ServiceAccount is always created with
imagePullSecrets:
- name: ibm-entitlement-key

In cases where the MQ image is pulled from a private registry, which may be the most common case when using the helm chart, that secret will most likely not exist.
This then leads to a lot of (unnecessary and potentially confusing) warning events on the MQ pods:
# kubectl events -n mq-s
LAST SEEN TYPE REASON OBJECT MESSAGE
30m (x58 over 95m) Warning FailedToRetrieveImagePullSecret Pod/mq1se-ibm-mq-2 Unable to retrieve some image pull secrets (ibm-entitlement-key); attempting to pull the image may not succeed.

My suggestion would be to either make the ibm-entitlement-key item optional (via helm value) - or just remove it, as it could be easily injected through the generic image.pullSecretvalues.