- add certmanager script and config.yaml file - install into pyenv for certmanager - deploy to puppet-masters only
