update sysctl-cluster.md, pod-security-standards.md

Signed-off-by: hunshcn <hunsh.cn@gmail.com>
2023-12-01 14:47:36 +08:00 · 2023-12-01 14:47:36 +08:00 · bb2cb5fa86
parent 8498c51305
commit bb2cb5fa86
2 changed files with 2 additions and 0 deletions
--- a/content/en/docs/concepts/security/pod-security-standards.md
+++ b/content/en/docs/concepts/security/pod-security-standards.md
@ -271,6 +271,7 @@ fail validation.
 					<li><code>net.ipv4.ip_unprivileged_port_start</code></li>
 					<li><code>net.ipv4.tcp_syncookies</code></li>
 					<li><code>net.ipv4.ping_group_range</code></li>
+					<li><code>net.ipv4.ip_local_reserved_ports</code> (since Kubernetes 1.27)</li>
 				</ul>
 			</td>
 		</tr>
--- a/content/en/docs/tasks/administer-cluster/sysctl-cluster.md
+++ b/content/en/docs/tasks/administer-cluster/sysctl-cluster.md
@ -76,6 +76,7 @@ The following sysctls are supported in the _safe_ set:
 - `net.ipv4.tcp_syncookies`,
 - `net.ipv4.ping_group_range` (since Kubernetes 1.18),
 - `net.ipv4.ip_unprivileged_port_start` (since Kubernetes 1.22).
+- `net.ipv4.ip_local_reserved_ports` (since Kubernetes 1.27).

 {{< note >}}
 There are some exceptions to the set of safe sysctls: