You have a non-critical business application running on Google Kubernetes Engine (GKE) in the app-dev VPC. You have created an AlloyDB cluster with Private Service Access (PSA) and no public IP address in the db-dev VPC. You want your application to securely connect to AlloyDB in a cost-effective way. What should you do?

A. Set up a high availability VPN between the app-dev and db-dev VPCs. Connect the application directly to AlloyDB. B. Connect by using the private IP address of the AlloyDB cluster directly from the application. C. Connect by using AlloyDB Auth Proxy installed in the GKE cluster. D. Install a SOCKS proxy in a VM in the db-dev VPC. Install AlloyDB Auth Proxy in your GKE cluster, and connect to the AlloyDB cluster through the SOCKS server and port.