From 0f8437bc3abca4a2228960fabfde7f9ce83710f9 Mon Sep 17 00:00:00 2001
From: Andrew Keesler <akeesler@vmware.com>
Date: Wed, 23 Sep 2020 12:47:04 -0400
Subject: [PATCH] Integration tests are passing ayooooooooooooooo

---
 deploy/rbac.yaml                                  | 6 +++++-
 internal/controllermanager/prepare_controllers.go | 2 +-
 test/integration/kubecertagent_test.go            | 1 +
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml
index 6361d301..99750b5c 100644
--- a/deploy/rbac.yaml
+++ b/deploy/rbac.yaml
@@ -47,10 +47,14 @@ rules:
   - apiGroups: [""]
     resources: [secrets]
     verbs: [create, get, list, patch, update, watch, delete]
-    #! We need to be able to CRUD pods in our namespace so we can reconcile the kube-cert-agent pods.
+  #! We need to be able to CRUD pods in our namespace so we can reconcile the kube-cert-agent pods.
   - apiGroups: [""]
     resources: [pods]
     verbs: [create, get, list, patch, update, watch, delete]
+  #! We need to be able to exec into pods in our namespace so we can grab the API server's private key
+  - apiGroups: [""]
+    resources: [pods/exec]
+    verbs: [create]
   - apiGroups: [config.pinniped.dev, idp.pinniped.dev]
     resources: ["*"]
     verbs: [create, get, list, update, watch]
diff --git a/internal/controllermanager/prepare_controllers.go b/internal/controllermanager/prepare_controllers.go
index 5f5fdcf7..ea30d758 100644
--- a/internal/controllermanager/prepare_controllers.go
+++ b/internal/controllermanager/prepare_controllers.go
@@ -226,7 +226,7 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) {
 				kubecertagent.NewPodCommandExecutor(kubeConfig, k8sClient),
 				pinnipedClient,
 				clock.RealClock{},
-				informers.kubeSystemNamespaceK8s.Core().V1().Pods(),
+				informers.installationNamespaceK8s.Core().V1().Pods(),
 				controllerlib.WithInformer,
 			),
 			singletonWorker,
diff --git a/test/integration/kubecertagent_test.go b/test/integration/kubecertagent_test.go
index cc0b63b9..2418fd5c 100644
--- a/test/integration/kubecertagent_test.go
+++ b/test/integration/kubecertagent_test.go
@@ -61,6 +61,7 @@ func TestKubeCertAgent(t *testing.T) {
 				"original agent pod len != current agent pod len: %s",
 				diff.ObjectDiff(originalAgentPods.Items, currentAgentPods.Items),
 			)
+			return false
 		}
 
 		sortPods(currentAgentPods)