kyverno/test/policy/mutate/policy_mutate_pod_spec.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: mutate-pods-spec
spec:
  rules:
    - name: "disable-servicelink-and-token"
      match:
        resources:
          kinds:
            - DaemonSet
            - Deployment
            - Job
            - StatefulSet
          namespaces:
            - test-foo-*
      mutate:
        overlay:
          spec:
            template:
              spec:
                automountServiceAccountToken: false
                enableServiceLinks: false