Establish a centralized project for Cloud Build shared by all teams. Identify the Cloud Build service account within this project and assign the Kubernetes Engine Developer IAM role to this account in every team's project.

Restrict team members' access to their respective clusters only. Have each member install the gcloud CLI, authenticate via 'gcloud init', and execute builds using 'gcloud builds submit'.

In each team's project, create a service account with a JSON key, granting it the Kubernetes Engine Developer IAM role. Use a single Cloud Build project to store all service account keys encrypted with Cloud KMS, allowing Cloud Build to decrypt these keys for cluster access during builds.