{"id":"gke-workload-identity-requires-namespace-discipline","text":"GKE Workload Identity Federation is the recommended API access pattern but requires namespace and service account naming discipline: same namespace + SA name across clusters creates identity collisions, and the pool format is permanent (not deletable).","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"gke-workload-identity-requires-namespace-discipline","truth_value":"IN","reason":"premise"}]}}