From aef55bafd67f64cc6e497d0333b89617a8b01db3 Mon Sep 17 00:00:00 2001
From: David Jeffers <dajeffers@noreply.localhost>
Date: Sun, 23 Mar 2025 03:14:29 +0000
Subject: [PATCH] Initial commit

---
 .drone.yml                    | 83 +++++++++++++++++++++++++++++++++++
 README.md                     | 12 +++++
 clusterprism_helm_values.yaml | 62 ++++++++++++++++++++++++++
 3 files changed, 157 insertions(+)
 create mode 100644 .drone.yml
 create mode 100644 README.md
 create mode 100644 clusterprism_helm_values.yaml

diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..da4764b
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,83 @@
+---
+kind: pipeline
+type: docker
+name: default
+service_account_name: dronesome-app
+
+steps:
+  - name: lint
+    image: python:3
+    commands:
+      - pip3 install yamllint==1.29.0
+      - yamllint .
+
+  # yamllint disable rule:line-length
+  # - name: deploy
+  #   image: alpine/k8s:1.31.2
+  #   environment:
+  #     CACRT:
+  #       from_secret: clusterprism_some-app_kubernetes_ca_cert
+  #     TOKEN:
+  #       from_secret: clusterprism_some-app_kubernetes_token
+  #  # yamllint disable rule:line-length
+  #   commands:
+  #     - kubectl config set-cluster clusterprism --server=https://192.168.1.201:6443
+  #     - kubectl config set-credentials drone-some-app --token=$TOKEN
+  #     - kubectl config set-context clusterprism --user=drone-some-app --cluster=clusterprism
+  #     - kubectl config use-context clusterprism
+  #    - echo $CACRT > cacert.pem
+  #      - kubectl config set-context clusterprism --certificate-authority=cacert.pem
+  #     - kubectl config set clusters.clusterprism.insecure-skip-tls-verify true
+  #     - helm repo add bjw-s https://bjw-s.github.io/helm-charts
+  #     - helm upgrade some-app --install bjw-s/app-template -n localassist -f clusterprism_some-app_values.yaml --version 3.6.1
+  #  # yamllint enable rule:line-length
+  #   when:
+  #     branch:
+  #       - main
+  # yamllint enable rule:line-length
+
+
+  # yamllint disable rule:line-length
+  # - name: rawkubectl
+  #   image: alpine/k8s:1.31.2
+  #   environment:
+  #     CACRT:
+  #       from_secret: clusterprism_some-app_ca_cert
+  #     TOKEN:
+  #       from_secret: clusterprism_some-app_kubernetes_token
+  #   commands:
+  #     - 'kubectl config set-cluster clusterprism
+  #          --server=https://192.168.1.201:6443'
+  #     - kubectl config set-credentials dronesome-app --token=$TOKEN
+  #     - 'kubectl config set-context clusterprism
+  #          --user=dronesome-app --cluster=clusterprism'
+  #     - kubectl config use-context clusterprism
+  #     - echo $CACRT > cacert.pem
+  #     - 'kubectl config set-context clusterprism
+  #          --certificate-authority=cacert.pem'
+  #     - kubectl config set clusters.clusterprism.insecure-skip-tls-verify true
+  #     - kubectl apply -f raw_kubectl/manifest.yml
+  #   when:
+  #     branch:
+  #       - main
+  # yamllint enable rule:line-length- name: rawkubectl
+
+  - name: notify
+    image: plugins/webhook
+    settings:
+      urls:
+        from_secret: mattermost_webhook
+      content_type: application/json
+      # yamllint disable rule:line-length
+      template: |
+        {
+        "channel": "drone-notifications",
+        "username": "Drone Build Bot",
+        "icon_url": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBxAPEhUQDw0WFREVFhAXDxUQEA8QEg8QFRUYFhURFRUYHSggGBomGxYVJTEhJSkrLi4uFx82OTQsOCgtLisBCgoKDg0OGxAQGy4mHyUtLS0tLy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLf/AABEIAOEA4QMBIgACEQEDEQH/xAAbAAEAAgMBAQAAAAAAAAAAAAAAAQcEBQYCA//EAEIQAAIBAQMGCwUHAwMFAAAAAAABAgMEBREGITFBUWESEyIzcXOBkbGywTJSYnLRBxQjQkOSoYKT4TREYxVUosLS/8QAGgEBAQEAAwEAAAAAAAAAAAAAAAUGAgMEAf/EADMRAAICAAMECAcAAgMBAAAAAAABAgMEBRESITFBIlFhcZGhsdETIzKBweHwBkIzsvEV/9oADAMBAAIRAxEAPwCmb25+r1lXzMwzMvbn6vWVfMzDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOpAABor25+r1lXzMwzMvbn6vWVfMzDAAAAAAAAAAABsbrumtapOFGGOHtNtJRW1tn2MXJ6LicZzjBOUnou0wEhgd7d+QkFg7RWbfu0lguhyed9yOhsdw2Wj7FnjjtmuHLvlie6vLrZb3oiTdnWHhuhrJ9m5eL9ip6NmqT9inKXyxlLwMqFyWuWiyVf7M14ot+Kw0LDozA9Ucrj/tJ+B4Jf5BP/WC+719iov+g2v/ALSr/bkfCpdloj7VmqLppTXoXIQfXlkOUn5HFZ/bzgvP9lJSi08Hme/MRgXTabHTqLCpShJfFGL8TS27I6yVfZi6b/45Zv2vE6J5ZYvpafke2rPqZbpxa8yrgdVeeRdopYulhVjq4Oaf7dfYzm6lNxbjKLTWlNNNPemeCyqdb0ktCtTfVcta5JnxAB1ncAAAAAAAAAdSAADRXtz9XrKvmZhmZe3P1esq+ZmGAAAAAAACcDYXRdVW1T4FKPzSfswW1s22UeTE7JFVIvh08EpvXGW9bDsjTNwc0tyOiWJqjYqnJbT5f3kcwZt32+pZ6iq0pYSXc1ri9qMPAg4JtPVHc0pLRrcW9cF9U7ZT4Uc01hxkMc8Xu2rebMpu77fUs81UpSwku5rXFrWi0bgvqnbKfCjmmucg9MXt3reXsHjFb0ZfV6mQzPLHh3tw+h+Xf+H9jZAAoEcAEgAAHwEmvvW56FqWFWmm9UlmqR6GZ4OMoKS0lvRzhZKEtqL0ZWN/5LVrLjOP4lL3ks8V8S9TncC73n0nGZT5Ip41rLHPpnTWva6f0I+Ky/Z6Vfh7GmwGcqbVd+59fL7+/DuODaIPUkQ0Sy+QAAAAADqQAAaK9ufq9ZV8zMMzL25+r1lXzMwwAAAAbW5LnqWupwILBLPOWqEfruMWw2SdacadOOMpPBfV7i2LluqFlpKnDTpnLXOWtnswmF+NLfwXH2JuZY9YWGkfqfD39v0fS7LupWamqdKOCWl65P3m9bMmpBSTjJYxaaaedNPUyQaFRSWyuBjJTlKW03v6+ZXGVWTTs7dWim6L0rS6T2P4d5y2Bd84qSaaTTzNPOmtjK5yryadnbq0U3RftLS6T/8AneRMZg9j5kOHNdRqMrzT4ulVr6XJ9f79e/jypm3db6lnmqlKWEl3Na4ta0YZBOTaeqLjSktHwLeuC+qdshwo5prnIa4vatq3mynNRWMmklpbaSXaU5d1vqWeaqUpYSXc1se1H2vS+K9peNWo2tUVmiuhFaGZaQ6S6Xl3mdsyHW3oS0h5rs/ZYNtytsdLNxvDa1Uo8Jfu0fya2pl7S/LZ5vpcI/Ur9s8nmnmNz4aI9leSYWK6Wr+/sWBDL6lrs0uyUWbCx5ZWOpmk5U38UVh3rFFXkiOY3rmn9jlPJcLLgmu5++pdlnrwqLhU5qUdsWmj6lNWK31aEuFSqOL3PM+laGd5k3lbCu1Sr4QqvNGSzQm/RlCjHwsezLc/Ii4zJrKVt1vaXn+/sdQEAUCMcblpk3wk7TQjnWetFLSvfW/acCy8CtstLk+71OMpr8Ko9C0QqaXHoelEbH4XT5sfv7+5qMnzBz+RY9/J/j28DlwASjQAAAHUgAA0V7c/V6yr5mYZmXtz9XrKvmZhgA9I8m1uC7naa8KX5W8Z7qazy+nafYxcmorizjOahFylwW87HIS6OKp/eJrl1FyPhpbe3wwOrCikkksEsyWxbAaimpVwUEYHFYiV9rslz9OSIAB2nnAnFNNNYp5mnoa2AkNan1PQrjKvJp2dutRWNFvOtLpN/wDqcsy6LytEKVKdSosYRi+En+b4e0pytNOTajgm20loSepGfx1EKprZ58uo2OUYuzEVP4nLdr1/tHxBKN5k7cU7ZPTwaUcOMls3LeeOEHOSjHiUrbY1Qc5vRI1Vms86suDTg5S2RTbN7Z8jLZNYuEYfPNJ9yLDu+wUrPHgUYKK17Zb29bMgsVZZHTpvf2Gbvz6xvSqKS7d78OCK4nkPa1odOXRNrxRp7wumvZ+eoyituHJfRJZi4CJwUk4ySaelNJp9KOVmWVtdFtHCnPr0/mJNeDKPPUXhnOzysyVVNOvZlyFnqQX5Piju3HFEi6mVUtmRpMNia8RDbrfuixcisoHWX3etLGpFfhyemcVqe9eB1hS1ltEqU41IPCUWnF70XDdtrVelCrHRKKfQ9a7yxl+IdkdiXFehmc6waqmrYcJeT/fEyDFvOwxtFKVKeiSzP3ZapdjMoFCUVJaMjQm4SUo8UUva6EqU5U5rCUZNS6UzGO0+0O7uDOFoSzT5M/nSxT7vA4sy99XwrHH+05G+wt6vpjYua8+YAB1HoOpAABor25+r1lXzMwzMvbn6vWVfMzDAPSR3v2dWHCFSu1nk+Lh2YNtdrXccEi3snLLxNmpQwz8BOXzT5T8T35dXtW69S/RHzu7Yw+wuMnp9uL/BsSAC+Y8AAAAAA4/7RrZhCnQT9p8OXyrMl3v+DgGdNl7V4Vqa1RhBer8TmWZvGTc7pdm43OWVKvCw7Vr4/rQ9xTeZaW829lv3Jd8bNRhSSzpYze2b0sq/J2kp2mjF6HUhj2PH0LePbldf1T+3uSs/ufQqXDi/RfkgAFczYAABLSeKeh/zuKmylu/7taJ00uTjwqfySzpdmjsLYOD+0inhUoy2wkn2PN4k/Ma1Kra5plrI7pRxGxykvNHGFifZ1asaM6bfsVOEt0ZL6pldnZfZtP8AFqx200+5/wCSZgZNXrt3FzNoKWEn2aPzO+ABojEmpyrsXH2WpHDlRTqR+ann8E12lTMu9xxzPQ9PQUzeFHiqtSn7s5rsi2kR80h0oy+xp8gt1jOvq0a+/wDIxAASjQnUgAA0V7c/V6yr5mYZmXtz9XrKvmZhgGRZKXDnCHvSiu94F0pYZthUFwxxtNBf8tJ90k/QuAs5XHoyl2ozP+QS6cI9Sb8f/DyACqZ0AAAEkA+gq/Lb/WVOiHlRoGdX9oNn4NojPVOmu+LafocozL4laXS7ze4GSlhq2upGxuCqoWmjJ6FVp49rwLfKRTwzotzJ681aqEaifKSwqrZNafqUMssXSg+8j5/Q+jau5+q/JsQSQVzNAAkAHBfaPWTq0obINv8AqebwO8qTUU5SeCSbbehJaWVHf14fea86v5W8IboLNH6k7MrEqtnm/wAFvI6JSxHxOUV5vgaxnY/ZvDGrVeyml3v/AAccWH9ndnwozqNe3UwW+MV9WybgY7V67C3m01HCT156LzOtIANIYkkqrLCnwbZWXxJ/ujF+papWWXkcLW98Kb/jD0JuZr5S7/wy3kMtMQ11x/KObABCNadSAADRXtz9XrKvmZhmZe3P1esq+ZmGAbTJz/VUOtp+Yt1lN3XPg1qUtlSk+6SLkZayx9CS7fwZb/II/Ng+x+v7IABVIAAB8AAABzWX13upQVSK5VJ4vq9D9H2Fasu6pBSTjJYpppp609RVGUd0SslVwa5Dz0ntjs6VoIuZUNS+Iu5mpyPFJwdEuK3ru5+ZqUza3FfM7JU4cVjF4KpF6JL0ZqWETYycWpR4ou2QjZFwmtUy4bqvijao8KlPPri8049KM8pOnUcXjGTT1NNprtRt7PlRbILBWiTXx8Gf8tFWvM1ppNeBnL8geutUt3U/f9FqnztNohSjwqk1GK1yaRWVTK+2yzccl8sIr0NTaLXUqvGrVlN/HJy8TnZmkNOhHxOFWQWN/Mkkuze/Y6PKnKj7wuJoYql+eTzOq/SJybGJBJttlZLakaKiiFEFCtbjIs1CVSUYQWMpNKK3suC7LGqFKFKOiMUul6334lQ2K1zozjUpywlF4rNiWlk/flO2QxWaosOMhr6VtRQyyUFJp/V+CNn0LXCLS6C49/b2dptASQWjLArLLqWNsmtkaa/8U/Us5FS5U1uHa60l78l+3CPoTs0fyku38FzII63yfVH8o1AAIRrDqQAAaK9ufq9ZV8zMMzL25+r1lXzMwwD2nhnWkua77QqtOFRfmhF96KXRZ2Qdt4yzKD9qnNx/pa4UX/L7inlk9LHHrXoQ8+q2qYz6n6nQgAtmTAAAAAAJMK97rp2qm6dRb4NaactqMwk+SipLR8DnCcoSUovRoqW+rlq2SWE44x/LNJ8GX0e41JdtajGcXGcVKL0qSTTOVvTIinNuVCpxb918qn2a0Rb8uknrXvXVz/vA0+EzuEko37n1rh+vQrsHRWnJC2Q0UlNbacsf4eBr5XLa1mdkq/2pP0PC6bI8YvwK8cVRJaqa8Ua0G3o5O2yeiy1O2PB8Tb2HIevPnKkILYm5y7lmOUcNbJ7ov+7zhZjcPWulNeOvpqciC2rpybs1mzxhwp651MJPsWhHLZW5McVjXs8fw3nqRX6WOtfD4HdZgLIQ2/Ff3n1Hlozei634a1XU3z9jjjMsNsnQmqlKXBktGxrWntRiMg8abT1RTaTWjLcyfvynbIYrNUjhxkMdG9bUbUpqwWypQmqlKWElo2Ya01rRaGT99wtkMVyakcOMhse1bUXcHjFb0JfV6mRzPLHQ/iV/R/17O7qf2Zsq9VU4ynLRFSk+hLEpivVc5Sm9Mm2+lvEsrLi3cVZXFPlVGqfZpl/Cw7SsGeTM7NZqPUvUpZDTpVKx83p4fts8gAmF06kAAGivbn6vWVfMzDMy9ufq9ZV8zMMAHT5C3jxNo4DfJqpQfzJ4x9V2nMH0hJp4p4NZ01qZ2VWOuakuR1X1RurlXLg1oXceTXZO3orVQjUx5a5FVbJrT36TYmohJSipLgzAW1yrm4S4rcAAcjrAAAAAAAAAJBAPoJIAAJDWPrvIJPgOAytyY4rGvZ1jSeecV+lvXw+BxzRd7WPrjrRwWVuS/FY17PHGnpqQX6XxL4d2oi43BbOtkFu5r8moyvNNrSm57+T6+x+/M4wy7BbJ0JqpTlhJaPo9qMVkExPR6ovtJrRm8yjvuVtlCTjwVGCWGOPK/M/DuNGAfZzc5OUuJxqqhVBQgtEgADiczqQAAaK9ufq9ZV8zMMzL25+r1lXzMwwAAADfZKXy7JVxk/wp4KqvCfZ6stKMlJKSeKeGDWhp6ykEdpkblGqeFmry5H6Um/Yfut7ClgMVsP4cuHIh5vl7tXxq10lxXWvdenn3hAJLhkyAAAAAAAAAAAAAAAAAASThj6kCUkk23glnbehLaxwBwOWGTSpY2igvw/1I+43rju3HHM6bK7KF2mXF03+DF/3Ze892w5hmZxTr+K/h8P7gbzAK5UJXcfPTlr2/3EgAHnPYAAAdSAADRXtz9XrKvmZhmZe3P1esq+ZmGAAAASSmeQAdrktlXxaVC0vkaIVHncFsltW/Ud3GSaTTxTzprOmtxSGJvbhylrWTk+3S1wk3m3x2FLC4/Y6NnDr6iHmGTq1uyndLmuT7up+XcWmQa+6b8oWtY0p8rXCWCnHs19hsS1CcZrajvRlrK5Vy2ZrRkA9Hk5HAAAAAAAAEgEA9GnvrKOhZcU5cOpqhDBtP4n+U4TsjBbUnojtqpnbLZgtX2G0r1o04uc5KMUsZNvBJFdZUZTytONKjjGjr1OrvexbjW31fta1yxqPCC9mEfZj9XvNSyJisc7OjDcvNmqy/KY0P4lm+XLqXuwQATyyAAAAAAdSAADRXtz9XrKvmZhmZe3P1esq+ZmGAAAAAAACUQAD6wqOLxi2mtDTaa7TpLryytFLk1cKsfj9tf1a+05YHZXbOt6weh1XUVXLZsimi0rDlhZKuClOVOT1VVm/csV34G7oWiFRYwnCS+GSn4FKJnuFRxeMZNPam0z3wzOxLSST8iPbkNMv+OTXfv9n5l2YkFRUb7tUPZtVXtqSl4mTHKm3L/dS7VB+KPR/9Ovmn5HieQXcprzLVBVLyotz/AN3PsUV4Ixa172mp7VqqPdxk0n2IPM4covyEcgu5zXn+i2bVbaVJY1KsI/NKKNFeGWtlp5qfDqvcuDHvl6Fbym28W8XtbxZ82eaeZWNdFJeZ7qsipjvnJy8vf1OivPK2018YxlxUNlLFN9MtPdgc85HkHgsslY9ZvUr1U11R2a4pLsJZABwO0AAAAAAAAA6kAAGivbn6vWVfMzDMu9Oeq9ZV8zMUAgEgAgEgAgEgAgEgAgEgAgEgAgEgAgEgAgEgAgEgAgEgAgEgAgEgA6gEcJbV3gAtev7UulngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAygAAf/Z",
+        "text": "**{{repo.name}}** - {{#success build.status}}✅ Build success for build [{{build.number}}](https://drone.sadmin.pro/{{repo.owner}}/{{repo.name}}/{{build.number}}){{else}}❌ Build failure for build [{{build.number}}](https://drone.sadmin.pro/{{repo.owner}}/{{repo.name}}/{{build.number}}){{/success}}\n**Branch**: [{{build.branch}}](https://git.sadmin.pro/{{repo.owner}}/{{repo.name}}/src/branch/{{build.branch}})\n**Commit**: [{{build.commit}}](https://git.sadmin.pro/{{repo.owner}}/{{repo.name}}/commit/{{build.commit}})"
+        }
+      # yamllint enable rule:line-length
+    when:
+      status:
+        - failure
+        - success
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a99134a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,12 @@
+# helm-helpers
+
+Helm override values for any given Helm chart, along with any other meta needed for it.
+
+[![Build Status](https://drone.sadmin.pro/api/badges/DaJeffers/helm-helpers/status.svg)](https://drone.sadmin.pro/DaJeffers/helm-helpers)
+
+1. Add service account to Ansible variables.
+1. Rename `cluster_helm_values.yaml` to whatever and update `.drone.yml`.
+1. `drone repo sync`
+1. `drone repo enable DaJeffers/some-app-helpers`
+1. `drone secret add DaJeffers/some-app-helpers --name clusterprism_some-app_kubernetes_token --data $(kubectl get secrets -n some-app drone-some-app-token --template={{.data.token}} | base64 -d -w 0)`
+1. `drone secret add DaJeffers/some-app-helpers --name clusterprism_some-app_kubernetes_ca_cert --data $(kubectl get -n some-app secrets drone-some-app-token --template="{{index .data \"ca.crt\" | base64decode}}")`
\ No newline at end of file
diff --git a/clusterprism_helm_values.yaml b/clusterprism_helm_values.yaml
new file mode 100644
index 0000000..3399f1f
--- /dev/null
+++ b/clusterprism_helm_values.yaml
@@ -0,0 +1,62 @@
+---
+controllers:
+  some-app:
+    containers:
+      app:
+        securityContext:
+          privileged: false
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: false
+          capabilities:
+            drop:
+              - ALL
+          seccompProfile:
+            type: "RuntimeDefault"
+        image:
+          repository: some/image
+          tag: latest
+        args:
+          - some
+          - argument
+        env:
+          TZ: America/New_York
+        probes: &probes
+          liveness:
+            enabled: true
+          readiness:
+            enabled: true
+          startup:
+            enabled: true
+            spec:
+              failureThreshold: 30
+              periodSeconds: 5
+        resources:
+          limits:
+            memory: 3Gi
+          requests:
+            cpu: 100m
+            memory: 500Mi
+    pod:
+      securityContext:
+        runAsUser: 568
+        runAsGroup: 568
+        fsGroup: 568
+        fsGroupChangePolicy: "OnRootMismatch"
+        runAsNonRoot: true
+
+service:
+  app:
+    controller: some-app
+    ports:
+      http:
+        port: 42069
+        protocol: TCP
+
+# -- Configure persistence settings for the chart under this key.
+persistence:
+  config:
+    type: persistentVolumeClaim
+    accessMode: ReadWriteOnce
+    size: 1Gi
+    globalMounts:
+      - path: /data