OLM Bundle unpacker fails when default service account automounting token is disabled

[hamidos]

Bug Report

What did you do?
After installing OLM, tried to install the splunk operator using:

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: my-splunk
  namespace: operators
spec:
  channel: stable
  name: splunk
  source: operatorhubio-catalog
  sourceNamespace: olm

What did you expect to see?
The splunk CSV created and showing installed as status.

What did you see instead? Under which circumstances?
Unpack job pods failing, extract container exit with error:

time="2024-08-06T17:07:53Z" level=info msg="Using in-cluster kube client config"
time="2024-08-06T17:07:53Z" level=fatal msg="cluster config failed: Cannot load config for REST client: open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory"

We are running in a hardened cluster where the default service account has automountServiceAccountToken set to false

apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
  namespace: olm
automountServiceAccountToken: false

From more information check:
kubernetes/kubernetes#57601
rke1-hardening-guide#configure-default-service-account

Environment

• operator-lifecycle-manager version: v0.28.0

• Kubernetes version information: v1.26.13+rke2r1

• Kubernetes cluster kind:

Possible Solution

Use another service account instead of the default.

Additional context
Add any other context about the problem here.