feat: add global.images registry, pullSecrets, and pullPolicy support to nri-bundle charts

[dpacheconr]

Summary

Add support for cascading global.images.registry, pullSecrets, and pullPolicy from global settings to newrelic-logging.

Phase 1: Global.Images.Registry Support ✅

• Added newrelic-logging.persistenceInitContainerImage helper in _helpers.tpl
• Updated daemonset.yaml init container to use the helper instead of hardcoded busybox:1.36
• Added fluentBit.persistenceInitContainerImage configuration to values.yaml

Phase 2: Global.Images.PullSecrets Support ✅

• Updated daemonset.yaml to include global.images.pullSecrets alongside chart-level image.pullSecrets
• Both sources are concatenated (global first) and passed to the existing newrelic.common.images.renderPullSecrets helper

Phase 3: Global.Images.PullPolicy Support ✅

• Added newrelic-logging.imagePullPolicy helper in _helpers.tpl
• Added newrelic-logging.persistenceInitContainerImagePullPolicy helper in _helpers.tpl
• Updated daemonset.yaml to use pullPolicy helpers for both main container and init container
• Configuration respects hierarchy: chart-level setting → global setting → default (IfNotPresent)

Configuration Hierarchy

For Image Registry:

1. Explicit fluentBit.persistenceInitContainerImage.repository at chart level (takes precedence)
2. global.images.registry (used when repository matches default)
3. Default: busybox

For ImagePullSecrets:

1. image.pullSecrets (chart level, highest priority)
2. global.images.pullSecrets

Both sources are concatenated to support flexible secret management.

For ImagePullPolicy:

1. Chart-level image.pullPolicy / fluentBit.persistenceInitContainerImage.pullPolicy (highest priority)
2. global.images.pullPolicy
3. Default: IfNotPresent

Implementation Details

• If fluentBit.persistenceInitContainerImage.repository is explicitly set to a custom value, it takes precedence over global registry
• If global.images.registry is set and repository matches the default (busybox), the global registry is prepended
• If global registry is not set, the chart default (busybox:1.36) is used unchanged
• PullPolicy helpers ensure chart-level settings always win; global cascades when no explicit chart configuration is provided

Test Plan

Phase 1 (Registry):

• ✓ Default busybox:1.36 image used when no global registry set
• ✓ Global registry is prepended when set and repository is default (my-registry.com/busybox:1.36)
• ✓ Chart-level repository overrides global registry

Phase 2 (PullSecrets):

• ✓ No pullSecrets set → No imagePullSecrets section rendered
• ✓ Global pullSecrets only → Used
• ✓ Both global + chart pullSecrets → Concatenated (global first)

Phase 3 (PullPolicy):

• ✓ Defaults to IfNotPresent when neither chart nor global value is set (main and init container)
• ✓ Global pullPolicy is used when no chart-specific value is set
• ✓ Chart-level pullPolicy overrides global (main and init container)

License Key:

• ✓ LICENSE_KEY env references correct secret name (<release>-newrelic-logging-config) and key (license)
• ✓ customSecretName + customSecretLicenseKey values are used correctly when set

Impact

Once merged, users can configure newrelic-logging image pull behaviour globally:

global:
  images:
    registry: "my.private.registry.com"
    pullSecrets:
      - name: my-registry-credentials
    pullPolicy: Always

[dpacheconr]

Rebased onto master, resolved conflicts, and fixed several issues found during the rebase: added missing persistenceInitContainerImage helper (was called but undefined), corrected pullPolicy precedence to chart → global → default, wired both containers to use the helpers instead of direct .Values access, and added test coverage.

[dpacheconr]

Closing in favour of #2023 which now consolidates all changes from this PR. The global.images registry, pullSecrets, and pullPolicy helpers + daemonset wiring + images_test.yaml have been merged into that branch.