Disable service account auto mount
Info
ID: MS-M9025
MITRE mitigation: -
By default, a service account is mounted to every pod. If the application doesn’t require access to the Kubernetes API, disable the service account auto-mount by specifying automountServiceAccountToken: false in the pod configuration.
Techniques Addressed by Mitigation
| ID | Name | Use |
|---|---|---|
| MS-TA9016 | Container service account | Disable service account auto mount. |