Custom SecurityContext in Postgresql, OperatorConfiguration CRDs

[hshmilo]

This PR extends the Postgresql, OperatorConfiguration CRDs with the following list of properties related to pod/containers SecurityContext.
Postgresql CRD:

1. spiloSeccompProfile – adds SeccompProfile config property on the cluster pod level.
2. securityContext for the sidecars configuration – configures securityContext property for particular sidecar container.

OperatorConfiguration CRD:

1. dropped_pod_capabilities - list of dropped capabilities for spilo container.
2. spilo_seccompprofile – adds SeccompProfile config property on clusters pod level.
3. securityContext for the sidecars configuration – configures securityContext property for particular sidecar container.

This PR addresses #2223

[EmilMunksoe]

+1

[x3rus]

+1

[ugur99]

Hi everyone, any updates regarding this PR?

[m1m1x]

Hi,

any chance to review this MR please? It would be a good addition for cluster security in depth.

[mattwing]

+1 on needing this to comply with restricted profiles, as @EmilMunksoe mentioned #2223 (comment)

[Tahedah]

Hey, this is also a blocker for us since we have strict pod policies for the clusters. Is this something that will be merged soon?

[sj-porter-knime]

+1

[BalintCsonka]

+1

[mrpainte]

+1 this would allow my team to be able to deploy postgres into our clusters with this operator

[bumarcell]

Why is this MR (which will make many lives easier) ignored for over a year now? waiting only makes it more complicated to merge and now there are merge conflicts to resolve.
I hope there's a good reason for that.. 😓

[ajchiarello]

Honestly, the delay on this led me to move from this operator over the CloudNative PostgreSQL Operator, which does everything and is already secure.

[sdesbure]

Honestly, the delay on this led me to move from this operator over the CloudNative PostgreSQL Operator, which does everything and is already secure.

same here :(