You are developing a banking application on Google Kubernetes Engine. Your security team mandates the following for the cluster: Nodes must have verifiable identity and integrity, and should not be reachable from the internet. How can you meet these requirements while minimizing operational costs?