:                 app.kubernetes.io/component=op-scim-redis
                        app.kubernetes.io/name=op-scim-bridge-3
Annotations:            deployment.kubernetes.io/revision: 1
Selector:               app.kubernetes.io/component=op-scim-redis,app.kubernetes.io/name=op-scim-bridge-3
Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:  app.kubernetes.io/component=op-scim-redis
           app.kubernetes.io/name=op-scim-bridge-3
  Containers:
   op-scim-redis:
    Image:        gcr.io/cloud-marketplace/agilebits-public/op-scim-bridge/redis:2.2.1
    Port:         6379/TCP
    Host Port:    0/TCP
    Environment:  <none>
    Mounts:       <none>
  Volumes:        <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Progressing    True    NewReplicaSetAvailable
  Available      True    MinimumReplicasAvailable
OldReplicaSets:  <none>
NewReplicaSet:   op-scim-bridge-3-op-scim-redis-69c76787fd (1/1 replicas created)
Events:          <none>
ty@cloudshell:~ (it-gag)$

    I would assume that the deployment name is op-scim-bridge-3-op-scim-bridge and taking the command "kubectl patch applications.app.k8s.io op-scim-bridge-3-op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' --type='json' --namespace 1password" Outputs the same error.

    ty@cloudshell:~ (it-gag)$ kubectl patch applications.app.k8s.io op-scim-bridge-3-op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' --type='json' --namespace 1password
Error from server (NotFound): applications.app.k8s.io "op-scim-bridge-3-op-scim-bridge" not found
ty@cloudshell:~ (it-gag)$
  • xeomonk
    xeomonk
    Community Member

    @hemal.g_1p

    Any ideas on what the next steps are to resolving this issue?

  • hemal.g_1p
    hemal.g_1p
    1Password Alumni

    Hey,
    Sorry to hear it didn't work. Let's confirm the application name in GCP by "kubectl get all --namespace 1password".
    In result to above command it will show up as a resource of type "applications.app.k8s.io". This can also be confirmed through GCP GUI.
    You can then run the previous command with the app name found.
    Let us know if that helps.

  • xeomonk
    xeomonk
    Community Member

    That worked!

    Thanks for all the help @hemal.g_1p

This discussion has been closed.