Skip to content

Commit

Permalink
[sysctl] set fs.may_detach_mounts=1 even when CRIs don't set it thems…
Browse files Browse the repository at this point in the history
…elves (#8635) (#8642)
  • Loading branch information
cristicalin authored Mar 22, 2022
1 parent 59c05d3 commit e7508d7
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,24 @@
reload: yes
when: enable_dual_stack_networks | bool

- name: Check if we need to set fs.may_detach_mounts
stat:
path: /proc/sys/fs/may_detach_mounts
get_attributes: no
get_checksum: no
get_mime: no
register: fs_may_detach_mounts
ignore_errors: true # noqa ignore-errors

- name: Set fs.may_detach_mounts if needed
sysctl:
sysctl_file: "{{ sysctl_file_path }}"
name: fs.may_detach_mounts
value: 1
state: present
reload: yes
when: fs_may_detach_mounts.stat.exists | d(false)

- name: Ensure kube-bench parameters are set
sysctl:
sysctl_file: /etc/sysctl.d/bridge-nf-call.conf
Expand Down

0 comments on commit e7508d7

Please sign in to comment.