Procedural
Disallowing Privileged Pods
Using Policy Controller to prevent running privileged pods
Disallowing Run as Root User
Using Policy Controller to prevent running pods as root
Maximum Container Image Age
Maximum container image age with Policy Controller
Disallowing Unsafe sysctls
Use Policy Controller to limit pods to safe sysctls
Verify Signed Chainguard Images
Using Policy Controller to Verify Signed Chainguard Images
How to Verify File Signatures with Cosign
Use Cosign to verify non-container software artifacts
How to Mirror Packages from Chainguard Package Repositories to Artifactory
Tutorial outlining how to set up remote and virtual Artifactory repositories to mirror packages through the Chainguard Package Repositories.