Status: OUT
GKE Workload Identity eliminates service account keys via WIF's unified keyless pattern but makes identity isolation depend on naming conventions: same namespace + service account name across clusters in the same project maps to the same IAM identity, shifting the security boundary from cryptographic keys to organizational naming discipline.