Service Account Token Security Improvement
Released: Nov 24, 2022
In Kubernetes clusters v1.21 or later, pods will not automatically mount permanent tokens. You can obtain tokens using TokenRequest API and mount them to pods using the projected volume.
Such tokens are valid for a fixed period (one hour by default). Before expiration, kubelet refreshes the tokens to ensure that the pods always use valid tokens. This feature is enabled by default in Kubernetes clusters v1.21 and later. If you use a Kubernetes client of a to-be-outdated version, the certificate reloading may fail.
For details, see Service Account Token Security Improvement.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
