Sorry for the delay on this. This is a rather complicated request and strict mode is is an important consideration since kubernetes on Ubuntu Core is a very interesting proposition and Ubuntu Core does not allow classic snaps. Please keep in mind that there is a tension between the curated Snap Store and authentication mechanisms that are so flexible that they are expected to be able to do anything on the system.
@pedronis and I discussed this in Vancouver and have decided that kubernetes authentication helpers are a valid use case for classic, at least for the time being while the problem space is being understood.
After classic requests are granted, I think the next step along the path (as use cases dictate) is that applications like kontena-lens and fluxctl would provide a separate strict mode track for their snaps and these snaps would themselves ship and support specific authentication agents with opinionated configurations that work with specific k8s snaps on Ubuntu Core (also remember that Ubuntu Core systems won’t have agents on the device, so they have to be installed via snaps).
Further down the line, it seems possible to use the content interface for a sort plugin mechanism. Eg, providing snaps can expose authentication agent binaries/what have you to connecting snaps that know how to consume them. For example, some sort of aws snap could provide the aws-iam-authenticator binary or a gcloud snap the gcloud binary. These binaries know about snaps, how to write configuration and run under another snap’s security context, etc and kontena-lens, fluxctl, etc become consumers of these content snaps. A nice property of this is that the experts for each snap still maintain their own snaps (ie, the authentication agent upstreams could provide the agent snaps, kontena-lens, fluxctl, etc just know how to consume them). While this does require a good deal of coordination between the providers and consumers, in practice this should evolve organically as use cases dictate (and of course, snapd could evolve to facilitate these use cases).