To ensure secure deployments in your container-based workflow, your organization needs to implement a mechanism that prevents unauthorized code changes from being pushed to production without proper approvals. Given that your team uses an automated build pipeline to deploy applications to a Kubernetes cluster, what steps should you take to enforce mandatory approvals before code reaches the production environment?