Status: OUT
GKE Autopilot eliminates all infrastructure operations (always regional, Google-managed nodes, pod-level billing) but the identity design it shifts to is itself fragile: Workload Identity isolation depends on namespace + service account naming conventions across clusters (same name = same IAM identity), and service accounts require active hardening against dual-nature privilege escalation — concentrating all Autopilot operational risk into Kubernetes naming discipline and IAM policy hygiene.