Support GKE workload identity
Summary
GitLab charts supports GKE workload identity: https://docs.gitlab.com/charts/advanced/external-object-storage/gke-workload-identity.html.
The Operator uses pre-defined service accounts which are bound to the workloads: https://docs.gitlab.com/operator/security_context_constraints.html.
Once we support binding arbitrary service accounts (#1089 (closed)), we can test and document how to setup GKE workload identity with the Operator.
Acceptance Criteria
-
GKE workload identity tested -
GKE workload identity & service account setup documented