Procedural
Disallowing Privileged Pods
Using Policy Controller to prevent running privileged pods
Disallowing Run as Root User
Using Policy Controller to prevent running pods as root
Maximum Container Image Age
Maximum container image age with Policy Controller
Disallowing Unsafe sysctls
Use Policy Controller to limit pods to safe sysctls
Verify Signed Chainguard Images
Using Policy Controller to Verify Signed Chainguard Images
How to Verify File Signatures with Cosign
Use Cosign to verify non-container software artifacts
How to Set Up Pull Through from Chainguard Registry to Artifactory
Tutorial outlining how to set up a remote Artifactory repository to pull Images through from the Chainguard Registry.