In this kubernetres documentation, why do you need the extra step replacing the kubectl replace serviceaccount?
I can see that the name of the imagePullSecrets is wrong alright, but I would expect kubectl patch serviceaccount to do this - well it does not, so there must be a reason?
It's for the sake of convenience. Imagine you have several typical deployments that use the same serviceaccount and a number of images from Docker registry with authentication. By incorporating imagePullSecrets inside serviceaccount you can now specify only serviceAccountName in your deployments - imagePullSecrets will be automatically added.
I would not say this is a very cool feature, but in some cases it can be useful.