Hey @joedborg, thanks for submitting this forum request.
If you check our Process for reviewing classic confinement snaps, the access to arbitrary files on the system isn’t typically a justification for classic. Strictly confined snaps can access users’ files with the home and the removable-media interfaces (which is almost always sufficient). personal-files and system-files may be used as well if needed (e.g. the access to ~/.kube/config can be achieved via an appropriate personal-files plug declaration).
Please remember classic snaps are not installable on Ubuntu Core devices and also run in the global mount namespace, which means great care must be taken for the snap to work reliably across distributions.
But, before we go down that path, does kubefedctl require the use of arbitrary authentication agents? Because we have identified “kubernetes tools requiring arbitrary authentication agents” as a valid use case for classic.