kubernetes setup: scim bridge not able to communicate over https

eliu
eliu
Community Member

Hi,

I'm setting up the scim bridge for integration with okta, using kubernetes. It's almost complete however, for some reason it cannot communicate over https . I get the following error:

curl https://scimbridge.XXXX.com/scim/Users
curl: (35) error:14004438:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert internal error

I think the reason why is due to letsencrypt not issuing a ssl certificate, but I'm not quite sure.

When I communicate over http or directly with the load balancer I get this:

curl -I XXXX.us-east-1.elb.amazonaws.com
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: https://XXXXX.us-east-1.elb.amazonaws.com/
Date: Wed, 20 Feb 2019 17:30:23 GMT

So it looks like it's accessible externally, but it can't communicate over https.

I'm using AWS EKS for this setup. I've check to make sure that the domain name in the --letsencrypt-domain flag matches with then dns name pointing to the Load balancer in AWS.

Some of my co workers mention using cert-manager but I'm not quite sure if that's what I should be using.

Thanks!

Comments

  • cohix
    cohix
    1Password Alumni

    @eliu That's an error I've never seen before. When settings the --letsencrypt-domain flag, did you remove the {} as well? I have seen cases of those braces being left behind and it causes issues.

    Are you able to hit the EKS cluster directly from say, an EC2 instance in your VPC, instead of going through the load balancer?

    Can you also access the pod logs so we can see what logs the SCIM bridge container is outputting? You can email support@1password.com with SCIM in the subject and it will find its way to me.

  • eliu
    eliu
    Community Member

    @cohix Turns out that was the problem. Thanks for your help!

  • cohix
    cohix
    1Password Alumni

    @eliu good to know :+1:

This discussion has been closed.