Service account tokens are mounted by default
No value means service account default
is mounted
Unwanted Kubernetes API access can leak to privilege escalation
Pods should not mount service account by default
Deny pods…
automountServiceAccountToken
serviceAccountName
is…
default