feat/fix(falco): adding imagePullSecrets at the service account level

[megalucio]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

If this PR will release a new chart version please make sure to also uncomment the following line:

kind chart-release

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area falco-chart

/area falco-exporter-chart

/area falcosidekick-chart

/area falco-talon-chart

/area event-generator-chart

/area k8s-metacollector-chart

What this PR does / why we need it:
This pull request includes updates to the Falco Helm Chart to fix and enhance the handling of imagePullSecrets. The changes include modifications to the values.yaml, serviceaccount.yaml, README.md, Chart.yaml, and CHANGELOG.md files.

Key changes:

Enhancements and fixes:

• charts/falco/values.yaml: Added imagePullSecrets to the service account configuration to support pulling from private/secure registries.
• charts/falco/templates/serviceaccount.yaml: Updated the service account template to include imagePullSecrets.

Documentation updates:

• charts/falco/README.md: Added documentation for the imagePullSecrets parameter in the service account section.
• charts/falco/CHANGELOG.md: Documented the changes in version 4.17.1, including the fix for imagePullSecrets.

Version bump:

• charts/falco/Chart.yaml: Updated the chart version from 4.17.0 to 4.17.1.

For most use cases, it is recommended to specify imagePullSecrets at the ServiceAccount level if all pods using that ServiceAccount need access to the same image pull secrets. This approach simplifies management and ensures consistency across your deployments.

Which issue(s) this PR fixes:

Potentiall Fixes # #673

Special notes for your reviewer:

I've already fixed the corrisponding labels in GitHub

Checklist

• Chart Version bumped
• Variables are documented in the README.md
• CHANGELOG.md updated

[poiana]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: megalucio
Once this PR has been reviewed and has the lgtm label, please assign leogr for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[leogr]

@megalucio May I ask you to rebase this PR, please?

In particular, pay attention to using the correct rebasing procedure (to avoid merge commits): https://github.com/falcosecurity/.github/blob/main/CONTRIBUTING.md#resolving-conflicts-by-rebasing

If you are unsure or need any help, please don't hesitate to let me know.

Thanks in advance 🙏

[alacuku]

Is there a specific use case that the current solution does not support? The chart sets the imagePullSecrets at the pod level, why do we need to add it to the service account?

[megalucio]

Is there a specific use case that the current solution does not support? The chart sets the imagePullSecrets at the pod level, why do we need to add it to the service account?

Yes, in order to support this: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account.

As far as I understand for most use cases, it is recommended to specify imagePullSecrets at the ServiceAccount level if all pods using that ServiceAccount need access to the same image pull secrets. This approach simplifies management and ensures consistency across deployments.

This changes will make sure we support both cases.

[poiana]

Thanks for your pull request. Before we can look at it, you'll need to add a 'DCO signoff' to your commits.

📝 Please follow instructions in the contributing guide to update your commits with the DCO

Full details of the Developer Certificate of Origin can be found at developercertificate.org.

The list of commits missing DCO signoff:

• b9769b3 Keep it as list

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.