InformationValidate service account before validating token.
By default, the apiserver only verifies that the authentication token is valid. However, it does not validate that the service account token mentioned in the request is actually present in etcd. This allows using a service account token even after the corresponding service account is deleted. This is an example of time of check to time of use security issue.
SolutionEdit the `/etc/kubernetes/apiserver` file on the master node and set the `KUBE_API_ARGS` parameter to `'--service-account-lookup=true'`: `KUBE_API_ARGS='--service-account-lookup=true'`
Based on your system, restart the `kube-apiserver` service. For example: `systemctl restart kube-apiserver.service`