SCIM Bridge GCP MarketPlace App Fails to start

tb_bhav
tb_bhav
Community Member

Hi,

I am attempting to deploy the latest 1Password SCIM Bridge from the marketplace. v1.6.1.

As soon I as I create it, I am presented with this error:

If I scroll down a little, it says this:

But If I look at the YAML file its saying that op-scim-bridge-2-bridge-svc is InProgress. I assume this is the reason for the failure.

If I navigate to the public IP address, I get an ERR_SSL_PROTOCOL_ERROR in my browser.

What should I do at this point? I currently can't provision or de-provision users because my old SCIM bridge is not working and I can't get a new one up and running either.

Note:
I have an existing SCIM bridge from Apr 2020 that stopped working sometime in the last 10 days. It says that "Some components are pending" and shows me all components are green. That was deployed with v1.3.1 from the Marketplace. Instead of trying to troubleshoot 1.3.1 I was just trying to deploy the latest version as of today. Looking more into it; its failing with the exact same issue as trying to deploy a new SCIM bridge op-scim-bridge-1-bridge-svc


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @tb_bhav,

    The first place to start the investigation is checking out the SCIM Bridge kubernetes pod/docker container logs. Once you have those, feel free to post a (redacted) version here or e-mail support@1password.com and we'll help you out over there.

    Amanda

  • Hi again,

    I did a bit more digging - are you creating the new SCIM Bridge in the same cluster as the old one? Right now we only support one per cluster - I suggest starting with a fresh cluster and seeing if that does the trick.

    Cheers!
    Amanda

  • tb_bhav
    tb_bhav
    Community Member

    Hi @1P_Amanda - Thanks for the responses. I think deploying in the same cluster was definitely an issue as I never even got the welcome screen below. However - I am still running into issues even after spinning up a new cluster.

    To make sure I had a fresh start, I actually started a brand new project and then setup the SCIM bridge from scratch.

    In both cases I get the same error. It still says Some components are pending, but if I click on the IP address in SCIM Bridge Info I am greeted with the verify screen (which was not the case before). Unfortunately when I try to verify the hostname; it crashes.

    When trying to verify the hostname:

    After waiting about 10min - I hit refresh and it errors out on both a) a new cluster on the existing non-working SCIM bridge and b) a brand new project (with a new cluster) I get this failed message.

    How can I get the logs from the containers as you mentioned before.?

  • There's a couple of ways to get your logs. The first one is to go to "Services & Ingress" in the Kubernetes Engine, then select op-scim-bridge--bridge-svc, then logs. These aren't super current, so to get the most up to date logs you need to go to your cluster, click connect, then "Run in cloud shell", and click enter on the auto-filled line. Now you can run kubectl commands, first 'kubectl get pods', then using the name of your SCIM Bridge pod, 'kubectl logs pod/scim-bridge-' and you should be able to copy and paste from there.

    There's a few configuration things that you can check as well. First, after you verify the host name, you need to go to your SCIM Bridge using your SCIM Bridge URL instead of the IP address - I'm not sure whether the verification was successful, but it's a good thing to try. Second, do you have any extra firewalls setup that would prevent access to redis on port 6379, or your SCIM Bridge on port 80? Lastly, we've seen issues where people use a DNS entry that's already getting a certificate elsewhere, which can interfere with getting a proper LetsEncrypt certificate, so checking that your DNS entry looks good is also a good bet.

  • tb_bhav
    tb_bhav
    Community Member

    Hey @1P_Amanda thanks so much, I think it was the navigating to the site with the actual DNS name and not the IP address that I was missing. Once I did navigated to https://my.hostname_com it worked.

    The GCP instance still says that some items are pending, but I don't see anything in the log file except bot traffic trying so scan the service. The only way I'm going to get the logs now is to restart the instance; which I will do on the next update. Thanks for your help.

  • Alex_Scoble
    Alex_Scoble
    Community Member

    Yep, we're having the same issue with GKE reporting that the scim bridge svc is pending, despite the fact that it's 100% set up.

  • Hi,

    If your SCIM Bridge is working fine, you can ignore that. We have a ticket to look into why that's happening.

    Cheers!
    Amanda

  • Alex_Scoble
    Alex_Scoble
    Community Member

    Thanks, Amanda.

  • ag_ana
    ag_ana
    1Password Alumni

    On behalf of Amanda, you are welcome @Alex_Scoble! If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

This discussion has been closed.