NIST released an Application Container Security publication (SP 800-190), which delves into the major security risks and concerns related to Container images, registries, OS, orchestration, network isolation. It also presents a long-list of proactive countermeasures and mitigation recommendations for the known risks and example scenarios on how to address container security threats with the recommended countermeasures. Although it is a quite high-level document, it details well enough for evolving security architecture using container technologies particularly securing Docker containers and Kubernetes orchestrator.
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-190.pdf