Skip to content

Commit

Permalink
Include dex secrets when oidc is non tigera or nil
Browse files Browse the repository at this point in the history
  • Loading branch information
vara2504 committed Dec 20, 2024
1 parent 09433f9 commit c23c073
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions pkg/render/dex.go
Original file line number Diff line number Diff line change
Expand Up @@ -138,10 +138,11 @@ func (c *dexComponent) Objects() ([]client.Object, []client.Object) {
// TODO the RequiredSecrets in the dex condig to not pass back secrets of this type.
if !c.cfg.DeleteDex {
objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(common.OperatorNamespace())...)...)
}

objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(DexNamespace)...)...)
objs = append(objs, secret.ToRuntimeObjects(secret.CopyToNamespace(DexNamespace, c.cfg.PullSecrets...)...)...)
// The Dex namespace exists only for non-Tigera OIDC types to create secrets within the namespace.
objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(DexNamespace)...)...)
objs = append(objs, secret.ToRuntimeObjects(secret.CopyToNamespace(DexNamespace, c.cfg.PullSecrets...)...)...)
}

if c.cfg.Installation.CertificateManagement != nil {
objs = append(objs, certificatemanagement.CSRClusterRoleBinding(DexObjectName, DexNamespace))
Expand Down

0 comments on commit c23c073

Please sign in to comment.