Include dex secrets only when oidc is non tigera or nil

pkg/crds/calico/crd.projectcalico.org_felixconfigurations.yaml

@@ -298,6 +298,14 @@ spec:
                   BPFPolicyDebugEnabled when true, Felix records detailed information
                   about the BPF policy programs, which can be examined with the calico-bpf command-line tool.
                 type: boolean
+              bpfProfiling:
+                description: |-
+                  BPFProfiling controls profiling of BPF programs. At the monent, it can be
+                  Disabled or Enabled. [Default: Disabled]
+                enum:
+                - Enabled
+                - Disabled
+                type: string
               bpfRedirectToPeer:
                 description: |-
                   BPFRedirectToPeer controls which whether it is allowed to forward straight to the

pkg/render/dex.go

@@ -138,10 +138,11 @@ func (c *dexComponent) Objects() ([]client.Object, []client.Object) {
 	// TODO the RequiredSecrets in the dex condig to not pass back secrets of this type.
 	if !c.cfg.DeleteDex {
 		objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(common.OperatorNamespace())...)...)
-	}
 
-	objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(DexNamespace)...)...)
-	objs = append(objs, secret.ToRuntimeObjects(secret.CopyToNamespace(DexNamespace, c.cfg.PullSecrets...)...)...)
+		// The Dex namespace exists only for non-Tigera OIDC types to create secrets within the namespace.
+		objs = append(objs, secret.ToRuntimeObjects(c.cfg.DexConfig.RequiredSecrets(DexNamespace)...)...)
+		objs = append(objs, secret.ToRuntimeObjects(secret.CopyToNamespace(DexNamespace, c.cfg.PullSecrets...)...)...)
+	}
 
 	if c.cfg.Installation.CertificateManagement != nil {
 		objs = append(objs, certificatemanagement.CSRClusterRoleBinding(DexObjectName, DexNamespace))