As a DevOps engineer in a rapidly expanding analytics company, you're tasked with migrating docker applications from on-premises Virtual Machines to Google Kubernetes Engine (GKE). The company operates in three distinct environments: development, staging, and production. A critical requirement is the separation of these environments to facilitate access restriction via IAM policies. According to Google Cloud Platform's (GCP) best practices, which of the following strategies would best meet this requirement?