Add more security to k3s installation

tasks/cluster_k3s.yml

@@ -108,6 +108,20 @@
   with_items:
     - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"}
 
+- name: Ensure protect-kernel-defaults is set
+  ansible.posix.sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    sysctl_file: /etc/sysctl.d/90-kubelet.conf
+    reload: true
+  with_items:
+    - { name: "vm.panic_on_oom", value: "0" }
+    - { name: "vm.overcommit_memory", value: "1" }
+    - { name: "kernel.panic", value: "10" }
+    - { name: "kernel.panic_on_oops", value: "1" }
+  when:
+    - kubernetes_server|bool
+
 - name: Audit policies directory
   ansible.builtin.file:
     path: "/etc/kubernetes/policies"