diff --git a/helm/kagent/templates/_helpers.tpl b/helm/kagent/templates/_helpers.tpl
index 816f6638a..b14e8d0f9 100644
--- a/helm/kagent/templates/_helpers.tpl
+++ b/helm/kagent/templates/_helpers.tpl
@@ -146,3 +146,16 @@ A2A Base URL - computes the default URL based on the controller service name if
 {{- printf "http://%s-controller.%s.svc.cluster.local:%d" (include "kagent.fullname" .) (include "kagent.namespace" .) (.Values.controller.service.ports.port | int) -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+imagePullSecrets from global values (for subchart usage).
+Reads .Values.global.imagePullSecrets set by the parent chart.
+*/}}
+{{- define "kagent.imagePullSecrets" -}}
+{{- $global := ((.Values.global).imagePullSecrets) | default list -}}
+{{- if $global -}}
+imagePullSecrets:
+{{- toYaml $global | nindent 2 }}
+{{- end -}}
+{{- end -}}
+
diff --git a/helm/kagent/templates/postgresql.yaml b/helm/kagent/templates/postgresql.yaml
index 99927f121..01e2a2329 100644
--- a/helm/kagent/templates/postgresql.yaml
+++ b/helm/kagent/templates/postgresql.yaml
@@ -48,6 +48,7 @@ spec:
         {{- include "kagent.selectorLabels" . | nindent 8 }}
         app.kubernetes.io/component: database
     spec:
+      {{- include "kagent.imagePullSecrets" $ | nindent 6 }}
       serviceAccountName: {{ $fullname }}
       securityContext:
         fsGroup: 999
diff --git a/helm/kagent/tests/postgresql_test.yaml b/helm/kagent/tests/postgresql_test.yaml
index f43337e67..08ebdc7d9 100644
--- a/helm/kagent/tests/postgresql_test.yaml
+++ b/helm/kagent/tests/postgresql_test.yaml
@@ -293,3 +293,28 @@ tests:
       - hasDocuments:
           count: 1
 
+  - it: should not render imagePullSecret by default
+    template: postgresql.yaml
+    documentIndex: 2
+    asserts:
+      - isKind:
+          of: Deployment
+      - notExists:
+          path: spec.template.spec.imagePullSecrets
+
+  - it: should render imagePullSecret when available 
+    template: postgresql.yaml
+    documentIndex: 2
+    set:
+      global.imagePullSecrets:
+      - name: secret1
+      - name: secret2
+    asserts:
+      - isKind:
+          of: Deployment
+      - equal:
+          path: spec.template.spec.imagePullSecrets
+          value:
+            - name: secret1
+            - name: secret2
+