Lee Verberne

/triage accepted /cc @verb @knight42 I like that you're planning on implementing the profiles incrementally. iirc the namespaces are referring to [shareProcessNamespace](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#hosts-namespaces).

/assign

/remove-lifecycle stale

@knight42 what's your availability to work on the general profile? I have some time to start working on it, too.

Hi @ardaguclu, I think this use case is more intuitive for `kubectl run`. Is there anything that `kubectl debug` would provide that's not provided by `kubectl run`?

This fits within the theme of providing a bit more configurability for `kubectl debug`. I'll add it to the list in kubernetes/enhancements#1441 to inform the design. @rcoup for your use...

That's interesting. no special capabilities are required when `shareProcessNamespace` is `true`, but otherwise `SYS_PTRACE` is required. I didn't realize that. Ok, so no, this trick doesn't work for your use...

/remove-lifecycle stale

I agree that debugging profiles covers some but not all of this feature request, and you're right that the challenge here is balancing flags vs features. One way I've considered...

> Are you picturing this to be something like providing a file with the required security context as a JSON/YAML? Yes, something like this, but it's just an idea at...