diff --git a/bin/run_travis.sh b/bin/run_travis.sh
index ed0efa6ab..1022ad106 100755
--- a/bin/run_travis.sh
+++ b/bin/run_travis.sh
@@ -71,7 +71,5 @@ retry_test() {
 retry_test python kubernetes_integration_test.py; sleep 30
 retry_test python kubernetes_multi_frontend.py; sleep 30
 retry_test python kubernetes_namespace.py; sleep 30
-retry_test python multi_tenancy_test.py --kubernetes
-
-# TODO: disabled for now, will re-enable after RBAC PR
-# time python clipper_metric_kube.py
\ No newline at end of file
+retry_test python multi_tenancy_test.py --kubernetes; sleep 30
+retry_test python clipper_metric_kube.py
diff --git a/clipper_admin/clipper_admin/kubernetes/kubernetes_container_manager.py b/clipper_admin/clipper_admin/kubernetes/kubernetes_container_manager.py
index 1a2afd6c6..76233face 100644
--- a/clipper_admin/clipper_admin/kubernetes/kubernetes_container_manager.py
+++ b/clipper_admin/clipper_admin/kubernetes/kubernetes_container_manager.py
@@ -63,6 +63,10 @@
         'deployment': 'prom_deployment.yaml',
         'config': 'prom_configmap.yaml'
     },
+    'rbac': {
+        'clusterrole': 'rbac_cluster_role.yaml',
+        'clusterrolebinding': 'rbac_cluster_role_binding.yaml',
+    },
     'model': {
         'deployment': 'model-container-template.yaml'
     }
@@ -163,6 +167,8 @@ def __init__(self,
         configuration.assert_hostname = False
         self._k8s_v1 = client.CoreV1Api()
         self._k8s_beta = client.ExtensionsV1beta1Api()
+        self._k8s_rbac = client.RbacAuthorizationV1beta1Api()
+        
 
         # Create the template engine
         # Config: Any variable missing -> Error
@@ -249,6 +255,7 @@ def start_clipper(self,
                       qf_http_timeout_request,
                       qf_http_timeout_content,
                       num_frontend_replicas=1):
+        self._config_rbac()
         self._start_redis()
         self._start_mgmt(mgmt_frontend_image)
         self.num_frontend_replicas = num_frontend_replicas
@@ -383,6 +390,21 @@ def _start_prometheus(self):
             self._k8s_v1.create_namespaced_service(
                 body=service_data, namespace=self.k8s_namespace)
 
+    def _config_rbac(self):
+        with _pass_conflicts():
+            clusterrole_data = self._generate_config(
+                CONFIG_FILES['rbac']['clusterrole'],
+                cluster_name=self.cluster_name, namespace=self.k8s_namespace)
+            self._k8s_rbac.create_cluster_role(
+                body=clusterrole_data)
+
+        with _pass_conflicts():
+            clusterrolebinding_data = self._generate_config(
+                CONFIG_FILES['rbac']['clusterrolebinding'],
+                cluster_name=self.cluster_name, namespace=self.k8s_namespace)
+            self._k8s_rbac.create_cluster_role_binding(
+                body=clusterrolebinding_data)
+
     def _generate_config(self, file_path, **kwargs):
         template = self.template_engine.get_template(file_path)
         rendered = template.render(**kwargs)
@@ -659,6 +681,12 @@ def stop_all(self, graceful=True):
 
             self._k8s_v1.delete_collection_namespaced_config_map(
                 namespace=self.k8s_namespace, label_selector=cluster_selector)
+
+            self._k8s_rbac.delete_collection_cluster_role(
+                label_selector=cluster_selector)
+
+            self._k8s_rbac.delete_collection_cluster_role_binding(
+                label_selector=cluster_selector)
         except ApiException as e:
             logging.warning(
                 "Exception deleting kubernetes resources: {}".format(e))
diff --git a/clipper_admin/clipper_admin/kubernetes/rbac_cluster_role.yaml b/clipper_admin/clipper_admin/kubernetes/rbac_cluster_role.yaml
new file mode 100644
index 000000000..38c5a010e
--- /dev/null
+++ b/clipper_admin/clipper_admin/kubernetes/rbac_cluster_role.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  labels:
+    ai.clipper.container.label: {{ cluster_name }}
+    ai.clipper.name: prom-cluster-role
+  name: {{cluster_name}}-prometheus
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - nodes/proxy
+  - services
+  - endpoints
+  - pods
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses
+  verbs: ["get", "list", "watch"]
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
diff --git a/clipper_admin/clipper_admin/kubernetes/rbac_cluster_role_binding.yaml b/clipper_admin/clipper_admin/kubernetes/rbac_cluster_role_binding.yaml
new file mode 100644
index 000000000..b327cb087
--- /dev/null
+++ b/clipper_admin/clipper_admin/kubernetes/rbac_cluster_role_binding.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    ai.clipper.container.label: {{ cluster_name }}
+    ai.clipper.name: prom-cluster-role-binding
+  name: {{cluster_name}}-prometheus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{cluster_name}}-prometheus
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: {{ namespace }}
\ No newline at end of file