An application requires access to Cloud SQL from GKE pods.Which approach BEST follows Google's security best practices?