diff --git a/fleetshard/pkg/central/reconciler/reconciler.go b/fleetshard/pkg/central/reconciler/reconciler.go
index 0520f38eb..9d10dade2 100644
--- a/fleetshard/pkg/central/reconciler/reconciler.go
+++ b/fleetshard/pkg/central/reconciler/reconciler.go
@@ -1037,25 +1037,21 @@ func (r *CentralReconciler) ensureRoutesDeleted(ctx context.Context, remoteCentr
 	reencryptErr := r.routeService.DeleteReencryptRoute(ctx, namespace)
 	passthroughErr := r.routeService.DeletePassthroughRoute(ctx, namespace)
 
-	if reencryptErr != nil && !apiErrors.IsNotFound(reencryptErr) { // ok if not found
+	if reencryptErr != nil {
 		return fmt.Errorf("deleting reencrypt route for namespace %q: %w", namespace, reencryptErr)
 	}
-	if passthroughErr != nil && !apiErrors.IsNotFound(passthroughErr) { // ok if not found
+	if passthroughErr != nil {
 		return fmt.Errorf("deleting passthrough route for namespace %q: %w", namespace, passthroughErr)
 	}
 	return nil
 }
 
 func (r *CentralReconciler) ensureCentralCASecretExists(ctx context.Context, centralNamespace string) (centralTLSSecretFound bool, err error) {
-	centralTLSSecretFound = true // pragma: allowlist secret
 	centralTLSSecret, err := r.getSecret(centralNamespace, k8s.CentralTLSSecretName)
 	if err != nil {
-		if apiErrors.IsNotFound(err) {
-			centralTLSSecretFound = false // pragma: allowlist secret
-		}
-		return centralTLSSecretFound, err
+		return !apiErrors.IsNotFound(err), err
 	}
-	return centralTLSSecretFound, ensureSecretExists(ctx, r.client, centralNamespace, centralCaTLSSecretName, func(secret *corev1.Secret) error {
+	return true, ensureSecretExists(ctx, r.client, centralNamespace, centralCaTLSSecretName, func(secret *corev1.Secret) error {
 		secret.Type = corev1.SecretTypeTLS
 		secret.Data = map[string][]byte{
 			corev1.TLSPrivateKeyKey: {},
diff --git a/fleetshard/pkg/k8s/route.go b/fleetshard/pkg/k8s/route.go
index 4175892ba..1ad0b9857 100644
--- a/fleetshard/pkg/k8s/route.go
+++ b/fleetshard/pkg/k8s/route.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/stackrox/acs-fleet-manager/fleetshard/config"
 	"github.com/stackrox/rox/pkg/errox"
+	apiErrors "k8s.io/apimachinery/pkg/api/errors"
 
 	openshiftRouteV1 "github.com/openshift/api/route/v1"
 	"github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/api/private"
@@ -313,10 +314,12 @@ func (s *RouteService) deleteRoute(ctx context.Context, name string, namespace s
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: namespace,
 			Name:      name,
-			Labels:    map[string]string{ManagedByLabelKey: ManagedByFleetshardValue},
 		},
 	}
 	if err := s.client.Delete(ctx, route); err != nil {
+		if apiErrors.IsNotFound(err) {
+			return nil // ok if not found
+		}
 		return fmt.Errorf("deleting route %s/%s: %w", namespace, name, err)
 	}
 	return nil