Flyte enables production-grade orchestration for machine learning workflows and data processing created to accelerate local workflows to production.

Flyte

hi all - i recently deployed flyte into EKS (single cluster) and configured the `serviceaccount` being used by my task as `trainer-service` . however, it’s not being applied to the pod. is this a bug, or am i missing something? the service account used by the pod still remains as `default` . my current pod template:
```@task(
    requests=Resources(cpu="250m", mem="512Mi"),
    pod_template=PodTemplate(
        pod_spec=V1PodSpec(
            service_account_name="trainer-service",
            containers=[],
            tolerations=...
)```


i can confirm it’s being passed into the task details

but it’s not actually being assumed by the pod:
```$ k describe po -n flytesnacks-development fbb3d31dbf5a94eb58eb-n0-0
Name:             fbb3d31dbf5a94eb58eb-n0-0
Namespace:        flytesnacks-development
Priority:         0
Service Account:  default
Node:             &lt;REDACTED&gt;
Start Time:       Wed, 19 Apr 2023 14:59:04 +0800
Labels:           domain=development
                  execution-id=fbb3d31dbf5a94eb58eb
                  interruptible=false
                  node-id=n0
                  project=flytesnacks
                  shard-key=4
                  task-name=core-flyte-basics-hello-world-say-hello
                  workflow-name=core-flyte-basics-hello-world-my-wf
Annotations:      <http://cluster-autoscaler.kubernetes.io/safe-to-evict|cluster-autoscaler.kubernetes.io/safe-to-evict>: false
                  <http://kubernetes.io/psp|kubernetes.io/psp>: eks.privileged```

my current workaround was to annotate the `default` service account with the IAM role. but i want to specify the serviceaccount to use within the task decorator

Hey <@U04FL09B6EA>, this seems to be because we update the `ServiceAccount` to always <https://github.com/flyteorg/flyteplugins/blob/46796b6666281cf3ebbef6fbf41f49f7da3cfe58/go/tasks/plugins/k8s/pod/plugin.go#L131|reflect that in the execution context>, hence why you're seeing "default". In other logic we check if the `ServiceAccount` is <https://github.com/flyteorg/flyteplugins/blob/46796b6666281cf3ebbef6fbf41f49f7da3cfe58/go/tasks/pluginmachinery/flytek8s/pod_helper.go#L87-L89|empty before updating it> - which would maintain you're settings from the `PodTemplate`.

Would you mind filing an issue for this? [flyte-bug] I think the `ServiceAccount` should be maintained, as you suggest - but want to spend a little time ensuring this doesn't cause regressions elsewhere.

:ladybug: Create a new Flyte Bug issue: <https://github.com/flyteorg/flyte/issues/new?assignees=&amp;labels=bug%2Cuntriaged&amp;template=bug_report.yaml&amp;title=%5BBUG%5D+>

I created an issue to track this - <https://github.com/flyteorg/flyte/issues/3613>