diff --git a/internal/tools/deploy/deploy.go b/internal/tools/deploy/deploy.go
index fea297d..837103d 100644
--- a/internal/tools/deploy/deploy.go
+++ b/internal/tools/deploy/deploy.go
@@ -231,6 +231,16 @@ func Deploy(ctx context.Context, kube client.Client, opts DeployOptions) (err er
 		}
 	}
 
+	crbAdmin := rbactools.CreateClusterRoleBindingAdmin(types.NamespacedName{
+		Namespace: opts.NamespacedName.Namespace,
+		Name:      opts.NamespacedName.Name,
+	})
+
+	err = rbactools.InstallClusterRoleBinding(ctx, opts.KubeClient, &crbAdmin)
+	if err != nil {
+		return err, rbacErr
+	}
+
 	dep, err := deployment.CreateDeployment(gvr, opts.NamespacedName, opts.CDCImageTag)
 	if err != nil {
 		return err, rbacErr
diff --git a/internal/tools/rbactools/clusterrolebinding.go b/internal/tools/rbactools/clusterrolebinding.go
index c58a889..75846fc 100644
--- a/internal/tools/rbactools/clusterrolebinding.go
+++ b/internal/tools/rbactools/clusterrolebinding.go
@@ -2,6 +2,7 @@ package rbactools
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/avast/retry-go"
 	rbacv1 "k8s.io/api/rbac/v1"
@@ -84,3 +85,27 @@ func CreateClusterRoleBinding(opts types.NamespacedName) rbacv1.ClusterRoleBindi
 		},
 	}
 }
+
+func CreateClusterRoleBindingAdmin(opts types.NamespacedName) rbacv1.ClusterRoleBinding {
+	return rbacv1.ClusterRoleBinding{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "rbac.authorization.k8s.io/v1",
+			Kind:       "ClusterRoleBinding",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: fmt.Sprintf("%s-admin", opts.Name),
+		},
+		RoleRef: rbacv1.RoleRef{
+			APIGroup: "rbac.authorization.k8s.io",
+			Kind:     "ClusterRole",
+			Name:     "cluster-admin",
+		},
+		Subjects: []rbacv1.Subject{
+			{
+				Kind:      "ServiceAccount",
+				Name:      opts.Name,
+				Namespace: opts.Namespace,
+			},
+		},
+	}
+}