As you develop a microservice-based application to operate on Google Kubernetes Engine (GKE), certain services require access to various Google Cloud APIs. How should you configure authentication for these services within the cluster, adhering to Google's recommended best practices? (Select two.)