Default service account ‘automountServiceAccountToken’ should be set to ‘false’

Description

Avoid automounting tokens for the default service account. The default service account should not be used and its ability to provide API credentials should be disabled.

Remediation Steps

Kubernetes Manifest (YAML)

  • Ensure that the default service account automountServiceAccountToken is to false.

Example Configuration

apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
automountServiceAccountToken: false
  # other required fields here