Initial release: Headlamp Sealed Secrets plugin v0.1.0

Features: - Complete SealedSecret CRD integration with Headlamp - Client-side encryption using controller's public key - Support for all three scoping modes (strict, namespace-wide, cluster-wide) - List and detail views for SealedSecrets - Encryption dialog for creating new SealedSecrets - Decryption support with RBAC awareness - Sealing keys management - Settings page for controller configuration - Integration with Secret detail view Technical: - Full TypeScript with strict mode - ~1,345 lines of code - Build size: 339.42 kB (93.21 kB gzipped) - Compatible with Headlamp v0.13.0+ - Apache 2.0 license Security: - All encryption performed client-side - RSA-OAEP + AES-256-GCM (kubeseal-compatible) - Auto-hide decrypted values after 30 seconds Closes: Initial implementation
2026-02-11 20:31:20 -05:00
commit dddbd30677
27 changed files with 21162 additions and 0 deletions
@@ -0,0 +1,93 @@
+/**
+ * TypeScript interfaces for Bitnami Sealed Secrets plugin
+ */
+
+import { KubeObjectInterface } from '@kinvolk/headlamp-plugin/lib/lib/k8s/cluster';
+
+/**
+ * Sealed Secret scope types
+ */
+export type SealedSecretScope = 'strict' | 'namespace-wide' | 'cluster-wide';
+
+/**
+ * SealedSecret CRD spec
+ */
+export interface SealedSecretSpec {
+  /** Map of key names to encrypted (base64-encoded) values */
+  encryptedData: Record<string, string>;
+  /** Metadata template for the resulting Secret */
+  template?: {
+    metadata?: {
+      labels?: Record<string, string>;
+      annotations?: Record<string, string>;
+    };
+    type?: string;
+  };
+}
+
+/**
+ * SealedSecret status condition
+ */
+export interface SealedSecretCondition {
+  type: string;
+  status: 'True' | 'False' | 'Unknown';
+  lastTransitionTime?: string;
+  lastUpdateTime?: string;
+  reason?: string;
+  message?: string;
+}
+
+/**
+ * SealedSecret CRD status
+ */
+export interface SealedSecretStatus {
+  conditions?: SealedSecretCondition[];
+  observedGeneration?: number;
+}
+
+/**
+ * Complete SealedSecret CRD interface
+ */
+export interface SealedSecretInterface extends KubeObjectInterface {
+  spec: SealedSecretSpec;
+  status?: SealedSecretStatus;
+}
+
+/**
+ * Plugin configuration stored in localStorage
+ */
+export interface PluginConfig {
+  /** Controller deployment name */
+  controllerName: string;
+  /** Controller namespace */
+  controllerNamespace: string;
+  /** Controller service port */
+  controllerPort: number;
+}
+
+/**
+ * Default plugin configuration
+ */
+export const DEFAULT_CONFIG: PluginConfig = {
+  controllerName: 'sealed-secrets-controller',
+  controllerNamespace: 'kube-system',
+  controllerPort: 8080,
+};
+
+/**
+ * Key-value pair for encryption dialog
+ */
+export interface SecretKeyValue {
+  key: string;
+  value: string;
+}
+
+/**
+ * Encryption request parameters
+ */
+export interface EncryptionRequest {
+  name: string;
+  namespace: string;
+  scope: SealedSecretScope;
+  keyValues: SecretKeyValue[];
+}