GKE tutorial Workload Identity inconsistency and other issues

[darkn3rd]

What happened: Current GKE documentation around Workload Identity (ref) has some issues:

• grants access to R/W Cloud DNS zones through scopes w/i the same project, making Workload Identity unnecessary
• assumes that both GKE cluster and CloudDNS are in the same project, when using GSA can access CloudDNS across projects
• inconsistent namespace usage, tutorial uses default, while these instructions use external-dns
• setting up nodeSelector for clusters with multiple NodePools is not listed, Workload Identity may not work. (ref)
• unecessarily redocuments ExternalDNS deployment and nginx example, when one deployment will work for all scenarios.
• binding current user context as a cluster-admin is not a typical required step, no further documentation on this step.

What you expected to happen: I would expect this to be more tightly integrated with the rest of the documentation, such as single-project vs multi-project scenarios, and the later includes Workload SA, static credentials, and Workload Identity. For static variables that are embedded in the instructions, this would be better if these are replacable variables, as it is more clear and consistent.

How to reproduce it (as minimally and precisely as possible): Follow the steps under https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/gke.md#gke-with-workload-identity.

Anything else we need to know?: Working on a PR to fix this one, can assign this one to me.

Environment:

• External-DNS version (use external-dns --version): v0.11.0
• DNS provider: google
• Kubernetes: v1.21.10-gke.2000