diff --git a/tools/kubeconfig/genkubeconfig.ps1 b/tools/kubeconfig/genkubeconfig.ps1
new file mode 100644
index 0000000..0551333
--- /dev/null
+++ b/tools/kubeconfig/genkubeconfig.ps1
@@ -0,0 +1,9 @@
+$PWD = (Get-Item .).FullName
+$SCRIPTDIR = $PSScriptRoot
+
+kubectl apply -f $SCRIPTDIR/serviceaccount.yaml
+kubectl wait --for=jsonpath='{.data.token}' secret/admin-serviceaccount
+$SA_TOKEN=$(kubectl get secret admin-serviceaccount -o=go-template='{{.data.token | base64decode}}')
+cp ~/.kube/config kubeconfig-sa.yaml 
+docker run -v ${PWD}:/workdir -ti mikefarah/yq -i ".users |= [{\`"name\`":\`"admin-serviceaccount\`", \`"user\`": {\`"token\`":\`"${SA_TOKEN}\`"}}]" kubeconfig-sa.yaml
+docker run -v ${PWD}:/workdir -ti mikefarah/yq -i ".contexts[0].context.user |= \`"admin-serviceaccount\`"" kubeconfig-sa.yaml
diff --git a/tools/kubeconfig/genkubeconfig.sh b/tools/kubeconfig/genkubeconfig.sh
new file mode 100755
index 0000000..22cdc5d
--- /dev/null
+++ b/tools/kubeconfig/genkubeconfig.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -eo pipefail 
+set -o xtrace
+
+SCRIPTDIR=$(dirname "$0")
+
+kubectl apply -f $SCRIPTDIR/serviceaccount.yaml
+kubectl wait --for=jsonpath='{.data.token}' secret/admin-serviceaccount
+$SA_TOKEN=$(kubectl get secret admin-serviceaccount -o=go-template='{{.data.token | base64decode}}')
+cp ~/.kube/config kubeconfig-sa.yaml 
+docker run -v ${PWD}:/workdir -ti mikefarah/yq -i ".users |= [{\"name\":\"admin-serviceaccount\", \"user\": {\"token\":\"${SA_TOKEN}\"}}]" kubeconfig-sa.yaml
+docker run -v ${PWD}:/workdir -ti mikefarah/yq -i ".contexts[0].context.user |= \"admin-serviceaccount\"" kubeconfig-sa.yaml