nginx
diff --git a/‎examples/common-secrets/keycloak-ca-secret.yaml‎
Lines changed: 0 additions & 7 deletions b/‎examples/common-secrets/keycloak-ca-secret.yaml‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎examples/common-secrets/keycloak-tls-secret.yaml‎
Lines changed: 0 additions & 8 deletions b/‎examples/common-secrets/keycloak-tls-secret.yaml‎
Lines changed: 0 additions & 8 deletions
diff --git a/‎examples/custom-resources/oidc/keycloak-ca-secret.yaml‎
Lines changed: 0 additions & 1 deletion b/‎examples/custom-resources/oidc/keycloak-ca-secret.yaml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎examples/custom-resources/oidc/keycloak-tls-secret.yaml‎
Lines changed: 0 additions & 1 deletion b/‎examples/custom-resources/oidc/keycloak-tls-secret.yaml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎hack/secrets.json‎
Lines changed: 41 additions & 0 deletions b/‎hack/secrets.json‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎hack/tls-cert-gen/main.go‎
Lines changed: 4 additions & 1 deletion b/‎hack/tls-cert-gen/main.go‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎hack/tls-cert-gen/mtls-gen.go‎
Lines changed: 4 additions & 0 deletions b/‎hack/tls-cert-gen/mtls-gen.go‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎tests/.gitignore‎
Lines changed: 4 additions & 4 deletions b/‎tests/.gitignore‎
Lines changed: 4 additions & 4 deletions
@@ -588,6 +588,47 @@
         ]
       },
       "crl": false
+    },
+    {
+      "ca": {
+        "secretName": "keycloak-ca",
+        "fileName": "example-keycloak-ca-secret.yaml",
+        "templateData": {
+          "commonName": "KeycloakCA",
+          "country": "IE",
+          "organization": "F5 NGINX",
+          "organizationalUnit": "KIC",
+          "locality": "Cork",
+          "province": "Cork"
+        },
+        "valid": true,
+        "secretType": "nginx.org/ca",
+        "symlinks": [
+          "/examples/custom-resources/oidc/keycloak-ca-secret.yaml"
+        ],
+        "usedIn": [
+          "examples/custom-resources/oidc"
+        ]
+      },
+      "server": {
+        "secretName": "keycloak-tls",
+        "fileName": "example-keycloak-tls-secret.yaml",
+        "templateData": {
+          "commonName": "keycloak.default.svc.cluster.local",
+          "country": "IE",
+          "organization": "F5 NGINX",
+          "organizationalUnit": "KIC",
+          "locality": "Cork",
+          "province": "Cork"
+        },
+        "valid": true,
+        "symlinks": [
+          "/examples/custom-resources/oidc/keycloak-tls-secret.yaml"
+        ],
+        "usedIn": [
+          "examples/custom-resources/oidc"
+        ]
+      }
     }
   ],
   "htpasswds": [
 
@@ -348,11 +348,14 @@ func createOpaqueSecretYaml(secret yamlSecret, isValid bool, keyPair *JITTLSKey,
 		Data: map[string][]byte{
 			v1.TLSCertKey:       keyPair.cert,
 			v1.TLSPrivateKeyKey: keyPair.key,
-			configs.CACrtKey:    caCert,
 		},
 		Type: v1.SecretTypeOpaque,
 	}
 
+	if caCert != nil {
+		s.Data[configs.CACrtKey] = caCert
+	}
+
 	if !isValid {
 		s.Data[v1.TLSCertKey] = []byte(``)
 	}
 
@@ -218,8 +218,12 @@ func generateMTLSBundleFiles(bundle mtlsBundle, projectRoot string) error {
 	return nil
 }
 
+// nolint cyclo:ignore
 func removeBundleFiles(logger *slog.Logger, bundle mtlsBundle) error {
 	for _, secret := range []yamlSecret{bundle.Ca, bundle.Client, bundle.Server} {
+		if secret.FileName == "" {
+			continue
+		}
 		filePath := filepath.Join(projectRoot, realSecretDirectory, secret.FileName)
 		log.Debugf(logger, "Removing file %s", filePath)
 		if _, err := os.Stat(filePath); !os.IsNotExist(err) {
 
@@ -50,10 +50,10 @@ data/egress-mtls/secret/tls-secret.yaml
 data/hsts/standard-tls/tls-secret.yaml
 data/hsts/mergeable-tls/tls-secret.yaml
 data/ingress-mtls/secret/tls-secret.yaml
-data/jwt-auth-mergeable/jwt-auth-master-secret.yaml
-data/jwt-auth-mergeable/jwt-auth-master-secret-updated.yaml
-data/jwt-auth-mergeable/jwt-auth-minion-secret.yaml
-data/jwt-auth-mergeable/jwt-auth-minion-secret-updated.yaml
+data/jwt-auth-mergeable/jwt-master-secret.yaml
+data/jwt-auth-mergeable/jwt-master-secret-updated.yaml
+data/jwt-auth-mergeable/jwt-minion-secret.yaml
+data/jwt-auth-mergeable/jwt-minion-secret-updated.yaml
 data/jwt-policy/secret/jwk-secret-invalid.yaml
 data/jwt-policy/secret/jwk-secret-valid.yaml
 data/jwt-secrets/jwt-secret-invalid.yaml