Hi! Thank you for your reply! It exactly fits the category "kubernetes tools requiring arbitrary authentication agents ", and the requirements for classic confinement are the exactly same reason as the discussion link you provided in that category (the ability to read the client-certificate and key file located anywhere Classic confinement for kontena-lens).