“running arbitrary command (esp if user-configurable such as a developer tool to organize dev environments)” — specifically, k9s launches the user’s editor to edit kubernetes resources. This can be nano, vim, etc.
As a tool to manage kubernetes, k9s is similar to kontena-lens and fluxctl. Both of those tools were granted classic confinement.
Adding some more details here to illustrate how k9s, as a tool to manage kubernetes clusters, is similar to kontena-lens and fluxctl.
I use aws-iam-authenticator here to authenticate to a kubernetes cluster, but as pointed out in the requests for the other tools, authentication helpers can be arbitrary so it is not feasible to bundle all of them in a snap.
k9s is installed in strict mode via snap.
k9s configuration in ~/snap/k9s/current/.kube/config:
I then launch k9s, but information for my kubernetes cluster is unable to load because it cannot authenticate:
k9s
I exit k9s and view the log at /home/ubuntu/snap/k9s/x1/.local/state/k9s/k9s.log:
10:50PM INF 🐶 K9s starting up...
10:50PM ERR Fail to locate metrics-server error="Get \"https://10.0.0.148:16443/api\": getting credentials: exec: executable aws-iam-authenticator not found\n\nIt looks like you are trying to use a client-go credential plugin that is not installed.\n\nTo learn more about this feature, consult the documentation available at:\n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins"
10:50PM WRN namespace validation failed for: "default" error="user not authorized to list all namespaces"
10:50PM ERR can't connect to cluster error="Get \"https://10.0.0.148:16443/version?timeout=15s\": getting credentials: exec: executable aws-iam-authenticator not found\n\nIt looks like you are trying to use a client-go credential plugin that is not installed.\n\nTo learn more about this feature, consult the documentation available at:\n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins"
10:50PM INF ✅ Kubernetes connectivity
10:50PM WRN namespace validation failed for: "default" error="user not authorized to list all namespaces"
10:50PM ERR Fail to load global/context configuration error="Get \"https://10.0.0.148:16443/api\": getting credentials: exec: executable aws-iam-authenticator not found\n\nIt looks like you are trying to use a client-go credential plugin that is not installed.\n\nTo learn more about this feature, consult the documentation available at:\n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins\ncannot connect to context: microk8s\nk8s connection failed for context: microk8s"
10:50PM WRN namespace validation failed for: "default" error="user not authorized to list all namespaces"
10:50PM ERR Load cluster resources - No API server connection
10:50PM ERR failed to list contexts error="no connection"
10:50PM WRN Unable to dial discovery API error="no connection to dial"
10:50PM ERR can't connect to cluster error="Get \"https://10.0.0.148:16443/version?timeout=15s\": getting credentials: exec: executable aws-iam-authenticator not found\n\nIt looks like you are trying to use a client-go credential plugin that is not installed.\n\nTo learn more about this feature, consult the documentation available at:\n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins"
10:50PM ERR Load cluster resources - No API server connection
10:50PM WRN Unable to dial discovery API error="no connection to dial"
The log shows that k9s is unable to authenticate to kubernetes. This makes k9s unusable as a result.
Hey @derailed , ping, can you please provide the requested information to @cav for publisher vetting process? You can find the request in a direct message from @cav . Thanks.
@derailed - since we’ve not heard back from you, we are removing this request from our review queue. When you have more time to respond, simply do so here and we can add the request back to the queue. Thanks
