Kubernetes provider displays no info because of missing cluster-reader ClusterRole


Hi everyone, ManageIQ newbie here.

I have a remote k8s (not OpenShift) cluster and I want to manage it through ManageIQ.

I performed the steps described at the section` Prepare cluster for use with ManageIQ listed here. Notice how there is a ClusterRoleBinding to a ClusterRole called cluster-reader. Then I successfully added a corresponding k8s containers provider to ManageIQ:

The problem is that the dashboard reports 0 services, 0 nodes, etc…, and this of course is not correct, I do have services and associated pods running in the cluster:

I looked at the contents of /var/www/miq/vmdb/log/evm.log in the virtual appliance and found this message:

[----] E, [2018-06-21T10:06:40.397410 #13333:6bc9e80] ERROR – : [KubeException]: events is forbidden: User “system:serviceaccount:management-infra:management-admin” cannot list events at the cluster scope: clusterrole.rbac.authorization.k8s.io “cluster-reader” not found Method:[block in method_missing]

So what’s happening is that the ClusterRole cluster-reader is not defined in my cluster. I double checked with “kubectl get …” and could not find it. Bear in mind that I did not set up the cluster, I was only given access to it. Also, at the section Prepare cluster for use with ManageIQ I used to prepare the cluster to interact with ManageIQ (here)
, step nbr. 3 says:

But executing the listed command grants the cluster-reader cluster role to a subject of Kind User, not ServiceAccount. Again, I double checked with “kubectl get …” and that’s correct (only the relevant portion of the output is reported):


Is this normal?

I think one possible solution is to create cluster-reader manually, but I don’t know what are the permissions it grants or where to find the .yaml where it’s defined.

So does anyone have any helpful hints on how to solve this?