The story is, my boss want to reduce the risk of attackers taking advantage of super privileges service account. Since we will create a SA called cluster-admin and use it to control our K8S, my boss ask me to find a way, to achieve that only some IP sources (our bastion servers, for example) can use the cluster-admin SA. Is it possible? Since now I haven’t found related knowledge, thank you.