diff --git a/go.mod b/go.mod index 7d5e66ccb..019924e23 100644 --- a/go.mod +++ b/go.mod @@ -30,10 +30,10 @@ require ( github.com/stretchr/testify v1.8.1 golang.org/x/sys v0.5.0 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.0.0-20230310084041-7785f7653f92 - k8s.io/apimachinery v0.0.0-20230310083533-ca95f42b2383 + k8s.io/api v0.0.0-20230310084044-182afbd21219 + k8s.io/apimachinery v0.0.0-20230310083535-8fccf3d61224 k8s.io/cli-runtime v0.0.0-20230310093857-5c6f9c63192f - k8s.io/client-go v0.0.0-20230310084519-d2ebc4d27c5a + k8s.io/client-go v0.0.0-20230310170151-6df09021f998 k8s.io/component-base v0.0.0-20230310085212-d69652187fff k8s.io/component-helpers v0.0.0-20230310085329-cb3213391b8c k8s.io/klog/v2 v2.90.1 @@ -91,10 +91,10 @@ require ( ) replace ( - k8s.io/api => k8s.io/api v0.0.0-20230310084041-7785f7653f92 - k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20230310083533-ca95f42b2383 + k8s.io/api => k8s.io/api v0.0.0-20230310084044-182afbd21219 + k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20230310083535-8fccf3d61224 k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20230310093857-5c6f9c63192f - k8s.io/client-go => k8s.io/client-go v0.0.0-20230310084519-d2ebc4d27c5a + k8s.io/client-go => k8s.io/client-go v0.0.0-20230310170151-6df09021f998 k8s.io/code-generator => k8s.io/code-generator v0.0.0-20230310082919-4a4a238d07ff k8s.io/component-base => k8s.io/component-base v0.0.0-20230310085212-d69652187fff k8s.io/component-helpers => k8s.io/component-helpers v0.0.0-20230310085329-cb3213391b8c diff --git a/go.sum b/go.sum index 975c56e64..0913f19f5 100644 --- a/go.sum +++ b/go.sum @@ -531,14 +531,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.0.0-20230310084041-7785f7653f92 h1:Bcf6XSNDjTLbkKqalEH4WESD5jGuuMg56WfZBxye6Oc= -k8s.io/api v0.0.0-20230310084041-7785f7653f92/go.mod h1:54YtNzxdtIDMfqQTVaBmptCRgtrUw9mSUMvt9sCX3fI= -k8s.io/apimachinery v0.0.0-20230310083533-ca95f42b2383 h1:hc7CTuFg8uUBL3NHB1LPOj6xlSyy52zvy4rwyPtrils= -k8s.io/apimachinery v0.0.0-20230310083533-ca95f42b2383/go.mod h1:RWA+8iKvi6iwtPZ0MMwtZSlZRiH+SnmQH2SbXJrVDPQ= +k8s.io/api v0.0.0-20230310084044-182afbd21219 h1:Zi16ywjzp2CqeHJZoz3N0RlFu20NqeuIzqY1RkRg4FU= +k8s.io/api v0.0.0-20230310084044-182afbd21219/go.mod h1:BufeAXF75avqFSWCYqXkvwYrwI4ZAem3uLWUZFS14hw= +k8s.io/apimachinery v0.0.0-20230310083535-8fccf3d61224 h1:LhE0BNPRZYIEMmTBywXwvw3P3YtfPIo3xRefHYrbR0s= +k8s.io/apimachinery v0.0.0-20230310083535-8fccf3d61224/go.mod h1:RWA+8iKvi6iwtPZ0MMwtZSlZRiH+SnmQH2SbXJrVDPQ= k8s.io/cli-runtime v0.0.0-20230310093857-5c6f9c63192f h1:u47kCmJLLP6yqafHhGlUS0xEnD+nrcSr6ZvXKnMD/9M= k8s.io/cli-runtime v0.0.0-20230310093857-5c6f9c63192f/go.mod h1:5DoshHAhpomXS+3lFu3kcyXmaEbK7Rs6UVmdz+bDafo= -k8s.io/client-go v0.0.0-20230310084519-d2ebc4d27c5a h1:YPm/O39dwIK1TccLAPI4kqp5cgyR5069FnrUeTDfcEM= -k8s.io/client-go v0.0.0-20230310084519-d2ebc4d27c5a/go.mod h1:RYmoEfRTbcCyQuxzOrnKnLil0oReXeKAYKHP6h5V6oM= +k8s.io/client-go v0.0.0-20230310170151-6df09021f998 h1:gxGnQVRtt2NmwPYoPu+6xp+Y1lB3srWAA/kkXTQmQUQ= +k8s.io/client-go v0.0.0-20230310170151-6df09021f998/go.mod h1:seT1S8LUx48CIppmquME8d52oZQTiI2CX577lxB8cXA= k8s.io/component-base v0.0.0-20230310085212-d69652187fff h1:xIjiK+aBPzY5Mqh/lFvmlfgvS1O35/hyhPw/LTmYyNA= k8s.io/component-base v0.0.0-20230310085212-d69652187fff/go.mod h1:Z2LoX89dLUu0xNvMSY057kEMNJjD/XD53nEyD0Lji2s= k8s.io/component-helpers v0.0.0-20230310085329-cb3213391b8c h1:qnXD7igEVg82/LZYld7bs2tJvYa4ODJkaGohe9Hy4yA= diff --git a/pkg/cmd/debug/debug_test.go b/pkg/cmd/debug/debug_test.go index 08225f8e6..118c38661 100644 --- a/pkg/cmd/debug/debug_test.go +++ b/pkg/cmd/debug/debug_test.go @@ -1201,6 +1201,46 @@ func TestGeneratePodCopyWithDebugContainer(t *testing.T) { }, }, }, + { + name: "baseline profile not share process when user explicitly disables it", + opts: &DebugOptions{ + CopyTo: "debugger", + Container: "debugger", + Image: "busybox", + PullPolicy: corev1.PullIfNotPresent, + Profile: ProfileBaseline, + ShareProcesses: false, + shareProcessedChanged: true, + }, + havePod: &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "target", + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "debugger", + }, + }, + NodeName: "node-1", + }, + }, + wantPod: &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "debugger", + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "debugger", + Image: "busybox", + ImagePullPolicy: corev1.PullIfNotPresent, + }, + }, + ShareProcessNamespace: pointer.Bool(false), + }, + }, + }, { name: "restricted profile", opts: &DebugOptions{ diff --git a/pkg/cmd/debug/profiles.go b/pkg/cmd/debug/profiles.go index 609e45752..3684478d5 100644 --- a/pkg/cmd/debug/profiles.go +++ b/pkg/cmd/debug/profiles.go @@ -250,7 +250,9 @@ func useHostNamespaces(p *corev1.Pod) { // shareProcessNamespace configures all containers in the pod to share the // process namespace. func shareProcessNamespace(p *corev1.Pod) { - p.Spec.ShareProcessNamespace = pointer.Bool(true) + if p.Spec.ShareProcessNamespace == nil { + p.Spec.ShareProcessNamespace = pointer.Bool(true) + } } // clearSecurityContext clears the security context for the container.