Allow use of Workload Identity for GCS backups

[jmehitch]

Please, answer some short questions which should help us to understand your problem / question better?

• Which image of the operator are you using? registry.opensource.zalan.do/acid/postgres-operator:v1.8.2
• Where do you run it - cloud or metal? Kubernetes or OpenShift? GCP - GKE
• Are you running Postgres Operator in production? yes
• Type of issue? feature request

As mentioned in this issue: #1980, the only way to authenticate to GCP is by providing a GCP service account key (as documented here).

It would be great if the postgres-operator could support using Workload Identity when writing backups to a GCS bucket. As WI is now the recommended method of authenticating when using service accounts in GKE by Google (https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform#use_workload_identity).

[FxKu]

Feel free to open a PR on this topic. We don't use GCS so I cannot easily test it myself. I have no objections making fields in the config CRD not a requirement.

[jmehitch]

We revisited this task and it turns out this is already possible without making any code changes - I have updated the documentation in the above PR explaining how this can be done.