diff --git a/cloud/kubernetes/prometheus/prometheus.yaml b/cloud/kubernetes/prometheus/prometheus.yaml
index b7cac8c28d24..c2073a9cbcee 100644
--- a/cloud/kubernetes/prometheus/prometheus.yaml
+++ b/cloud/kubernetes/prometheus/prometheus.yaml
@@ -60,11 +60,12 @@ spec:
   - port: http
     path: /_status/vars
     tlsConfig:
-      # The HTTPS certs are signed by the kubernetes internal
-      # certificate authority.
-      caFile: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
-      # This overrides the hostname verification check for the admin
-      # UI port to match our quickstart secure-mode cluster setup.
+      ca:
+        secret:
+          key: ca.crt
+          # This is the secret name used by the CockroachDB Kubernetes Operator.
+          # When using a custom CA, replace this with your secret name
+          name: cockroachdb-node
       serverName: "127.0.0.1"
 ---
 # Have prometheus-operator run a replicated Prometheus cluster