We are using Azure AKS cluster and as per the Azure Advisor recommendations, we have to disable Automounting of api credentials from the Pods. but when we tried to enable this property in jobs template, the template is not accepting the value.
How to add automountServiceAccountToken: false
You can specify either at service account level or pod level, if both specify then pod take precedence.
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
serviceAccountName: build-robot
automountServiceAccountToken: false
or at the service account level
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-robot
automountServiceAccountToken: false
So for job, it will be inside pod template as pod is nested template for the job.
apiVersion: batch/v1
kind: Job
metadata:
name: pi-with-timeout
spec:
backoffLimit: 5
activeDeadlineSeconds: 100
template:
spec:
automountServiceAccountToken: false
containers:
- name: pi
image: perl:5.34.0
command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
restartPolicy: Never
