vscode-kubernetes-tools: Kubernetes extension does not work with snap version of VS Code

I have the latest version of VS Code install through snap install code --classic on Ubuntu.

When starting the Kubernetes extension (latest, installed through VSIX), I see the following error messages in /var/log/syslog:

Apr 15 11:59:50 reef kernel: [13150.164921] audit: type=1400 audit(1555322390.646:498): apparmor="DENIED" operation="file_inherit" profile="/snap/core/6673/usr/lib/snapd/snap-confine" pid=18791 comm="snap-confine" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none

In another round of testing, I saw:

[69083.590392] audit: type=1400 audit(1554802886.556:723): apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=1305 comm="libvirtd" requested_mask="read" denied_mask="read" peer="snap.vscode.vscode"

I turned there for help as I couldn’t figure out why the extension simply didn’t work for me with a local minikube cluster up and running.

It appears snap confinement blocks access to resources the Kubernetes extension need to figure out what’s happening.

About this issue

Original URL
State: open
Created 5 years ago
Reactions: 10
Comments: 15

Most upvoted comments

Hello everyone, I was able to replicate it and i think i have a fix (#771) . Would you please try it and see if it works for you?

You can install the extension by using the vsix file. I created it (download link: https://github.com/lstocchi/vscode-kubernetes-tools/raw/master/vscode-kubernetes-tools-1.2.1.vsix ) or you can build it by yourself (you can use this branch https://github.com/lstocchi/vscode-kubernetes-tools/tree/i770 ).

Once installed you should keep seeing the error as before Kubectl command failed:. Now if you go in the settings page and set “vs-kubernetes.enable-snap-flag” to true the extension should start working normally (CMD/CTRL + SHIFT + P -> search for Open Setting -> click on Preferences: Open Settings (JSON) -> add "vs-kubernetes.enable-snap-flag": true and save).

If you can confirm it works it would be really helpful for us. Thank you!!!

+11

lstocchi on Jun 18, 2020

I ran into this issue too (for the last few months actually).

I tried your patched vsix but I can only see the clusters now, not the resources.

I’m using UBUNTU 18.04 using kubectl installed from snap uname -a Linux xxxx-MS-7798 5.4.0-53-generic #59~18.04.1-Ubuntu SMP Wed Oct 21 12:14:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

The only fix was to uninstall kubectl from snap and install it from Google

snap remove kubectl
sudo apt-get install apt-transport-https ca-certificates gnupg
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
sudo apt-get update && sudo apt-get install kubectl

Dringho on Dec 1, 2020

I guess I could try a remote cluster too.

Here’s the relevant parts of the config:
    "vs-kubernetes": {
        "vs-kubernetes.enable-snap-flag": true,
        "vs-kubernetes.knownKubeconfigs": [
            "/home/daniel/.kube/config"
        ],
        "vs-kubernetes.kubeconfig": "/home/daniel/.kube/config",
        "vs-kubernetes.minikube-path": "/home/daniel/bin/minikube"
    },
I just made sure I ran your version of the plugin, I’m on minikube v1.11.0. Using /snap/bin/kubectl on the terminal works just fine.

For some reason, this didn’t work with me. It worked when I removed the prefix and made it like this:

"vs-kubernetes": {
        "enable-snap-flag": true,
        "helm-path": "/snap/bin/helm",
        "kubectl-path": "/snap/bin/kubectl"
 },

Mostafa-wael on Mar 21, 2024