Source service ca from injected configmap instead of service account

manifests/0000_12_etcd-operator_03_configmap.yaml

@@ -15,3 +15,12 @@ metadata:
     release.openshift.io/create-only: "true"
   name: etcd-ca-bundle
   namespace: openshift-etcd-operator
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  annotations:
+    release.openshift.io/create-only: "true"
+    service.beta.openshift.io/inject-cabundle: "true"
+  name: etcd-service-ca-bundle
+  namespace: openshift-etcd-operator

manifests/0000_12_etcd-operator_06_deployment.yaml

@@ -44,6 +44,8 @@ spec:
           name: serving-cert
         - mountPath: /var/run/configmaps/etcd-ca
           name: etcd-ca
+        - mountPath: /var/run/configmaps/etcd-service-ca
+          name: etcd-service-ca
         - mountPath: /var/run/secrets/etcd-client
           name: etcd-client
         env:
@@ -71,6 +73,9 @@ spec:
       - name: etcd-ca
         configMap:
           name: etcd-ca-bundle
+      - name: etcd-service-ca
+        configMap:
+          name: etcd-service-ca-bundle
       - name: etcd-client
         secret:
           secretName: etcd-client

pkg/operator/metriccontroller/client.go

@@ -37,7 +37,7 @@ func getPrometheusClient(ctx context.Context, secretClient coreclientv1.SecretsG
 		return nil, fmt.Errorf("unable to retrieve prometheus-k8 bearer token")
 	}
 
-	serviceCABytes, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt")
+	serviceCABytes, err := ioutil.ReadFile("/var/run/configmaps/etcd-service-ca/service-ca.crt")
 	if err != nil {
 		return nil, err
 	}