diff --git a/install/installer/pkg/cluster/checks.go b/install/installer/pkg/cluster/checks.go
index f2ded0dfc907f5..b32603afd121de 100644
--- a/install/installer/pkg/cluster/checks.go
+++ b/install/installer/pkg/cluster/checks.go
@@ -170,8 +170,9 @@ func checkKubernetesVersion(ctx context.Context, config *rest.Config, namespace
 }
 
 type checkSecretOpts struct {
-	RequiredFields []string
-	Validator      func(*corev1.Secret) ([]ValidationError, error)
+	RequiredFields    []string
+	RecommendedFields []string
+	Validator         func(*corev1.Secret) ([]ValidationError, error)
 }
 
 type CheckSecretOpt func(*checkSecretOpts)
@@ -182,6 +183,12 @@ func CheckSecretRequiredData(entries ...string) CheckSecretOpt {
 	}
 }
 
+func CheckSecretRecommendedData(entries ...string) CheckSecretOpt {
+	return func(cso *checkSecretOpts) {
+		cso.RecommendedFields = append(cso.RecommendedFields, entries...)
+	}
+}
+
 func CheckSecretRule(validator func(*corev1.Secret) ([]ValidationError, error)) CheckSecretOpt {
 	return func(cso *checkSecretOpts) {
 		cso.Validator = validator
@@ -226,6 +233,15 @@ func CheckSecret(name string, opts ...CheckSecretOpt) ValidationCheck {
 					})
 				}
 			}
+			for _, k := range cfg.RecommendedFields {
+				_, ok := secret.Data[k]
+				if !ok {
+					res = append(res, ValidationError{
+						Message: fmt.Sprintf("secret %s has no %s entry", name, k),
+						Type:    ValidationStatusWarning,
+					})
+				}
+			}
 
 			if cfg.Validator != nil {
 				vres, err := cfg.Validator(secret)