black screen

[jason-hobbs]

I installed the extension but when I open the menu item for kubescape there are no results and if I hit scan it still returns no results. This is on lens version 5.4.6

[xdavidel]

Hi,

Thanks for your feedback. We'll concertedly look into that issue next week.

In the mean time, it will be best if you can supply more information:

• What operating system are you using? (Windows, MAC, Linux, etc.)
• Did you get proper information about your cluster in other Lens menus? (like other workload information)
• Did you happen to run Kubescape cli and got different results?
• What Kubescape version is being used by Lens? (if everything was setup currently you can see the version in the upper section of Kubescape page by hovering over the info icon.

Also, a screenshot will also be helpful.

David.

[jason-hobbs]

• I am on a Mac, intel
• The cluster works fine otherwise
• Kubescape cli works as expected
• 2.0.144

[amirmalka]

Hi @jason-hobbs Will it be possible to provide the files located at: ~/Library/Application Support/Lens/extension-store/@kubescape/lens-extension

We expect to have 2 JSON files in this directory.

Amir.

[jason-hobbs]

files.zip Here they are.

[amirmalka]

Thanks @jason-hobbs ! From the files you sent me I can see that kubescape was able to finish a scan successfully.

Only the imt cluster (out of 5 clusters scanned) contains results. I am able to see your failed controls for that cluster with the same Lens version you mentioned, running on M1 Mac though (Unfortunately I don't have access to an Intel Mac, but I'm not sure it's part of the issue in this case)

1. Regarding the blank screen you are getting, is it for the imt cluster?
2. If the answer is no, do you see anything for the imt cluster?
3. If the answer is yes, would you mind opening Dev Tools (Command + Option + I) and report if you see any errors in the Console?

[cloudmatt]

fwiw - I'm on a M1 mac and seeing identical results. Scan runs but the page is completely blank, when I look in dev tools (at least for me) there are a couple errors

BrowserConsole.js:47 The user aborted a request. AbortErrormessage: "The user aborted a request."type: "aborted"stack: "AbortError: The user aborted a request.\n at abort (/Applications/Lens.app/Contents/Resources/app.asar/node_modules/node-fetch/lib/index.js:1440:16)\n at AbortSignal.abortAndFinalize (/Applications/Lens.app/Contents/Resources/app.asar/node_modules/node-fetch/lib/index.js:1455:4)\n at AbortSignal. (http://f1c19b5e62bef0c4eab32009190e56df.localhost:63924/build/Lens.js?f70a45f383f4c27c63bd:522080:18)\n at AbortSignal. (http://f1c19b5e62bef0c4eab32009190e56df.localhost:63924/build/Lens.js?f70a45f383f4c27c63bd:522080:18)\n at http://f1c19b5e62bef0c4eab32009190e56df.localhost:63924/build/Lens.js?f70a45f383f4c27c63bd:598643:28\n at http://f1c19b5e62bef0c4eab32009190e56df.localhost:63924/build/Lens.js?f70a45f383f4c27c63bd:249106:25\n at http://f1c19b5e62bef0c4eab32009190e56df.localhost:63924/build/Lens.js?f70a45f383f4c27c63bd:266994:15\n at Array.forEach ()\n at NonInjectedClusterOverview.runDisposersOnWillUnmount (http://f1c19b5e62bef0c4eab32009190e56df.localhost:63924/build/Lens.js?f70a45f383f4c27c63bd:266988:66)\n at http://f1c19b5e62bef0c4eab32009190e56df.localhost:63924/build/Lens.js?f70a45f383f4c27c63bd:266597:12"[[Prototype]]: Errorconstructor: ƒ AbortError(message)name: "AbortError"[[Prototype]]: Object webpack_modules.1246.BrowserConsole.log @ BrowserConsole.js:47 BrowserConsole.js:47 The user aborted a request. AbortError webpack_modules.1246.BrowserConsole.log @ BrowserConsole.js:47 BrowserConsole.js:47 The user aborted a request. AbortError webpack_modules.1246.BrowserConsole.log @ BrowserConsole.js:47

[jason-hobbs]

I am now seeing results in the imt cluster but not any other clusters.

[maxnitze]

I have the exact same problem running OpenLens with lens-kubescape on Linux.

OpenLens 5.5.4-latest.1654886499012 Kubescape v2.0.154 lens-kubescape 0.1.4

After the scan finishes (without any visible errors), the list stays empty. The file kubescape-report-store.json in ~/.config/Lens/extension-store/@kubescape/lens-extension does not include any data:

{
        "scanResults": [
                {
                        "clusterId": "533ed26c3ef6d71a44b5e4db2a377016",
                        "clusterName": "Dev",
                        "controls": [],
                        "frameworks": [],
                        "isScanning": false,
                        "time": 1652797147667
                }
        ]
}

Don't know if the preferences look correct:

{
        "isInstalled": true,
        "kubescapeConfig": {
                "version": "v2.0.144",
                "baseDirectory": "/home/user/.config/Lens/extension_data/ecd8e19a25c4ecc596021f9eff47dcc3bc5ed5d5f4cd31745488e222e9569844/bin",
                "scanFrameworks": [
                        "allcontrols",
                        "armobest",
                        "devopsbest",
                        "mitre",
                        "nsa"
                ],
                "frameworksDirectory": "/home/user/.config/Lens/extension_data/ecd8e19a25c4ecc596021f9eff47dcc3bc5ed5d5f4cd31745488e222e9569844/bin",
                "requiredFrameworks": []
        }
}

When I run the command manually from command line, I get a bunch of data in my results file

user@nb [~/.temp/kubescape]
-> % kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --format junit --output results.xml
[info] ARMO security scanner starting
[warning] Kubernetes cluster nodes scanning is disabled. This is required to collect valuable data for certain controls. You can enable it using  the --enable-host-scan flag
[info] Downloading/Loading policy definitions
[success] Downloaded/Loaded policy
[info] Accessing Kubernetes objects
[success] Accessed to Kubernetes objects
[info] Scanning. cluster: dev
[success] Done scanning. cluster: dev
[success] Scan results saved. filename: results.xml

Overall risk-score (0- Excellent, 100- All failed): 38

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan results have not been submitted: run kubescape with the '--submit' flag
Sign up for free: https://portal.armo.cloud/account/sign-up?utm_source=GitHub&utm_medium=CLI&utm_campaign=no_submit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

🕵️  Run with '--verbose'/'-v' flag for detailed resources view

user@nb [~/.temp/kubescape]
-> % ll
total 396K
drwxr-xr-x 2 user users 4.0K Jun 23 10:35 .
drwxr-xr-x 4 user users 4.0K Jun 23 10:35 ..
-rw-r--r-- 1 user users 388K Jun 23 10:36 results.xml
user@nb [~/.temp/kubescape]
-> %

Do you see why it is not working for me?

Thanks in advance!

[amirmalka]

@jason-hobbs, @maxnitze @cloudmatt

A new version 0.1.5 was released which I believe would fix the blank screen issue.

It seems that clicking on the "Uninstall" extension button from the Lens app does not remove the extension data (to be discussed with Lens), so just to be on the safe side, I advise you to follow the instructions below if the extension is already installed with a previous version:

1. Uninstall the extension from the "Installed extensions" section in Lens extension page

2. Remove the contents of the following directories:

Mac: ~/Library/Application Support/Lens/extension-store/@kubescape/lens-extension ~/Library/Application Support/Lens/extension_data/<YOUR_EXTENSION_ID>/bin (Contains Kubescape binary and framework JSONs)

Linux: ~/.config/Lens/extension-store/@kubescape/lens-extension ~/.config/Lens/extension_data/<YOUR_EXTENSION_ID>/bin (Contains Kubescape binary and framework JSONs)

3. Install the new version

Keep me posted if it solves your issue.

[maxnitze]

In my original comment I accidentally looked into the wrong config folder. It should be ~/.config/OpenLens/... instead of Lens (I switched a couple of days ago and did not delete the config folder then). But looking at the OpenLens folder, it contained the same files with the same content (the scanFrameworks are mixed up, but otherwise the same).

Unfortunately I have the same issue there with plugin version 0.1.5.

I uninstalled the plugin and deleted all plugin-related files and folders (~/.config/OpenLens/extension-store/@kubescape and ~/.config/OpenLens/extension_data/* (I only have this one extension installed)). After starting the application again I installed the plugin again (0.1.5 was installed). When I clicked on the "Kubescape" menu entry in my "Dev" cluster the scan immediately started. But afterwards the same result: The list as well kubescape-report-store.json has no entries :cry:

[amirmalka]

@maxnitze thanks for updating. I have pushed a new version with some more debug logs.

In order to see the logs you to perform the installation and scan operations while Lens is opened from the command line. (the logs are printed to the terminal window). Unfortunately, I have no access to a Linux machine at the moment to confirm if Lens would work the same way as it works on my mac.

• Don't forget to remove the existing extension beforehand, like you already did.

It would be great if you could provide me the logs that are printed to the terminal so I can investigate this issue.

Thanks, Amir

[maxnitze]

Hm. This looks weird.

It starts with

{
  info: '[Kubescape] 2022-06-29 16:18:30',
  content: 'Kubescape main activated'
}
...
[Kubescape] 2022-06-29 16:18:30 - info  - Initializing kubescape: 20%
{
  info: '[Kubescape] 2022-06-29 16:18:30',
  content: 'Kubescape will be used from /home/user/.config/OpenLens/extension_data/383a4e8840bbbfd977f58c81e55c82406aa33786bc6ba705501c8d5a3369494b/bin/kubescape'
}
{
  info: '[Kubescape] 2022-06-29 16:18:30',
  content: 'Kubescape install status: installed'
}
[Kubescape] 2022-06-29 16:18:30 - info  - Initializing kubescape: 40%
{
  info: '[Kubescape] 2022-06-29 16:18:30',
  content: 'Kubescape requested version: v2.0.150'
}
[Kubescape] 2022-06-29 16:18:30 - info  - Initializing kubescape: 60%
[Kubescape] 2022-06-29 16:18:30 - info  - Initializing kubescape: 80%
{
  info: '[Kubescape] 2022-06-29 16:18:30',
  content: 'Using Kubescape version: v2.0.150'
}
{
  info: '[Kubescape] 2022-06-29 16:18:30',
  content: 'Requiring specific frameworks'
}
{
  info: '[Kubescape] 2022-06-29 16:18:30',
  content: 'Required frameworks: allcontrols armobest devopsbest mitre nsa'
}
[Kubescape] 2022-06-29 16:18:30 - info  - Initializing kubescape: 100%
{
  info: '[Kubescape] 2022-06-29 16:18:30',
  content: 'Loaded frameworks allcontrols,armobest,devopsbest,mitre,nsa'
}

Then I clicked on the "Scan" button:

{
  info: '[Kubescape] 2022-06-29 16:18:44',
  content: "Received scan cluster event for 'dev'"
}
{
  info: '[Kubescape] 2022-06-29 16:18:44',
  content: 'running kubescape scan command: "/home/user/.config/OpenLens/extension_data/383a4e8840bbbfd977f58c81e55c82406aa33786bc6ba705501c8d5a3369494b/bin/kubescape" scan --use-artifacts-from "/home/user/.config/OpenLens/extension_data/383a4e8840bbbfd977f58c81e55c82406aa33786bc6ba705501c8d5a3369494b/bin" framework allcontrols,armobest,devopsbest,mitre,nsa --kube-context dev --format json'
}
{
  info: '[Kubescape] 2022-06-29 16:21:03',
  content: `stdout: [{"name":"AllControls","controlReports":[{"guid":"","id":"C-0036","controlID":"C-0036","name":"Malicious admission controller ...

The JSON is HUGE. I started Lens with open-lens > open-lens-stdout.log, clicked on the cluster, executed the scan and closed Lens. And the log file is 7.2MB.

It ends like this:

... "deletecollection","get","list","patch","update","watch"]},{"apiGroups":["policy"],"res, stderr: {"level":"info","ts":"2022-06-29T18:18:44+02:00","msg":"ARMO security scanner starting"}\n` +
    '{"level":"warn","ts":"2022-06-29T18:18:45+02:00","msg":"Kubernetes cluster nodes scanning is disabled. This is required to collect valuable data for certain controls. You can enable it using  the --enable-host-scan flag"}\n' +
    '{"level":"warn","ts":"2022-06-29T18:18:45+02:00","msg":"Deprecated format version","run":"--format-version=v2"}\n' +
    '{"level":"info","ts":"2022-06-29T18:18:45+02:00","msg":"Downloading/Loading policy definitions"}\n' +
    '{"level":"info","ts":"2022-06-29T18:18:46+02:00","msg":"Downloaded/Loaded policy"}\n' +
    '{"level":"info","ts":"2022-06-29T18:18:46+02:00","msg":"Accessing Kubernetes objects"}\n' +
    '{"level":"info","ts":"2022-06-29T18:18:57+02:00","msg":"Accessed to Kubernetes objects"}\n' +
    '{"level":"info","ts":"2022-06-29T18:18:57+02:00","msg":"Scanning","cluster":"dev"}\n' +
    '{"level":"info","ts":"2022-06-29T18:20:39+02:00","msg":"Done scanning","cluster":"dev"}\n'
}
{
  info: '[Kubescape] 2022-06-29 16:21:04',
  content: "Kubescape scan result for cluster 'dev': {}"
}
{
  info: '[Kubescape] 2022-06-29 16:21:04',
  content: 'Scan completed for cluster dev'
}

I hope this is enough log. Unfortunately there is a lot of noise in the log file because of terminal coloring stuff. If I missed something, feel free to comment again. I'll try my best to provide the missing parts as well.

Thanks for taking care!

Best, Max

[maxnitze]

I tried to pretty-format the json string. And it seems it ends prematurely.

[Nello-Angelo]

i have the same problem on Windows. I have the latest cluster and lens. initialization don`t stop, it run always

{ "isInstalled": true, "kubescapeConfig": { "version": "v2.0.150", "baseDirectory": "C:\Users\maylo\AppData\Roaming\Lens\extension_data\984bbf56d4b42a2c06906eecd3d8bb268815311d11522a8d698b252fa2c1df9d\bin", "scanFrameworks": [ "allcontrols", "armobest", "devopsbest", "mitre", "nsa" ], "frameworksDirectory": "C:\Users\maylo\AppData\Roaming\Lens\extension_data\984bbf56d4b42a2c06906eecd3d8bb268815311d11522a8d698b252fa2c1df9d\bin", "requiredFrameworks": [] } }

{ "scanResults": [ { "clusterId": "a3fd82baee93c33feb0f226807a2db75", "clusterName": "[email protected]", "controls": [], "frameworks": [], "isScanning": false, "time": 1656611415622, "rawResult": {} } ] }

[Nello-Angelo]

[amirmalka]

@maxnitze we had a max buffer limit on the scan command output of 7MB, so it makes sense you have hit the limit. I have increased it in the newer version.

@Nello-Angelo do you mind opening a new issue, I'm not sure it is related to this one.

[maxnitze]

Hey @amirmalka ,

I installed the new extension and it seems to work. Kind-of.

I saw the table filled after the scan succeeded. But then OpenLens froze and eventually crashed. My report-store is huge. Maybe Lens is not able to handle that file.

maxnitze@nb [~]
-> % ls -alh .config/OpenLens/extension-store/@kubescape/lens-extension/kubescape-report-store.json
-rw-r--r-- 1 max users 141M Jul 19 16:48 .config/OpenLens/extension-store/@kubescape/lens-extension/kubescape-report-store.json
maxnitze@nb [~]
-> %

I tried to run it on a smaller cluster, but had the same result. Is the plugin always executing the scan on all clusters? I deleted all the config files before starting Lens and after the scan on the smaller cluster the file was, again, 141M.

[Nello-Angelo]

with the new version the problem is gone on windows, thanks @amirmalka

[jasonhobbsIMT]

I just updated the extension to version 0.1.8 and I still get a blank screen on any cluster I try (rancher & EKS).

[Nello-Angelo]

@jason-hobbs is it windows OS where you have installed the lens?

[jasonhobbsIMT]

I am on Mac Monterey version 12.4

[amirmalka]

@jason-hobbs @jasonhobbsIMT thanks for collaborating with us on the issue.

We have fixed the following bugs you encountered in version 0.1.10:

1. kubeconfig location which contained spaces was passed incorrectly to the kubescape command
2. Renamed cluster display name in Lens caused kubescape to scan the wrong context

[amirmalka]

@maxnitze Currently Lens extension works with the old output format of kubescape. In the new format we have minimized the size drastically, however it would take me some time to support the new format.

Just to confirm that your issue is related with the size of the output, I would like to ask you to run kubescape independently on your cluster from the terminal

"/home/user/.config/OpenLens/extension_data/383a4e8840bbbfd977f58c81e55c82406aa33786bc6ba705501c8d5a3369494b/bin/kubescape" scan --use-artifacts-from "/home/user/.config/OpenLens/extension_data/383a4e8840bbbfd977f58c81e55c82406aa33786bc6ba705501c8d5a3369494b/bin" framework allcontrols,armobest,devopsbest,mitre,nsa --kube-context dev --format json > output_v1

"/home/user/.config/OpenLens/extension_data/383a4e8840bbbfd977f58c81e55c82406aa33786bc6ba705501c8d5a3369494b/bin/kubescape" scan --use-artifacts-from "/home/user/.config/OpenLens/extension_data/383a4e8840bbbfd977f58c81e55c82406aa33786bc6ba705501c8d5a3369494b/bin" framework allcontrols,armobest,devopsbest,mitre,nsa --kube-context dev --format json --format-version=v2 > output_v2

What is the size of output_v1 and output_v2?

[maxnitze]

Yeah, there is a pretty big difference between those two formats:

user@nb [~/.temp/kubescape]
-> % ls -alh
total 77M
drwxr-xr-x 2 user users 4.0K Aug  9 17:16 .
drwxr-xr-x 7 user users 4.0K Aug  9 17:14 ..
-rw-r--r-- 1 user users  60M Aug  9 17:16 output_v1
-rw-r--r-- 1 user users  17M Aug  9 17:17 output_v2
user@nb [~/.temp/kubescape]
-> %

[amirmalka]

@maxnitze it's been a while, but we have release a new version of the extension which works with files instead of stdout. As well as with new format version, which uses less space. Would you mind give it a try and report if your cluster can be scanned?

[maxnitze]

Yep, seems to work now!

I deleted everything again and re-installed the extension.

The first scan took around 10 minutes. The report-store.json grew to 65 MB.

Everything was a bit bumpy first. Lens froze. Then after a couple of minutes it reconnected to the cluster. That took some minutes. Also connecting to other clusters took some time. But after I restarted everything seems to be working. Maybe not as fast as it was before. Starting Lens takes a bit longer. But I can open the report, after a couple of seconds the list of affected Resources is shown, etc.

Thanks for following up on this!

EDIT: OpenLens Version 6.2.3 @kubescape/lens-extension Version 0.2.4

[amirmalka]

@maxnitze Thanks for the feedback!