“running arbitrary command (esp if user-configurable such as a developer tool to organize dev environments)” — specifically, k9s launches the user’s editor to edit kubernetes resources. This can be nano, vim, etc.
As a tool to manage kubernetes, k9s is similar to kontena-lens and fluxctl. Both of those tools were granted classic confinement.
Adding some more details here to illustrate how k9s, as a tool to manage kubernetes clusters, is similar to kontena-lens and fluxctl.
I use aws-iam-authenticator here to authenticate to a kubernetes cluster, but as pointed out in the requests for the other tools, authentication helpers can be arbitrary so it is not feasible to bundle all of them in a snap.
k9s is installed in strict mode via snap.
k9s configuration in ~/snap/k9s/current/.kube/config:
I then launch k9s, but information for my kubernetes cluster is unable to load because it cannot authenticate:
k9s
I exit k9s and view the log at /home/ubuntu/snap/k9s/x1/.local/state/k9s/k9s.log:
10:50PM INF 🐶 K9s starting up...
10:50PM ERR Fail to locate metrics-server error="Get \"https://10.0.0.148:16443/api\": getting credentials: exec: executable aws-iam-authenticator not found\n\nIt looks like you are trying to use a client-go credential plugin that is not installed.\n\nTo learn more about this feature, consult the documentation available at:\n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins"
10:50PM WRN namespace validation failed for: "default" error="user not authorized to list all namespaces"
10:50PM ERR can't connect to cluster error="Get \"https://10.0.0.148:16443/version?timeout=15s\": getting credentials: exec: executable aws-iam-authenticator not found\n\nIt looks like you are trying to use a client-go credential plugin that is not installed.\n\nTo learn more about this feature, consult the documentation available at:\n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins"
10:50PM INF ✅ Kubernetes connectivity
10:50PM WRN namespace validation failed for: "default" error="user not authorized to list all namespaces"
10:50PM ERR Fail to load global/context configuration error="Get \"https://10.0.0.148:16443/api\": getting credentials: exec: executable aws-iam-authenticator not found\n\nIt looks like you are trying to use a client-go credential plugin that is not installed.\n\nTo learn more about this feature, consult the documentation available at:\n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins\ncannot connect to context: microk8s\nk8s connection failed for context: microk8s"
10:50PM WRN namespace validation failed for: "default" error="user not authorized to list all namespaces"
10:50PM ERR Load cluster resources - No API server connection
10:50PM ERR failed to list contexts error="no connection"
10:50PM WRN Unable to dial discovery API error="no connection to dial"
10:50PM ERR can't connect to cluster error="Get \"https://10.0.0.148:16443/version?timeout=15s\": getting credentials: exec: executable aws-iam-authenticator not found\n\nIt looks like you are trying to use a client-go credential plugin that is not installed.\n\nTo learn more about this feature, consult the documentation available at:\n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins"
10:50PM ERR Load cluster resources - No API server connection
10:50PM WRN Unable to dial discovery API error="no connection to dial"
The log shows that k9s is unable to authenticate to kubernetes. This makes k9s unusable as a result.
