Check if containers are running with low UID, which might cause conflicts with the host's user table.

Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls

Service Account Tokens are automatically mounted even if not necessary

Deployments should be assigned with a PodDisruptionBudget to ensure high availability

Image Pull Policy of the container must be defined and set to Always

Images should be specified together with their digests to ensure integrity

Containers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources

Each namespace should have a LimitRange policy associated to ensure that resource allocations of Pods, Containers and PersistentVolumeClaims do not exceed the defined boundaries

Each namespace should have a ResourceQuota policy associated to limit the total amount of resources Pods, Containers and PersistentVolumeClaims can consume