From 65cea86e4413cb5899c3b89bda375bb326de5093 Mon Sep 17 00:00:00 2001
From: Solly Ross <sross@redhat.com>
Date: Thu, 4 Oct 2018 12:48:18 -0400
Subject: [PATCH] Populate ClientCA in delegating auth setup

kubernetes/kubernetes#67768 accidentally removed population of the the ClientCA
in the delegating auth setup code.  This restores it.
---
 .../src/k8s.io/apiserver/pkg/server/options/authentication.go   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go b/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
index 5c8209c35d0b..043a93415381 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
@@ -192,9 +192,11 @@ func (s *DelegatingAuthenticationOptions) ApplyTo(c *server.AuthenticationInfo,
 	}
 
 	// configure AuthenticationInfo config
+	cfg.ClientCAFile = s.ClientCert.ClientCA
 	if err = c.ApplyClientCert(s.ClientCert.ClientCA, servingInfo); err != nil {
 		return fmt.Errorf("unable to load client CA file: %v", err)
 	}
+
 	cfg.RequestHeaderConfig = s.RequestHeader.ToAuthenticationRequestHeaderConfig()
 	if err = c.ApplyClientCert(s.RequestHeader.ClientCAFile, servingInfo); err != nil {
 		return fmt.Errorf("unable to load client CA file: %v", err)