From e7508d7d215ebcfb1831d4aa0a19aae1f89de514 Mon Sep 17 00:00:00 2001
From: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
Date: Tue, 22 Mar 2022 14:31:44 +0200
Subject: [PATCH] [sysctl] set fs.may_detach_mounts=1 even when CRIs don't set
 it themselves (#8635) (#8642)

---
 .../tasks/0080-system-configurations.yml       | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
index df748bc46..31c2d7f1f 100644
--- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
@@ -79,6 +79,24 @@
     reload: yes
   when: enable_dual_stack_networks | bool
 
+- name: Check if we need to set fs.may_detach_mounts
+  stat:
+    path: /proc/sys/fs/may_detach_mounts
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
+  register: fs_may_detach_mounts
+  ignore_errors: true  # noqa ignore-errors
+
+- name: Set fs.may_detach_mounts if needed
+  sysctl:
+    sysctl_file: "{{ sysctl_file_path }}"
+    name: fs.may_detach_mounts
+    value: 1
+    state: present
+    reload: yes
+  when: fs_may_detach_mounts.stat.exists | d(false)
+
 - name: Ensure kube-bench parameters are set
   sysctl:
     sysctl_file: /etc/sysctl.d/bridge-nf-call.conf