Service account tokens are mounted by default
No value means service account default is mounted
Unwanted Kubernetes API access can leak to privilege escalation
Pods should not mount service account by default
Deny pods…
automountServiceAccountToken
serviceAccountName is…
default