From bb2cb5fa86f0ddb69edfc9e9f2cdafa69e29a06f Mon Sep 17 00:00:00 2001
From: hunshcn <hunsh.cn@gmail.com>
Date: Fri, 1 Dec 2023 14:47:36 +0800
Subject: [PATCH] update sysctl-cluster.md, pod-security-standards.md

Signed-off-by: hunshcn <hunsh.cn@gmail.com>
---
 content/en/docs/concepts/security/pod-security-standards.md | 1 +
 content/en/docs/tasks/administer-cluster/sysctl-cluster.md  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/content/en/docs/concepts/security/pod-security-standards.md b/content/en/docs/concepts/security/pod-security-standards.md
index 35c4952b60..04bdc04872 100644
--- a/content/en/docs/concepts/security/pod-security-standards.md
+++ b/content/en/docs/concepts/security/pod-security-standards.md
@@ -271,6 +271,7 @@ fail validation.
 					<li><code>net.ipv4.ip_unprivileged_port_start</code></li>
 					<li><code>net.ipv4.tcp_syncookies</code></li>
 					<li><code>net.ipv4.ping_group_range</code></li>
+					<li><code>net.ipv4.ip_local_reserved_ports</code> (since Kubernetes 1.27)</li>
 				</ul>
 			</td>
 		</tr>
diff --git a/content/en/docs/tasks/administer-cluster/sysctl-cluster.md b/content/en/docs/tasks/administer-cluster/sysctl-cluster.md
index 9347dc5c3a..cccf4b8350 100644
--- a/content/en/docs/tasks/administer-cluster/sysctl-cluster.md
+++ b/content/en/docs/tasks/administer-cluster/sysctl-cluster.md
@@ -76,6 +76,7 @@ The following sysctls are supported in the _safe_ set:
 - `net.ipv4.tcp_syncookies`,
 - `net.ipv4.ping_group_range` (since Kubernetes 1.18),
 - `net.ipv4.ip_unprivileged_port_start` (since Kubernetes 1.22).
+- `net.ipv4.ip_local_reserved_ports` (since Kubernetes 1.27).
 
 {{< note >}}
 There are some exceptions to the set of safe sysctls: