kubernetes setting tty to false not working as (I) expected

kubectl exec is a debugging tool that spawns an additional process inside an existing pod's container. That additional process can independently have a virtual tty attached to it, or not. Separately, you can also usually run an interactive shell with or without a tty attached to it, so long as it can still read commands from its stdin and write responses to its stdout.

In practice you should almost never need to set tty: true for a Kubernetes container. Setting it or not only affects the main process in the container and not anything you launch with kubectl exec or other similar debugging tools.

If your goal here is to prevent kubectl exec then you need to use the Kubernetes permissions system to disallow it. In some cases it may be possible to build a very hardened container that doesn't contain a shell, which would also effectively disable kubectl exec (though it also makes some kinds of debugging much harder); this is only really possible if you're using a compiled language and don't need a complex launcher script (most often, a FROM scratch image for a statically-linked Go program).

Not so while ago I came across this dive in article into kubectl exec which i think you may find interesting.

Second is this stack case where one of the community user go thru and shows couple of process differences with container started with -i and -t and without those.

Last thing worth to mention that you also have kubectl attach to your disposal:

In addition to interactive execution of commands, you can now alsoattach to any running process. Like kubectl logs, you’ll get stderrand stdout data, but with attach, you’ll also be able to send stdinfrom your terminal to the program. Awesome for interactive debugging,or even just sending ctrl-c to a misbehaving application.

The differences here is that the process you interact with. Attach will interact with the one currently running (there is no choice).