From fa9f85c7e95516f3f06b9c9e5c3934ec9c4ae3ac Mon Sep 17 00:00:00 2001
From: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
Date: Tue, 22 Mar 2022 02:36:13 +0200
Subject: [PATCH] [sysctl] set fs.may_detach_mounts=1 even when CRIs don't set
 it themselves (#8635)

---
 .../tasks/0080-system-configurations.yml       | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
index f88944d02..a1c5e97ce 100644
--- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
@@ -87,6 +87,24 @@
     reload: yes
   when: enable_dual_stack_networks | bool
 
+- name: Check if we need to set fs.may_detach_mounts
+  stat:
+    path: /proc/sys/fs/may_detach_mounts
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
+  register: fs_may_detach_mounts
+  ignore_errors: true  # noqa ignore-errors
+
+- name: Set fs.may_detach_mounts if needed
+  sysctl:
+    sysctl_file: "{{ sysctl_file_path }}"
+    name: fs.may_detach_mounts
+    value: 1
+    state: present
+    reload: yes
+  when: fs_may_detach_mounts.stat.exists | d(false)
+
 - name: Ensure kube-bench parameters are set
   sysctl:
     sysctl_file: "{{ sysctl_file_path }}"
-- 
GitLab