Status: OUT
GKE Autopilot eliminates infrastructure operations (always regional, Google-managed nodes, pod-level billing) but shifts the operational burden to identity design: Workload Identity Federation demands namespace and service account naming discipline where same-namespace same-name collisions create identity aliasing, and mistakes in identity configuration are harder to detect than infrastructure misconfiguration because they fail silently at authorization time rather than visibly at provisioning time.