Upgrade postgres to latest minor release to address vulnerabilities (#2235)

Summary: Upgrade postgres to latest minor release to address
vulnerabilities

This PR replaces the upstream `postgres:14-alpine` image with a custom
build from the official Docker Library PostgreSQL repository. The
upstream hasn't published updated images for ~1 month, during which a
high vulnerability was discovered in the latest `postgres:14-alpine`
image.

We've temporarily pushed a patched version to our ghcr.io repository
(ghcr.io/pixie-io/postgres:14-alpine-pl1) until the official upstream
images are updated.

Relevant Issues: N/A

Type of change: /kind dependencies

Test Plan: Verified `trivy image` scan is clean for this rebuild unlike
the latest `postgres:14-alpine` image
```
$ trivy image ghcr.io/pixie-io/postgres:14-alpine-pl1@sha256:237c5fcf79b230979e12fe02f46e0ad29565b4ecb7cb15047197cbb9a6549e8d

ghcr.io/pixie-io/postgres:14-alpine-pl1@sha256:237c5fcf79b230979e12fe02f46e0ad29565b4ecb7cb15047197cbb9a6549e8d (alpine 3.22.0)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

$ trivy image postgres:14-alpine@sha256:5a8881bdd1afaaa4c95198dfb0a726340edca70b9f4893006bfa69d4bac30e22

postgres:14-alpine@sha256:5a8881bdd1afaaa4c95198dfb0a726340edca70b9f4893006bfa69d4bac30e22 (alpine 3.22.0)

Total: 4 (UNKNOWN: 2, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)

```

Signed-off-by: Dom Del Nano <[email protected]>

Author: ddelnano

k8s/cloud/dev/plugin_db_updater_job.yaml

@@ -15,7 +15,10 @@ spec:
     spec:
       initContainers:
       - name: postgres-wait
-        image: postgres:14-alpine@sha256:446abaf8831c54f57212c0ae52f5df84e69eeb2767e2376d07bed9c9742b1243
+        # TODO(ddelnano): This image was rebuilt from https://github.com/docker-library/postgres 14-alpine
+        # to remediate a critical vulnerability. Switch back to upstream once fixed.
+        # yamllint disable-line rule:line-length
+        image: ghcr.io/pixie-io/postgres:14-alpine-pl1@sha256:237c5fcf79b230979e12fe02f46e0ad29565b4ecb7cb15047197cbb9a6549e8d
         command: ['sh', '-c',
                   'until pg_isready -h ${PL_POSTGRES_HOSTNAME} -p ${PL_POSTGRES_PORT}; do
                   echo "waiting for postgres";

k8s/cloud/public/base/plugin_db_updater_job.yaml

@@ -15,7 +15,10 @@ spec:
     spec:
       initContainers:
       - name: postgres-wait
-        image: postgres:14-alpine@sha256:446abaf8831c54f57212c0ae52f5df84e69eeb2767e2376d07bed9c9742b1243
+        # TODO(ddelnano): This image was rebuilt from https://github.com/docker-library/postgres 14-alpine
+        # to remediate a critical vulnerability. Switch back to upstream once fixed.
+        # yamllint disable-line rule:line-length
+        image: ghcr.io/pixie-io/postgres:14-alpine-pl1@sha256:237c5fcf79b230979e12fe02f46e0ad29565b4ecb7cb15047197cbb9a6549e8d
         command: ['sh', '-c',
                   'until pg_isready -h ${PL_POSTGRES_HOSTNAME} -p ${PL_POSTGRES_PORT}; do
                   echo "waiting for postgres";

k8s/cloud_deps/dev/postgres/postgres_deployment.yaml

@@ -14,7 +14,10 @@ spec:
     spec:
       containers:
       - name: postgres
-        image: postgres:14-alpine@sha256:446abaf8831c54f57212c0ae52f5df84e69eeb2767e2376d07bed9c9742b1243
+        # TODO(ddelnano): This image was rebuilt from https://github.com/docker-library/postgres 14-alpine
+        # to remediate a critical vulnerability. Switch back to upstream once fixed.
+        # yamllint disable-line rule:line-length
+        image: ghcr.io/pixie-io/postgres:14-alpine-pl1@sha256:237c5fcf79b230979e12fe02f46e0ad29565b4ecb7cb15047197cbb9a6549e8d
         ports:
         - containerPort: 5432
         env:

k8s/cloud_deps/public/postgres/postgres_deployment.yaml

@@ -14,7 +14,10 @@ spec:
     spec:
       containers:
       - name: postgres
-        image: postgres:14-alpine@sha256:446abaf8831c54f57212c0ae52f5df84e69eeb2767e2376d07bed9c9742b1243
+        # TODO(ddelnano): This image was rebuilt from https://github.com/docker-library/postgres 14-alpine
+        # to remediate a critical vulnerability. Switch back to upstream once fixed.
+        # yamllint disable-line rule:line-length
+        image: ghcr.io/pixie-io/postgres:14-alpine-pl1@sha256:237c5fcf79b230979e12fe02f46e0ad29565b4ecb7cb15047197cbb9a6549e8d
         ports:
         - containerPort: 5432
         env:

k8s/clusters/prod/db_reader.yaml

@@ -14,7 +14,10 @@ spec:
         name: db-reader
     spec:
       containers:
-      - image: postgres:14-alpine@sha256:446abaf8831c54f57212c0ae52f5df84e69eeb2767e2376d07bed9c9742b1243
+      # TODO(ddelnano): This image was rebuilt from https://github.com/docker-library/postgres 14-alpine
+      # to remediate a critical vulnerability. Switch back to upstream once fixed.
+      # yamllint disable-line rule:line-length
+      - image: ghcr.io/pixie-io/postgres:14-alpine-pl1@sha256:237c5fcf79b230979e12fe02f46e0ad29565b4ecb7cb15047197cbb9a6549e8d
         imagePullPolicy: IfNotPresent
         name: psql
         command: ["bash"]

k8s/clusters/staging/db_reader.yaml

@@ -14,7 +14,10 @@ spec:
         name: db-reader
     spec:
       containers:
-      - image: postgres:14-alpine@sha256:446abaf8831c54f57212c0ae52f5df84e69eeb2767e2376d07bed9c9742b1243
+      # TODO(ddelnano): This image was rebuilt from https://github.com/docker-library/postgres 14-alpine
+      # to remediate a critical vulnerability. Switch back to upstream once fixed.
+      # yamllint disable-line rule:line-length
+      - image: ghcr.io/pixie-io/postgres:14-alpine-pl1@sha256:237c5fcf79b230979e12fe02f46e0ad29565b4ecb7cb15047197cbb9a6549e8d
         imagePullPolicy: IfNotPresent
         name: psql
         command: ["bash"]

k8s/clusters/testing/db_reader.yaml

@@ -14,7 +14,10 @@ spec:
         name: db-reader
     spec:
       containers:
-      - image: postgres:14-alpine@sha256:446abaf8831c54f57212c0ae52f5df84e69eeb2767e2376d07bed9c9742b1243
+      # TODO(ddelnano): This image was rebuilt from https://github.com/docker-library/postgres 14-alpine
+      # to remediate a critical vulnerability. Switch back to upstream once fixed.
+      # yamllint disable-line rule:line-length
+      - image: ghcr.io/pixie-io/postgres:14-alpine-pl1@sha256:237c5fcf79b230979e12fe02f46e0ad29565b4ecb7cb15047197cbb9a6549e8d
         imagePullPolicy: IfNotPresent
         name: psql
         command: ["bash"]