From 6377d9978c50ebae88de4dba219a9a3a8413f9cc Mon Sep 17 00:00:00 2001
From: David Eads <deads@redhat.com>
Date: Wed, 10 Apr 2019 18:42:31 -0400
Subject: [PATCH] bootkube: switch mcd ca-bundle for verifying kube-apiserver

kube-ca is dead. We want discrete chains of trust and the MCD is the last
piece we need to update.
---
 data/data/bootstrap/files/usr/local/bin/bootkube.sh.template | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template b/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template
index 2b582a38ed..cf4cb63524 100755
--- a/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template
+++ b/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template
@@ -176,7 +176,7 @@ then
 			--etcd-ca=/assets/tls/etcd-client-ca.crt \
 			--etcd-metric-ca=/assets/tls/etcd-metric-ca-bundle.crt \
 			--root-ca=/assets/tls/root-ca.crt \
-			--kube-ca=/assets/tls/kube-ca.crt \
+			--kube-ca=/assets/tls/kube-apiserver-complete-server-ca-bundle.crt \
 			--config-file=/assets/manifests/cluster-config.yaml \
 			--dest-dir=/assets/mco-bootstrap \
 			--pull-secret=/assets/manifests/openshift-config-secret-pull-secret.yaml \