Allow custom pod annotations (per job)

[max-lobur]

Right now to pass AWS secrets into pipeline I need to create a robot user and share its creds via secrets into a step.

We're using KIAM in AWS to assign IAM roles to pods. If drone allowed to add pod annotations like descibed here https://github.com/uswitch/kiam#overview to an underlying k8s job/pod we could use KIAM to pass credentials (via aws metadata)

Example:

kind: pipeline
name: default
k8s_annotations:
   iam.amazonaws.com/role: reportingdb-reader

steps:
  - name: build
    image: quay.io/org/img:0.1.0
...

Annotation should be passed to drone job level object, and then to k8s job -> pod correspondingly. Then every step inside the job should see creds via aws metadata

[bradrydzewski]

lets move the discussion to https://github.com/drone/drone-runtime/issues/38