I am looking for some advises/best practices on handling who can run the containers. Say there are non-production and production Docker hosts.
1). How do we control which team can pull and run the container on each host?
2). Say the application image needs application configurations to run (especially passwords). How do we control only certain teams can pull and run the container on non-production hosts, and can only specify non-production configs only?