Help Center/
Cloud Container Engine/
Product Bulletin/
Product Change Notices/
Service Account Token Security Improvement
Updated on 2024-07-11 GMT+08:00
Service Account Token Security Improvement
Released: Nov 24, 2022
In Kubernetes clusters v1.21 or later, pods will not automatically mount permanent tokens. You can obtain tokens using TokenRequest API and mount them to pods using the projected volume.
Such tokens are valid for a fixed period (one hour by default). Before expiration, kubelet refreshes the tokens to ensure that the pods always use valid tokens. This feature is enabled by default in Kubernetes clusters v1.21 and later. If you use a Kubernetes client of a to-be-outdated version, the certificate reloading may fail.
Parent topic: Product Change Notices
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
