diff --git a/pkg/crds/calico/crd.projectcalico.org_felixconfigurations.yaml b/pkg/crds/calico/crd.projectcalico.org_felixconfigurations.yaml index acaf94c355..7e4c7bf353 100644 --- a/pkg/crds/calico/crd.projectcalico.org_felixconfigurations.yaml +++ b/pkg/crds/calico/crd.projectcalico.org_felixconfigurations.yaml @@ -298,6 +298,14 @@ spec: BPFPolicyDebugEnabled when true, Felix records detailed information about the BPF policy programs, which can be examined with the calico-bpf command-line tool. type: boolean + bpfProfiling: + description: |- + BPFProfiling controls profiling of BPF programs. At the monent, it can be + Disabled or Enabled. [Default: Disabled] + enum: + - Enabled + - Disabled + type: string bpfRedirectToPeer: description: |- BPFRedirectToPeer controls which whether it is allowed to forward straight to the diff --git a/pkg/render/dex.go b/pkg/render/dex.go index 10ae62bbda..521c954055 100644 --- a/pkg/render/dex.go +++ b/pkg/render/dex.go @@ -138,10 +138,11 @@ func (c *dexComponent) Objects() ([]client.Object, []client.Object) { // TODO the RequiredSecrets in the dex condig to not pass back secrets of this type. if !c.cfg.DeleteDex { objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(common.OperatorNamespace())...)...) - } - objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(DexNamespace)...)...) - objs = append(objs, secret.ToRuntimeObjects(secret.CopyToNamespace(DexNamespace, c.cfg.PullSecrets...)...)...) + // The Dex namespace exists only for non-Tigera OIDC types to create secrets within the namespace. + objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(DexNamespace)...)...) + objs = append(objs, secret.ToRuntimeObjects(secret.CopyToNamespace(DexNamespace, c.cfg.PullSecrets...)...)...) + } if c.cfg.Installation.CertificateManagement != nil { objs = append(objs, certificatemanagement.CSRClusterRoleBinding(DexObjectName, DexNamespace))