The CAs used to verify clients are not secrets and can be committed to the repository as K8s ConfigMaps. This updates the config to include them.
dandds