K8SPS-340: add securityContext to xtrabackup container (#656)

* K8SPS-340: add securityContext to `xtrabackup` container

https://perconadev.atlassian.net/browse/K8SPS-340

* update `cr.yaml`

---------

Co-authored-by: Viacheslav Sarzhan <[email protected]>

Author: pooknull

deploy/cr.yaml

@@ -372,6 +372,8 @@ spec:
 #    backoffLimit: 6
     imagePullPolicy: Always
 #    initImage: percona/percona-server-mysql-operator:0.8.0
+#    containerSecurityContext:
+#      privileged: true
     storages:
       s3-us-west:
         type: s3

e2e-tests/tests/gr-security-context/02-assert.yaml

@@ -20,6 +20,8 @@ spec:
       - command:
         - /opt/percona/sidecar
         name: xtrabackup
+        securityContext:
+          privileged: false
       initContainers:
       - command:
         - /opt/percona-server-mysql-operator/ps-init-entrypoint.sh

e2e-tests/tests/gr-security-context/02-create-cluster.yaml

@@ -18,6 +18,7 @@ commands:
       	| yq eval '.spec.backup.storages.minio.containerSecurityContext.privileged=true' - \
       	| yq eval '.spec.backup.storages.minio.podSecurityContext.fsGroup=1001' - \
       	| yq eval '.spec.backup.storages.minio.podSecurityContext.supplementalGroups |= [1001, 1002, 1003]' - \
+      	| yq eval '.spec.backup.containerSecurityContext.privileged=false' - \
       	| yq eval '.spec.mysql.clusterType="group-replication"' - \
       	| yq eval '.spec.mysql.containerSecurityContext.privileged=true' - \
       	| yq eval '.spec.mysql.podSecurityContext.fsGroup=1001' - \

pkg/mysql/mysql.go

@@ -591,6 +591,7 @@ func backupContainer(cr *apiv1alpha1.PerconaServerMySQL) corev1.Container {
 		Command:                  []string{"/opt/percona/sidecar"},
 		TerminationMessagePath:   "/dev/termination-log",
 		TerminationMessagePolicy: corev1.TerminationMessageReadFile,
+		SecurityContext:          cr.Spec.Backup.ContainerSecurityContext,
 	}
 }