Image Pull Secret in ServiceAccount leads to (unnecessary) k8s warning events

[daniel-geiger-ibmde]

ServiceAccount is always created with
imagePullSecrets:
- name: ibm-entitlement-key

In cases where the MQ image is pulled from a private registry, which may be the most common case when using the helm chart, that secret will most likely not exist.
This then leads to a lot of (unnecessary and potentially confusing) warning events on the MQ pods:
# kubectl events -n mq-s
LAST SEEN TYPE REASON OBJECT MESSAGE
30m (x58 over 95m) Warning FailedToRetrieveImagePullSecret Pod/mq1se-ibm-mq-2 Unable to retrieve some image pull secrets (ibm-entitlement-key); attempting to pull the image may not succeed.

My suggestion would be to either make the ibm-entitlement-key item optional (via helm value) - or just remove it, as it could be easily injected through the generic image.pullSecretvalues.

[callumpjackson]

Hi Daniel - thanks for raising the issue. I agree with your point of view. I would suggest that for backward compatibility we keep the current behavior as the default but could easily add an option to remove. For instance, image.disableDefaultPullSecret. Then conditional logic can be applied to the serviceaccount.yaml.
It would be great if you could create a pull request for this and I can then review.