Secret is no longer used to mount credentials into Pods with Kubernetes version 1.22 and above

[kumachop2]

I have tried helm install of v0.62.0 in Kubernetes version 1.24 ( AKS) and secrets are not loaded with serviceaccounts. Splunk agents were started. Also I tried to create serviceaccount and secret manually, still secret wasn't attached. Please check and let me know if any miss here.

kubectl -n splunk get serviceaccounts
NAME SECRETS AGE
default 1 89d
splunk-otel-collector 0 13h

kubectl -n splunk get serviceaccount splunk-otel-collector -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
meta.helm.sh/release-name: splunk-otel-collector
meta.helm.sh/release-namespace: splunk
creationTimestamp: "2022-11-17T02:20:41Z"
labels:
app: splunk-otel-collector
app.kubernetes.io/instance: splunk-otel-collector
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: splunk-otel-collector
app.kubernetes.io/version: 0.62.0
chart: splunk-otel-collector-0.62.1
helm.sh/chart: splunk-otel-collector-0.62.1
heritage: Helm
release: splunk-otel-collector
name: splunk-otel-collector
namespace: splunk
resourceVersion: "27402089"
uid: 74197e7b-0c47-4589-b1c4-c97480647f9c

Reference:

A kubernetes.io/service-account-token type of Secret is used to store a token credential that identifies a service account.

Since 1.22, this type of Secret is no longer used to mount credentials into Pods, and obtaining tokens via the TokenRequest API is recommended instead of using service account token Secret objects. Tokens obtained from the TokenRequest API are more secure than ones stored in Secret objects, because they have a bounded lifetime and are not readable by other API clients. You can use the kubectl create token command to obtain a token from the TokenRequest API.

[kumachop2]

Earlier Kubernetes version 1.22 I was successful with creation of service accounts and passing secret in values.yaml during helm installation to remediate Microsoft defender issues on automounting API credentials.