Procedural
Disallowing Non-Default Capabilities
Using Policy Controller to prevent running pods with extra capabilities
Disallowing Privileged PodsUsing Policy Controller to prevent running privileged pods
Disallowing Run as Root UserUsing Policy Controller to prevent running pods as root
Maximum Container Image AgeMaximum container image age with Policy Controller
Disallowing Unsafe sysctlsUse Policy Controller to limit pods to safe sysctls
Verify Signed Chainguard ImagesUsing Policy Controller to Verify Signed Chainguard Images
How to Verify File Signatures with CosignUse Cosign to verify non-container software artifacts