you should at least think about when considering how best to secure your container deployments. In your environment it might well not make sense to apply every item, but if you have thought about them, you will be off to a good start. No doubt this list is not absolutely comprehensive!
to l Install Kernel modules (CAP_SYS_MODULE) l Change the system time (CAP_SYS_TIME) l Trace / modify arbitrary processes (CAP_SYS_PTRACE) Linux capabilities
Is all executable code added to a container image at build time? Are you avoiding –privileged? Are you keeping hosts up to date with the latest security releases? Are your secrets encrypted at rest and in transit? Can you prevent container drift?