On this page

Show all

Help Center/ Cloud Container Engine/ Product Bulletin/ Product Change Notices/ Service Account Token Security Improvement

Service Account Token Security Improvement

Updated on 2024-07-11 GMT+08:00

Released: Nov 24, 2022

In Kubernetes clusters v1.21 or later, pods will not automatically mount permanent tokens. You can obtain tokens using TokenRequest API and mount them to pods using the projected volume.

Such tokens are valid for a fixed period (one hour by default). Before expiration, kubelet refreshes the tokens to ensure that the pods always use valid tokens. This feature is enabled by default in Kubernetes clusters v1.21 and later. If you use a Kubernetes client of a to-be-outdated version, the certificate reloading may fail.

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback