CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests

CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node

Check if containers are running with low UID, which might cause conflicts with the host's user table.

Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory

Memory requests should be defined for each container. This allows the kubelet to reserve the requested amount of system resources and prevents over-provisioning on individual nodes

Containers should drop 'ALL' or at least 'NET_RAW' capabilities

Containers should drop 'ALL' or at least 'NET_RAW' capabilities

Check if Readiness Probe is not configured.

Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls