Add Kubernetes plugin

[idorozin]

Summary

Adds @varlock/kubernetes-plugin, a read-only Varlock plugin for loading values from Kubernetes Secrets and ConfigMaps.

What changed

• Added packages/plugins/kubernetes
• Added @initKubernetes()
• Added resolver functions:
  • k8sSecret()
  • k8sConfigMap()
  • k8sSecretBulk()
  • k8sConfigMapBulk()
• Supports local kubeconfig, in-cluster service account auth, explicit clusterServer/token, namespaces, contexts, named instances, and allowMissing
• Added mocked Kubernetes API tests
• Added README and website docs
• Added plugin listings
• Added bumpy changeset for initial 0.1.0 release

Security

The plugin is read-only. It only performs Kubernetes get requests for Secrets and ConfigMaps and does not create, update, or delete cluster resources.

Verification

• npx --yes bun@1.3.11 run lint
• npx --yes bun@1.3.11 run build:libs
• npx --yes bun@1.3.11 run --filter @varlock/kubernetes-plugin test
• npx --yes bun@1.3.11 run --filter @varlock/kubernetes-plugin typecheck
• node_modules/.bin/bumpy check --hook pre-push

Also ran a read-only live smoke test against an existing Kubernetes context by reading the standard kube-root-ca.crt ConfigMap.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​kubernetes/​client-node@​1.4.0

View full report

[philmillman]

Thanks for this @idorozin! We'll review today or tomorrow

[idorozin]

I’ll add that my team and I have been using this plugin lately, and it’s been working just fine.

[theoephraim]

@idorozin - glad to hear it! Anything else lacking with varlock in your docker/k8s workflows? We're overdue for a deep dive into improving our support there, and looking for feedback from folks using these tools daily.

[idorozin]

@idorozin - glad to hear it! Anything else lacking with varlock in your docker/k8s workflows? We're overdue for a deep dive into improving our support there, and looking for feedback from folks using these tools daily.

Thanks! Honestly, the lack of a Kubernetes plugin was our single biggest blocker.
Right now we're using it purely for local development and I love the experience . The next step for us is using it for deployments too.
Once we start down that path I expect I'll have feedback to bring back.

[theoephraim]

I opened a PR into your fork. Normally I'd just push to the fork, but I wanted you to have a look before I merge, and it sounded like you were maybe using the fork already, so didn't want to break anything for you in the meantime.

If all looks good, I'll get it all merged and published tomorrow.

Thanks again - looking forward to see what you cook up for production k8s cases :)

[idorozin]

I opened a PR into your fork. Normally I'd just push to the fork, but I wanted you to have a look before I merge, and it sounded like you were maybe using the fork already, so didn't want to break anything for you in the meantime.

If all looks good, I'll get it all merged and published tomorrow.

Thanks again - looking forward to see what you cook up for production k8s cases :)

Sure — this sounds great. I’ll install your version on my side and run it through my setup. If everything runs smoothly, I’ll merge it soon.

[idorozin]

Tested against my setup — no regression.

Existing k8sSecret(...) positional patterns still resolve
defaultSecret via k8sSecret() (key auto-inferred)
key= / name= overrides (key= returns a different value → genuinely re-targeting)
positional + named conflict correctly errors
build/typecheck/tests green

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/dmno-dev/varlock@737

npm i https://pkg.pr.new/dmno-dev/varlock/@varlock/kubernetes-plugin@737

commit: f633374