diff --git a/controllers/cluster_controller.go b/controllers/cluster_controller.go index 7c52fef..ef36fbb 100644 --- a/controllers/cluster_controller.go +++ b/controllers/cluster_controller.go @@ -154,11 +154,12 @@ func (r *ClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (re } // Vault secret - if client.Secret == nil || *client.Secret == "" { - return ctrl.Result{}, fmt.Errorf("client %q has no secret", *templatedClient.ClientID) - } - if err := r.syncVaultSecret(ctx, instance, *client.Secret); err != nil { - return ctrl.Result{}, fmt.Errorf("unable to sync vault secret: %w", err) + if client.Secret != nil && *client.Secret != "" { + if err := r.syncVaultSecret(ctx, instance, *client.Secret); err != nil { + return ctrl.Result{}, fmt.Errorf("unable to sync vault secret: %w", err) + } + } else { + l.Info("Client has no secret, might be a public client. Skipping vault secret sync.") } // template client roles