Request for classic confinement: lfk-tui

janosmiko · May 8, 2026, 10:28am

name: lfk-tui

description: A keyboard-focused, yazi-inspired TUI for navigating and managing Kubernetes clusters. Three-column Miller layout with an owner-based resource hierarchy.

snapcraft: Not yet published - snap is built by GoReleaser from the following snapcrafts: stanza, which will live in .goreleaser.yaml once classic confinement is approved:

upstream: Github - lfk

upstream-relation: I am the upstream author and maintainer (GitHub: janosmiko).

supported-category:* kubernetes tools requiring [arbitrary authentication agents] (per https://snapcraft.io/docs/classic-confinement - the same category under which k9s, kubectl, and helm are published). Closest precedent is k9s: a TUI K8s navigator that invokes user-installed kubectl and reads user’s kubeconfig.

reasoning: strict confinement is not sufficient for lfk-tui because the snap’s core function is to orchestrate user-installed CLIs and read user-controlled paths that strict confinement plugs
cannot express:

$PATH lookup of user-installed CLIs. lfk invokes the user’s locally installed kubectl, helm, trivy, kind, k3d, minikube, etc. These tools are deliberately not bundled. They are resolved with os/exec.LookPath, which a strict-confined snap cannot do across the host’s $PATH.
Kubeconfig at user-controlled paths. lfk reads ~/.kube/config by default and any path supplied via --kubeconfig or $KUBECONFIG.
Local cluster lifecycle (kind/k3d/minikube). Creating and tearing down local clusters requires the host Docker socket and binding host ports.
Interactive PTY into nodes/pods. lfk spawns interactive TTY sessions inside cluster nodes (kubectl debug node) and pods (kubectl exec -it). Forwarding the host TTY through a strict-confined snap into a kubectl child has not worked in practice (the same reason k9s is classic).
Arbitrary local-port kubectl port-forward. lfk integrates a port-forward manager that binds user-chosen local ports, which cannot be pre-declared in network-bind.

I have reviewed the available interfaces they not support the requirements.

I understand that strict confinement is generally preferred over classic.
I’ve tried the existing interfaces to make the snap work under strict confinement.

edit1: update classic confinment category

edit2: typo

janosmiko · May 19, 2026, 3:45am

May I ask for a review on this? @review-team

jslarraz · May 28, 2026, 9:45am

Hey @janosmiko

Sorry for the delay in my response.

It is plausible that there are technical reasons why lfk-tui needs classic to work properly in all scenarios, but please note that classic confinement is a sensitive matter and it is reserved for mature, well-known applications published by mature, well-known entities. Whilst lfk-tui seems to be gaining community attention very quickly, I believe the project is still too fresh to be considered for classic confinement at this point.

Thanks