GCP SCIM Bridge deployment keeps losing static IP address

phillipsigma
phillipsigma
Community Member
edited June 2023 in SCIM Bridge

Every few weeks I will need to go into 1password security and change the allowed IP addresses because the cluster does something which causes the nodes to grab new public IP addresses. Is there a better way to configure this or a recommended way to set it up so that the VMs only use reserved IP addresses?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Hi @phillipsigma,

    Unfortunately as we are not GCP experts it is hard to say. That being said, let me take a guess.

    The reason we deploy on a kubernetes cluster in the first place is because in the case of a VM dying, the kubernetes agent will bring up a new pod to replace the failed VM. This ensures you SCIM Bridge will continue to function no matter what. It sounds like your VM died, and then got replaced. To the best of my knowledge, each VM has a distinct outbound IP address which is discrete from the inbound IP address you previously set as static. Therefore the new IP was being used to communicate with 1Password.

    No matter the cause of the VM IP to change, there is a solution. To anchor the IP address you communicate with, on GCP you can create a VPC network with a Cloud NAT gateway. That should ensure you communicate with the static IP associated with the VPC network, rather than the IP of the Kubernetes pod.

    However while we are aware of it, setting up and configuring that system is beyond the scope of our support. We will not be able to assist you in setting up a VPC network with a Cloud NAT gateway on GCP. We remain happy to answer any questions you have regarding the SCIM Bridge or its interactions.

This discussion has been closed.