Scanning clusters within Kubernetes Lens

Integrating Kubescape into Lens

ARMO provides a Kubernetes Lens extension for Kubescape so you can scan and detect misconfigurations, software vulnerabilities, and RBAC (role-based-access-control) violations in your Kubernetes cluster using Kubernetes Lens.

Before you begin

Install Kubernetes Lens version 5.4.0 or later.

Download and install the extension

  1. Open Kubernetes Lens and navigate to the Extensions page (Ctrl+Shift+E on Windows or Command+Shift+E on macOS).

  2. Enter @kubescape/lens-extension in Name or File Path or URL to an Extension Package (TAR, TGZ).

  3. Click Install.

The extension is downloaded and installed, and Kubescape is available in the side menu. If Kubescape is not available, navigate to the Extensions page, and Enable the Kubescape extension.

Installation

Scanning clusters with the extension

  1. Navigate to Kubescape from the side menu.
  2. A Kubescape scan runs automatically on your cluster when you install the extension. You can also run a scan on-demand by clicking Scan.

The table reflects a cluster-level summary of Kubescape’s scan results.

scan-results

To get more information on a specific Kubescape control and its failed resources, click on the control to open the sidebar for a detailed view.

cluster-level-info

Viewing object-level information

Kubescape information is also available at the object-level. Click on the desired resource to open the details sidebar, and scroll down for the Kubescape section.

This view shows only failed controls. If you don't see any that's a good thing.

object-level-info

Installing the Kubescape extension through the CLI

To install the extension, you must have a working Node.js environment.

  1. Clone the repository, and then link to it:
git clone https://github.com/kubescape/lens-extension.git 
mkdir -p ~/.k8slens/extensions
ln -s $(pwd)/lens-extension ~/.k8slens/extensions/kubescape
  1. Install dependencies and build the extension by running make or npm commands:
cd lens-extension
make build
cd lens-extension
npm install
npm run build
  1. To put your development build into watch mode, run:
npm start
  1. Open Lens and navigate to the Extensions page (Ctrl+Shift+E on Windows or Command+Shift+E on macOS).

  2. The @kubescape/lens-extension extension is listed under Installed Extensions. Click Enable to use the extension.

To reflect your source code changes, reload the Lens window (CTRL+R on Windows or Command+R on macOS).

📘

Any change that affects Kubernetes Lens' main thread requires a restart to the Lens application.

development

Uninstall

  1. Remove the link:
rm ~/.k8slens/extensions/kubescape
  1. Restart the Kubernetes Lens application.