The Cloud Native Computing Foundation published a blog post that identifies a set of steps for hardening your Kubernetes environments.
If you have not already implemented most of them, I would recommend to at least look at them and assess if they matter for your use-case, most of them should for general usage however.
What I found very interesting for us security guys, that might deal with the 90% of legacy applications that still drive business was, that the blog also recommends hardening the node security. This is something that often is not considered a priority and falls of the table. Securing access to the kubernetes API and controlling access to your cluster on a least privilege base are key components of securing the container orchestration platform (the thing those containers actually run on). I can tell you from my experience that this is hard, not only because we are usually dealing with at least 3 networks on a cluster, physical network, pod network and cluster networking, but also because of the missing visibility on those connections and a way to segment them off easily without breaking the cluster.
Control network access to sensitive ports. Make sure that your network blocks access to ports used by kubelet, including 10250 and 10255. Consider limiting access to the Kubernetes API server except from trusted networks. Malicious users have abused access to these ports to run cryptocurrency miners in clusters that are not configured to require authentication and authorization on the kubelet API server.