Skip to content

Disable service account auto mount


ID: MS-M9025
MITRE mitigation: -

By default, a service account is mounted to every pod. If the application doesn’t require access to the Kubernetes API, disable the service account auto-mount by specifying automountServiceAccountToken: false in the pod configuration.

Techniques Addressed by Mitigation

ID Name Use
MS-TA9016 Container service account Disable service account auto mount.