Merge pull request kubernetes#4520 from tallclair/apparmor

k8s-ci-robot · web-flow · commit 5a7c1f332d78 · 2024-02-14T13:07:30.000-08:00
KEP-24: AppArmor - add missing PRR section
diff --git a/keps/sig-node/24-apparmor/README.md b/keps/sig-node/24-apparmor/README.md
@@ -616,6 +616,12 @@ No
 
 No
 
+###### Can enabling / using this feature result in resource exhaustion of some node resources (PIDs, sockets, inodes, etc.)?
+
+No. AppArmor profiles are managed outside of Kubernetes, and without this feature enabled the
+runtime default AppArmor profile is still enforced on non-privileged containers (for AppArmor
+enabled hosts).
+
 ### Troubleshooting
 
 ###### How does this feature react if the API server and/or etcd is unavailable?
diff --git a/keps/sig-node/24-apparmor/kep.yaml b/keps/sig-node/24-apparmor/kep.yaml
@@ -15,9 +15,9 @@ creation-date: 2020-01-10
 reviewers:
   - "@liggitt"
   - "@pjbgf"
-  - "@dchen1107"
+  - "@sftim"
+  - "@SergeyKanzhelev"
 approvers:
-  - "@liggitt"
   - "@dchen1107"
 see-also:
   - "/keps/sig-node/135-seccomp/README.md"
