From ab21cca067a8b11f70e17420d3e39ec2dd5a2fde Mon Sep 17 00:00:00 2001
From: Mengjiao Liu <mengjiao.liu@daocloud.io>
Date: Mon, 13 Dec 2021 17:24:36 +0800
Subject: [PATCH] sync sysctl-cluster.md

---
 .../administer-cluster/sysctl-cluster.md      | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/content/zh/docs/tasks/administer-cluster/sysctl-cluster.md b/content/zh/docs/tasks/administer-cluster/sysctl-cluster.md
index d7940175d93..bc254322d7c 100644
--- a/content/zh/docs/tasks/administer-cluster/sysctl-cluster.md
+++ b/content/zh/docs/tasks/administer-cluster/sysctl-cluster.md
@@ -21,6 +21,25 @@ interface.
 本文档介绍如何通过 {{< glossary_tooltip term_id="sysctl" >}}
 接口在 Kubernetes 集群中配置和使用内核参数。
 
+<!--
+Starting from Kubernetes version 1.23, the kubelet supports the use of either `/` or `.`
+as separators for sysctl names.
+For example, you can represent the same sysctl name as `kernel.shm_rmid_forced` using a
+period as the separator, or as `kernel/shm_rmid_forced` using a slash as a separator.
+For more sysctl parameter conversion method details, please refer to
+the page [sysctl.d(5)](https://man7.org/linux/man-pages/man5/sysctl.d.5.html) from
+the Linux man-pages project.
+Setting Sysctls for a Pod and PodSecurityPolicy features do not yet support
+setting sysctls with slashes.
+-->
+{{< note >}}
+从 Kubernetes 1.23 版本开始，kubelet 支持使用 `/` 或 `.` 作为 sysctl 参数的分隔符。
+例如，你可以使用点或者斜线作为分隔符表示相同的 sysctl 参数，以点作为分隔符表示为： `kernel.shm_rmid_forced`，
+或者以斜线作为分隔符表示为：`kernel/shm_rmid_forced`。
+更多 sysctl 参数转换方法详情请参考 Linux man-pages
+[sysctl.d(5)](https://man7.org/linux/man-pages/man5/sysctl.d.5.html) 。
+设置 Pod 的 Sysctl 参数 和 PodSecurityPolicy 功能尚不支持设置包含斜线的 Sysctl 参数。
+{{< /note >}}
 ## {{% heading "prerequisites" %}}
 
 
@@ -103,6 +122,7 @@ The following sysctls are supported in the _safe_ set:
 - `net.ipv4.ip_local_port_range`
 - `net.ipv4.tcp_syncookies`
 - `net.ipv4.ping_group_range` （从 Kubernetes 1.18 开始）
+- `net.ipv4.ip_unprivileged_port_start` (从 Kubernetes 1.22 开始).
 
 <!--
 The example `net.ipv4.tcp_syncookies` is not namespaced on Linux kernel version 4.4 or lower.