4f4182cb18
encapi (the new Postgres-backed Puppet ENC replacing Cobbler) runs in k8s and reads its secrets from Vault via the Kubernetes auth backend. Grant its pods that access, mirroring artifactapi. - add k8s auth role encapi (binds SA default in namespace encapi, mount k8s/au/syd1) - add vault policy kv/service/encapi/environment/read - add vault policy kv/service/encapi/postgres-password/read