Why is `/var/run/secrets/kubernetes.io/serviceaccount/token` automatically generated?

nimdrak · April 27, 2024, 4:25am

This token is automatically generated when automountServiceAccountToken is enabled.
But I can’t understand why it is.

This token has no role. So Developer should bind a proper role of the service account which is the owner of token, although it is generated automatically.
It is confusing because since kubernetes 1.24, ServiceAccount cannot have its secret (token) automatically. We need to manually create the secret. But it has /var/run/secrets/kubernetes.io/serviceaccount/token automatically. It looks confusing.

Would anyone explain why it is designed like this?

Topic		Replies	Views
ServiceAccount's token being continuously recreated General Discussions	1	2275	January 8, 2021
Service account is getting created without a secret microk8s	4	9200	July 27, 2022
Why are the secret content of the default serveraccount are mounted inside the pod? General Discussions	0	496	September 24, 2021
Manually created ServiceAccount tokens "expiring" unexpectedly General Discussions development , security , network	1	63	October 31, 2024
Secret token not generating General Discussions development	15	24993	October 11, 2022