How to pull server and certificate from cluster/project for Vault

I am trying to use kubernetes external-secrets in Rancher
I followed this tutorial: Manage your Kubernetes secrets with Hashicorp Vault. | by Ariel Viñas | Craftech | Medium

I run kubectl from the UI from my cluter. Based on this tutorial, I set my variables as follow:

SECRET_NAME="$(kubectl get serviceaccount kubernetes-external-secrets -o go-template='{{ (index .secrets 0).name }}')"
SERVICEACCOUNT_TOKEN="$(kubectl get secret ${SECRET_NAME} \
  -o go-template='{{ .data.token }}' | base64 --decode)"
K8S_HOST="$(kubectl config view --raw \
  -o go-template="{{ range .clusters }}{{ if eq .name \"${CLUSTER_ID}\" }}{{ index .cluster \"server\" }}{{ end }}{{ end }}")"
K8S_CACERT="$(kubectl config view --raw \
  -o go-template="{{ range .clusters }}{{ if eq .name \"${CLUSTER_ID}\" }}{{ index .cluster \"certificate-authority-data\" }}{{ end }}{{ end }}" | base64 --decode)"

Then, I run

vault write auth/${CLUSTER_NAME}/config \
  kubernetes_host="${K8S_HOST}" \
  kubernetes_ca_cert="${K8S_CACERT}" \
  token_reviewer_jwt="${SERVICEACCOUNT_TOKEN}"

When I do this, I am getting the error: ‘Permission denied’

I found this, and the comment say:
had this problem when trying to integrate Vault with a Rancher managed cluster, $KUBE_HOST was pointing to the rancher proxy so I needed to change it to the IP of the cluster and extract token and ca cert from the service account I was using.

I am using the IP address for the HOST now, however I am getting the error:
x509: certificate signed by unknown authority