Enable kubelet support for pod pid limit

This protects the system before the unlock. This has the most meaning
during the restore procedure, when the system is unprotected until
unlock (until puppet generates the config file containing protection).

Partial-Bug: 1928353
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I09c4d4f494bc113ae8b439256655476e03b54b0e

playbookconfig/src/playbooks/roles/bootstrap/bringup-essential-services/templates/kubelet.conf.j2

@@ -1,2 +1,12 @@
 # Overrides config file for kubelet
-KUBELET_EXTRA_ARGS=--cni-bin-dir={{ kubelet_cni_bin_dir }} --node-ip={{ node_ip }} --volume-plugin-dir={{ kubelet_vol_plugin_dir }}
+# Temporary set pod-max-pids until unlock. During the restore procedure,
+# between restore_platform playbook and unlock, there is a window in
+# which user app pods can misbehave. Chose a value over the 20, which is
+# the number of processes used by platform pods. Chose a value over 100,
+# to allow room for platform pods. The user apps are in fact
+# intended to run after the unlock anyway. During the unlock the correct
+# value is used, the one generated by sysinv as hieradata.
+KUBELET_EXTRA_ARGS=--cni-bin-dir={{ kubelet_cni_bin_dir }} \
+--node-ip={{ node_ip }} \
+--volume-plugin-dir={{ kubelet_vol_plugin_dir }} \
+--pod-max-pids 500