🔥 3-day streak
Certified Kubernetes Administrator (CKA)110 / 125
Question 110 of 125
A security audit at your company flags that a Deployment named 'log-shipper' in the 'monitoring' namespace mounts a ServiceAccount token into its pods, even though the application never calls the Kubernetes API. You want to stop the token from being automatically mounted into the pods for this workload only, without deleting the ServiceAccount or affecting other workloads that use the same ServiceAccount. What is the correct approach?
Reviewed for accuracy · Report an issueNext question