You're developing an application that will run on a cluster of containers in Google Kubernetes Engine (GKE). You need to create a Docker image for your application in a way that minimizes the potential attack surface. Which of the following approaches would be the best way to achieve this?