diff --git a/ql/src/go.qll b/ql/src/go.qll
index 47126d338c5..d4cd5b7e31f 100644
--- a/ql/src/go.qll
+++ b/ql/src/go.qll
@@ -38,6 +38,7 @@ import semmle.go.frameworks.Gin
 import semmle.go.frameworks.Glog
 import semmle.go.frameworks.GoRestfulHttp
 import semmle.go.frameworks.K8sIoApimachineryPkgRuntime
+import semmle.go.frameworks.K8sIoClientGo
 import semmle.go.frameworks.Logrus
 import semmle.go.frameworks.Macaron
 import semmle.go.frameworks.Mux
diff --git a/ql/src/semmle/go/frameworks/K8sIoClientGo.qll b/ql/src/semmle/go/frameworks/K8sIoClientGo.qll
new file mode 100644
index 00000000000..38048aed95c
--- /dev/null
+++ b/ql/src/semmle/go/frameworks/K8sIoClientGo.qll
@@ -0,0 +1,29 @@
+/** Provides models of commonly used functions in the `k8s.io/client-go/kubernetes/typed/core/v1` package. */
+
+import go
+
+/**
+ * Provides models of commonly used functions in the `k8s.io/client-go/kubernetes/typed/core/v1`
+ * package.
+ */
+module K8sIoClientGo {
+  /** Gets the package name. */
+  bindingset[result]
+  string packagePath() { result = package("k8s.io/client-go", "kubernetes/typed/core/v1") }
+
+  /**
+   * A model of `SecretInterface` methods that are sources of secret data.
+   */
+  private class SecretInterfaceSourceMethod extends Method {
+    SecretInterfaceSourceMethod() {
+      this.implements(packagePath(), "SecretInterface", ["Get", "List", "Patch"])
+    }
+  }
+
+  /**
+   * A model of `SecretInterface` as a source of secret data.
+   */
+  class SecretInterfaceSource extends DataFlow::Node {
+    SecretInterfaceSource() { this = any(SecretInterfaceSourceMethod g).getACall().getResult(0) }
+  }
+}