Following your organization's recent adoption of a container-based workflow for application development, your team consistently deploys numerous applications to a Kubernetes cluster in the production environment through an automated build pipeline. However, the security auditor has expressed concerns regarding the potential for developers or operators to bypass automated testing and push unauthorized code changes to production. How can you enforce approvals in this scenario?