Manual Review for Classic Confinement of kubefwd

The kubefwd utility requires a manual review for classic confinement. kubefwd is an open source project ( built in Golang on the Kubernetes kubectl libraries and requires access to ~/.kube/config, the /etc/hosts file and full network access to create and bind port forwarders to local loopback IPs.


Is there anything I can do to help get kubefwd into the snap repo?

/etc/hosts is available via the network interface, binding to ports via the network-bind interface and you can have access to ~/.kube/config via the personal-files interface. It seems that this could be made strict?

I am new to snap and maybe had a short-sighted assumption that because kubectl (the official Kuberneted) CLI was “classic” then I had to be, since I use a significant amount of functionality from its libraries.

jdstrand, I’ll try to experiment more with personal-files and network-bind.

Thank you

No problem! We all start somewhere :slight_smile:

In working with Canonical’s k8s team on the kubernetes-support interface, I found that many of the services don’t need particularly special permissions and, based on your initial feedback, it seems kubefwd may be in that bucket. Good luck and don’t hesitate to create a new topic and ask questions if you get stuck.

Based on this discussion, I’m going to mark this topic as resolved, but feel free to comment here if there are other sandbox issues.