You are planning to establish a Google Kubernetes Engine (GKE) cluster, which mandates verifiable node identity and integrity. Additionally, the cluster's nodes must remain inaccessible from the public internet. To ensure your approach aligns with Google-recommended practices while minimizing the operational costs associated with managing the cluster, what steps should you take?