diff --git a/.github/workflows/build-test-publish.yml b/.github/workflows/build-test-publish.yml
index c0a50e432..dca03f348 100644
--- a/.github/workflows/build-test-publish.yml
+++ b/.github/workflows/build-test-publish.yml
@@ -19,6 +19,7 @@ env:
   KIND_NODE_IMAGE: "kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245"
   KIND_OLDEST_NODE_IMAGE: "kindest/node:v1.26.3@sha256:61b92f38dff6ccc29969e7aa154d34e38b89443af1a2c14e6cfbd2df6419c66f"
   BASELINE_UPGRADE_VERSION: v2.1.0
+  RABBITMQ_IMAGE: pivotalrabbitmq/rabbitmq:k8s-peer-discovery-simplified
 
 jobs:
   kubectl_tests:
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index f8a074c04..36346c391 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -73,16 +73,6 @@ rules:
   - list
   - update
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  verbs:
-  - create
-  - get
-  - list
-  - update
-  - watch
 - apiGroups:
   - ""
   resources:
diff --git a/controllers/rabbitmqcluster_controller.go b/controllers/rabbitmqcluster_controller.go
index 4fee560fd..c47c4d765 100644
--- a/controllers/rabbitmqcluster_controller.go
+++ b/controllers/rabbitmqcluster_controller.go
@@ -85,7 +85,6 @@ type RabbitmqClusterReconciler struct {
 // +kubebuilder:rbac:groups=rabbitmq.com,resources=rabbitmqclusters/status,verbs=get;update
 // +kubebuilder:rbac:groups=rabbitmq.com,resources=rabbitmqclusters/finalizers,verbs=update
 // +kubebuilder:rbac:groups="",resources=events,verbs=get;create;patch
-// +kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;list;watch;create;update
 // +kubebuilder:rbac:groups="",resources=persistentvolumeclaims,verbs=get;list;watch;create;update
 // +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=roles,verbs=get;list;watch;create;update
 // +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=rolebindings,verbs=get;list;watch;create;update
diff --git a/internal/resource/statefulset.go b/internal/resource/statefulset.go
index bf8555217..8570d0fce 100644
--- a/internal/resource/statefulset.go
+++ b/internal/resource/statefulset.go
@@ -570,8 +570,7 @@ func (builder *StatefulSetBuilder) podTemplateSpec(previousPodAnnotations map[st
 			},
 			ImagePullSecrets:              builder.Instance.Spec.ImagePullSecrets,
 			TerminationGracePeriodSeconds: builder.Instance.Spec.TerminationGracePeriodSeconds,
-			ServiceAccountName:            builder.Instance.ChildResourceName(serviceAccountName),
-			AutomountServiceAccountToken:  ptr.To(true),
+			AutomountServiceAccountToken:  ptr.To(false),
 			Affinity:                      builder.Instance.Spec.Affinity,
 			Tolerations:                   builder.Instance.Spec.Tolerations,
 			InitContainers:                []corev1.Container{setupContainer(builder.Instance)},
diff --git a/internal/resource/statefulset_test.go b/internal/resource/statefulset_test.go
index cf38db590..4fcd08ecd 100644
--- a/internal/resource/statefulset_test.go
+++ b/internal/resource/statefulset_test.go
@@ -1352,14 +1352,14 @@ default_pass = {{ .Data.data.password }}
 			stsBuilder := builder.StatefulSet()
 			Expect(stsBuilder.Update(statefulSet)).To(Succeed())
 
-			Expect(statefulSet.Spec.Template.Spec.ServiceAccountName).To(Equal(instance.ChildResourceName("server")))
+			Expect(statefulSet.Spec.Template.Spec.ServiceAccountName).To(BeEmpty())
 		})
 
 		It("mounts the service account in its pods", func() {
 			stsBuilder := builder.StatefulSet()
 			Expect(stsBuilder.Update(statefulSet)).To(Succeed())
 
-			Expect(*statefulSet.Spec.Template.Spec.AutomountServiceAccountToken).To(BeTrue())
+			Expect(*statefulSet.Spec.Template.Spec.AutomountServiceAccountToken).To(BeFalse())
 		})
 
 		It("creates the required SecurityContext", func() {