add postgres securityContext at pod level

config/crd/bases/awx.ansible.com_awxs.yaml

@@ -1902,6 +1902,10 @@ spec:
                 description: Set session cookie secure mode for web
                 type: string
               postgres_security_context_settings:
+                description: Key/values that will be set under the container-level securityContext field
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              postgres_pod_security_context_settings:
                 description: Key/values that will be set under the pod-level securityContext field
                 type: object
                 x-kubernetes-preserve-unknown-fields: true

config/manifests/bases/awx-operator.clusterserviceversion.yaml

@@ -134,11 +134,16 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: PostgreSQL Security Context Settings
+      - displayName: PostgreSQL Container Security Context Settings
         path: postgres_security_context_settings
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: PostgreSQL Pod Security Context Settings
+        path: postgres_pod_security_context_settings
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: PostgreSQL Image
         path: postgres_image
         x-descriptors:

docs/user-guide/advanced-configuration/security-context.md

@@ -2,10 +2,11 @@
 
 It is possible to modify some `SecurityContext` proprieties of the various deployments and stateful sets if needed.
 
-| Name                               | Description                                  | Default |
-| ---------------------------------- | -------------------------------------------- | ------- |
-| security_context_settings          | SecurityContext for Task and Web deployments | {}      |
-| postgres_security_context_settings | SecurityContext for PostgreSQL container | {}      |
+| Name                                   | Description                                  | Default |
+| -------------------------------------- | -------------------------------------------- | ------- |
+| security_context_settings              | SecurityContext for Task and Web deployments | {}      |
+| postgres_security_context_settings     | SecurityContext for PostgreSQL container     | {}      |
+| postgres_pod_security_context_settings | SecurityContext for PostgreSQL pod           | {}      |
 
 Example configuration securityContext for the Task and Web deployments:
 

roles/installer/defaults/main.yml

@@ -464,6 +464,7 @@ development_mode: false
 
 security_context_settings: {}
 postgres_security_context_settings: {}
+postgres_pod_security_context_settings: {}
 
 # Set no_log settings on certain tasks
 no_log: true

roles/installer/templates/statefulsets/postgres.yaml.j2

@@ -149,6 +149,10 @@ spec:
       tolerations:
         {{ postgres_tolerations | indent(width=8) }}
 {% endif %}
+{% if postgres_pod_security_context_settings|length %}
+      securityContext:
+        {{ postgres_pod_security_context_settings | to_nice_yaml | indent(8) }}
+{% endif %}
 {% if postgres_extra_volumes %}
       volumes:
         {{ postgres_extra_volumes | indent(width=8, first=False) }}