Your team has deployed a multi-tier application on Google Kubernetes Engine (GKE). The application needs to interact with Google Cloud Pub/Sub for event-driven processing. To ensure security, you are tasked to implement an authentication solution that adheres to the principle of least privilege. What should you do?