Create new Route/Service for Vault agent injectors

[IanKWatts]

Describe the issue Currently the Vault agent injectors use the same public URL to access Vault that is used by the UI, meaning that all agent injectors only ever use the 'active' server, but because the agents only make read requests, they can/should use all available servers in order to spread out the load. Create a new Route and Service that will allow all Vault servers to respond to agent requests and configure the agent injectors to use the new URL.

What is the Value/Impact? Potentially increase the reliability and performance of Vault by spreading out the load.

What is the plan? How will this get completed?

• Create a new Service in the Vault namespaces that applies to all servers of the Vault StatefulSet
• Create a new Route for this Service
• Configure the agent injector Deployments to use the new URL

Identify any dependencies n/a

Definition of done

• [ ] Service and Route are configured
• [ ] Agent injector configuration updated

[IanKWatts]

We would need a new TLS certificate for this, because it would have to be a public-facing URL. Will ask the team if this is worth doing.