Explicitly set "privileged" security context to false

While this is the default option in Kubernetes, this ensures that
the Operator containers use this setting.

Author: Jonathan S. Katz

deploy/deployment.json

@@ -34,6 +34,7 @@
                         "imagePullPolicy": "IfNotPresent",
                         "securityContext": {
                           "allowPrivilegeEscalation": false,
+                          "privileged": false,
                           "readOnlyRootFilesystem": true
                         },
                         "ports": [
@@ -123,6 +124,7 @@
                         "imagePullPolicy": "IfNotPresent",
                         "securityContext": {
                           "allowPrivilegeEscalation": false,
+                          "privileged": false,
                           "readOnlyRootFilesystem": true
                         },
                         "readinessProbe": {
@@ -179,6 +181,7 @@
                         "image": "$PGO_IMAGE_PREFIX/pgo-scheduler:$PGO_IMAGE_TAG",
                         "securityContext": {
                           "allowPrivilegeEscalation": false,
+                          "privileged": false,
                           "readOnlyRootFilesystem": true
                         },
                         "livenessProbe": {
@@ -236,6 +239,7 @@
                         "image": "$PGO_IMAGE_PREFIX/pgo-event:$PGO_IMAGE_TAG",
                         "securityContext": {
                           "allowPrivilegeEscalation": false,
+                          "privileged": false,
                           "readOnlyRootFilesystem": true
                         },
                         "livenessProbe": {

installers/ansible/roles/pgo-operator/files/pgo-configs/backrest-job.json

@@ -44,6 +44,7 @@
                     "image": "{{.CCPImagePrefix}}/crunchy-pgbackrest:{{.CCPImageTag}}",
                     "securityContext": {
                       "allowPrivilegeEscalation": false,
+                      "privileged": false,
                       "readOnlyRootFilesystem": true
                     },
                     "volumeMounts": [

installers/ansible/roles/pgo-operator/files/pgo-configs/cluster-bootstrap-job.json

@@ -31,6 +31,7 @@
                     "image": "{{.CCPImagePrefix}}/{{.CCPImage}}:{{.CCPImageTag}}",
                     "securityContext": {
                       "allowPrivilegeEscalation": false,
+                      "privileged": false,
                       "readOnlyRootFilesystem": true
                     },
                     {{.ContainerResources}}

installers/ansible/roles/pgo-operator/files/pgo-configs/cluster-deployment.json

@@ -44,6 +44,7 @@
                     "image": "{{.CCPImagePrefix}}/{{.CCPImage}}:{{.CCPImageTag}}",
                     "securityContext": {
                       "allowPrivilegeEscalation": false,
+                      "privileged": false,
                       "readOnlyRootFilesystem": true
                     },
                     "readinessProbe": {

installers/ansible/roles/pgo-operator/files/pgo-configs/exporter.json

@@ -3,6 +3,7 @@
     "image": "{{.PGOImagePrefix}}/crunchy-postgres-exporter:{{.PGOImageTag}}",
     "securityContext": {
       "allowPrivilegeEscalation": false,
+      "privileged": false,
       "readOnlyRootFilesystem": true
     },
     "ports": [{

installers/ansible/roles/pgo-operator/files/pgo-configs/pgadmin-template.json

@@ -45,6 +45,7 @@
           "image": "{{.CCPImagePrefix}}/crunchy-pgadmin4:{{.CCPImageTag}}",
           "securityContext": {
             "allowPrivilegeEscalation": false,
+            "privileged": false,
             "readOnlyRootFilesystem": true
           },
           "ports": [{

installers/ansible/roles/pgo-operator/files/pgo-configs/pgbadger.json

@@ -3,6 +3,7 @@
     "image": "{{.CCPImagePrefix}}/crunchy-pgbadger:{{.CCPImageTag}}",
     "securityContext": {
         "allowPrivilegeEscalation": false,
+        "privileged": false,
         "readOnlyRootFilesystem": true
     },
     "ports": [ {

installers/ansible/roles/pgo-operator/files/pgo-configs/pgbouncer-template.json

@@ -50,6 +50,7 @@
                     "image": "{{.CCPImagePrefix}}/crunchy-pgbouncer:{{.CCPImageTag}}",
                     "securityContext": {
                       "allowPrivilegeEscalation": false,
+                      "privileged": false,
                       "readOnlyRootFilesystem": true
                     },
                     "ports": [{

installers/ansible/roles/pgo-operator/files/pgo-configs/pgdump-job.json

@@ -46,6 +46,7 @@
                         "image": "{{.CCPImagePrefix}}/crunchy-postgres-ha:{{.CCPImageTag}}",
                         "securityContext": {
                           "allowPrivilegeEscalation": false,
+                          "privileged": false,
                           "readOnlyRootFilesystem": true
                         },
                         "command": ["/opt/crunchy/bin/uid_postgres.sh"],

installers/ansible/roles/pgo-operator/files/pgo-configs/pgo-backrest-repo-template.json

@@ -54,6 +54,7 @@
                     "image": "{{.CCPImagePrefix}}/crunchy-pgbackrest-repo:{{.CCPImageTag}}",
                     "securityContext": {
                       "allowPrivilegeEscalation": false,
+                      "privileged": false,
                       "readOnlyRootFilesystem": true
                     },
                     "ports": [{