"x509: certificate signed by unknown authority" with Kubernetes

I've been trying to use the Kubernetes integration with GitLab CI, and kubectl seems to be failing due to x509: certificate signed by unknown authority even though it appears that the right CA certificate is being configured. I tried this with the Kubernetes integration settings in the CE repository, and my own Google Kubernetes Engine instance:

$ cat kube_ca.pem
-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----
$ kubectl config set-cluster default-cluster --server=$KUBE_URL --certificate-authority="$(pwd)/kube_ca.pem"
Cluster "default-cluster" set.
$ kubectl config set-credentials default-admin --token=$KUBE_TOKEN
User "default-admin" set.
$ kubectl config set-context default-system --cluster=default-cluster --user=default-admin --namespace $KUBE_NAMESPACE
Context "default-system" created.
$ kubectl config use-context default-system
Switched to context "default-system".
$ sed -i "s/__CI_ENVIRONMENT_SLUG__/$CI_ENVIRONMENT_SLUG/" nginx-deployment.yaml
$ cat nginx-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: production
  labels:
    app: production
    track: stable
spec:
  replicas: 3
  template:
    metadata:
      labels:
        app: production
        track: stable
    spec:
      containers:
      - name: nginx
        image: nginx:1.7.9
        ports:
        - containerPort: 80$ kubectl cluster-info
Kubernetes master is running at https://104.154.234.36/

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
$ kubectl get deployments -l app=$CI_ENVIRONMENT_SLUG
Unable to connect to the server: x509: certificate signed by unknown authority
ERROR: Job failed: exit code 1