It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Google Cloud SCIM Bridge Upgrade
Hi,
I'm following these instructions to upgrade our SCIM bridge in GCP https://support.1password.com/scim-update/#google-cloud-platform but I am running into an issue when I set the image.
ty@cloudshell:~ (it-gag)$ kubectl set image deploy/op-scim-bridge-3-op-scim-bridge op-scim-bridge-3-op-scim-bridge=1password/scim:v2.8.1 -n 1password
error: unable to find container named "op-scim-bridge-3-op-scim-bridge"
ty@cloudshell:~ (tt-gag)$
The container exists, but I'm not sure why I am getting this error.
```
ty@cloudshell:~ (it-gag)$ kubectl get deployments -n 1password
NAME READY UP-TO-DATE AVAILABLE AGE
op-scim-bridge-3-op-scim-bridge 1/1 1 1 59d
op-scim-bridge-3-op-scim-redis 1/1 1 1 59d
ty@cloudshell:~ (it-gag)$
```
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
11 Replies
That worked!
Thanks for all the help hemal_g_1p
hemal_g_1p1Password Team
Hey,
Sorry to hear it didn't work. Let's confirm the application name in GCP by "kubectl get all --namespace 1password".
In result to above command it will show up as a resource of type "applications.app.k8s.io". This can also be confirmed through GCP GUI.
You can then run the previous command with the app name found.
Let us know if that helps.Any ideas on what the next steps are to resolving this issue?
Below is the output of "kubectl describe deployment --namespace 1password" and I am connected to the correct cluster. The Image does show "Image: 1password/scim:v2.8.1" so that's correct.
```
ty@cloudshell:~ (it-gag)$ kubectl describe deployment --namespace 1password
Name: op-scim-bridge-3-op-scim-bridge
Namespace: 1password
CreationTimestamp: Tue, 02 Nov 2021 15:56:00 -0600
Labels: app=op-scim-bridge-3-op-scim-bridge
app.kubernetes.io/component=op-scim-bridge
app.kubernetes.io/name=op-scim-bridge-3
Annotations: deployment.kubernetes.io/revision: 3
Selector: app=op-scim-bridge-3-op-scim-bridge,app.kubernetes.io/component=op-scim-bridge,app.kubernetes.io/name=op-scim-bridge-3
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: Recreate
MinReadySeconds: 0
Pod Template:
Labels: app=op-scim-bridge-3-op-scim-bridge
app.kubernetes.io/component=op-scim-bridge
app.kubernetes.io/name=op-scim-bridge-3
Init Containers:
scimuser-permissions:
Image: alpine:3.13
Port:
Host Port:
Command:
/bin/sh
-c
Args:
mkdir -p /home/scimuser && chown -R 999 /home/scimuser
Environment:
Mounts:
/home from op-scim-bridge-3-scimsession (rw)
Containers:
op-scim-bridge:
Image: 1password/scim:v2.8.1
Ports: 8080/TCP, 8443/TCP
Host Ports: 0/TCP, 0/TCP
Command:
/op-scim/op-scim
Environment:
OP_PORT: 8080
OP_SESSION: /home/scim/scimsession
OP_REDIS_URL: redis://op-scim-bridge-3-op-scim-redis-svc:6379
OP_ONE_CLICK: true
OP_DOMAIN: xxxxxx.1password.com
Mounts:
/home from op-scim-bridge-3-scimsession (rw)
Volumes:
op-scim-bridge-3-scimsession:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: op-scim-bridge-3-op-scim-bridge-pvc
ReadOnly: false
Conditions:
Type Status Reason
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: op-scim-bridge-3-op-scim-bridge-76fb9597b6 (0/0 replicas created), op-scim-bridge-3-op-scim-bridge-694cc8cd65 (0/0 replicas created)
NewReplicaSet: op-scim-bridge-3-op-scim-bridge-bb4f65b7 (1/1 replicas created)
Events:Name: op-scim-bridge-3-op-scim-redis
Namespace: 1password
CreationTimestamp: Tue, 02 Nov 2021 15:56:00 -0600
Labels: app.kubernetes.io/component=op-scim-redis
app.kubernetes.io/name=op-scim-bridge-3
Annotations: deployment.kubernetes.io/revision: 1
Selector: app.kubernetes.io/component=op-scim-redis,app.kubernetes.io/name=op-scim-bridge-3
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app.kubernetes.io/component=op-scim-redis
app.kubernetes.io/name=op-scim-bridge-3
Containers:
op-scim-redis:
Image: gcr.io/cloud-marketplace/agilebits-public/op-scim-bridge/redis:2.2.1
Port: 6379/TCP
Host Port: 0/TCP
Environment:
Mounts:
Volumes:
Conditions:
Type Status Reason
Progressing True NewReplicaSetAvailable
Available True MinimumReplicasAvailable
OldReplicaSets:
NewReplicaSet: op-scim-bridge-3-op-scim-redis-69c76787fd (1/1 replicas created)
Events:
ty@cloudshell:~ (it-gag)$
```I would assume that the deployment name is op-scim-bridge-3-op-scim-bridge and taking the command "kubectl patch applications.app.k8s.io op-scim-bridge-3-op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' --type='json' --namespace 1password" Outputs the same error.
```
ty@cloudshell:~ (it-gag)$ kubectl patch applications.app.k8s.io op-scim-bridge-3-op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' --type='json' --namespace 1password
Error from server (NotFound): applications.app.k8s.io "op-scim-bridge-3-op-scim-bridge" not found
ty@cloudshell:~ (it-gag)$```
- hemal_g_1p
Ok. Error is related to Kubernetes and not Scim.
Let us first confirm SCIM bridge is successfully updated.
Could you run "kubectl describe deployment --namespace 1password" ? Under deployment you may look for "Image: 1password/scim:v2.8.1" . Then confirm you're connected with cluster where your SCIM bridge lives and rerun "kubectl patch applications.app.k8s.io {your-deploymnet-name} -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' --type='json' --namespace 1password" I tried that as well and it didn't work. Below is the output.
ty@cloudshell:~ (it-gag)$ kubectl patch applications.app.k8s.io op-scim-bridge-3-op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' --type='json'
Error from server (NotFound): applications.app.k8s.io "op-scim-bridge-3-op-scim-bridge" not found
ty@cloudshell:~ (it-gag)$
- hemal_g_1p
For that you'd need to modify command with full name of deployment.
Try "kubectl patch applications.app.k8s.io op-scim-bridge-3-op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' -n 1password --type='json' " That worked. Now the second part of the upgrade. I can't get the command to work either.
kubectl patch applications.app.k8s.io op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' -n 1password --type='json'
```
ty@cloudshell:~ (it-gag)$ kubectl patch applications.app.k8s.io op-scim-bridge -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.8.1"}]' -n 1password --type='json'
Error from server (NotFound): applications.app.k8s.io "op-scim-bridge" not found
ty@cloudshell:~ (it-gag)$```
- hemal_g_1p
Hi there,
Sorry to know the commands didn't work.
Could you please try "kubectl set image deployment/op-scim-bridge-3-op-scim-bridge op-scim-bridge=1password/scim:v2.8.1 -n 1password" The commands you suggested did not work. When I enter in "kubectl describe deployment op-scim-bridge-3-op-scim-bridge", this is the output below.
ty@cloudshell:~ (it-gag)$ kubectl describe deployment op-scim-bridge-3-op-scim-bridge
Error from server (NotFound): deployments.apps "op-scim-bridge-3-op-scim-bridge" not found
ty@cloudshell:~ (it-gag)$
In order to get that command to work I would need to call the 1password namespace. which would be "kubectl describe deployment op-scim-bridge-3-op-scim-bridge -n 1password"
```
ty@cloudshell:~ (it-gag)$ kubectl describe deployment op-scim-bridge-3-op-scim-bridge -n 1password
Name: op-scim-bridge-3-op-scim-bridge
Namespace: 1password
CreationTimestamp: Tue, 02 Nov 2021 21:56:00 +0000
Labels: app=op-scim-bridge-3-op-scim-bridge
app.kubernetes.io/component=op-scim-bridge
app.kubernetes.io/name=op-scim-bridge-3
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=op-scim-bridge-3-op-scim-bridge,app.kubernetes.io/component=op-scim-bridge,app.kubernetes.io/name=op-scim-bridge-3
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: Recreate
MinReadySeconds: 0
Pod Template:
Labels: app=op-scim-bridge-3-op-scim-bridge
app.kubernetes.io/component=op-scim-bridge
app.kubernetes.io/name=op-scim-bridge-3
Init Containers:
scimuser-permissions:
Image: alpine:3.13
Port:
Host Port:
Command:
/bin/sh
-c
Args:
mkdir -p /home/scimuser && chown -R 999 /home/scimuser
Environment:
Mounts:
/home from op-scim-bridge-3-scimsession (rw)
Containers:
op-scim-bridge:
Image: gcr.io/cloud-marketplace/agilebits-public/op-scim-bridge:2.2.1
Ports: 8080/TCP, 8443/TCP
Host Ports: 0/TCP, 0/TCP
Command:
/op-scim/op-scim
Environment:
OP_PORT: 8080
OP_SESSION: /home/xxxx/scimsession
OP_REDIS_URL: redis://op-scim-bridge-3-op-scim-redis-svc:6379
OP_ONE_CLICK: true
OP_DOMAIN: xxxxxx.1password.com
Mounts:
/home from op-scim-bridge-3-scimsession (rw)
Volumes:
op-scim-bridge-3-scimsession:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: op-scim-bridge-3-op-scim-bridge-pvc
ReadOnly: false
Conditions:
Type Status Reason
Progressing True NewReplicaSetAvailable
Available True MinimumReplicasAvailable
OldReplicaSets:
NewReplicaSet: op-scim-bridge-3-op-scim-bridge-76fb9597b6 (1/1 replicas created)
Events:
ty@cloudshell:~ (it-gag)$
```With the container name identified as "op-scim-bridge". I modified your command and added the container name. "kubectl set image deploy/op-scim-bridge-1-op-scim-bridge op-scim-bridge=1password/scim:v2.8.1 -n 1password" and it still failed to run
ty@cloudshell:~ (it-gag)$ kubectl set image deploy/op-scim-bridge-1-op-scim-bridge op-scim-bridge=1password/scim:v2.8.1 -n 1password
Error from server (NotFound): deployments.apps "op-scim-bridge-1-op-scim-bridge" not found
ty@cloudshell:~ (it-gag)$
I have an open case with support. That case is 137107
