diff --git a/clusters/staging/tenants/podinfo.yaml b/clusters/staging/tenants/podinfo.yaml
index c449b76..b7b80e7 100644
--- a/clusters/staging/tenants/podinfo.yaml
+++ b/clusters/staging/tenants/podinfo.yaml
@@ -4,3 +4,29 @@ metadata:
   name: podinfo
   labels:
     toolkit.fluxcd.io/tenant: dev-team
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    toolkit.fluxcd.io/tenant: dev-team
+  name: flux
+  namespace: podinfo
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    toolkit.fluxcd.io/tenant: dev-team
+  name: flux
+  namespace: podinfo
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  # This binding limits the access to the namespace
+  # being a RoleBinding instead of a ClusterRoleBinding
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: flux
+    namespace: podinfo
diff --git a/hub/staging.yaml b/hub/staging.yaml
index 26ff905..6a17c4f 100644
--- a/hub/staging.yaml
+++ b/hub/staging.yaml
@@ -49,3 +49,6 @@ spec:
           value:
             secretRef:
               name: cluster-kubeconfig
+        - op: add
+          path: /spec/serviceAccountName
+          value: flux