if using azure policy on aks you can get tripped up with automountServiceAccountToken been violated by most containers
- Ensure service account "automountServiceAccountToken: false".
- Its not possible to set this on the default SA so the pod spec needs to updated to not mount the credentials.
- If using a specific SA. disable automounting on SA level and pod Level
- automountServiceAccountToken https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/