You are developing a container build pipeline for an application hosted on GKE. You have the following requirements:
• Only images that are created using your build pipeline should be deployed on your GKE cluster.
• All code and build artifacts should remain within your environment and protected from data exfiltration.
How should you build the pipeline?

A. 1. Create a build pipeline by using Cloud Build with the default worker pool.
2. Deploy container images to a private container registry in your VPC.
3. Create a VPC firewall policy in your project that denies all egress and ingress traffic to public networks. B. 1. Create a build pipeline by using Cloud Build with a private worker pool.
2. Use VPC Service Controls to place all components and services in your CI/CD pipeline inside a security perimeter.
3. Configure your GKE cluster to only allow container images signed by Binary Authorization. C. 1. Create a build pipeline by using Cloud Build with a private worker pool.
2. Configure the CI/CD pipeline to build container images and store them in Artifact Registry.
3. Configure Artifact Registry to encrypt container images by using customer-managed encryption keys (CMEK). D. 1. Create a build pipeline by using Cloud Build with the default worker pool.
2. Configure the CI/CD pipeline to build container images and store them in Artifact Registry.
3. Configure your GKE cluster to only allow container images signed by Binary Authorization.