The recommendation here is that the following command be used in each namespace:kubectl -n <Namespace> patch serviceaccount default -p "automountServiceAccountToken: false"which does not automatically mount the default ServiceAccount in any Pod. This implies that for each Pod a separate ServiceAccount with the necessary rights must be created and mounted in the Pod.
Please feel free to contact us for any question that is not answered yet.
We are looking forward to get in contact with you!
KubeOps GmbHHinter Stöck 1772406 BisingenGermany
+49 7433 93724 90
KubeOps GmbH is the owner of the Union trademark KubeOps with the registration number 018305184.