delegate CNI doesn't see serviceaccount token of multus daemon

[nvetel]

Hello,

I'm using multus thick and a delegate CNI that needs to request the API: the userspace CNI

I get errors because my delegate CNI searches for the file /var/run/secrets/kubernetes.io/serviceaccount/token but doesn't find it.

I tried to understand what happens exactly, and it seems to me that the issue here is related to the "chroot envrionment" used to run the delegate CNI that can't read the expected files.

I opened a shell in a multus thick daemon, where I can see the expected file, but when I chroot into the /hostroot directory (which is what the daemon does to run the delegate CNI if I'm correct) the files are not visible.

My assumption here is that somehow, the file is not readable from chroot, because it is a symlink or something like that, but don't know chroot very well.
Here you can see in a thick daemon the ls of the files in the container, and in the chroot to see the difference:

root@cluster-nico-md-dpdk-n8vdz:/# ls -l /var/run/secrets/kubernetes.io/serviceaccount/
total 0
lrwxrwxrwx 1 root root 13 Sep 26 15:45 ca.crt -> ..data/ca.crt
lrwxrwxrwx 1 root root 16 Sep 26 15:45 namespace -> ..data/namespace
lrwxrwxrwx 1 root root 12 Sep 26 15:45 token -> ..data/token
root@cluster-nico-md-dpdk-n8vdz:/# ls -l /hostroot/var/run/secrets/kubernetes.io/serviceaccount/
total 0
lrwxrwxrwx 1 root root 13 Sep 26 15:45 ca.crt -> ..data/ca.crt
lrwxrwxrwx 1 root root 16 Sep 26 15:45 namespace -> ..data/namespace
lrwxrwxrwx 1 root root 12 Sep 26 15:45 token -> ..data/token
root@cluster-nico-md-dpdk-n8vdz:/# chroot /hostroot
# ls -l /var/run/secrets/kubernetes.io/serviceaccount/
total 0
#

In chroot, the files are not visible anymore.

Is this the expected behaviour ?
If yes, how the delegate CNI is supposed to have access to the API to fetch pods for example ?