Mock exam 2 q3 lab

hyakunin · July 10, 2022, 6:04pm

in question 3 the solution says to use the option automountServiceAccountToken: false in the pod.
However, I don’t get why the service account doesn’t need to mount the secret in the pod. Isn’t it required for the pod to mount the secret that contains the certificate of the service account in order to use it against the kube-apiserver? I think this is not explained in the course

KR
David

Alistair_KodeKloud · July 10, 2022, 8:02pm

Hi @hyakunin

Pods only need service account tokens if the application within the pod needs to talk to the kube-apiserver - which in most cases it won’t. Only applications that are built specifically to interact with the cluster (e.g. a dashboard app) require it.