Support IAM roles for service accounts to access external object storage

Gitlab currently supports kiam and kube2iam as ways of accessing external object storage using IAM roles. Recently Amazon introduced IAM Roles for Service Accounts (IRSA) as their integrated solution for fine-grained IAM roles for service accounts in EKS (see: https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/).

Our existing EKS clusters use IRSA and we do not want to set up kiam or kube2iam just for Gitlab. It would be great if Gitlab could support the preferred solution that EKS now offers.

This issue is somewhat related to #1156 (closed), but may require some additional work.

Progress update

At this point IAM roles for service accounts are supported, however backup/restore does not. We believe we are blocked by some upstream support issues.