diff --git a/README.md b/README.md
index b8c0596..9b5137b 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,9 @@ Workshops included are:
   demonstrating creation of a virtual cluster per workshop session using the
   builtin support provided by Educates.
 
+* [lab-admin-vcluster](workshops/lab-admin-vcluster) - A workshop demonstrating
+  creation of a virtual cluster with full admin access to the cluster.
+
 * [lab-shared-vcluster](workshops/lab-shared-vcluster) - A workshop
   demonstrating creation of a shared virtual cluster for the whole environment,
   with workshops users getting access to only a single namespace in the virtual
diff --git a/resources/trainingportal.yaml b/resources/trainingportal.yaml
index 61ea9cd..0ecc76b 100644
--- a/resources/trainingportal.yaml
+++ b/resources/trainingportal.yaml
@@ -19,6 +19,11 @@ spec:
     overtime: 10m
     deadline: 60m
     orphaned: 5m
+  - name: lab-admin-vcluster
+    expires: 40m
+    overtime: 10m
+    deadline: 60m
+    orphaned: 5m
   - name: lab-shared-vcluster
     expires: 40m
     overtime: 10m
diff --git a/workshops/lab-admin-vcluster/README.md b/workshops/lab-admin-vcluster/README.md
new file mode 100644
index 0000000..11027b4
--- /dev/null
+++ b/workshops/lab-admin-vcluster/README.md
@@ -0,0 +1,7 @@
+Admin vcluster
+==============
+
+This workshop demonstrates the creation of a virtual cluster providing full
+admin access. Rather than using the builtin feature of Educates to do this, a
+Helm chart deployment is used, with it being deployed using the `App` resource
+of `kapp-controller`.
diff --git a/workshops/lab-admin-vcluster/resources/workshop.yaml b/workshops/lab-admin-vcluster/resources/workshop.yaml
new file mode 100644
index 0000000..bb130e2
--- /dev/null
+++ b/workshops/lab-admin-vcluster/resources/workshop.yaml
@@ -0,0 +1,139 @@
+#@ load("@ytt:data", "data")
+
+#@ imageCaching = getattr(data.values, "imageCaching", True)
+
+---
+apiVersion: training.educates.dev/v1beta1
+kind: Workshop
+metadata:
+  name: "lab-admin-vcluster"
+spec:
+  title: "Test of admin virtual cluster"
+  description: "Test of shared virtual cluster providing full admin access."
+  publish:
+    image: $(image_repository)/labs-vcluster-testing/lab-admin-vcluster-files:$(workshop_version)
+    files:
+    - directory:
+        path: workshop
+      path: workshop
+    - directory:
+        path: ../../packages
+      path: packages
+  workshop:
+    files:
+    #@ if imageCaching:
+    - http:
+        url: http://$(assets_repository)/.tgz
+      includePaths:
+      - workshop/**
+    #@ else:
+    - image:
+        url: $(image_repository)/labs-vcluster-testing/lab-admin-vcluster-files:$(workshop_version)
+      includePaths:
+      - workshop/**
+    #@ end
+  session:
+    namespaces:
+      budget: large
+      security:
+        policy: baseline
+        token:
+          enabled: false
+    applications:
+      terminal:
+        enabled: true
+        layout: split
+      editor:
+        enabled: true
+      console:
+        enabled: true
+        vendor: octant
+        octant:
+          version: latest
+      vcluster:
+        enabled: false
+    volumes:
+    - name: admin-credentials-config
+      secret:
+        secretName: $(session_name)-kubeconfig
+    - name: session-credentials-config
+      emptyDir: {}
+    volumeMounts:
+    - name: admin-credentials-config
+      mountPath: /opt/kubeconfig
+    objects:
+    - apiVersion: v1
+      kind: Secret
+      metadata:
+        name: $(session_name)-admin-vcluster-values
+        namespace: $(workshop_namespace)
+      stringData:
+        values.yaml: |
+          vcluster:
+            image: rancher/k3s:v1.25.3-k3s1
+          syncer:
+            extraArgs:
+            - --tls-san=admin-vcluster.$(session_namespace).svc.$(cluster_domain)
+            - --out-kube-config-server=https://admin-vcluster.$(session_namespace).svc.$(cluster_domain)
+    - apiVersion: kappctrl.k14s.io/v1alpha1
+      kind: App
+      metadata:
+        name: $(session_name)-admin-vcluster-package
+        namespace: $(workshop_namespace)
+      spec:
+        serviceAccountName: kapp-installer
+        syncPeriod: 720h
+        noopDelete: true
+        fetch:
+        - helmChart:
+            name: vcluster
+            repository:
+              url: https://charts.loft.sh
+        template:
+        - helmTemplate:
+            name: admin-vcluster
+            namespace: $(session_namespace)
+            valuesFrom:
+            - secretRef:
+                name: $(session_name)-admin-vcluster-values
+        deploy:
+        - kapp:
+            rawOptions:
+            - --app-changes-max-to-keep=5
+    - apiVersion: secrets.educates.dev/v1beta1
+      kind: SecretCopier
+      metadata:
+        name: $(session_name)-kubeconfig
+      spec:
+        rules:
+        - sourceSecret:
+            name: vc-admin-vcluster
+            namespace: $(session_namespace)
+          targetNamespaces:
+            nameSelector:
+              matchNames:
+              - $(workshop_namespace)
+          targetSecret:
+            name: $(session_name)-kubeconfig
+  environment:
+    assets:
+      files:
+      - image:
+          url: $(image_repository)/labs-vcluster-testing/lab-admin-vcluster-files:$(workshop_version) 
+    objects:
+    - apiVersion: v1
+      kind: ServiceAccount
+      metadata:
+        name: kapp-installer
+    - apiVersion: rbac.authorization.k8s.io/v1
+      kind: ClusterRoleBinding
+      metadata:
+        name: kapp-installer-$(workshop_namespace)
+      roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: cluster-admin
+      subjects:
+        - kind: ServiceAccount
+          name: kapp-installer
+          namespace: $(workshop_namespace)
diff --git a/workshops/lab-admin-vcluster/workshop/config.yaml b/workshops/lab-admin-vcluster/workshop/config.yaml
new file mode 100644
index 0000000..1946240
--- /dev/null
+++ b/workshops/lab-admin-vcluster/workshop/config.yaml
@@ -0,0 +1,31 @@
+# pathways:
+#   default: workshop
+#
+#   paths:
+#     workshop:
+#       title: "Workshop"
+#
+#       steps:
+#       - 00-workshop-overview
+#       - 01-workshop-instructions
+#       - 99-workshop-summary
+#
+#       params:
+#       - name: NAME
+#         value: undefined
+#         aliases:
+#         - ALIAS
+
+# modules:
+# - name: 00-workshop-overview
+#   title: Workshop Overview
+# - name: 01-workshop-instructions
+#   title: Workshop Instructions
+# - name: 99-workshop-summary
+#   title: Workshop Summary
+
+# params:
+# - name: NAME
+#   value: undefined
+#   aliases:
+#   - ALIAS
diff --git a/workshops/lab-admin-vcluster/workshop/content/00-workshop-overview.md b/workshops/lab-admin-vcluster/workshop/content/00-workshop-overview.md
new file mode 100644
index 0000000..f5fe0c3
--- /dev/null
+++ b/workshops/lab-admin-vcluster/workshop/content/00-workshop-overview.md
@@ -0,0 +1 @@
+This is the initial landing page for your workshop. Include in this page a description of what your workshop is about.
diff --git a/workshops/lab-admin-vcluster/workshop/content/01-workshop-instructions.md b/workshops/lab-admin-vcluster/workshop/content/01-workshop-instructions.md
new file mode 100644
index 0000000..2b9a4d3
--- /dev/null
+++ b/workshops/lab-admin-vcluster/workshop/content/01-workshop-instructions.md
@@ -0,0 +1 @@
+This is the first page of the workshop instructions, create as many separate pages as you need to. If necessary pages can be located in sub directories to provided grouping.
\ No newline at end of file
diff --git a/workshops/lab-admin-vcluster/workshop/content/99-workshop-summary.md b/workshops/lab-admin-vcluster/workshop/content/99-workshop-summary.md
new file mode 100644
index 0000000..05cebf5
--- /dev/null
+++ b/workshops/lab-admin-vcluster/workshop/content/99-workshop-summary.md
@@ -0,0 +1 @@
+This is the last page of the workshop. Include in this page a summary of the workshop and any links to resources relevant to the workshop. This ensures anyone doing the workshop has material they can research later to learn more.