Service account tokens are mounted by default
No service account specified means default
is mounted
Unwanted Kubernetes API access can leak to privilege escalation
Those pods should not mount service account
Add automountServiceAccountToken
to pods