StackStorm · arm4b · Nov 10, 2021 · Nov 1, 2021 · Nov 1, 2021 · Nov 1, 2021
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@
 * Refactor deployments/jobs to inject st2 username/password via `envFrom` instead of via `env`. (#257) (by @cognifloyd)
 * New feature: Add `envFromSecrets` to `st2actionrunner`, `st2client`, `st2sensorcontainer`, and jobs. This is useful for adding custom secrets to the environment. This complements the `extra_volumes` feature (loading secrets as files) to facilitate loading secrets that are not easily injected via the filesystem. (#259) (by @cognifloyd)
 * New feature to include `nodeSelector`, `affinity` and `tolerations` to `st2client`, allowing more flexibility to pod positioning. (#263) (by @sandesvitor)
+* Template `~/.st2/config`. This allows customizing the settings used by the `st2client` and jobs pods for using the st2 apis. (#262) (by @cognifloyd)
 
 ## v0.70.0
 * New feature: Shared packs volumes `st2.packs.volumes`. Allow using cluster-specific persistent volumes to store packs, virtualenvs, and (optionally) configs. This enables using `st2 pack install`. It even works with `st2packs` images in `st2.packs.images`. (#199) (by @cognifloyd)

diff --git a/templates/deployments.yaml b/templates/deployments.yaml
@@ -1490,6 +1490,10 @@ spec:
             name: {{ .Release.Name }}-st2-urls
         - secretRef:
             name: {{ .Release.Name }}-st2-auth
+        {{- range .Values.st2client.envFromSecrets }}
+        - secretRef:
+            name: {{ . }}
+        {{- end }}
         volumeMounts:
         - name: st2client-config-vol
           mountPath: /root/.st2/
@@ -1499,9 +1503,7 @@ spec:
           - '-ec'
           - |
             cat <<EOT > /root/.st2/config
-            [credentials]
-            username = ${ST2_AUTH_USERNAME}
-            password = ${ST2_AUTH_PASSWORD}
+            {{- tpl .Values.st2client.st2clientConfig . | nindent 12 }}
             EOT
       containers:
       - name: st2client

diff --git a/templates/jobs.yaml b/templates/jobs.yaml
@@ -157,6 +157,10 @@ spec:
             name: {{ .Release.Name }}-st2-urls
         - secretRef:
             name: {{ .Release.Name }}-st2-auth
+        {{- range .Values.jobs.envFromSecrets }}
+        - secretRef:
+            name: {{ . }}
+        {{- end }}
         volumeMounts:
         - name: st2client-config-vol
           mountPath: /root/.st2/
@@ -166,9 +170,7 @@ spec:
           - '-ec'
           - |
             cat <<EOT > /root/.st2/config
-            [credentials]
-            username = ${ST2_AUTH_USERNAME}
-            password = ${ST2_AUTH_PASSWORD}
+            {{- tpl .Values.jobs.st2clientConfig . | nindent 12 }}
             EOT
       containers:
       - name: st2-apikey-load
@@ -273,6 +275,10 @@ spec:
             name: {{ .Release.Name }}-st2-urls
         - secretRef:
             name: {{ .Release.Name }}-st2-auth
+        {{- range .Values.jobs.envFromSecrets }}
+        - secretRef:
+            name: {{ . }}
+        {{- end }}
         volumeMounts:
         - name: st2client-config-vol
           mountPath: /root/.st2/
@@ -282,9 +288,7 @@ spec:
           - '-ec'
           - |
             cat <<EOT > /root/.st2/config
-            [credentials]
-            username = ${ST2_AUTH_USERNAME}
-            password = ${ST2_AUTH_PASSWORD}
+            {{- tpl .Values.jobs.st2clientConfig . | nindent 12 }}
             EOT
       containers:
       - name: st2-key-load

diff --git a/values.yaml b/values.yaml
@@ -623,6 +623,15 @@ st2sensorcontainer:
 # The st2client deployment/pod simplifies ad-hoc administration.
 # st2client is a special purpose actionrunner pod, but you can customize it separately
 st2client:
+  # st2client config (~/.st2/config) template.
+  # see: https://docs.stackstorm.com/reference/cli.html#configuration-file
+  # You can access env variables here because this is used in a bash heredoc.
+  # For example, you could use a var injected with envFromSecrets.
+  # Note that Helm templating is supported in this block!
+  st2clientConfig: |
+    [credentials]
+    username = ${ST2_AUTH_USERNAME}
+    password = ${ST2_AUTH_PASSWORD}
   env: {}
   # HTTP_PROXY: http://proxy:1234
   ## These named secrets (managed outside this chart) will be added to envFrom.
@@ -729,6 +738,15 @@ st2chatops:
 ## Various batch jobs (apply-rbac-definitions, apikey-load, key-load, register-content)
 ##
 jobs:
+  # st2client config (~/.st2/config) template for jobs that need it.
+  # see: https://docs.stackstorm.com/reference/cli.html#configuration-file
+  # You can access env variables here because this is used in a bash heredoc.
+  # For example, you could use a var injected with envFromSecrets.
+  # Note that Helm templating is supported in this block!
+  st2clientConfig: |
+    [credentials]
+    username = ${ST2_AUTH_USERNAME}
+    password = ${ST2_AUTH_PASSWORD}
   annotations: {}
   # Override default image settings (for now, only tag can be overridden)
   # The Jobs use the st2actionrunner image