1Password Scim Bridge Deployment in Cloud Run - Issues #385
Description
Am facing several issues trying to deploy 1Password Scim Bridge in gcp cloud run.
- 1password GitHub repository requires the use of Default Service Account (Step 5. "Enable Cloud Run to access the secret using the Compute Engine default service account for the project" - This issue with this step is my organization policy requires all default service account disabled.
- Created a custom service account with the necessary IAM roles to support the SCIM Bridge functionality.
Attempted to modify the deployment YAML to use the custom service account, but:
The YAML file in the GitHub repo is hardcoded to use the default service account.
Modifying the repo is not allowed due to policy or technical constraints. - Error Message
- spec.template.spec.containers[0].image: Expected an image path like [host/]repo-path[:tag and/or @digest], where host is one of [region.]gcr.io, [region-]docker.pkg.dev or docker.io but obtained ghcr.io/1password/scim:v2.7.2. To deploy container images from other public or private registries, set up an Artifact Registry remote repository.
- Above , is an error message that I could running the GitHub Repo codes. This last line of code was supposed to copy the image from GitHub Repo. But GCP Cloud Run only supports container images hosted on specific registries, and the image I am trying to deploy is from a registry that isn't supported by default.
- Each step has just been plagued with one error or the other. I really need help with implementing this 1password scim bridge in our Dev. env.