Currently, we use the node:node_memory_bytes_total:sum and node:node_memory_bytes_available:sum
recording rules for the memory node query.
These recording rules have been removed in https://github.com/coreos/kube-prometheus/pull/191.
This fixes it by using raw queries.
Currently, only cluster wide admins have the permissions to view
metrics resources. This fixes it by adding a read-only cluster role
which includes aggregation labels to synthesize permission rules for
standard user-facing roles according to [1].
Note that only the "pods" resource is granted as reading "nodes"
metrics requires a cluster wide permission.
[1] https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
cAdvisor exposes metrics for each cgroup hierachy step, and containers
are part of the respective pod's hierarchy, causing double accounting
when not filtered appropriately.
