Ensure that default service accounts are not actively used (RBAC - ClusterRoleBinding)

The default service account should not be used to ensure that rights granted to applications can be more easily audited and reviewed. Kubernetes provides a default service account which is used by cluster workloads where no specific service account is assigned to the pod. Where access to the Kubernetes API from a pod is required, a specific service account should be created for that pod, and rights granted to that service account. The default service account should be configured such that it does not provide a service account token and does not have any explicit rights assignments.