By default, the Kubernetes metrics endpoints are restricted. I don't think they're worth protecting with authentication, so I've added a cluster role/binding to allow anonymous access to them.
