Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to a Kubernetes cluster in the production environment. The security auditor is concerned that developers or operators could circumvent automated testing and push code changes to production without approval. What should you do to enforce approvals?

A. Configure the build system with protected branches that require pull request approval. B. Use an Admission Controller to verify that incoming requests originate from approved sources. C. Leverage Kubernetes Role-Based Access Control (RBAC) to restrict access to only approved users. D. Enable binary authorization inside the Kubernetes cluster and configure the build pipeline as an attestor.