I am deploying a Spring Boot application inside a Kubernetes pod on Google Cloud Platform.
I don't want to use the Compute Engine default service account in our pod.
How and where can we specify a Google service account for our pod?
Assuming that you already have a Role and RoleBinding referring to your service account, all you need to do is to create a context with apropriate service account as described here
And then you just switch to this context
kubectl config use-context default-contextFor more details on how to manage contexts check the documentation
This guide https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform#step_5_configure_the_application_with_the_secret helped me in setting the service account.
Harold's suggestion to configure service account credentials in the pod as a secret is good and has been the recommended method for quite a while now. However, Google recently introduced Workload Identity which allows you to link a k8s service account with a GCP IAM service account, you can then have your pod run with said k8s service account and use the IAM permissions that go with it