Add Kubernetes plugin

[idorozin]

Summary

Adds @varlock/kubernetes-plugin, a read-only Varlock plugin for loading values from Kubernetes Secrets and ConfigMaps.

What changed

• Added packages/plugins/kubernetes
• Added @initKubernetes()
• Added resolver functions:
  • k8sSecret()
  • k8sConfigMap()
  • k8sSecretBulk()
  • k8sConfigMapBulk()
• Supports local kubeconfig, in-cluster service account auth, explicit clusterServer/token, namespaces, contexts, named instances, and allowMissing
• Added mocked Kubernetes API tests
• Added README and website docs
• Added plugin listings
• Added bumpy changeset for initial 0.1.0 release

Security

The plugin is read-only. It only performs Kubernetes get requests for Secrets and ConfigMaps and does not create, update, or delete cluster resources.

Verification

• npx --yes bun@1.3.11 run lint
• npx --yes bun@1.3.11 run build:libs
• npx --yes bun@1.3.11 run --filter @varlock/kubernetes-plugin test
• npx --yes bun@1.3.11 run --filter @varlock/kubernetes-plugin typecheck
• node_modules/.bin/bumpy check --hook pre-push

Also ran a read-only live smoke test against an existing Kubernetes context by reading the standard kube-root-ca.crt ConfigMap.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​kubernetes/​client-node@​1.4.0

View full report

[philmillman]

Thanks for this @idorozin! We'll review today or tomorrow