Apologies for the delay in reviewing this request. Since mprod is required to execute kubectl or telepresence on the host, this means as the snap currently stands it requires classic confinement.
However, usually the requirement to launch arbitrary host binaries is not a sufficient reason to be granted classic confinement as per Process for reviewing classic confinement snaps - can you explain more why you can’t ship these binaries inside the mprod snap?
Although we do have a category for classic confinement regarding kubernetes tools that require arbitrary authentication agents - however it is not clear to me that mprod fits into this - can you provide more details on how mprod authenticates etc?