In line with related snaps, such as kubectl and helm, we’d like to make kubefedctl classic as it needs to read and write arbitrary files anywhere on the FS.
Hey @joedborg, thanks for submitting this forum request.
If you check our Process for reviewing classic confinement snaps, the access to arbitrary files on the system isn’t typically a justification for classic. Strictly confined snaps can access users’ files with the home and the removable-media interfaces (which is almost always sufficient). personal-files and system-files may be used as well if needed (e.g. the access to ~/.kube/config can be achieved via an appropriate personal-files plug declaration).
Please remember classic snaps are not installable on Ubuntu Core devices and also run in the global mount namespace, which means great care must be taken for the snap to work reliably across distributions.
But, before we go down that path, does kubefedctl require the use of arbitrary authentication agents? Because we have identified “kubernetes tools requiring arbitrary authentication agents” as a valid use case for classic.
Hey @emitorino!
Thanks for the reply. Yes, like helm and kubectl, kubefedctl would need to authenticate with arbitrary tools too. Also, like those, the use cause is not targeted for IoT (etc.) devices so Core isn’t an issue.
Hello @joedborg. We understand your requirement to read and write arbitrary files anywhere but can you can give us more details about how it’s going to work? Maybe some use cases to illustrate it.
Hey!
It’s going to work just like kubectl, as mentioned above. This means it needs to be able to read .yaml files, that are fed in by the user, anywhere on the disk.
Hey @joedborg,
Thanks for the additional information. The requirements are understood. @advocacy - can you please perform the vetting?
I’ve vetted the publisher. Granting classic. This is now live.
1 Like