Merge pull request #116366 from ardaguclu/fix-shareprocess-explicit

kubectl debug: Not share process namespace if user explicitly disables it

staging/src/k8s.io/kubectl/pkg/cmd/debug/debug_test.go

@@ -1201,6 +1201,46 @@ func TestGeneratePodCopyWithDebugContainer(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "baseline profile not share process when user explicitly disables it",
+			opts: &DebugOptions{
+				CopyTo:                "debugger",
+				Container:             "debugger",
+				Image:                 "busybox",
+				PullPolicy:            corev1.PullIfNotPresent,
+				Profile:               ProfileBaseline,
+				ShareProcesses:        false,
+				shareProcessedChanged: true,
+			},
+			havePod: &corev1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "target",
+				},
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{
+						{
+							Name: "debugger",
+						},
+					},
+					NodeName: "node-1",
+				},
+			},
+			wantPod: &corev1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "debugger",
+				},
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{
+						{
+							Name:            "debugger",
+							Image:           "busybox",
+							ImagePullPolicy: corev1.PullIfNotPresent,
+						},
+					},
+					ShareProcessNamespace: pointer.Bool(false),
+				},
+			},
+		},
 		{
 			name: "restricted profile",
 			opts: &DebugOptions{

staging/src/k8s.io/kubectl/pkg/cmd/debug/profiles.go

@@ -250,8 +250,10 @@ func useHostNamespaces(p *corev1.Pod) {
 // shareProcessNamespace configures all containers in the pod to share the
 // process namespace.
 func shareProcessNamespace(p *corev1.Pod) {
+	if p.Spec.ShareProcessNamespace == nil {
 		p.Spec.ShareProcessNamespace = pointer.Bool(true)
 	}
+}
 
 // clearSecurityContext clears the security context for the container.
 func clearSecurityContext(p *corev1.Pod, containerName string) {