<ul><li>A service account is only needed when a pod needs to communicate with the Kubernetes API server or requires an identity for authentication.</li><li>Kubernetes assigns a default service account to every pod by default.</li><li>You can disable token mount at two levels, Pod level and SA level.</li><li>Removing the token from the service account is a simple yet effective way to reduce unnecessary attack surfaces in the cluster.</li></ul>

Kubernetes Myth #06: Kubernetes Pods Always Need a Service Account

Discover more