If you don’t know that intrusion attempts are a constant, ongoing, unsurprising thing, then perhaps not exposing services to the Internet is a good idea after all.
If the container wasn’t already Trojaned, then that’d mean that this person fetched a container, ran it, then port forwarded from the public Internet to an open port on it, it seems. That’s just bananas and the worst idea ever. postgresql should always be used over a Unix socket for anything public facing, or should be bound to a specific non-public IP and port, then access should be limited to a specific non-public network or IP. These are well known things.
A 3000 plus word article about Kubernetes RBAC, Calico, Cilium, Anchore Engine, Falco, et cetera, does a good job of showing how much more work containers really can be. How much easier is it to simply install postgreql via the OS’s preferred package management, then configuring access for it properly?