Policy
Disallowing Non-Default Capabilities
Using Policy Controller to prevent running pods with extra capabilities
Disallowing Privileged Pods
Using Policy Controller to prevent running privileged pods
Disallowing Run as Root User
Using Policy Controller to prevent running pods as root
Maximum Container Image Age
Maximum container image age with Policy Controller
Disallowing Unsafe sysctls
Use Policy Controller to limit pods to safe sysctls
Verify Signed Chainguard Images
Using Policy Controller to Verify Signed Chainguard Images
Rego Policies
Writing Rego-based policies for Sigstore Policy Controller