[sysctl] set fs.may_detach_mounts=1 even when CRIs don't set it themselves (#8635)

roles/kubernetes/preinstall/tasks/0080-system-configurations.yml

@@ -87,6 +87,24 @@
     reload: yes
   when: enable_dual_stack_networks | bool
 
+- name: Check if we need to set fs.may_detach_mounts
+  stat:
+    path: /proc/sys/fs/may_detach_mounts
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
+  register: fs_may_detach_mounts
+  ignore_errors: true  # noqa ignore-errors
+
+- name: Set fs.may_detach_mounts if needed
+  sysctl:
+    sysctl_file: "{{ sysctl_file_path }}"
+    name: fs.may_detach_mounts
+    value: 1
+    state: present
+    reload: yes
+  when: fs_may_detach_mounts.stat.exists | d(false)
+
 - name: Ensure kube-bench parameters are set
   sysctl:
     sysctl_file: "{{ sysctl_file_path }}"