Include dex secrets when oidc is non tigera or nil

pkg/render/dex.go

@@ -138,10 +138,11 @@ func (c *dexComponent) Objects() ([]client.Object, []client.Object) {
 	// TODO the RequiredSecrets in the dex condig to not pass back secrets of this type.
 	if !c.cfg.DeleteDex {
 		objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(common.OperatorNamespace())...)...)
-	}
 
-	objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(DexNamespace)...)...)
-	objs = append(objs, secret.ToRuntimeObjects(secret.CopyToNamespace(DexNamespace, c.cfg.PullSecrets...)...)...)
+		// The Dex namespace exists only for non-Tigera OIDC types to create secrets within the namespace.
+		objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(DexNamespace)...)...)
+		objs = append(objs, secret.ToRuntimeObjects(secret.CopyToNamespace(DexNamespace, c.cfg.PullSecrets...)...)...)
+	}
 
 	if c.cfg.Installation.CertificateManagement != nil {
 		objs = append(objs, certificatemanagement.CSRClusterRoleBinding(DexObjectName, DexNamespace))