diff --git a/staging/src/k8s.io/kubectl/pkg/cmd/debug/debug_test.go b/staging/src/k8s.io/kubectl/pkg/cmd/debug/debug_test.go index 08225f8e6b8..118c38661ba 100644 --- a/staging/src/k8s.io/kubectl/pkg/cmd/debug/debug_test.go +++ b/staging/src/k8s.io/kubectl/pkg/cmd/debug/debug_test.go @@ -1201,6 +1201,46 @@ func TestGeneratePodCopyWithDebugContainer(t *testing.T) { }, }, }, + { + name: "baseline profile not share process when user explicitly disables it", + opts: &DebugOptions{ + CopyTo: "debugger", + Container: "debugger", + Image: "busybox", + PullPolicy: corev1.PullIfNotPresent, + Profile: ProfileBaseline, + ShareProcesses: false, + shareProcessedChanged: true, + }, + havePod: &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "target", + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "debugger", + }, + }, + NodeName: "node-1", + }, + }, + wantPod: &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "debugger", + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "debugger", + Image: "busybox", + ImagePullPolicy: corev1.PullIfNotPresent, + }, + }, + ShareProcessNamespace: pointer.Bool(false), + }, + }, + }, { name: "restricted profile", opts: &DebugOptions{ diff --git a/staging/src/k8s.io/kubectl/pkg/cmd/debug/profiles.go b/staging/src/k8s.io/kubectl/pkg/cmd/debug/profiles.go index 609e4575267..3684478d570 100644 --- a/staging/src/k8s.io/kubectl/pkg/cmd/debug/profiles.go +++ b/staging/src/k8s.io/kubectl/pkg/cmd/debug/profiles.go @@ -250,7 +250,9 @@ func useHostNamespaces(p *corev1.Pod) { // shareProcessNamespace configures all containers in the pod to share the // process namespace. func shareProcessNamespace(p *corev1.Pod) { - p.Spec.ShareProcessNamespace = pointer.Bool(true) + if p.Spec.ShareProcessNamespace == nil { + p.Spec.ShareProcessNamespace = pointer.Bool(true) + } } // clearSecurityContext clears the security context for the container.