diff --git a/examples/phabricator/README.md b/examples/phabricator/README.md
index 0f5fca7f8a..4cf3211c7c 100644
--- a/examples/phabricator/README.md
+++ b/examples/phabricator/README.md
@@ -140,7 +140,7 @@ To automate this process and make sure that a proper host is authorized even if
         "containers": [
           {
             "name": "authenticator",
-            "image": "fgrzadkowski/example-cloudsql-authenticator"
+            "image": "gcr.io.google_containers/cloudsql-authenticator:v1"
           }
         ]
       }
diff --git a/examples/phabricator/authenticator-controller.json b/examples/phabricator/authenticator-controller.json
index 6c834e3a7f..1da45113e9 100644
--- a/examples/phabricator/authenticator-controller.json
+++ b/examples/phabricator/authenticator-controller.json
@@ -22,10 +22,10 @@
         "containers": [
           {
             "name": "authenticator",
-            "image": "fgrzadkowski/example-cloudsql-authenticator"
+            "image": "gcr.io/google_containers/cloudsql-authenticator:v1"
           }
         ]
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/examples/phabricator/cloudsql-authenticator/run.sh b/examples/phabricator/cloudsql-authenticator/run.sh
index 8230782574..e2898c8bf1 100755
--- a/examples/phabricator/cloudsql-authenticator/run.sh
+++ b/examples/phabricator/cloudsql-authenticator/run.sh
@@ -18,10 +18,13 @@
 #       should only send updates if something changes. We should be able to do
 #       this by comparing pod creation time with the last scan time.
 while true; do
-  hostport="${KUBERNETES_RO_SERVICE_HOST}:${KUBERNETES_RO_SERVICE_PORT}"
-  path="api/v1beta1/pods"
+  hostport="https://kubernetes.default.cluster.local"
+  token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+  path="api/v1beta3/pods"
   query="labels=$SELECTOR"
-  ips_json=`curl ${hostport}/${path}?${query} 2>/dev/null | grep hostIP`
+
+  # TODO: load in the CAS cert when we distributed it on all platforms.
+  ips_json=`curl ${hostport}/${path}?${query} --insecure --header "Authorization: Bearer ${token}" 2>/dev/null | grep hostIP`
   ips=`echo $ips_json | cut -d'"' -f 4 | sed 's/,$//'`
   echo "Adding IPs $ips"
   gcloud sql instances patch $CLOUDSQL_DB --authorized-networks $ips