#!/bin/bash

HOST_IP=$(ip addr show eth0 | grep -Po 'inet \K[\d.]+')
TOKEN="$(kubectl get secret serviceaccounttoken -n cert-manager -o go-template='{{ .data.token }}' | base64 -d)"                   

vault write auth/kubernetes/role/cert-manager \
    bound_service_account_names=cert-manager \
    bound_service_account_namespaces=cert-manager \
    policies=cert-manager \
    ttl=24h

vault write auth/kubernetes/login role=cert-manager jwt=${TOKEN} iss=https://${HOST_IP}:6443