diff --git a/cmd/cmd.go b/cmd/cmd.go
index 709e01bf..49446858 100644
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -180,6 +180,7 @@ import (
 	_ "github.com/sikalabs/slu/cmd/scripts/gitstats_docker"
 	_ "github.com/sikalabs/slu/cmd/scripts/infracost_here"
 	_ "github.com/sikalabs/slu/cmd/scripts/kubernetes"
+	_ "github.com/sikalabs/slu/cmd/scripts/kubernetes/create_cluster_admin"
 	_ "github.com/sikalabs/slu/cmd/scripts/kubernetes/install_all"
 	_ "github.com/sikalabs/slu/cmd/scripts/kubernetes/install_argocd"
 	_ "github.com/sikalabs/slu/cmd/scripts/kubernetes/install_cert_manager"
diff --git a/cmd/scripts/kubernetes/create_cluster_admin/create_cluster_admin.go b/cmd/scripts/kubernetes/create_cluster_admin/create_cluster_admin.go
new file mode 100644
index 00000000..f21d4b77
--- /dev/null
+++ b/cmd/scripts/kubernetes/create_cluster_admin/create_cluster_admin.go
@@ -0,0 +1,59 @@
+package create_cluster_admin
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strconv"
+	"time"
+
+	parent_cmd "github.com/sikalabs/slu/cmd/scripts/kubernetes"
+	"github.com/sikalabs/slu/utils/k8s"
+	"github.com/sikalabs/slu/utils/k8s_scripts"
+	"github.com/spf13/cobra"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+var FlagDry bool
+
+var Cmd = &cobra.Command{
+	Use:     "create-cluster-admin",
+	Short:   "Create Cluster Admin (RBAC)",
+	Aliases: []string{"cca"},
+	Args:    cobra.NoArgs,
+	Run: func(c *cobra.Command, args []string) {
+		suffix := strconv.Itoa(int(time.Now().Unix()))
+		k8s_scripts.CreateClusterAdmin(suffix, FlagDry)
+		token := getTokenOrDie("kube-system", "cluster-admin-"+suffix)
+		fmt.Println("cluster-admin-" + suffix)
+		fmt.Println(token)
+	},
+}
+
+func init() {
+	parent_cmd.Cmd.AddCommand(Cmd)
+	Cmd.Flags().BoolVar(
+		&FlagDry,
+		"dry",
+		false,
+		"Dry run",
+	)
+}
+
+func getTokenOrDie(namespace string, serviceAccount string) string {
+	clientset, _, _ := k8s.KubernetesClient()
+
+	saClient := clientset.CoreV1().ServiceAccounts(namespace)
+	secretClient := clientset.CoreV1().Secrets(namespace)
+
+	sa, err := saClient.Get(context.TODO(), serviceAccount, metav1.GetOptions{})
+	if err != nil {
+		log.Fatal(err)
+	}
+	secret, err := secretClient.Get(context.TODO(), sa.Secrets[0].Name, metav1.GetOptions{})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	return string(secret.Data["token"])
+}