Information
Automate service accounts management.
Rationale:
When you create a pod, if you do not specify a service account, it is automatically assigned the `default` service account in the same namespace. You should create your own service account and let the API server manage its security tokens.
Solution
Follow the documentation and create `ServiceAccount` objects as per your environment. Then, edit the `/etc/kubernetes/apiserver` file on the master node and set the `KUBE_ADMISSION_CONTROL` parameter to `'--admission-control=...,ServiceAccount,...'`: `KUBE_ADMISSION_CONTROL='--admission-control=...,ServiceAccount,...'`
Based on your system, restart the `kube-apiserver` service. For example: `systemctl restart kube-apiserver.service`
Impact:
The `ServiceAccount` objects must be created and granted before pod creation would be allowed.