From c23c073e09f121cafddb596aecc7156331e6a99a Mon Sep 17 00:00:00 2001
From: Vara <vara@tigera.io>
Date: Thu, 19 Dec 2024 17:15:41 -0800
Subject: [PATCH 1/2] Include dex secrets when oidc is non tigera or nil

---
 pkg/render/dex.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pkg/render/dex.go b/pkg/render/dex.go
index 10ae62bbda..521c954055 100644
--- a/pkg/render/dex.go
+++ b/pkg/render/dex.go
@@ -138,10 +138,11 @@ func (c *dexComponent) Objects() ([]client.Object, []client.Object) {
 	// TODO the RequiredSecrets in the dex condig to not pass back secrets of this type.
 	if !c.cfg.DeleteDex {
 		objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(common.OperatorNamespace())...)...)
-	}
 
-	objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(DexNamespace)...)...)
-	objs = append(objs, secret.ToRuntimeObjects(secret.CopyToNamespace(DexNamespace, c.cfg.PullSecrets...)...)...)
+		// The Dex namespace exists only for non-Tigera OIDC types to create secrets within the namespace.
+		objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(DexNamespace)...)...)
+		objs = append(objs, secret.ToRuntimeObjects(secret.CopyToNamespace(DexNamespace, c.cfg.PullSecrets...)...)...)
+	}
 
 	if c.cfg.Installation.CertificateManagement != nil {
 		objs = append(objs, certificatemanagement.CSRClusterRoleBinding(DexObjectName, DexNamespace))

From 6e2b71f1e97273862a6295ac872011790c1ce24c Mon Sep 17 00:00:00 2001
From: Vara <vara@tigera.io>
Date: Fri, 20 Dec 2024 11:24:41 -0800
Subject: [PATCH 2/2] Fix dirty check

---
 .../calico/crd.projectcalico.org_felixconfigurations.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkg/crds/calico/crd.projectcalico.org_felixconfigurations.yaml b/pkg/crds/calico/crd.projectcalico.org_felixconfigurations.yaml
index acaf94c355..7e4c7bf353 100644
--- a/pkg/crds/calico/crd.projectcalico.org_felixconfigurations.yaml
+++ b/pkg/crds/calico/crd.projectcalico.org_felixconfigurations.yaml
@@ -298,6 +298,14 @@ spec:
                   BPFPolicyDebugEnabled when true, Felix records detailed information
                   about the BPF policy programs, which can be examined with the calico-bpf command-line tool.
                 type: boolean
+              bpfProfiling:
+                description: |-
+                  BPFProfiling controls profiling of BPF programs. At the monent, it can be
+                  Disabled or Enabled. [Default: Disabled]
+                enum:
+                - Enabled
+                - Disabled
+                type: string
               bpfRedirectToPeer:
                 description: |-
                   BPFRedirectToPeer controls which whether it is allowed to forward straight to the