Kubescape C-0034: Deny resources with automountServiceAccountToken enabled

Severity Level: Medium

Configuration Parameters:

Not Configurable

Resources this policy could be applied to:

ServiceAccount
CronJob
DaemonSet
Deployment
Job
Pod
ReplicaSet
StatefulSet

What does this policy do:

This Policy checks if automountServiceAccountToken is set and is set to false on ServiceAccounts and workload resources. If not, the resource is denied from being deployed in the cluster.

Implementing this policy in the Cluster:

Refer here for using the policy in the cluster

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

kubescape-c-0034-deny-resources-with-automount-service-account-token-enabled.md

kubescape-c-0034-deny-resources-with-automount-service-account-token-enabled.md

Kubescape C-0034: Deny resources with automountServiceAccountToken enabled

Severity Level: Medium

Configuration Parameters:

Resources this policy could be applied to:

What does this policy do:

Implementing this policy in the Cluster:

Files

kubescape-c-0034-deny-resources-with-automount-service-account-token-enabled.md

Latest commit

History

kubescape-c-0034-deny-resources-with-automount-service-account-token-enabled.md

File metadata and controls

Kubescape C-0034: Deny resources with automountServiceAccountToken enabled

Severity Level: Medium

Configuration Parameters:

Resources this policy could be applied to:

What does this policy do:

Implementing this policy in the Cluster: