Why we have default-token secret in each namespaces of kubernetes clustor?

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don’t need to include confidential data in your application code.

A kubernetes.io/service-account-token type of Secret is used to store a token that identifies a service account.

When creating a Pod, Kubernetes automatically creates a service account Secret and automatically modifies your Pod to use this Secret. The service account token Secret contains credentials for accessing the API.

Why we have default serviceaccount in each namespaces of kubernetes clustor?

If the pod does not have a ServiceAccount set, it sets the ServiceAccount to default.

It ensures that the ServiceAccount referenced by the pod exists, and otherwise rejects it.

A ServiceAccount controller manages the ServiceAccounts inside namespaces, and ensures a ServiceAccount named “default” exists in every active namespace.