prometheus-apb fails even with cluster-admin access

[cunningt]

I'm attempting to install the prometheus-apb on cdk 3.5.0 on Mac OS X and the prometheus-apb is failing, even when I assign cluster-admin to the developer account.

** config Mac OS X 3.5.0-1 cdk (cdk-3.5.0-1-minishift-darwin-amd64) oc v3.10

* Steps to reproduce using the 3.5.0-1 cdk (cdk-3.5.0-1-minishift-darwin-amd64) MINISHIFT_ENABLE_EXPERIMENTAL=y minishift start --ocp-tag v3.10.14 --extra-clusterup-flags "--enable=,service-catalog,automation-service-broker"

oc login -u system:admin oc export cm/broker-config -n openshift-automation-service-broker | sed 's/sandbox_role: .*/sandbox_role: \"admin\"/' | oc replace -f - cm/broker-config -n openshift-automation-service-broker oc rollout latest dc/openshift-automation-service-broker -n openshift-automation-service-broker oc adm policy add-cluster-role-to-user cluster-admin developer

DEPRECATED: APB playbooks should be stored at /opt/apb/project

  | cp: omitting directory ‘/opt/apb/actions/vars’   |     | PLAY [[PROMETHEUS APB][PROVISION] Provision application Prometheus APB] ****   |     | TASK [ansible.kubernetes-modules : Install latest openshift client] ****   | skipping: [localhost]   |     | TASK [ansibleplaybookbundle.asb-modules : debug] ***   | skipping: [localhost]   |     | TASK [prometheus-apb : [PROMETHEUS-APB][MAIN] MongoDB] *   | ok: [localhost] => {   | "msg": [   | "Entering on Main:",   | " Mode: provision",   | " State: present",   | " Plan: ephemeral"   | ]   | }   |     | TASK [prometheus-apb : [PROMETHEUS APB][MAIN] Deploying Prometheus] ****   | included: /opt/ansible/roles/prometheus-apb/tasks/prometheus.yml for localhost   |     | TASK [prometheus-apb : [PROMETHEUS][PROVISION] Set to present the Prometheus ServiceAccount] *   | changed: [localhost]   |     | TASK [prometheus-apb : [PROMETHEUS][PROVISION] Recover secret name] ****   | skipping: [localhost] => (item={u'kind': None, u'name': u'prometheus-dockercfg-t75q5', u'namespace': None, u'resource_version': None, u'field_path': None, u'api_version': None, u'uid': None})   | ok: [localhost] => (item={u'kind': None, u'name': u'prometheus-token-svmnp', u'namespace': None, u'resource_version': None, u'field_path': None, u'api_version': None, u'uid': None})   |     | TASK [prometheus-apb : [PROMETHEUS][PROVISION] Recovering Service Account token] *   | ok: [localhost]   |     | TASK [prometheus-apb : [PROMETHEUS][PROVISION] Creating a fact with the secret token of Service Account]   | ok: [localhost]   |     | TASK [prometheus-apb : [PROMETHEUS][PROVISION] Set to present RoleBinding for Service Account]   | fatal: [localhost]: FAILED! => {"changed": false, "error": 403, "msg": "Failed to retrieve requested object: rolebindings.rbac.authorization.k8s.io \"prometheus-view\" is forbidden: User \"system:serviceaccount:dh-prometheus-apb-prov-spprs:bundle-ed74d1b6-e96f-40c1-acb6-d12ed9148981\" cannot get rolebindings.rbac.authorization.k8s.io in the namespace \"foobar\": User \"system:serviceaccount:dh-prometheus-apb-prov-spprs:bundle-ed74d1b6-e96f-40c1-acb6-d12ed9148981\" cannot get rolebindings.rbac.authorization.k8s.io in project \"foobar\""}   |     | PLAY RECAP *****   | localhost : ok=6 changed=1 unreachable=0 failed=1

[cunningt]

This seems a lot like https://github.com/ansibleplaybookbundle/prometheus-apb/issues/5 but the suggested fixes there are not working.