SCIM Bridge on Azure Kubernetes Service: op-scim-bridge error "LetsEncrypt timed out"

Afelio
Afelio
Community Member

Hello,
I'm trying to deploy a SCIM Bridge on Azure Kubernetes Service to provision my organisation account, following this guide:
https://support.1password.com/scim-deploy-azure/#step-2-prepare-your-local-system
I did edit the op-scim-config.yaml file with the correct domain and added a dns record pointing to the LoadBalancer Ingress IP. nslookup returns the correct IP address. However, when I try to test if the deployment was successful, the request times out.
In the Azure CLI, using kubectl get pods <op-scim-bridge-pod-name> --watch shows that the pod alternates between the statuses "Running", "Error" and "CrashLoopBackOff".
Looking at the logs (I set OP_PRETTY_LOGS and OP_DEBUG to "1" in op-scim-config.yaml), the crash seems to happen when trying to get a certificate. Here they are (always the same logs after each restart):

$ kubectl logs <op-scim-bridge-pod-name>
2:00PM INF 1Password SCIM bridge, starting up application=op-scim version=2.0.1
2:00PM INF registering new health component application=op-scim component=RedisCache service=health version=2.0.1
2:00PM INF starting to poll components for health reports application=op-scim service=health version=2.0.1
2:00PM INF registering new health component application=op-scim component=SCIMServer service=health version=2.0.1
2:00PM INF registering new health component application=op-scim component=CertificateManager service=health version=2.0.1
2:00PM INF registering new health component application=op-scim component=ChallengeServer service=health version=2.0.1
2:00PM INF starting LetsEncrypt challenge server addr=:8080 application=op-scim service=ChallengeServer version=2.0.1
2:00PM DBG redicrypt: getting cert for key redicrypt/<my-domain>+rsa application=op-scim version=2.0.1
2:00PM DBG redicrypt: getting cert for key redicrypt/acme_account+key application=op-scim version=2.0.1
2:00PM ??? Server: (failed to run 1Password SCIM bridge), Wrapped: (failed to GenerateCertificate), Network: (failed to getCertificateWithTimeout), Wrapped: (updateCertificateWithTimeout timed out on certManager.GetCertificate), LetsEncrypt timed out application=op-scim version=2.0.1

I tried to start over (generate new scimsession and token, double check the domain name, delete all pods and secrets in the aks cluster, generate new scimsession secret from the new scimsession file, redeploy, update the DNS record) but nothing seems to work. I don't know what else to do.

What could be the reason for that error ?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:SCIM Bridge on Azure Kubernetes Service: op-scim-bridge error "LetsEncrypt timed out"

Comments

  • Afelio
    Afelio
    Community Member

    It seems that time and patience solved the problem. After letting the service run for a couple of hours, I came back to find it was finally running fine. I finished the configuration (create the 1Password Business app in Azure AD) and I'm now waiting for the first provisioning cycle to occur to be sure it's working as intended.

  • Thank you for the update! LetsEncrypt was having scheduled maintenance over that last few days that likely caused this.

This discussion has been closed.