How to k8s secret for job`s tls_config

[zheng...@sohu.com]

How to use k8s secret resource for endpoints service. 

k8s resoure yaml:

apiVersion: v1
kind: Secret
metadata:
  name: myservice-secret 
data:
  cert-chain.pem: 
  key.pem: 
  root-cert.pem: 
---
apiVersion: v1
kind: Service
metadata:
  labels:
    run: myservice
  annotations:
    prometheus.io/port: "443"
    prometheus.io/scrape: "true"
  name: myservice
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 443
  type: ClusterIP

prometheus config file:

scrape_configs:
- job_name: kubernetes_endpoints
  honor_timestamps: true
  scrape_interval: 30s
  scrape_timeout: 15s
  metrics_path: /metrics
  scheme: http
  kubernetes_sd_configs:
  - api_server: https://my.k8s.server:443
    role: endpoints
    tls_config:
      ca_file: /data/certs/ca.pem
      cert_file: /data/certs/admin/admin.pem
      key_file: /data/certs/admin/admin-key.pem
      insecure_skip_verify: false
  tls_config:
    ca_file:  how to use myservice-secret 
    cert_file: how to use myservice-secret
    key_file: how to use myservice-secret 
    insecure_skip_verify: false
  relabel_configs:
  - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
    separator: ;
    regex: "true"
    replacement: $1
    action: keep