kubernetes setup: scim bridge not able to communicate over https

Hi,

I'm setting up the scim bridge for integration with okta, using kubernetes. It's almost complete however, for some reason it cannot communicate over https . I get the following error:

curl https://scimbridge.XXXX.com/scim/Users
curl: (35) error:14004438:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert internal error

I think the reason why is due to letsencrypt not issuing a ssl certificate, but I'm not quite sure.

When I communicate over http or directly with the load balancer I get this:

curl -I XXXX.us-east-1.elb.amazonaws.com
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: https://XXXXX.us-east-1.elb.amazonaws.com/
Date: Wed, 20 Feb 2019 17:30:23 GMT

So it looks like it's accessible externally, but it can't communicate over https.

I'm using AWS EKS for this setup. I've check to make sure that the domain name in the --letsencrypt-domain flag matches with then dns name pointing to the Load balancer in AWS.

Some of my co workers mention using cert-manager but I'm not quite sure if that's what I should be using.

Thanks!

Comments

  • cohixcohix

    Team Member

    @eliu That's an error I've never seen before. When settings the --letsencrypt-domain flag, did you remove the {} as well? I have seen cases of those braces being left behind and it causes issues.

    Are you able to hit the EKS cluster directly from say, an EC2 instance in your VPC, instead of going through the load balancer?

    Can you also access the pod logs so we can see what logs the SCIM bridge container is outputting? You can email [email protected] with SCIM in the subject and it will find its way to me.

  • @cohix Turns out that was the problem. Thanks for your help!

  • cohixcohix

    Team Member

    @eliu good to know :+1:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file