diff --git a/.github/workflows/verify-pr.yml b/.github/workflows/verify-pr.yml
index f90d7cf..0cfee25 100644
--- a/.github/workflows/verify-pr.yml
+++ b/.github/workflows/verify-pr.yml
@@ -59,7 +59,13 @@ jobs:
             gh pr comment "${{ github.event.pull_request.number }}" --body '请运行 `./hack/fmt-image-match.sh allows.txt` 对内容进行排序'
             exit 1
           }
-
+      - name: Verify privileged.txt sort
+        run: |
+          ./hack/verify-image-match.sh privileged.txt || {
+            echo "Please run './hack/fmt-image-match.sh privileged.txt'"
+            gh pr comment "${{ github.event.pull_request.number }}" --body '请运行 `./hack/fmt-image-match.sh privileged.txt` 对内容进行排序'
+            exit 1
+          }
       - name: Verify Image Exists
         run: |
           ./hack/verify-image.sh mirror.txt https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}.patch || {
diff --git a/privileged.txt b/privileged.txt
new file mode 100644
index 0000000..7ae1df1
--- /dev/null
+++ b/privileged.txt
@@ -0,0 +1,48 @@
+docker.io/istio/install-cni
+docker.io/istio/pilot
+docker.io/istio/proxyv2
+docker.io/kindest/node
+docker.io/library/alpine
+docker.io/library/archlinux
+docker.io/library/bash
+docker.io/library/busybox
+docker.io/library/caddy
+docker.io/library/centos
+docker.io/library/debian
+docker.io/library/docker
+docker.io/library/fedora
+docker.io/library/gcc
+docker.io/library/golang
+docker.io/library/hello-world
+docker.io/library/httpd
+docker.io/library/java
+docker.io/library/mariadb
+docker.io/library/memcached
+docker.io/library/mongo
+docker.io/library/mysql
+docker.io/library/nginx
+docker.io/library/node
+docker.io/library/openjdk
+docker.io/library/perl
+docker.io/library/php
+docker.io/library/postgres
+docker.io/library/python
+docker.io/library/redis
+docker.io/library/registry
+docker.io/library/rockylinux
+docker.io/library/ruby
+docker.io/library/rust
+docker.io/library/tomcat
+docker.io/library/ubuntu
+registry.k8s.io/addon-resizer
+registry.k8s.io/busybox
+registry.k8s.io/coredns
+registry.k8s.io/etcd
+registry.k8s.io/kube-apiserver
+registry.k8s.io/kube-controller-manager
+registry.k8s.io/kube-proxy
+registry.k8s.io/kube-scheduler
+registry.k8s.io/kubectl
+registry.k8s.io/nginx
+registry.k8s.io/node-problem-detector
+registry.k8s.io/pause