Imagine you're a member of the DevOps team at an expanding analytics company. Currently, the company deploys its Docker applications on on-premises Virtual Machines across three distinct environments: development, staging, and production. With plans to migrate these applications to Google Kubernetes Engine (GKE), the company emphasizes the importance of environment separation to facilitate IAM policy-based access restrictions. Which of the following strategies aligns with Google Cloud's best practices to meet this requirement?