diff --git a/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-reader/clusterrolebinding.yaml b/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-reader/clusterrolebinding.yaml
new file mode 100644
index 00000000..08875cac
--- /dev/null
+++ b/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-reader/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cluster-admins-nerc-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-reader
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: cluster-admins
diff --git a/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-reader/kustomization.yaml b/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-reader/kustomization.yaml
new file mode 100644
index 00000000..464a5f99
--- /dev/null
+++ b/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-reader/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+    - clusterrolebinding.yaml
diff --git a/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-sudoer/clusterrolebinding.yaml b/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-sudoer/clusterrolebinding.yaml
new file mode 100644
index 00000000..2451e772
--- /dev/null
+++ b/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-sudoer/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cluster-admins-nerc-sudoer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: sudoer
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: cluster-admins
diff --git a/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-sudoer/kustomization.yaml b/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-sudoer/kustomization.yaml
new file mode 100644
index 00000000..464a5f99
--- /dev/null
+++ b/cluster-scope/base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-sudoer/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+    - clusterrolebinding.yaml
diff --git a/cluster-scope/base/user.openshift.io/groups/cluster-admins/group.yaml b/cluster-scope/base/user.openshift.io/groups/cluster-admins/group.yaml
new file mode 100644
index 00000000..07a49b55
--- /dev/null
+++ b/cluster-scope/base/user.openshift.io/groups/cluster-admins/group.yaml
@@ -0,0 +1,5 @@
+apiVersion: user.openshift.io/v1
+kind: Group
+metadata:
+  name: cluster-admins
+users: []
diff --git a/cluster-scope/base/user.openshift.io/groups/cluster-admins/kustomization.yaml b/cluster-scope/base/user.openshift.io/groups/cluster-admins/kustomization.yaml
new file mode 100644
index 00000000..32f10e89
--- /dev/null
+++ b/cluster-scope/base/user.openshift.io/groups/cluster-admins/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+    - group.yaml
diff --git a/cluster-scope/bundles/cluster-admin-rbac/kustomization.yaml b/cluster-scope/bundles/cluster-admin-rbac/kustomization.yaml
new file mode 100644
index 00000000..c5a71773
--- /dev/null
+++ b/cluster-scope/bundles/cluster-admin-rbac/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-sudoer
+- ../../base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-reader
+- ../../base/user.openshift.io/groups/cluster-admins
diff --git a/cluster-scope/overlays/common/kustomization.yaml b/cluster-scope/overlays/common/kustomization.yaml
index 95110c33..7417e9e8 100644
--- a/cluster-scope/overlays/common/kustomization.yaml
+++ b/cluster-scope/overlays/common/kustomization.yaml
@@ -6,3 +6,4 @@ resources:
 - ../../base/operators.coreos.com/subscriptions/external-secrets-operator
 - ../../base/config.openshift.io/oauths/cluster
 - ../../base/rbac.authorization.k8s.io/clusterrolebindings/self-provisioners
+- ../../bundles/cluster-admin-rbac/
diff --git a/cluster-scope/overlays/nerc-ocp-infra/groups/cluster-admins_patch.yaml b/cluster-scope/overlays/nerc-ocp-infra/groups/cluster-admins_patch.yaml
new file mode 100644
index 00000000..e67e9324
--- /dev/null
+++ b/cluster-scope/overlays/nerc-ocp-infra/groups/cluster-admins_patch.yaml
@@ -0,0 +1,16 @@
+apiVersion: user.openshift.io/v1
+kind: Group
+metadata:
+  name: cluster-admins
+  annotations:
+    kustomize.config.k8s.io/behavior: replace
+users:
+- jtriley
+- larsks
+- tzumainn
+- chrisstafford
+- knikolla
+- aabaris
+- naved001
+- joachimweyl
+- mikthoma
diff --git a/cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml b/cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml
index d4fba761..734e77d1 100644
--- a/cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml
+++ b/cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml
@@ -9,3 +9,4 @@ resources:
 
 patches:
   - path: oauths/cluster_patch.yaml
+  - path: groups/cluster-admins_patch.yaml