The Agent Skills Directory

Container Security Best Practices: The skill recommends multi-stage builds and distroless base images, which significantly reduce the attack surface of the generated containers.
Least Privilege Configuration: The provided Dockerfiles and Kubernetes manifests explicitly configure the application to run as a non-root user. The deployment manifest further hardens the environment by disabling privilege escalation and mounting the root filesystem as read-only.
Trusted Resource Usage: All external references, such as container registries (gcr.io, pkg.dev) and build tools (Cloud Native Buildpacks), originate from well-known and reputable sources associated with the platform vendor.
Secure Deployment Patterns: The Kubernetes manifest includes essential security configurations, such as disabling the automatic mounting of service account tokens and applying a default seccomp profile.

gke-app-onboarding