From 175bda134358f5e4ad46b9c985e88b2fb6b3caca Mon Sep 17 00:00:00 2001
From: Andrii Dema <a.dema@jazzserve.com>
Date: Tue, 1 Jul 2025 14:39:33 +0300
Subject: [PATCH] K8SPG-757: restricted security context for patroni version
 check container

https://perconadev.atlassian.net/browse/K8SPG-757
---
 percona/controller/pgcluster/controller.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/percona/controller/pgcluster/controller.go b/percona/controller/pgcluster/controller.go
index f3e0d0392..e77867a91 100644
--- a/percona/controller/pgcluster/controller.go
+++ b/percona/controller/pgcluster/controller.go
@@ -38,6 +38,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/source"
 
 	"github.com/percona/percona-postgresql-operator/internal/controller/runtime"
+	"github.com/percona/percona-postgresql-operator/internal/initialize"
 	"github.com/percona/percona-postgresql-operator/internal/logging"
 	"github.com/percona/percona-postgresql-operator/internal/naming"
 	"github.com/percona/percona-postgresql-operator/internal/postgres"
@@ -431,7 +432,8 @@ func (r *PGClusterReconciler) reconcilePatroniVersionCheck(ctx context.Context,
 						Args: []string{
 							"-c", "sleep 60",
 						},
-						Resources: cr.Spec.InstanceSets[0].Resources,
+						Resources:       cr.Spec.InstanceSets[0].Resources,
+						SecurityContext: initialize.RestrictedSecurityContext(cr.CompareVersion("2.5.0") >= 0),
 					},
 				},
 				SecurityContext:               cr.Spec.InstanceSets[0].SecurityContext,