Google Cloud SCIM Bridge Upgrade

xeomonk
xeomonk
Community Member
edited June 2023 in SCIM Bridge

Hi,
I'm following these instructions to upgrade our SCIM bridge in GCP https://support.1password.com/scim-update/#google-cloud-platform but I am running into an issue when I set the image.

ty@cloudshell:~ (it-gag)$ kubectl set image deploy/op-scim-bridge-3-op-scim-bridge op-scim-bridge-3-op-scim-bridge=1password/scim:v2.8.1 -n 1password
error: unable to find container named "op-scim-bridge-3-op-scim-bridge"
ty@cloudshell:~ (tt-gag)$ 

The container exists, but I'm not sure why I am getting this error.

ty@cloudshell:~ (it-gag)$ kubectl get deployments -n 1password
NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
op-scim-bridge-3-op-scim-bridge   1/1     1            1           59d
op-scim-bridge-3-op-scim-redis    1/1     1            1           59d
ty@cloudshell:~ (it-gag)$ 


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Hi @xeomonk ,

    Thank you for reaching out.
    You would need to modify your command slightly.
    To get your container name, use this command: "kubectl describe deployment {deployment-name}"
    Then run command "kubectl set image deploy/op-scim-bridge-1-op-scim-bridge {container_Name}=1password/scim:v2.8.1 -n 1password"

    Give this a try and let us know how it goes.

  • xeomonk
    xeomonk
    Community Member
    edited May 2023

    The commands you suggested did not work. When I enter in "kubectl describe deployment op-scim-bridge-3-op-scim-bridge", this is the output below.

    ty@cloudshell:~ (it-gag)$ kubectl describe deployment op-scim-bridge-3-op-scim-bridge
    Error from server (NotFound): deployments.apps "op-scim-bridge-3-op-scim-bridge" not found
    ty@cloudshell:~ (it-gag)$ 
    

    In order to get that command to work I would need to call the 1password namespace. which would be "kubectl describe deployment op-scim-bridge-3-op-scim-bridge -n 1password"

    ty@cloudshell:~ (it-gag)$ kubectl describe deployment op-scim-bridge-3-op-scim-bridge -n 1password
    Name:               op-scim-bridge-3-op-scim-bridge
    Namespace:          1password
    CreationTimestamp:  Tue, 02 Nov 2021 21:56:00 +0000
    Labels:             app=op-scim-bridge-3-op-scim-bridge
                        app.kubernetes.io/component=op-scim-bridge
                        app.kubernetes.io/name=op-scim-bridge-3
    Annotations:        deployment.kubernetes.io/revision: 1
    Selector:           app=op-scim-bridge-3-op-scim-bridge,app.kubernetes.io/component=op-scim-bridge,app.kubernetes.io/name=op-scim-bridge-3
    Replicas:           1 desired | 1 updated | 1 total | 1 available | 0 unavailable
    StrategyType:       Recreate
    MinReadySeconds:    0
    Pod Template:
      Labels:  app=op-scim-bridge-3-op-scim-bridge
               app.kubernetes.io/component=op-scim-bridge
               app.kubernetes.io/name=op-scim-bridge-3
      Init Containers:
       scimuser-permissions:
        Image:      alpine:3.13
        Port:       <none>
        Host Port:  <none>
        Command:
          /bin/sh
          -c
        Args:
          mkdir -p /home/scimuser && chown -R 999 /home/scimuser
        Environment:  <none>
        Mounts:
          /home from op-scim-bridge-3-scimsession (rw)
      Containers:
       op-scim-bridge:
        Image:       gcr.io/cloud-marketplace/agilebits-public/op-scim-bridge:2.2.1
        Ports:       8080/TCP, 8443/TCP
        Host Ports:  0/TCP, 0/TCP
        Command:
          /op-scim/op-scim
        Environment:
          OP_PORT:       8080
          OP_SESSION:    /home/xxxx/scimsession
          OP_REDIS_URL:  redis://op-scim-bridge-3-op-scim-redis-svc:6379
          OP_ONE_CLICK:  true
          OP_DOMAIN:     xxxxxx.1password.com
        Mounts:
          /home from op-scim-bridge-3-scimsession (rw)
      Volumes:
       op-scim-bridge-3-scimsession:
        Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
        ClaimName:  op-scim-bridge-3-op-scim-bridge-pvc
        ReadOnly:   false
    Conditions:
      Type           Status  Reason
      ----           ------  ------
      Progressing    True    NewReplicaSetAvailable
      Available      True    MinimumReplicasAvailable
    OldReplicaSets:  <none>
    NewReplicaSet:   op-scim-bridge-3-op-scim-bridge-76fb9597b6 (1/1 replicas created)
    Events:          <none>
    ty@cloudshell:~ (it-gag)$ 
    

    With the container name identified as "op-scim-bridge". I modified your command and added the container name. "kubectl set image deploy/op-scim-bridge-1-op-scim-bridge op-scim-bridge=1password/scim:v2.8.1 -n 1password" and it still failed to run

    ty@cloudshell:~ (it-gag)$ kubectl set image deploy/op-scim-bridge-1-op-scim-bridge op-scim-bridge=1password/scim:v2.8.1 -n 1password
    Error from server (NotFound): deployments.apps "op-scim-bridge-1-op-scim-bridge" not found
    ty@cloudshell:~ (it-gag)$ 
    

    I have an open case with support. That case is 137107

  • hemal.g_1p
    edited May 2023

    Hi there,
    Sorry to know the commands didn't work.
    Could you please try "kubectl set image deployment/op-scim-bridge-3-op-scim-bridge op-scim-bridge=1password/scim:v2.8.1 -n 1password"

  • xeomonk
    xeomonk
    Community Member

    That worked. Now the second part of the upgrade. I can't get the command to work either.

    kubectl patch applications.app.k8s.io op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' -n 1password --type='json'

    ty@cloudshell:~ (it-gag)$ kubectl patch applications.app.k8s.io op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' -n 1password --type='json'
    Error from server (NotFound): applications.app.k8s.io "op-scim-bridge" not found
    ty@cloudshell:~ (it-gag)$ 
    
    
  • hemal.g_1p
    edited May 2023

    For that you'd need to modify command with full name of deployment.
    Try "kubectl patch applications.app.k8s.io op-scim-bridge-3-op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' -n 1password --type='json' "

  • xeomonk
    xeomonk
    Community Member

    I tried that as well and it didn't work. Below is the output.

    ty@cloudshell:~ (it-gag)$ kubectl patch applications.app.k8s.io op-scim-bridge-3-op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' --type='json'
    Error from server (NotFound): applications.app.k8s.io "op-scim-bridge-3-op-scim-bridge" not found
    ty@cloudshell:~ (it-gag)$ 
    
  • Ok. Error is related to Kubernetes and not Scim.
    Let us first confirm SCIM bridge is successfully updated.
    Could you run "kubectl describe deployment --namespace 1password" ? Under deployment you may look for "Image: 1password/scim:v2.8.1" . Then confirm you're connected with cluster where your SCIM bridge lives and rerun "kubectl patch applications.app.k8s.io {your-deploymnet-name} -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' --type='json' --namespace 1password"

  • xeomonk
    xeomonk
    Community Member

    Below is the output of "kubectl describe deployment --namespace 1password" and I am connected to the correct cluster. The Image does show "Image: 1password/scim:v2.8.1" so that's correct.

    ty@cloudshell:~ (it-gag)$  kubectl describe deployment --namespace 1password
    Name:               op-scim-bridge-3-op-scim-bridge
    Namespace:          1password
    CreationTimestamp:  Tue, 02 Nov 2021 15:56:00 -0600
    Labels:             app=op-scim-bridge-3-op-scim-bridge
                        app.kubernetes.io/component=op-scim-bridge
                        app.kubernetes.io/name=op-scim-bridge-3
    Annotations:        deployment.kubernetes.io/revision: 3
    Selector:           app=op-scim-bridge-3-op-scim-bridge,app.kubernetes.io/component=op-scim-bridge,app.kubernetes.io/name=op-scim-bridge-3
    Replicas:           1 desired | 1 updated | 1 total | 1 available | 0 unavailable
    StrategyType:       Recreate
    MinReadySeconds:    0
    Pod Template:
      Labels:  app=op-scim-bridge-3-op-scim-bridge
               app.kubernetes.io/component=op-scim-bridge
               app.kubernetes.io/name=op-scim-bridge-3
      Init Containers:
       scimuser-permissions:
        Image:      alpine:3.13
        Port:       <none>
        Host Port:  <none>
        Command:
          /bin/sh
          -c
        Args:
          mkdir -p /home/scimuser && chown -R 999 /home/scimuser
        Environment:  <none>
        Mounts:
          /home from op-scim-bridge-3-scimsession (rw)
      Containers:
       op-scim-bridge:
        Image:       1password/scim:v2.8.1
        Ports:       8080/TCP, 8443/TCP
        Host Ports:  0/TCP, 0/TCP
        Command:
          /op-scim/op-scim
        Environment:
          OP_PORT:       8080
          OP_SESSION:    /home/scim/scimsession
          OP_REDIS_URL:  redis://op-scim-bridge-3-op-scim-redis-svc:6379
          OP_ONE_CLICK:  true
          OP_DOMAIN:     xxxxxx.1password.com
        Mounts:
          /home from op-scim-bridge-3-scimsession (rw)
      Volumes:
       op-scim-bridge-3-scimsession:
        Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
        ClaimName:  op-scim-bridge-3-op-scim-bridge-pvc
        ReadOnly:   false
    Conditions:
      Type           Status  Reason
      ----           ------  ------
      Available      True    MinimumReplicasAvailable
      Progressing    True    NewReplicaSetAvailable
    OldReplicaSets:  op-scim-bridge-3-op-scim-bridge-76fb9597b6 (0/0 replicas created), op-scim-bridge-3-op-scim-bridge-694cc8cd65 (0/0 replicas created)
    NewReplicaSet:   op-scim-bridge-3-op-scim-bridge-bb4f65b7 (1/1 replicas created)
    Events:          <none>
    
    
    Name:                   op-scim-bridge-3-op-scim-redis
    Namespace:              1password
    CreationTimestamp:      Tue, 02 Nov 2021 15:56:00 -0600
    Labels:                 app.kubernetes.io/component=op-scim-redis
                            app.kubernetes.io/name=op-scim-bridge-3
    Annotations:            deployment.kubernetes.io/revision: 1
    Selector:               app.kubernetes.io/component=op-scim-redis,app.kubernetes.io/name=op-scim-bridge-3
    Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
    StrategyType:           RollingUpdate
    MinReadySeconds:        0
    RollingUpdateStrategy:  25% max unavailable, 25% max surge
    Pod Template:
      Labels:  app.kubernetes.io/component=op-scim-redis
               app.kubernetes.io/name=op-scim-bridge-3
      Containers:
       op-scim-redis:
        Image:        gcr.io/cloud-marketplace/agilebits-public/op-scim-bridge/redis:2.2.1
        Port:         6379/TCP
        Host Port:    0/TCP
        Environment:  <none>
        Mounts:       <none>
      Volumes:        <none>
    Conditions:
      Type           Status  Reason
      ----           ------  ------
      Progressing    True    NewReplicaSetAvailable
      Available      True    MinimumReplicasAvailable
    OldReplicaSets:  <none>
    NewReplicaSet:   op-scim-bridge-3-op-scim-redis-69c76787fd (1/1 replicas created)
    Events:          <none>
    ty@cloudshell:~ (it-gag)$ 
    

    I would assume that the deployment name is op-scim-bridge-3-op-scim-bridge and taking the command "kubectl patch applications.app.k8s.io op-scim-bridge-3-op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' --type='json' --namespace 1password" Outputs the same error.

    ty@cloudshell:~ (it-gag)$ kubectl patch applications.app.k8s.io op-scim-bridge-3-op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' --type='json' --namespace 1password
    Error from server (NotFound): applications.app.k8s.io "op-scim-bridge-3-op-scim-bridge" not found
    ty@cloudshell:~ (it-gag)$ 
    
    
  • xeomonk
    xeomonk
    Community Member

    @hemal.g_1p

    Any ideas on what the next steps are to resolving this issue?

  • Hey,
    Sorry to hear it didn't work. Let's confirm the application name in GCP by "kubectl get all --namespace 1password".
    In result to above command it will show up as a resource of type "applications.app.k8s.io". This can also be confirmed through GCP GUI.
    You can then run the previous command with the app name found.
    Let us know if that helps.

  • xeomonk
    xeomonk
    Community Member

    That worked!

    Thanks for all the help @hemal.g_1p

This discussion has been closed.