Add protectKernelDefaults option (default true) to kubelet config file (#6611)

roles/kubernetes/preinstall/tasks/0080-system-configurations.yml

@@ -61,3 +61,16 @@
     value: 1
     state: present
     reload: yes
+
+- name: Ensure kube-bench parameters are set
+  sysctl:
+    sysctl_file: /etc/sysctl.d/bridge-nf-call.conf
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    state: present
+    reload: yes
+  with_items:
+    - { name: vm.overcommit_memory, value: 1 }
+    - { name: kernel.panic, value: 10 }
+    - { name: kernel.panic_on_oops, value: 1 }
+  when: kubelet_protect_kernel_defaults|bool