---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: mutate-pod-disable-automoutingapicred
spec:
  admission: true
  background: true
  rules:
  - match:
      any:
      - resources:
          kinds:
          - Pod
    mutate:
      patchStrategicMerge:
        spec:
          (serviceAccountName): '*'
          automountServiceAccountToken: false
    name: pod-disable-automoutingapicred
  validationFailureAction: Audit