Merge remote-tracking branch 'origin/master' into feature/ingress_class_api_view

# Conflicts: # src/common/rbac.ts
2025-05-20 05:10:56 +00:00 · 2022-12-27 12:55:11 +02:00 · 2022-12-27 12:55:11 +02:00 · 4c44b76f24
commit 4c44b76f24
parent 6492770fa6 44bc703606
363 changed files with 3866 additions and 5580 deletions
--- a/.eslintrc.js
+++ b/.eslintrc.js
@ -11,7 +11,6 @@ module.exports = {
    "**/dist/**/*",
    "**/static/**/*",
    "**/site/**/*",
-    "extensions/*/*.tgz",
    "build/webpack/**/*",
  ],
  settings: {
--- a/.github/workflows/publish-master-npm.yml
+++ b/.github/workflows/publish-master-npm.yml
@ -1,17 +1,16 @@
 name: Publish NPM Package `master`
 on:
-  push:
-    branches:
-      - master
+  pull_request:
+    types:
+      - closed
 concurrency:
  group: publish-master-npm
  cancel-in-progress: true
 jobs:
  publish:
-    name: Publish NPM Package `master`
+    name: Publish Extensions NPM Package `master`
    runs-on: ubuntu-latest
-    if: |
-      ${{ github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'area/extension') }}
+    if: ${{ github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'area/extension') }}
    strategy:
      matrix:
        node-version: [16.x]
@ -28,11 +27,11 @@ jobs:

      - name: Generate NPM package
        run: |
-          make build-npm
+          make build-extensions-npm

      - name: publish new release
        run: |
-          make publish-npm
+          make publish-extensions-npm
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
          NPM_RELEASE_TAG: master
--- a/.github/workflows/publish-release-npm.yml
+++ b/.github/workflows/publish-release-npm.yml
@ -12,8 +12,8 @@ on:
        type: string
        description: The version to release manually
 jobs:
-  publish:
-    name: Publish NPM Package Release
+  publish-extensions:
+    name: Publish Extensions NPM Package Release
    runs-on: ubuntu-latest
    strategy:
      matrix:
@ -32,10 +32,37 @@ jobs:

      - name: Generate NPM package
        run: |
-          make build-npm
+          make build-extensions-npm

-      - name: publish new release
+      - name: Publish NPM package
        run: |
-          make publish-npm
+          make publish-extensions-npm
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  publish-library:
+    name: Publish Library NPM Package Release
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [16.x]
+    steps:
+      - name: Checkout Release
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ inputs.version }}
+
+      - name: Using Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Generate NPM package
+        run: |
+          make build-library-npm
+
+      - name: Publish NPM package
+        run: |
+          make publish-library-npm
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -57,10 +57,6 @@ jobs:
        name: Run tests
        if: ${{ matrix.type == 'unit' }}

-      - run: make test-extensions
-        name: Run In-tree Extension tests
-        if: ${{ matrix.type == 'unit' }}
-
      - run: make ci-validate-dev
        if: ${{ contains(github.event.pull_request.labels.*.name, 'dependencies') && matrix.type == 'unit' }}
        name: Validate dev mode will work
--- a/.gitignore
+++ b/.gitignore
@ -10,11 +10,6 @@ static/build
 static/types
 binaries/client/
 binaries/server/
-src/extensions/*/*.js
-src/extensions/*/*.d.ts
-types/extension-api.d.ts
-types/extension-renderer-api.d.ts
-extensions/*/dist
 docs/extensions/api
 site/
 build/webpack/
--- a/.idea/lens.iml
+++ b/.idea/lens.iml
@ -6,10 +6,6 @@
      <excludeFolder url="file://$MODULE_DIR$/.tmp" />
      <excludeFolder url="file://$MODULE_DIR$/tmp" />
      <excludeFolder url="file://$MODULE_DIR$/node_modules" />
-      <excludeFolder url="file://$MODULE_DIR$/extensions/kube-object-event-status/node_modules" />
-      <excludeFolder url="file://$MODULE_DIR$/extensions/metrics-cluster-feature/node_modules" />
-      <excludeFolder url="file://$MODULE_DIR$/extensions/node-menu/node_modules" />
-      <excludeFolder url="file://$MODULE_DIR$/extensions/pod-menu/node_modules" />
      <excludeFolder url="file://$MODULE_DIR$/static/build" />
      <excludeFolder url="file://$MODULE_DIR$/src/extensions/npm/extensions/dist" />
      <excludeFolder url="file://$MODULE_DIR$/dist" />
@ -20,4 +16,4 @@
    <orderEntry type="sourceFolder" forTests="false" />
    <orderEntry type="library" name="ogre-tools" level="project" />
  </component>
-</module>
+</module>
--- a/68
+++ b/68
@ -5,10 +5,6 @@ CMD_ARGS = $(filter-out $@,$(MAKECMDGOALS))

 NPM_RELEASE_TAG ?= latest
 ELECTRON_BUILDER_EXTRA_ARGS ?=
-EXTENSIONS_DIR = ./extensions
-extensions = $(foreach dir, $(wildcard $(EXTENSIONS_DIR)/*), ${dir})
-extension_node_modules = $(foreach dir, $(wildcard $(EXTENSIONS_DIR)/*), ${dir}/node_modules)
-extension_dists = $(foreach dir, $(wildcard $(EXTENSIONS_DIR)/*), ${dir}/dist)

 ifeq ($(OS),Windows_NT)
    DETECTED_OS := Windows
@ -28,10 +24,10 @@ compile-dev: node_modules
 	yarn compile:renderer --cache

 .PHONY: validate-dev
-ci-validate-dev: binaries/client build-extensions compile-dev
+ci-validate-dev: binaries/client compile-dev

 .PHONY: dev
-dev: binaries/client build-extensions
+dev: binaries/client
 	rm -rf static/build/
 	yarn run build:tray-icons
 	yarn dev
@ -54,7 +50,6 @@ integration: build

 .PHONY: build
 build: node_modules binaries/client
-	$(MAKE) build-extensions -B
 	yarn run build:tray-icons
 	yarn run compile
 ifeq "$(DETECTED_OS)" "Windows"
@ -63,47 +58,35 @@ ifeq "$(DETECTED_OS)" "Windows"
 endif
 	yarn run electron-builder --publish onTag $(ELECTRON_BUILDER_EXTRA_ARGS)

-.NOTPARALLEL: $(extension_node_modules)
-$(extension_node_modules): node_modules
-	cd $(@:/node_modules=) && ../../node_modules/.bin/npm install --no-audit --no-fund --no-save
-
-$(extension_dists): src/extensions/npm/extensions/dist $(extension_node_modules)
-	cd $(@:/dist=) && ../../node_modules/.bin/npm run build
-	rm -rf ./node_modules/$(shell basename $(@:/dist=))
-
-.PHONY: clean-old-extensions
-clean-old-extensions:
-	find ./extensions -mindepth 1 -maxdepth 1 -type d '!' -exec test -e '{}/package.json' \; -exec rm -rf {} \;
-
-.PHONY: build-extensions
-build-extensions: node_modules clean-old-extensions $(extension_dists)
-	yarn install --check-files --frozen-lockfile --network-timeout=100000
-
-.PHONY: test-extensions
-test-extensions: $(extension_node_modules)
-	$(foreach dir, $(extensions), (cd $(dir) && npm run test || exit $?);)
-
 src/extensions/npm/extensions/__mocks__:
 	cp -r __mocks__ src/extensions/npm/extensions/

-src/extensions/npm/extensions/dist: src/extensions/npm/extensions/node_modules
+packages/extensions/dist: packages/extensions/node_modules
 	yarn compile:extension-types

-src/extensions/npm/extensions/node_modules: src/extensions/npm/extensions/package.json
-	cd src/extensions/npm/extensions/ && ../../../../node_modules/.bin/npm install --no-audit --no-fund --no-save
+packages/extensions/node_modules: packages/extensions/package.json
+	cd packages/extensions/ && ../../node_modules/.bin/npm install --no-audit --no-fund --no-save

-.PHONY: build-npm
-build-npm: build-extension-types src/extensions/npm/extensions/__mocks__
-	yarn npm:fix-package-version
+.PHONY: build-extensions-npm
+build-extensions-npm: build-extension-types packages/extensions/__mocks__
+	yarn npm:fix-extensions-package-version
+
+.PHONY: build-library-npm
+build-library-npm:
+	yarn compile-library

 .PHONY: build-extension-types
-build-extension-types: node_modules src/extensions/npm/extensions/dist
+build-extension-types: node_modules packages/extensions/dist

-.PHONY: publish-npm
-publish-npm: node_modules build-npm
+.PHONY: publish-extensions-npm
+publish-extensions-npm: node_modules build-extensions-npm
 	./node_modules/.bin/npm config set '//registry.npmjs.org/:_authToken' "${NPM_TOKEN}"
-	cd src/extensions/npm/extensions && npm publish --access=public --tag=$(NPM_RELEASE_TAG)
-	git restore src/extensions/npm/extensions/package.json
+	cd packages/extensions && npm publish --access=public --tag=$(NPM_RELEASE_TAG) && git restore package.json
+
+.PHONY: publish-library-npm
+publish-library-npm: node_modules build-library-npm
+	./node_modules/.bin/npm config set '//registry.npmjs.org/:_authToken' "${NPM_TOKEN}"
+	npm publish --access=public --tag=$(NPM_RELEASE_TAG)

 .PHONY: build-docs
 build-docs:
@ -113,16 +96,13 @@ build-docs:
 docs: build-docs
 	yarn mkdocs-serve-local

-.PHONY: clean-extensions
-clean-extensions:
-	rm -rf $(EXTENSIONS_DIR)/*/{dist,node_modules,*.tgz}
-
 .PHONY: clean-npm
 clean-npm:
-	rm -rf src/extensions/npm/extensions/{dist,__mocks__,node_modules}
+	rm -rf packages/extensions/{dist,__mocks__,node_modules}
+	rm -rf static/build/library/

 .PHONY: clean
-clean: clean-npm clean-extensions
+clean: clean-npm
 	rm -rf binaries/client
 	rm -rf dist
 	rm -rf static/build
--- a/build/download_binaries.ts
+++ b/build/download_binaries.ts
@ -208,7 +208,7 @@ async function main() {
    noTTYOutput: true,
    format: "[{bar}] {percentage}% | {downloadArch} {binaryName}",
  });
-  const baseDir = path.join(__dirname, "..", "binaries", "client");
+  const baseDir = path.join(process.cwd(), "binaries", "client");
  const downloaders: BinaryDownloader[] = [
    new LensK8sProxyDownloader(deps, {
      version: packageInfo.config.k8sProxyVersion,
--- a/build/generate-tray-icons.ts
+++ b/build/generate-tray-icons.ts
@ -10,9 +10,9 @@ import sharp from "sharp";

 const size = Number(process.env.OUTPUT_SIZE || "16");
 const outputFolder = process.env.OUTPUT_DIR || "./static/build/tray";
-const inputFile = process.env.INPUT_SVG_PATH || "./src/renderer/components/icon/logo-lens.svg";
-const noticeFile = process.env.NOTICE_SVG_PATH || "./src/renderer/components/icon/notice.svg";
-const spinnerFile = process.env.SPINNER_SVG_PATH || "./src/renderer/components/icon/arrow-spinner.svg";
+const inputFile = process.env.INPUT_SVG_PATH || path.resolve(__dirname, "../src/renderer/components/icon/logo-lens.svg");
+const noticeFile = process.env.NOTICE_SVG_PATH || path.resolve(__dirname, "../src/renderer/components/icon/notice.svg");
+const spinnerFile = process.env.SPINNER_SVG_PATH || path.resolve(__dirname, "../src/renderer/components/icon/arrow-spinner.svg");

 async function ensureOutputFoler() {
  await ensureDir(outputFolder);
--- a/build/set_extensions_npm_version.ts
+++ b/build/set_extensions_npm_version.ts
@ -4,7 +4,7 @@
 */
 import * as fs from "fs";
 import * as path from "path";
-import packageInfo from "../src/extensions/npm/extensions/package.json";
+import packageInfo from "../packages/extensions/package.json";
 import appInfo from "../package.json";
 import { SemVer } from "semver";
 import { execSync } from "child_process";
@ -22,4 +22,4 @@ if (NPM_RELEASE_TAG !== "latest") {

 packageInfo.version = version.format();

-fs.writeFileSync(path.join(__dirname, "../src/extensions/npm/extensions/package.json"), `${JSON.stringify(packageInfo, null, 2)}\n`);
+fs.writeFileSync(path.join(__dirname, "../packages/extensions/package.json"), `${JSON.stringify(packageInfo, null, 2)}\n`);
--- a/extensions/.eslintrc.js
+++ b/extensions/.eslintrc.js
@ -1,20 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-module.exports = {
-  "overrides": [
-    {
-      files: [
-        "**/*.ts",
-        "**/*.tsx",
-      ],
-      rules: {
-        "import/no-unresolved": ["error", {
-          ignore: ["@k8slens/extensions"],
-        }],
-      },
-    },
-  ],
-};
--- a/extensions/.gitignore
+++ b/extensions/.gitignore
@ -1 +0,0 @@
-*/*.tgz
--- a/extensions/kube-object-event-status/Makefile
+++ b/extensions/kube-object-event-status/Makefile
@ -1,8 +0,0 @@
-install-deps:
-	npm install
-
-build: install-deps
-	npm run build
-
-test:
-	npm run test
--- a/extensions/kube-object-event-status/package.json
+++ b/extensions/kube-object-event-status/package.json
@ -1,21 +0,0 @@
-{
-  "name": "kube-object-event-status",
-  "version": "6.1.1",
-  "description": "Adds kube object status from events",
-  "renderer": "dist/renderer.js",
-  "lens": {
-    "metadata": {},
-    "styles": []
-  },
-  "scripts": {
-    "build": "npx webpack",
-    "dev": "npx webpack -- --watch",
-    "test": "echo NO TESTS"
-  },
-  "files": [
-    "dist/**/*"
-  ],
-  "devDependencies": {
-    "@k8slens/extensions": "file:../../src/extensions/npm/extensions"
-  }
-}
--- a/extensions/kube-object-event-status/renderer.tsx
+++ b/extensions/kube-object-event-status/renderer.tsx
@ -1,53 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-import { Renderer } from "@k8slens/extensions";
-import { resolveStatus, resolveStatusForCronJobs, resolveStatusForPods } from "./src/resolver";
-
-export default class EventResourceStatusRendererExtension extends Renderer.LensExtension {
-  kubeObjectStatusTexts = [
-    {
-      kind: "Pod",
-      apiVersions: ["v1"],
-      resolve: (pod: Renderer.K8sApi.Pod) => resolveStatusForPods(pod),
-    },
-    {
-      kind: "ReplicaSet",
-      apiVersions: ["v1"],
-      resolve: (replicaSet: Renderer.K8sApi.ReplicaSet) => resolveStatus(replicaSet),
-    },
-    {
-      kind: "Deployment",
-      apiVersions: ["apps/v1"],
-      resolve: (deployment: Renderer.K8sApi.Deployment) => resolveStatus(deployment),
-    },
-    {
-      kind: "StatefulSet",
-      apiVersions: ["apps/v1"],
-      resolve: (statefulSet: Renderer.K8sApi.StatefulSet) => resolveStatus(statefulSet),
-    },
-    {
-      kind: "DaemonSet",
-      apiVersions: ["apps/v1"],
-      resolve: (daemonSet: Renderer.K8sApi.DaemonSet) => resolveStatus(daemonSet),
-    },
-    {
-      kind: "Job",
-      apiVersions: [
-        "batch/v1",
-        "batch/v1beta1",
-      ],
-      resolve: (job: Renderer.K8sApi.Job) => resolveStatus(job),
-    },
-    {
-      kind: "CronJob",
-      apiVersions: [
-        "batch/v1",
-        "batch/v1beta1",
-      ],
-      resolve: (cronJob: Renderer.K8sApi.CronJob) => resolveStatusForCronJobs(cronJob),
-    },
-  ];
-}
--- a/extensions/kube-object-event-status/src/resolver.tsx
+++ b/extensions/kube-object-event-status/src/resolver.tsx
@ -1,72 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-import { Renderer } from "@k8slens/extensions";
-
-const { apiManager, eventApi, KubeObjectStatusLevel } = Renderer.K8sApi;
-
-type KubeObject = Renderer.K8sApi.KubeObject;
-type Pod = Renderer.K8sApi.Pod;
-type CronJob = Renderer.K8sApi.CronJob;
-type KubeObjectStatus = Renderer.K8sApi.KubeObjectStatus;
-type EventStore = Renderer.K8sApi.EventStore;
-
-export function resolveStatus(object: KubeObject): KubeObjectStatus {
-  const eventStore = apiManager.getStore(eventApi);
-  const events = (eventStore as EventStore).getEventsByObject(object);
-  const warnings = events.filter(evt => evt.isWarning());
-
-  if (!events.length || !warnings.length) {
-    return null;
-  }
-  const event = [...warnings, ...events][0]; // get latest event
-
-  return {
-    level: KubeObjectStatusLevel.WARNING,
-    text: `${event.message}`,
-    timestamp: event.metadata.creationTimestamp,
-  };
-}
-
-export function resolveStatusForPods(pod: Pod): KubeObjectStatus {
-  if (!pod.hasIssues()) {
-    return null;
-  }
-  const eventStore = apiManager.getStore(eventApi);
-  const events = (eventStore as EventStore).getEventsByObject(pod);
-  const warnings = events.filter(evt => evt.isWarning());
-
-  if (!events.length || !warnings.length) {
-    return null;
-  }
-  const event = [...warnings, ...events][0]; // get latest event
-
-  return {
-    level: KubeObjectStatusLevel.WARNING,
-    text: `${event.message}`,
-    timestamp: event.metadata.creationTimestamp,
-  };
-}
-
-export function resolveStatusForCronJobs(cronJob: CronJob): KubeObjectStatus {
-  const eventStore = apiManager.getStore(eventApi);
-  let events = (eventStore as EventStore).getEventsByObject(cronJob);
-  const warnings = events.filter(evt => evt.isWarning());
-
-  if (cronJob.isNeverRun()) {
-    events = events.filter(event => event.reason != "FailedNeedsStart");
-  }
-
-  if (!events.length || !warnings.length) {
-    return null;
-  }
-  const event = [...warnings, ...events][0]; // get latest event
-
-  return {
-    level: KubeObjectStatusLevel.WARNING,
-    text: `${event.message}`,
-    timestamp: event.metadata.creationTimestamp,
-  };
-}
--- a/extensions/kube-object-event-status/tsconfig.json
+++ b/extensions/kube-object-event-status/tsconfig.json
@ -1,27 +0,0 @@
-{
-  "compilerOptions": {
-    "outDir": "dist",
-    "module": "CommonJS",
-    "target": "ES2017",
-    "lib": ["ESNext", "DOM", "DOM.Iterable"],
-    "moduleResolution": "Node",
-    "sourceMap": false,
-    "declaration": false,
-    "strict": false,
-    "noImplicitAny": true,
-    "skipLibCheck": true,
-    "esModuleInterop": true,
-    "allowSyntheticDefaultImports": true,
-    "experimentalDecorators": true,
-    "useDefineForClassFields": true,
-    "jsx": "react"
-  },
-  "include": [
-    "./*.ts",
-    "./*.tsx"
-  ],
-  "exclude": [
-    "node_modules",
-    "*.js"
-  ]
-}
--- a/extensions/kube-object-event-status/webpack.config.js
+++ b/extensions/kube-object-event-status/webpack.config.js
@ -1,44 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-const path = require("path");
-
-module.exports = [
-  {
-    entry: "./renderer.tsx",
-    context: __dirname,
-    target: "electron-renderer",
-    mode: "production",
-    optimization: {
-      minimize: false,
-    },
-    module: {
-      rules: [
-        {
-          test: /\.tsx?$/,
-          use: "ts-loader",
-          exclude: /node_modules/,
-        },
-      ],
-    },
-    externals: [
-      {
-        "@k8slens/extensions": "var global.LensExtensions",
-        "react": "var global.React",
-        "react-dom": "var global.ReactDOM",
-        "mobx": "var global.Mobx",
-        "mobx-react": "var global.MobxReact",
-      },
-    ],
-    resolve: {
-      extensions: [ ".tsx", ".ts", ".js" ],
-    },
-    output: {
-      libraryTarget: "commonjs2",
-      globalObject: "this",
-      filename: "renderer.js",
-      path: path.resolve(__dirname, "dist"),
-    },
-  },
-];
--- a/extensions/metrics-cluster-feature/package.json
+++ b/extensions/metrics-cluster-feature/package.json
@ -1,24 +0,0 @@
-{
-  "name": "lens-metrics-cluster-feature",
-  "version": "6.1.0",
-  "description": "Lens metrics cluster feature",
-  "renderer": "dist/renderer.js",
-  "lens": {
-    "metadata": {},
-    "styles": []
-  },
-  "scripts": {
-    "build": "npx webpack",
-    "dev": "npx webpack -- --watch",
-    "test": "npx jest --passWithNoTests --env=jsdom src $@",
-    "clean": "rm -rf dist/ && rm *.tgz"
-  },
-  "files": [
-    "dist/**/*",
-    "resources/**/*"
-  ],
-  "devDependencies": {
-    "@k8slens/extensions": "file:../../src/extensions/npm/extensions",
-    "semver": "^7.3.2"
-  }
-}
--- a/extensions/metrics-cluster-feature/renderer.tsx
+++ b/extensions/metrics-cluster-feature/renderer.tsx
@ -1,27 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-import React from "react";
-import type { Common } from "@k8slens/extensions";
-import { Renderer } from "@k8slens/extensions";
-import { MetricsSettings } from "./src/metrics-settings";
-
-export default class ClusterMetricsFeatureExtension extends Renderer.LensExtension {
-  entitySettings = [
-    {
-      apiVersions: ["entity.k8slens.dev/v1alpha1"],
-      kind: "KubernetesCluster",
-      title: "Lens Metrics",
-      priority: 5,
-      components: {
-        View: ({ entity = null }: { entity: Common.Catalog.KubernetesCluster }) => {
-          return (
-            <MetricsSettings cluster={entity} />
-          );
-        },
-      },
-    },
-  ];
-}
--- a/extensions/metrics-cluster-feature/resources/01-namespace.yml.hb
+++ b/extensions/metrics-cluster-feature/resources/01-namespace.yml.hb
@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: lens-metrics
-  annotations:
-    extensionVersion: "{{ version }}"
--- a/extensions/metrics-cluster-feature/resources/02-configmap.yml.hb
+++ b/extensions/metrics-cluster-feature/resources/02-configmap.yml.hb
@ -1,281 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: prometheus-config
-  namespace: lens-metrics
-data:
-  prometheus.yaml: |-
-    # Global config
-    global:
-      scrape_interval: 15s
-
-    {{#if alertManagers}}
-    # AlertManager
-    alerting:
-      alertmanagers:
-      - static_configs:
-        - targets:
-          {{#each alertManagers}}
-          - {{this}}
-          {{/each}}
-    {{/if}}
-
-    # Scrape configs for running Prometheus on a Kubernetes cluster.
-    # This uses separate scrape configs for cluster components (i.e. API server, node)
-    # and services to allow each to use different authentication configs.
-    #
-    # Kubernetes labels will be added as Prometheus labels on metrics via the
-    # `labelmap` relabeling action.
-    scrape_configs:
-
-    # Scrape config for API servers.
-    #
-    # Kubernetes exposes API servers as endpoints to the default/kubernetes
-    # service so this uses `endpoints` role and uses relabelling to only keep
-    # the endpoints associated with the default/kubernetes service using the
-    # default named port `https`. This works for single API server deployments as
-    # well as HA API server deployments.
-    - job_name: 'kubernetes-apiservers'
-      kubernetes_sd_configs:
-      - role: endpoints
-
-      scheme: https
-      tls_config:
-        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-        # Using endpoints to discover kube-apiserver targets finds the pod IP
-        # (host IP since apiserver uses host network) which is not used in
-        # the server certificate.
-        insecure_skip_verify: true
-      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-
-      # Keep only the default/kubernetes service endpoints for the https port. This
-      # will add targets for each API server which Kubernetes adds an endpoint to
-      # the default/kubernetes service.
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
-        action: keep
-        regex: default;kubernetes;https
-      - replacement: apiserver
-        action: replace
-        target_label: job
-
-    # Scrape config for node (i.e. kubelet) /metrics (e.g. 'kubelet_'). Explore
-    # metrics from a node by scraping kubelet (127.0.0.1:10250/metrics).
-    - job_name: 'kubelet'
-      kubernetes_sd_configs:
-      - role: node
-
-      scheme: https
-      tls_config:
-        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-        # Kubelet certs don't have any fixed IP SANs
-        insecure_skip_verify: true
-      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-
-      relabel_configs:
-      - action: labelmap
-        regex: __meta_kubernetes_node_label_(.+)
-      - replacement: 'lens-metrics'
-        target_label: kubernetes_namespace
-
-      metric_relabel_configs:
-      - source_labels:
-          - namespace
-        action: replace
-        regex: (.+)
-        target_label: kubernetes_namespace
-
-    # Scrape config for Kubelet cAdvisor. Explore metrics from a node by
-    # scraping kubelet (127.0.0.1:10250/metrics/cadvisor).
-    - job_name: 'kubernetes-cadvisor'
-      kubernetes_sd_configs:
-      - role: node
-
-      scheme: https
-      metrics_path: /metrics/cadvisor
-      tls_config:
-        # Kubelet certs don't have any fixed IP SANs
-        insecure_skip_verify: true
-        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-
-      relabel_configs:
-      - action: labelmap
-        regex: __meta_kubernetes_node_label_(.+)
-      metric_relabel_configs:
-      - source_labels:
-          - namespace
-        action: replace
-        target_label: kubernetes_namespace
-      - source_labels:
-        - pod
-        regex: (.*)
-        replacement: $1
-        action: replace
-        target_label: pod_name
-      - source_labels:
-        - container
-        regex: (.*)
-        replacement: $1
-        action: replace
-        target_label: container_name
-
-    # Scrap etcd metrics from masters via etcd-scraper-proxy
-    - job_name: 'etcd'
-      kubernetes_sd_configs:
-      - role: pod
-      scheme: http
-      relabel_configs:
-        - source_labels: [__meta_kubernetes_namespace]
-          action: keep
-          regex: 'kube-system'
-        - source_labels: [__meta_kubernetes_pod_label_component]
-          action: keep
-          regex: 'etcd-scraper-proxy'
-        - action: labelmap
-          regex: __meta_kubernetes_pod_label_(.+)
-
-    # Scrape config for service endpoints.
-    #
-    # The relabeling allows the actual service scrape endpoint to be configured
-    # via the following annotations:
-    #
-    # * `prometheus.io/scrape`: Only scrape services that have a value of `true`
-    # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
-    # to set this to `https` & most likely set the `tls_config` of the scrape config.
-    # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
-    # * `prometheus.io/port`: If the metrics are exposed on a different port to the
-    # service then set this appropriately.
-    - job_name: 'kubernetes-service-endpoints'
-
-      kubernetes_sd_configs:
-      - role: endpoints
-        namespaces:
-          names:
-            - lens-metrics
-
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
-        action: keep
-        regex: true
-      - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
-        action: replace
-        target_label: __scheme__
-        regex: (https?)
-      - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
-        action: replace
-        target_label: __metrics_path__
-        regex: (.+)
-      - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
-        action: replace
-        target_label: __address__
-        regex: ([^:]+)(?::\d+)?;(\d+)
-        replacement: $1:$2
-      - action: labelmap
-        regex: __meta_kubernetes_service_label_(.+)
-      - source_labels: [__meta_kubernetes_service_name]
-        action: replace
-        target_label: job
-      - action: replace
-        source_labels:
-        - __meta_kubernetes_pod_node_name
-        target_label: kubernetes_node
-      - source_labels: [__meta_kubernetes_namespace]
-        action: replace
-        target_label: kubernetes_namespace
-      metric_relabel_configs:
-      - source_labels:
-          - namespace
-        action: replace
-        regex: (.+)
-        target_label: kubernetes_namespace
-
-    # Example scrape config for probing services via the Blackbox Exporter.
-    #
-    # The relabeling allows the actual service scrape endpoint to be configured
-    # via the following annotations:
-    #
-    # * `prometheus.io/probe`: Only probe services that have a value of `true`
-    - job_name: 'kubernetes-services'
-
-      metrics_path: /probe
-      params:
-        module: [http_2xx]
-
-      kubernetes_sd_configs:
-      - role: service
-        namespaces:
-          names:
-            - lens-metrics
-
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
-        action: keep
-        regex: true
-      - source_labels: [__address__]
-        target_label: __param_target
-      - target_label: __address__
-        replacement: blackbox
-      - source_labels: [__param_target]
-        target_label: instance
-      - action: labelmap
-        regex: __meta_kubernetes_service_label_(.+)
-      - source_labels: [__meta_kubernetes_service_name]
-        target_label: job
-      metric_relabel_configs:
-      - source_labels:
-          - namespace
-        action: replace
-        regex: (.+)
-        target_label: kubernetes_namespace
-
-    # Example scrape config for pods
-    #
-    # The relabeling allows the actual pod scrape endpoint to be configured via the
-    # following annotations:
-    #
-    # * `prometheus.io/scrape`: Only scrape pods that have a value of `true`
-    # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
-    # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the
-    # pod's declared ports (default is a port-free target if none are declared).
-    - job_name: 'kubernetes-pods'
-
-      kubernetes_sd_configs:
-      - role: pod
-        namespaces:
-          names:
-            - lens-metrics
-
-      relabel_configs:
-      - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
-        action: keep
-        regex: true
-      - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
-        action: replace
-        target_label: __metrics_path__
-        regex: (.+)
-      - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
-        action: replace
-        regex: ([^:]+)(?::\d+)?;(\d+)
-        replacement: $1:$2
-        target_label: __address__
-      - action: labelmap
-        regex: __meta_kubernetes_pod_label_(.+)
-      - source_labels: [__meta_kubernetes_namespace]
-        action: replace
-        target_label: kubernetes_namespace
-      - source_labels: [__meta_kubernetes_pod_name]
-        action: replace
-        target_label: kubernetes_pod_name
-      metric_relabel_configs:
-      - source_labels:
-          - namespace
-        action: replace
-        regex: (.+)
-        target_label: kubernetes_namespace
-
-    # Rule files
-    rule_files:
-      - "/etc/prometheus/rules/*.rules"
-      - "/etc/prometheus/rules/*.yaml"
-      - "/etc/prometheus/rules/*.yml"
--- a/extensions/metrics-cluster-feature/resources/02-service-account.yml
+++ b/extensions/metrics-cluster-feature/resources/02-service-account.yml
@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: prometheus
-  namespace: lens-metrics
--- a/extensions/metrics-cluster-feature/resources/03-service.yml.hb
+++ b/extensions/metrics-cluster-feature/resources/03-service.yml.hb
@ -1,18 +0,0 @@
-{{#if prometheus.enabled}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: prometheus
-  namespace: lens-metrics
-  annotations:
-    prometheus.io/scrape: 'true'
-spec:
-  type: ClusterIP
-  selector:
-    name: prometheus
-  ports:
-    - name: web
-      protocol: TCP
-      port: 80
-      targetPort: 9090
-{{/if}}
--- a/extensions/metrics-cluster-feature/resources/03-statefulset.yml.hb
+++ b/extensions/metrics-cluster-feature/resources/03-statefulset.yml.hb
@ -1,113 +0,0 @@
-{{#if prometheus.enabled}}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: prometheus
-  namespace: lens-metrics
-spec:
-  replicas: {{replicas}}
-  serviceName: prometheus
-  selector:
-    matchLabels:
-      name: prometheus
-  template:
-    metadata:
-      labels:
-        name: prometheus
-    spec:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-              - matchExpressions:
-                - key: kubernetes.io/os
-                  operator: In
-                  values:
-                  - linux
-      # <%- if config.node_selector -%>
-      # nodeSelector:
-      # <%- node_selector.to_h.each do |key, value| -%>
-      #   <%= key %>: <%= value %>
-      # <%- end -%>
-      # <%- end -%>
-      # <%- unless config.tolerations.empty? -%>
-      # tolerations:
-      # <%- config.tolerations.each do |t| -%>
-      #   -
-      #     <%- t.each do |k,v| -%>
-      #     <%= k %>: <%= v %>
-      #     <%- end -%>
-      # <%- end -%>
-      # <%- end -%>
-      serviceAccountName: prometheus
-      initContainers:
-        - name: chown
-          image: docker.io/alpine:3.12
-          command: ["chown", "-R", "65534:65534", "/var/lib/prometheus"]
-          volumeMounts:
-            - name: data
-              mountPath: /var/lib/prometheus
-      containers:
-        - name: prometheus
-          image: quay.io/prometheus/prometheus:v2.27.1
-          args:
-            - --web.listen-address=0.0.0.0:9090
-            - --config.file=/etc/prometheus/prometheus.yaml
-            - --storage.tsdb.path=/var/lib/prometheus
-            - --storage.tsdb.retention.time={{retention.time}}
-            - --storage.tsdb.retention.size={{retention.size}}
-            - --storage.tsdb.min-block-duration=2h
-            - --storage.tsdb.max-block-duration=2h
-          ports:
-            - name: web
-              containerPort: 9090
-          volumeMounts:
-            - name: config
-              mountPath: /etc/prometheus
-            - name: rules
-              mountPath: /etc/prometheus/rules
-            - name: data
-              mountPath: /var/lib/prometheus
-          readinessProbe:
-            httpGet:
-              path: /-/ready
-              port: 9090
-            initialDelaySeconds: 10
-            timeoutSeconds: 10
-          livenessProbe:
-            httpGet:
-              path: /-/healthy
-              port: 9090
-            initialDelaySeconds: 10
-            timeoutSeconds: 10
-          resources:
-            requests:
-              cpu: 100m
-              memory: 512Mi
-      terminationGracePeriodSeconds: 30
-      volumes:
-        - name: config
-          configMap:
-            name: prometheus-config
-        - name: rules
-          configMap:
-            name: prometheus-rules
-        {{#unless persistence.enabled}}
-        - name: data
-          emptyDir: {}
-        {{/unless}}
-  {{#if persistence.enabled}}
-  volumeClaimTemplates:
-    - metadata:
-        name: data
-      spec:
-        accessModes:
-        - ReadWriteOnce
-        {{#if persistence.storageClass}}
-        storageClassName: "{{persistence.storageClass}}"
-        {{/if}}
-        resources:
-          requests:
-            storage: {{persistence.size}}
-  {{/if}}
-{{/if}}
--- a/extensions/metrics-cluster-feature/resources/04-rules.yml
+++ b/extensions/metrics-cluster-feature/resources/04-rules.yml
@ -1,514 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: prometheus-rules
-  namespace: lens-metrics
-data:
-  alertmanager.rules.yaml: |
-    groups:
-    - name: alertmanager.rules
-      rules:
-      - alert: AlertmanagerConfigInconsistent
-        expr: count_values("config_hash", alertmanager_config_hash) BY (service) / ON(service)
-          GROUP_LEFT() label_replace(prometheus_operator_alertmanager_spec_replicas, "service",
-          "alertmanager-$1", "alertmanager", "(.*)") != 1
-        for: 5m
-        labels:
-          severity: critical
-        annotations:
-          description: The configuration of the instances of the Alertmanager cluster
-            `{{$labels.service}}` are out of sync.
-      - alert: AlertmanagerDownOrMissing
-        expr: label_replace(prometheus_operator_alertmanager_spec_replicas, "job", "alertmanager-$1",
-          "alertmanager", "(.*)") / ON(job) GROUP_RIGHT() sum(up) BY (job) != 1
-        for: 5m
-        labels:
-          severity: warning
-        annotations:
-          description: An unexpected number of Alertmanagers are scraped or Alertmanagers
-            disappeared from discovery.
-      - alert: AlertmanagerFailedReload
-        expr: alertmanager_config_last_reload_successful == 0
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: Reloading Alertmanager's configuration has failed for {{ $labels.namespace
-            }}/{{ $labels.pod}}.
-  etcd3.rules.yaml: |
-    groups:
-    - name: ./etcd3.rules
-      rules:
-      - alert: InsufficientMembers
-        expr: count(up{job="etcd"} == 0) > (count(up{job="etcd"}) / 2 - 1)
-        for: 3m
-        labels:
-          severity: critical
-        annotations:
-          description: If one more etcd member goes down the cluster will be unavailable
-          summary: etcd cluster insufficient members
-      - alert: NoLeader
-        expr: etcd_server_has_leader{job="etcd"} == 0
-        for: 1m
-        labels:
-          severity: critical
-        annotations:
-          description: etcd member {{ $labels.instance }} has no leader
-          summary: etcd member has no leader
-      - alert: HighNumberOfLeaderChanges
-        expr: increase(etcd_server_leader_changes_seen_total{job="etcd"}[1h]) > 3
-        labels:
-          severity: warning
-        annotations:
-          description: etcd instance {{ $labels.instance }} has seen {{ $value }} leader
-            changes within the last hour
-          summary: a high number of leader changes within the etcd cluster are happening
-      - alert: GRPCRequestsSlow
-        expr: histogram_quantile(0.99, sum(rate(grpc_server_handling_seconds_bucket{job="etcd",grpc_type="unary"}[5m])) by (grpc_service, grpc_method, le))
-          > 0.15
-        for: 10m
-        labels:
-          severity: critical
-        annotations:
-          description: on etcd instance {{ $labels.instance }} gRPC requests to {{ $labels.grpc_method
-            }} are slow
-          summary: slow gRPC requests
-      - alert: HighNumberOfFailedHTTPRequests
-        expr: sum(rate(etcd_http_failed_total{job="etcd"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job="etcd"}[5m]))
-          BY (method) > 0.01
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: '{{ $value }}% of requests for {{ $labels.method }} failed on etcd
-            instance {{ $labels.instance }}'
-          summary: a high number of HTTP requests are failing
-      - alert: HighNumberOfFailedHTTPRequests
-        expr: sum(rate(etcd_http_failed_total{job="etcd"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job="etcd"}[5m]))
-          BY (method) > 0.05
-        for: 5m
-        labels:
-          severity: critical
-        annotations:
-          description: '{{ $value }}% of requests for {{ $labels.method }} failed on etcd
-            instance {{ $labels.instance }}'
-          summary: a high number of HTTP requests are failing
-      - alert: HTTPRequestsSlow
-        expr: histogram_quantile(0.99, rate(etcd_http_successful_duration_seconds_bucket[5m]))
-          > 0.15
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: on etcd instance {{ $labels.instance }} HTTP requests to {{ $labels.method
-            }} are slow
-          summary: slow HTTP requests
-      - alert: EtcdMemberCommunicationSlow
-        expr: histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket[5m]))
-          > 0.15
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: etcd instance {{ $labels.instance }} member communication with
-            {{ $labels.To }} is slow
-          summary: etcd member communication is slow
-      - alert: HighNumberOfFailedProposals
-        expr: increase(etcd_server_proposals_failed_total{job="etcd"}[1h]) > 5
-        labels:
-          severity: warning
-        annotations:
-          description: etcd instance {{ $labels.instance }} has seen {{ $value }} proposal
-            failures within the last hour
-          summary: a high number of proposals within the etcd cluster are failing
-      - alert: HighFsyncDurations
-        expr: histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket[5m]))
-          > 0.5
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: etcd instance {{ $labels.instance }} fync durations are high
-          summary: high fsync durations
-      - alert: HighCommitDurations
-        expr: histogram_quantile(0.99, rate(etcd_disk_backend_commit_duration_seconds_bucket[5m]))
-          > 0.25
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: etcd instance {{ $labels.instance }} commit durations are high
-          summary: high commit durations
-  general.rules.yaml: |
-    groups:
-    - name: general.rules
-      rules:
-      - alert: TargetDown
-        expr: 100 * (count(up == 0) BY (job) / count(up) BY (job)) > 10
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: '{{ $value }}% of {{ $labels.job }} targets are down.'
-          summary: Targets are down
-      - record: fd_utilization
-        expr: process_open_fds / process_max_fds
-      - alert: FdExhaustionClose
-        expr: predict_linear(fd_utilization[1h], 3600 * 4) > 1
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: '{{ $labels.job }}: {{ $labels.namespace }}/{{ $labels.pod }} instance
-            will exhaust in file/socket descriptors within the next 4 hours'
-          summary: file descriptors soon exhausted
-      - alert: FdExhaustionClose
-        expr: predict_linear(fd_utilization[10m], 3600) > 1
-        for: 10m
-        labels:
-          severity: critical
-        annotations:
-          description: '{{ $labels.job }}: {{ $labels.namespace }}/{{ $labels.pod }} instance
-            will exhaust in file/socket descriptors within the next hour'
-          summary: file descriptors soon exhausted
-  kube-state-metrics.rules.yaml: |
-    groups:
-    - name: kube-state-metrics.rules
-      rules:
-      - alert: DeploymentGenerationMismatch
-        expr: kube_deployment_status_observed_generation != kube_deployment_metadata_generation
-        for: 15m
-        labels:
-          severity: warning
-        annotations:
-          description: Observed deployment generation does not match expected one for
-            deployment {{$labels.namespaces}}/{{$labels.deployment}}
-          summary: Deployment is outdated
-      - alert: DeploymentReplicasNotUpdated
-        expr: ((kube_deployment_status_replicas_updated != kube_deployment_spec_replicas)
-          or (kube_deployment_status_replicas_available != kube_deployment_spec_replicas))
-          unless (kube_deployment_spec_paused == 1)
-        for: 15m
-        labels:
-          severity: warning
-        annotations:
-          description: Replicas are not updated and available for deployment {{$labels.namespaces}}/{{$labels.deployment}}
-          summary: Deployment replicas are outdated
-      - alert: DaemonSetRolloutStuck
-        expr: kube_daemonset_status_number_ready / kube_daemonset_status_desired_number_scheduled
-          * 100 < 100
-        for: 15m
-        labels:
-          severity: warning
-        annotations:
-          description: Only {{$value}}% of desired pods scheduled and ready for daemon
-            set {{$labels.namespaces}}/{{$labels.daemonset}}
-          summary: DaemonSet is missing pods
-      - alert: K8SDaemonSetsNotScheduled
-        expr: kube_daemonset_status_desired_number_scheduled - kube_daemonset_status_current_number_scheduled
-          > 0
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: A number of daemonsets are not scheduled.
-          summary: Daemonsets are not scheduled correctly
-      - alert: DaemonSetsMissScheduled
-        expr: kube_daemonset_status_number_misscheduled > 0
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: A number of daemonsets are running where they are not supposed
-            to run.
-          summary: Daemonsets are not scheduled correctly
-      - alert: PodFrequentlyRestarting
-        expr: increase(kube_pod_container_status_restarts_total[1h]) > 5
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: Pod {{$labels.namespaces}}/{{$labels.pod}} restarted {{$value}}
-            times within the last hour
-          summary: Pod is restarting frequently
-  kubelet.rules.yaml: |
-    groups:
-    - name: kubelet.rules
-      rules:
-      - alert: K8SNodeNotReady
-        expr: kube_node_status_condition{condition="Ready",status="true"} == 0
-        for: 1h
-        labels:
-          severity: warning
-        annotations:
-          description: The Kubelet on {{ $labels.node }} has not checked in with the API,
-            or has set itself to NotReady, for more than an hour
-          summary: Node status is NotReady
-      - alert: K8SManyNodesNotReady
-        expr: count(kube_node_status_condition{condition="Ready",status="true"} == 0)
-          > 1 and (count(kube_node_status_condition{condition="Ready",status="true"} ==
-          0) / count(kube_node_status_condition{condition="Ready",status="true"})) > 0.2
-        for: 1m
-        labels:
-          severity: critical
-        annotations:
-          description: '{{ $value }}% of Kubernetes nodes are not ready'
-      - alert: K8SKubeletDown
-        expr: count(up{job="kubelet"} == 0) / count(up{job="kubelet"}) * 100 > 3
-        for: 1h
-        labels:
-          severity: warning
-        annotations:
-          description: Prometheus failed to scrape {{ $value }}% of kubelets.
-      - alert: K8SKubeletDown
-        expr: (absent(up{job="kubelet"} == 1) or count(up{job="kubelet"} == 0) / count(up{job="kubelet"}))
-          * 100 > 10
-        for: 1h
-        labels:
-          severity: critical
-        annotations:
-          description: Prometheus failed to scrape {{ $value }}% of kubelets, or all Kubelets
-            have disappeared from service discovery.
-          summary: Many Kubelets cannot be scraped
-      - alert: K8SKubeletTooManyPods
-        expr: kubelet_running_pod_count > 100
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: Kubelet {{$labels.instance}} is running {{$value}} pods, close
-            to the limit of 110
-          summary: Kubelet is close to pod limit
-  kubernetes.rules.yaml: |
-    groups:
-    - name: kubernetes.rules
-      rules:
-      - record: pod_name:container_memory_usage_bytes:sum
-        expr: sum(container_memory_usage_bytes{container_name!="POD",pod_name!=""}) BY
-          (pod_name)
-      - record: pod_name:container_spec_cpu_shares:sum
-        expr: sum(container_spec_cpu_shares{container_name!="POD",pod_name!=""}) BY (pod_name)
-      - record: pod_name:container_cpu_usage:sum
-        expr: sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name!=""}[5m]))
-          BY (pod_name)
-      - record: pod_name:container_fs_usage_bytes:sum
-        expr: sum(container_fs_usage_bytes{container_name!="POD",pod_name!=""}) BY (pod_name)
-      - record: namespace:container_memory_usage_bytes:sum
-        expr: sum(container_memory_usage_bytes{container_name!=""}) BY (namespace)
-      - record: namespace:container_spec_cpu_shares:sum
-        expr: sum(container_spec_cpu_shares{container_name!=""}) BY (namespace)
-      - record: namespace:container_cpu_usage:sum
-        expr: sum(rate(container_cpu_usage_seconds_total{container_name!="POD"}[5m]))
-          BY (namespace)
-      - record: cluster:memory_usage:ratio
-        expr: sum(container_memory_usage_bytes{container_name!="POD",pod_name!=""}) BY
-          (cluster) / sum(machine_memory_bytes) BY (cluster)
-      - record: cluster:container_spec_cpu_shares:ratio
-        expr: sum(container_spec_cpu_shares{container_name!="POD",pod_name!=""}) / 1000
-          / sum(machine_cpu_cores)
-      - record: cluster:container_cpu_usage:ratio
-        expr: sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name!=""}[5m]))
-          / sum(machine_cpu_cores)
-      - record: apiserver_latency_seconds:quantile
-        expr: histogram_quantile(0.99, rate(apiserver_request_latencies_bucket[5m])) /
-          1e+06
-        labels:
-          quantile: "0.99"
-      - record: apiserver_latency:quantile_seconds
-        expr: histogram_quantile(0.9, rate(apiserver_request_latencies_bucket[5m])) /
-          1e+06
-        labels:
-          quantile: "0.9"
-      - record: apiserver_latency_seconds:quantile
-        expr: histogram_quantile(0.5, rate(apiserver_request_latencies_bucket[5m])) /
-          1e+06
-        labels:
-          quantile: "0.5"
-      - alert: APIServerLatencyHigh
-        expr: apiserver_latency_seconds:quantile{quantile="0.99",subresource!="log",verb!~"^(?:WATCH|WATCHLIST|PROXY|CONNECT)$"}
-          > 1
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: the API server has a 99th percentile latency of {{ $value }} seconds
-            for {{$labels.verb}} {{$labels.resource}}
-      - alert: APIServerLatencyHigh
-        expr: apiserver_latency_seconds:quantile{quantile="0.99",subresource!="log",verb!~"^(?:WATCH|WATCHLIST|PROXY|CONNECT)$"}
-          > 4
-        for: 10m
-        labels:
-          severity: critical
-        annotations:
-          description: the API server has a 99th percentile latency of {{ $value }} seconds
-            for {{$labels.verb}} {{$labels.resource}}
-      - alert: APIServerErrorsHigh
-        expr: rate(apiserver_request_count{code=~"^(?:5..)$"}[5m]) / rate(apiserver_request_count[5m])
-          * 100 > 2
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: API server returns errors for {{ $value }}% of requests
-      - alert: APIServerErrorsHigh
-        expr: rate(apiserver_request_count{code=~"^(?:5..)$"}[5m]) / rate(apiserver_request_count[5m])
-          * 100 > 5
-        for: 10m
-        labels:
-          severity: critical
-        annotations:
-          description: API server returns errors for {{ $value }}% of requests
-      - alert: K8SApiserverDown
-        expr: absent(up{job="apiserver"} == 1)
-        for: 20m
-        labels:
-          severity: critical
-        annotations:
-          description: No API servers are reachable or all have disappeared from service
-            discovery
-
-      - alert: K8sCertificateExpirationNotice
-        labels:
-          severity: warning
-        annotations:
-          description: Kubernetes API Certificate is expiring soon (less than 7 days)
-        expr: sum(apiserver_client_certificate_expiration_seconds_bucket{le="604800"}) > 0
-
-      - alert: K8sCertificateExpirationNotice
-        labels:
-          severity: critical
-        annotations:
-          description: Kubernetes API Certificate is expiring in less than 1 day
-        expr: sum(apiserver_client_certificate_expiration_seconds_bucket{le="86400"}) > 0
-  node.rules.yaml: |
-    groups:
-    - name: node.rules
-      rules:
-      - record: instance:node_cpu:rate:sum
-        expr: sum(rate(node_cpu{mode!="idle",mode!="iowait",mode!~"^(?:guest.*)$"}[3m]))
-          BY (instance)
-      - record: instance:node_filesystem_usage:sum
-        expr: sum((node_filesystem_size{mountpoint="/"} - node_filesystem_free{mountpoint="/"}))
-          BY (instance)
-      - record: instance:node_network_receive_bytes:rate:sum
-        expr: sum(rate(node_network_receive_bytes[3m])) BY (instance)
-      - record: instance:node_network_transmit_bytes:rate:sum
-        expr: sum(rate(node_network_transmit_bytes[3m])) BY (instance)
-      - record: instance:node_cpu:ratio
-        expr: sum(rate(node_cpu{mode!="idle"}[5m])) WITHOUT (cpu, mode) / ON(instance)
-          GROUP_LEFT() count(sum(node_cpu) BY (instance, cpu)) BY (instance)
-      - record: cluster:node_cpu:sum_rate5m
-        expr: sum(rate(node_cpu{mode!="idle"}[5m]))
-      - record: cluster:node_cpu:ratio
-        expr: cluster:node_cpu:rate5m / count(sum(node_cpu) BY (instance, cpu))
-      - alert: NodeExporterDown
-        expr: absent(up{job="node-exporter"} == 1)
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: Prometheus could not scrape a node-exporter for more than 10m,
-            or node-exporters have disappeared from discovery
-      - alert: NodeDiskRunningFull
-        expr: predict_linear(node_filesystem_free[6h], 3600 * 24) < 0
-        for: 30m
-        labels:
-          severity: warning
-        annotations:
-          description: device {{$labels.device}} on node {{$labels.instance}} is running
-            full within the next 24 hours (mounted at {{$labels.mountpoint}})
-      - alert: NodeDiskRunningFull
-        expr: predict_linear(node_filesystem_free[30m], 3600 * 2) < 0
-        for: 10m
-        labels:
-          severity: critical
-        annotations:
-          description: device {{$labels.device}} on node {{$labels.instance}} is running
-            full within the next 2 hours (mounted at {{$labels.mountpoint}})
-      - alert: InactiveRAIDDisk
-        expr: node_md_disks - node_md_disks_active > 0
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: '{{$value}} RAID disk(s) on node {{$labels.instance}} are inactive'
-  prometheus.rules.yaml: |
-    groups:
-    - name: prometheus.rules
-      rules:
-      - alert: PrometheusConfigReloadFailed
-        expr: prometheus_config_last_reload_successful == 0
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: Reloading Prometheus' configuration has failed for {{$labels.namespace}}/{{$labels.pod}}
-      - alert: PrometheusNotificationQueueRunningFull
-        expr: predict_linear(prometheus_notifications_queue_length[5m], 60 * 30) > prometheus_notifications_queue_capacity
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: Prometheus' alert notification queue is running full for {{$labels.namespace}}/{{
-            $labels.pod}}
-      - alert: PrometheusErrorSendingAlerts
-        expr: rate(prometheus_notifications_errors_total[5m]) / rate(prometheus_notifications_sent_total[5m])
-          > 0.01
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: Errors while sending alerts from Prometheus {{$labels.namespace}}/{{
-            $labels.pod}} to Alertmanager {{$labels.Alertmanager}}
-      - alert: PrometheusErrorSendingAlerts
-        expr: rate(prometheus_notifications_errors_total[5m]) / rate(prometheus_notifications_sent_total[5m])
-          > 0.03
-        for: 10m
-        labels:
-          severity: critical
-        annotations:
-          description: Errors while sending alerts from Prometheus {{$labels.namespace}}/{{
-            $labels.pod}} to Alertmanager {{$labels.Alertmanager}}
-      - alert: PrometheusNotConnectedToAlertmanagers
-        expr: prometheus_notifications_alertmanagers_discovered < 1
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: Prometheus {{ $labels.namespace }}/{{ $labels.pod}} is not connected
-            to any Alertmanagers
-      - alert: PrometheusTSDBReloadsFailing
-        expr: increase(prometheus_tsdb_reloads_failures_total[2h]) > 0
-        for: 12h
-        labels:
-          severity: warning
-        annotations:
-          description: '{{$labels.job}} at {{$labels.instance}} had {{$value | humanize}}
-            reload failures over the last four hours.'
-          summary: Prometheus has issues reloading data blocks from disk
-      - alert: PrometheusTSDBCompactionsFailing
-        expr: increase(prometheus_tsdb_compactions_failed_total[2h]) > 0
-        for: 12h
-        labels:
-          severity: warning
-        annotations:
-          description: '{{$labels.job}} at {{$labels.instance}} had {{$value | humanize}}
-            compaction failures over the last four hours.'
-          summary: Prometheus has issues compacting sample blocks
-      - alert: PrometheusTSDBWALCorruptions
-        expr: tsdb_wal_corruptions_total > 0
-        for: 4h
-        labels:
-          severity: warning
-        annotations:
-          description: '{{$labels.job}} at {{$labels.instance}} has a corrupted write-ahead
-            log (WAL).'
-          summary: Prometheus write-ahead log is corrupted
-      - alert: PrometheusNotIngestingSamples
-        expr: rate(prometheus_tsdb_head_samples_appended_total[5m]) <= 0
-        for: 10m
-        labels:
-          severity: warning
-        annotations:
-          description: "Prometheus {{ $labels.namespace }}/{{ $labels.pod}} isn't ingesting samples."
-          summary: "Prometheus isn't ingesting samples"
--- a/extensions/metrics-cluster-feature/resources/05-clusterrole.yml
+++ b/extensions/metrics-cluster-feature/resources/05-clusterrole.yml
@ -1,18 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: lens-prometheus
-rules:
- apiGroups: [""]
-  resources:
-  - nodes
-  - nodes/proxy
-  - nodes/metrics
-  - services
-  - endpoints
-  - pods
-  - ingresses
-  - configmaps
-  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
-  verbs: ["get"]
--- a/extensions/metrics-cluster-feature/resources/06-clusterrole-binding.yml
+++ b/extensions/metrics-cluster-feature/resources/06-clusterrole-binding.yml
@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: lens-prometheus
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: lens-prometheus
-subjects:
- kind: ServiceAccount
-  name: prometheus
-  namespace: lens-metrics
--- a/extensions/metrics-cluster-feature/resources/10-node-exporter-ds.yml.hb
+++ b/extensions/metrics-cluster-feature/resources/10-node-exporter-ds.yml.hb
@ -1,79 +0,0 @@
-{{#if nodeExporter.enabled}}
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: node-exporter
-  namespace: lens-metrics
-spec:
-  updateStrategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 1
-  selector:
-    matchLabels:
-      name: node-exporter
-      phase: prod
-  template:
-    metadata:
-      labels:
-        name: node-exporter
-        phase: prod
-      annotations:
-        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
-    spec:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-              - matchExpressions:
-                - key: kubernetes.io/os
-                  operator: In
-                  values:
-                  - linux
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      hostPID: true
-      containers:
-      - name: node-exporter
-        image: quay.io/prometheus/node-exporter:v1.1.2
-        args:
-          - --path.procfs=/host/proc
-          - --path.sysfs=/host/sys
-          - --path.rootfs=/host/root
-          - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker|var/lib/containerd|var/lib/containers/.+)($|/)
-          - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$
-        ports:
-          - name: metrics
-            containerPort: 9100
-        resources:
-          requests:
-            cpu: 10m
-            memory: 24Mi
-          limits:
-            cpu: 200m
-            memory: 100Mi
-        volumeMounts:
-          - name: proc
-            mountPath: /host/proc
-            readOnly:  true
-          - name: sys
-            mountPath: /host/sys
-            readOnly: true
-          - name: root
-            mountPath: /host/root
-            readOnly: true
-      tolerations:
-        - effect: NoSchedule
-          operator: Exists
-      volumes:
-        - name: proc
-          hostPath:
-            path: /proc
-        - name: sys
-          hostPath:
-            path: /sys
-        - name: root
-          hostPath:
-            path: /
-{{/if}}
--- a/extensions/metrics-cluster-feature/resources/11-node-exporter-svc.yml
+++ b/extensions/metrics-cluster-feature/resources/11-node-exporter-svc.yml
@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: node-exporter
-  namespace: lens-metrics
-  annotations:
-    prometheus.io/scrape: 'true'
-spec:
-  type: ClusterIP
-  clusterIP: None
-  selector:
-    name: node-exporter
-    phase: prod
-  ports:
-    - name: metrics
-      protocol: TCP
-      port: 80
-      targetPort: 9100
--- a/extensions/metrics-cluster-feature/resources/12-kube-state-metrics-clusterrole.yml
+++ b/extensions/metrics-cluster-feature/resources/12-kube-state-metrics-clusterrole.yml
@ -1,128 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: lens-kube-state-metrics
-rules:
-  - apiGroups:
-    - ""
-    resources:
-    - configmaps
-    - secrets
-    - nodes
-    - pods
-    - services
-    - resourcequotas
-    - replicationcontrollers
-    - limitranges
-    - persistentvolumeclaims
-    - persistentvolumes
-    - namespaces
-    - endpoints
-    verbs:
-    - list
-    - watch
-  - apiGroups:
-    - extensions
-    resources:
-    - daemonsets
-    - deployments
-    - replicasets
-    - ingresses
-    verbs:
-    - list
-    - watch
-  - apiGroups:
-    - networking.k8s.io
-    resources:
-    - ingresses
-    verbs:
-    - list
-    - watch
-  - apiGroups:
-    - apps
-    resources:
-    - statefulsets
-    - daemonsets
-    - deployments
-    - replicasets
-    verbs:
-    - list
-    - watch
-  - apiGroups:
-    - batch
-    resources:
-    - cronjobs
-    - jobs
-    verbs:
-    - list
-    - watch
-  - apiGroups:
-    - autoscaling
-    resources:
-    - horizontalpodautoscalers
-    verbs:
-    - list
-    - watch
-  - apiGroups:
-    - authentication.k8s.io
-    resources:
-    - tokenreviews
-    verbs:
-    - create
-  - apiGroups:
-    - authorization.k8s.io
-    resources:
-    - subjectaccessreviews
-    verbs:
-    - create
-  - apiGroups:
-    - policy
-    resources:
-    - poddisruptionbudgets
-    verbs:
-    - list
-    - watch
-  - apiGroups:
-    - certificates.k8s.io
-    resources:
-    - certificatesigningrequests
-    verbs:
-    - list
-    - watch
-  - apiGroups:
-    - storage.k8s.io
-    resources:
-    - storageclasses
-    - volumeattachments
-    verbs:
-    - list
-    - watch
-  - apiGroups:
-    - admissionregistration.k8s.io
-    resources:
-    - mutatingwebhookconfigurations
-    - validatingwebhookconfigurations
-    verbs:
-    - list
-    - watch
-  - apiGroups:
-    - networking.k8s.io
-    resources:
-    - networkpolicies
-    verbs:
-    - list
-    - watch
-  - apiGroups:
-    - coordination.k8s.io
-    resources:
-    - leases
-    verbs:
-    - list
-    - watch
-  - apiGroups:
-    - scheduling.k8s.io
-    resources:
-    - priorityclasses
-    verbs:
-    - list
-    - watch
--- a/extensions/metrics-cluster-feature/resources/12.kube-state-metrics-sa.yml
+++ b/extensions/metrics-cluster-feature/resources/12.kube-state-metrics-sa.yml
@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kube-state-metrics
-  namespace: lens-metrics
--- a/extensions/metrics-cluster-feature/resources/13-kube-state-metrics-clusterrole-binding.yml
+++ b/extensions/metrics-cluster-feature/resources/13-kube-state-metrics-clusterrole-binding.yml
@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: lens-kube-state-metrics
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: lens-kube-state-metrics
-subjects:
- kind: ServiceAccount
-  name: kube-state-metrics
-  namespace: lens-metrics
--- a/extensions/metrics-cluster-feature/resources/14-kube-state-metrics-deployment.yml.hb
+++ b/extensions/metrics-cluster-feature/resources/14-kube-state-metrics-deployment.yml.hb
@ -1,46 +0,0 @@
-{{#if kubeStateMetrics.enabled}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kube-state-metrics
-  namespace: lens-metrics
-spec:
-  selector:
-    matchLabels:
-      name: kube-state-metrics
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        name: kube-state-metrics
-    spec:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-              - matchExpressions:
-                - key: kubernetes.io/os
-                  operator: In
-                  values:
-                  - linux
-      serviceAccountName: kube-state-metrics
-      containers:
-      - name: kube-state-metrics
-        image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.0.0
-        ports:
-        - name: metrics
-          containerPort: 8080
-        readinessProbe:
-          httpGet:
-            path: /healthz
-            port: 8080
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-        resources:
-          requests:
-            cpu: 10m
-            memory: 32Mi
-          limits:
-            cpu: 200m
-            memory: 150Mi
-{{/if}}
--- a/extensions/metrics-cluster-feature/resources/14-kube-state-metrics-svc.yml
+++ b/extensions/metrics-cluster-feature/resources/14-kube-state-metrics-svc.yml
@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: kube-state-metrics
-  namespace: lens-metrics
-  labels:
-    name: kube-state-metrics
-  annotations:
-    prometheus.io/scrape: 'true'
-spec:
-  ports:
-  - name: metrics
-    port: 8080
-    targetPort: 8080
-    protocol: TCP
-  selector:
-    name: kube-state-metrics
--- a/extensions/metrics-cluster-feature/src/metrics-feature.ts
+++ b/extensions/metrics-cluster-feature/src/metrics-feature.ts
@ -1,108 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-import type { Common } from "@k8slens/extensions";
-import { Renderer } from "@k8slens/extensions";
-import semver from "semver";
-import * as path from "path";
-
-const { ResourceStack, forCluster, StorageClass, Namespace } = Renderer.K8sApi;
-
-type ResourceStack = Renderer.K8sApi.ResourceStack;
-
-export interface MetricsConfiguration {
-  // Placeholder for Metrics config structure
-  prometheus: {
-    enabled: boolean;
-  };
-  persistence: {
-    enabled: boolean;
-    storageClass: string;
-    size: string;
-  };
-  nodeExporter: {
-    enabled: boolean;
-  };
-  kubeStateMetrics: {
-    enabled: boolean;
-  };
-  retention: {
-    time: string;
-    size: string;
-  };
-  alertManagers: string[];
-  replicas: number;
-  storageClass: string;
-  version?: string;
-}
-
-export interface MetricsStatus {
-  installed: boolean;
-  canUpgrade: boolean;
-}
-
-export class MetricsFeature {
-  name = "lens-metrics";
-  latestVersion = "v2.26.0-lens1";
-
-  protected stack: ResourceStack;
-
-  constructor(protected cluster: Common.Catalog.KubernetesCluster) {
-    this.stack = new ResourceStack(cluster, this.name);
-  }
-
-  get resourceFolder() {
-    return path.join(__dirname, "../resources/");
-  }
-
-  async install(config: MetricsConfiguration): Promise<string> {
-    // Check if there are storageclasses
-    const storageClassApi = forCluster(this.cluster, StorageClass);
-    const scs = await storageClassApi.list();
-
-    config.persistence.enabled = scs.some(sc => (
-      sc.metadata?.annotations?.["storageclass.kubernetes.io/is-default-class"] === "true" ||
-      sc.metadata?.annotations?.["storageclass.beta.kubernetes.io/is-default-class"] === "true"
-    ));
-
-    config.version = this.latestVersion;
-
-    return this.stack.kubectlApplyFolder(this.resourceFolder, config, ["--prune"]);
-  }
-
-  async upgrade(config: MetricsConfiguration): Promise<string> {
-    return this.install(config);
-  }
-
-  async getStatus(): Promise<MetricsStatus> {
-    const status: MetricsStatus = { installed: false, canUpgrade: false };
-
-    try {
-      const namespaceApi = forCluster(this.cluster, Namespace);
-      const namespace = await namespaceApi.get({ name: "lens-metrics" });
-
-      if (namespace?.kind) {
-        const currentVersion = namespace.metadata.annotations?.extensionVersion || "0.0.0";
-
-        status.installed = true;
-        status.canUpgrade = semver.lt(currentVersion, this.latestVersion, true);
-      } else {
-        status.installed = false;
-      }
-    } catch(e) {
-      if (e?.error?.code === 404) {
-        status.installed = false;
-      } else {
-        console.warn("[LENS-METRICS] failed to resolve install state", e);
-      }
-    }
-
-    return status;
-  }
-
-  async uninstall(config: MetricsConfiguration): Promise<string> {
-    return this.stack.kubectlDeleteFolder(this.resourceFolder, config);
-  }
-}
--- a/extensions/metrics-cluster-feature/src/metrics-settings.tsx
+++ b/extensions/metrics-cluster-feature/src/metrics-settings.tsx
@ -1,276 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-import React from "react";
-import type { Common } from "@k8slens/extensions";
-import { Renderer } from "@k8slens/extensions";
-import { observer } from "mobx-react";
-import { computed, observable, makeObservable } from "mobx";
-import type { MetricsConfiguration } from "./metrics-feature";
-import { MetricsFeature } from "./metrics-feature";
-
-const {
-  K8sApi: {
-    forCluster, StatefulSet, DaemonSet, Deployment,
-  },
-  Component: {
-    SubTitle, Switch, Button,
-  },
-} = Renderer;
-
-export interface MetricsSettingsProps {
-  cluster: Common.Catalog.KubernetesCluster;
-}
-
-@observer
-export class MetricsSettings extends React.Component<MetricsSettingsProps> {
-  constructor(props: MetricsSettingsProps) {
-    super(props);
-    makeObservable(this);
-  }
-
-  @observable featureStates = {
-    prometheus: false,
-    kubeStateMetrics: false,
-    nodeExporter: false,
-  };
-  @observable canUpgrade = false;
-  @observable upgrading = false;
-  @observable changed = false;
-  @observable inProgress = false;
-
-  config: MetricsConfiguration = {
-    prometheus: {
-      enabled: false,
-    },
-    persistence: {
-      enabled: false,
-      storageClass: null,
-      size: "20Gi", // kubernetes yaml value (no B suffix)
-    },
-    nodeExporter: {
-      enabled: false,
-    },
-    retention: {
-      time: "2d",
-      size: "5GiB", // argument for prometheus (requires B suffix)
-    },
-    kubeStateMetrics: {
-      enabled: false,
-    },
-    alertManagers: null,
-    replicas: 1,
-    storageClass: null,
-  };
-  feature: MetricsFeature;
-
-  @computed get isTogglable() {
-    if (this.inProgress) return false;
-    if (this.props.cluster.status.phase !== "connected") return false;
-    if (this.canUpgrade) return false;
-    if (!this.isActiveMetricsProvider) return false;
-
-    return true;
-  }
-
-  get metricsProvider() {
-    return this.props.cluster.spec?.metrics?.prometheus?.type || "";
-  }
-
-  get isActiveMetricsProvider() {
-    return (!this.metricsProvider || this.metricsProvider === "lens");
-  }
-
-  async componentDidMount() {
-    this.feature = new MetricsFeature(this.props.cluster);
-
-    await this.updateFeatureStates();
-  }
-
-  async updateFeatureStates() {
-    const status = await this.feature.getStatus();
-
-    this.canUpgrade = status.canUpgrade;
-
-    if (this.canUpgrade) {
-      this.changed = true;
-    }
-
-    const statefulSet = forCluster(this.props.cluster, StatefulSet);
-
-    try {
-      await statefulSet.get({ name: "prometheus", namespace: "lens-metrics" });
-      this.featureStates.prometheus = true;
-    } catch(e) {
-      if (e?.error?.code === 404) {
-        this.featureStates.prometheus = false;
-      } else {
-        this.featureStates.prometheus = undefined;
-      }
-    }
-
-    const deployment = forCluster(this.props.cluster, Deployment);
-
-    try {
-      await deployment.get({ name: "kube-state-metrics", namespace: "lens-metrics" });
-      this.featureStates.kubeStateMetrics = true;
-    } catch(e) {
-      if (e?.error?.code === 404) {
-        this.featureStates.kubeStateMetrics = false;
-      } else {
-        this.featureStates.kubeStateMetrics = undefined;
-      }
-    }
-
-    const daemonSet = forCluster(this.props.cluster, DaemonSet);
-
-    try {
-      await daemonSet.get({ name: "node-exporter", namespace: "lens-metrics" });
-      this.featureStates.nodeExporter = true;
-    } catch(e) {
-      if (e?.error?.code === 404) {
-        this.featureStates.nodeExporter = false;
-      } else {
-        this.featureStates.nodeExporter = undefined;
-      }
-    }
-  }
-
-  async save() {
-    this.config.prometheus.enabled = !!this.featureStates.prometheus;
-    this.config.kubeStateMetrics.enabled = !!this.featureStates.kubeStateMetrics;
-    this.config.nodeExporter.enabled = !!this.featureStates.nodeExporter;
-
-    this.inProgress = true;
-
-    try {
-      if (!this.config.prometheus.enabled && !this.config.kubeStateMetrics.enabled && !this.config.nodeExporter.enabled) {
-        await this.feature.uninstall(this.config);
-      } else {
-        await this.feature.install(this.config);
-      }
-    } finally {
-      this.inProgress = false;
-      this.changed = false;
-
-      await this.updateFeatureStates();
-    }
-  }
-
-  async togglePrometheus(enabled: boolean) {
-    this.featureStates.prometheus = enabled;
-    this.changed = true;
-  }
-
-  async toggleKubeStateMetrics(enabled: boolean) {
-    this.featureStates.kubeStateMetrics = enabled;
-    this.changed = true;
-  }
-
-  async toggleNodeExporter(enabled: boolean) {
-    this.featureStates.nodeExporter = enabled;
-    this.changed = true;
-  }
-
-  @computed get buttonLabel() {
-    const allDisabled = !this.featureStates.kubeStateMetrics && !this.featureStates.nodeExporter && !this.featureStates.prometheus;
-
-    if (this.inProgress && this.canUpgrade) return "Upgrading ...";
-    if (this.inProgress && allDisabled) return "Uninstalling ...";
-    if (this.inProgress) return "Applying ...";
-    if (this.canUpgrade) return "Upgrade";
-
-    if (this.changed && allDisabled) {
-      return "Uninstall";
-    }
-
-    return "Apply";
-  }
-
-  render() {
-    return (
-      <section style={{ display: "flex", flexDirection: "column", rowGap: "1.5rem" }}>
-        { this.props.cluster.status.phase !== "connected" && (
-          <section>
-            <p style={ { color: "var(--colorError)" } }>
-              Lens Metrics settings requires established connection to the cluster.
-            </p>
-          </section>
-        )}
-        { !this.isActiveMetricsProvider && (
-          <section>
-            <p style={ { color: "var(--colorError)" } }>
-              Other metrics provider is currently active. See &quot;Metrics&quot; tab for details.
-            </p>
-          </section>
-        )}
-        <section>
-          <SubTitle title="Prometheus" />
-          <Switch
-            disabled={this.featureStates.kubeStateMetrics === undefined || !this.isTogglable}
-            checked={!!this.featureStates.prometheus && this.props.cluster.status.phase == "connected"}
-            onChange={checked => this.togglePrometheus(checked)}
-            name="prometheus"
-          >
-            Enable bundled Prometheus metrics stack
-          </Switch>
-          <small className="hint">
-            Enable timeseries data visualization (Prometheus stack) for your cluster.
-          </small>
-        </section>
-
-        <section>
-          <SubTitle title="Kube State Metrics" />
-          <Switch
-            disabled={this.featureStates.kubeStateMetrics === undefined || !this.isTogglable}
-            checked={!!this.featureStates.kubeStateMetrics && this.props.cluster.status.phase == "connected"}
-            onChange={checked => this.toggleKubeStateMetrics(checked)}
-            name="kube-state-metrics"
-          >
-            Enable bundled kube-state-metrics stack
-          </Switch>
-          <small className="hint">
-            Enable Kubernetes API object metrics for your cluster.
-            Enable this only if you don&apos;t have existing kube-state-metrics stack installed.
-          </small>
-        </section>
-
-        <section>
-          <SubTitle title="Node Exporter" />
-          <Switch
-            disabled={this.featureStates.nodeExporter === undefined || !this.isTogglable}
-            checked={!!this.featureStates.nodeExporter && this.props.cluster.status.phase == "connected"}
-            onChange={checked => this.toggleNodeExporter(checked)}
-            name="node-exporter"
-          >
-            Enable bundled node-exporter stack
-          </Switch>
-          <small className="hint">
-            Enable node level metrics for your cluster.
-            Enable this only if you don&apos;t have existing node-exporter stack installed.
-          </small>
-        </section>
-
-        <section>
-          <div>
-            <Button
-              primary
-              label={this.buttonLabel}
-              waiting={this.inProgress}
-              onClick={() => this.save()}
-              disabled={!this.changed}
-              style={{ width: "20ch", padding: "0.5rem" }}
-            />
-
-            {this.canUpgrade && (
-              <small className="hint">
-                An update is available for enabled metrics components.
-              </small>
-            )}
-          </div>
-        </section>
-      </section>
-    );
-  }
-}
--- a/extensions/metrics-cluster-feature/tsconfig.json
+++ b/extensions/metrics-cluster-feature/tsconfig.json
@ -1,27 +0,0 @@
-{
-  "compilerOptions": {
-    "outDir": "dist",
-    "module": "CommonJS",
-    "target": "ES2017",
-    "lib": ["ESNext", "DOM", "DOM.Iterable"],
-    "moduleResolution": "Node",
-    "sourceMap": false,
-    "declaration": false,
-    "strict": false,
-    "noImplicitAny": true,
-    "skipLibCheck": true,
-    "esModuleInterop": true,
-    "allowSyntheticDefaultImports": true,
-    "experimentalDecorators": true,
-    "useDefineForClassFields": true,
-    "jsx": "react"
-  },
-  "include": [
-    "./**/*.ts",
-    "./**/*.tsx"
-  ],
-  "exclude": [
-    "node_modules",
-    "*.js"
-  ]
-}
--- a/extensions/metrics-cluster-feature/webpack.config.js
+++ b/extensions/metrics-cluster-feature/webpack.config.js
@ -1,47 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-const path = require("path");
-
-module.exports = [
-  {
-    entry: "./renderer.tsx",
-    context: __dirname,
-    target: "electron-renderer",
-    mode: "production",
-    optimization: {
-      minimize: false,
-    },
-    module: {
-      rules: [
-        {
-          test: /\.tsx?$/,
-          use: "ts-loader",
-          exclude: /node_modules/,
-        },
-      ],
-    },
-    externals: [
-      {
-        "@k8slens/extensions": "var global.LensExtensions",
-        "react": "var global.React",
-        "react-dom": "var global.ReactDOM",
-        "mobx": "var global.Mobx",
-        "mobx-react": "var global.MobxReact",
-      },
-    ],
-    resolve: {
-      extensions: [ ".tsx", ".ts", ".js" ],
-    },
-    output: {
-      libraryTarget: "commonjs2",
-      globalObject: "this",
-      filename: "renderer.js",
-      path: path.resolve(__dirname, "dist"),
-    },
-    node: {
-      __dirname: false,
-    },
-  },
-];
--- a/extensions/node-menu/package.json
+++ b/extensions/node-menu/package.json
@ -1,22 +0,0 @@
-{
-  "name": "lens-node-menu",
-  "version": "6.1.0",
-  "description": "Lens node menu",
-  "renderer": "dist/renderer.js",
-  "lens": {
-    "metadata": {},
-    "styles": []
-  },
-  "scripts": {
-    "build": "npx webpack",
-    "dev": "npx webpack -- --watch",
-    "test": "npx jest --passWithNoTests --env=jsdom src $@"
-  },
-  "files": [
-    "dist/**/*"
-  ],
-  "dependencies": {},
-  "devDependencies": {
-    "@k8slens/extensions": "file:../../src/extensions/npm/extensions"
-  }
-}
--- a/extensions/node-menu/renderer.tsx
+++ b/extensions/node-menu/renderer.tsx
@ -1,21 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-import { Renderer } from "@k8slens/extensions";
-import React from "react";
-import type { NodeMenuProps } from "./src/node-menu";
-import { NodeMenu } from "./src/node-menu";
-
-export default class NodeMenuRendererExtension extends Renderer.LensExtension {
-  kubeObjectMenuItems = [
-    {
-      kind: "Node",
-      apiVersions: ["v1"],
-      components: {
-        MenuItem: (props: NodeMenuProps) => <NodeMenu {...props} />,
-      },
-    },
-  ];
-}
--- a/extensions/node-menu/src/node-menu.tsx
+++ b/extensions/node-menu/src/node-menu.tsx
@ -1,122 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-import React from "react";
-import { Common, Renderer } from "@k8slens/extensions";
-
-type Node = Renderer.K8sApi.Node;
-
-const {
-  Component: {
-    terminalStore,
-    createTerminalTab,
-    ConfirmDialog,
-    MenuItem,
-    Icon,
-  },
-  Navigation,
-} = Renderer;
-const {
-  App,
-} = Common;
-
-
-export interface NodeMenuProps extends Renderer.Component.KubeObjectMenuProps<Node> {
-}
-
-export function NodeMenu(props: NodeMenuProps) {
-  const { object: node, toolbar } = props;
-
-  if (!node) {
-    return null;
-  }
-
-  const nodeName = node.getName();
-  const kubectlPath = App.Preferences.getKubectlPath() || "kubectl";
-
-  const sendToTerminal = (command: string) => {
-    terminalStore.sendCommand(command, {
-      enter: true,
-      newTab: true,
-    });
-    Navigation.hideDetails();
-  };
-
-  const shell = () => {
-    createTerminalTab({
-      title: `Node: ${nodeName}`,
-      node: nodeName,
-    });
-    Navigation.hideDetails();
-  };
-
-  const cordon = () => {
-    sendToTerminal(`${kubectlPath} cordon ${nodeName}`);
-  };
-
-  const unCordon = () => {
-    sendToTerminal(`${kubectlPath} uncordon ${nodeName}`);
-  };
-
-  const drain = () => {
-    const command = `${kubectlPath} drain ${nodeName} --delete-local-data --ignore-daemonsets --force`;
-
-    ConfirmDialog.open({
-      ok: () => sendToTerminal(command),
-      labelOk: `Drain Node`,
-      message: (
-        <p>
-          {"Are you sure you want to drain "}
-          <b>{nodeName}</b>
-          ?
-        </p>
-      ),
-    });
-  };
-
-  return (
-    <>
-      <MenuItem onClick={shell}>
-        <Icon
-          svg="ssh"
-          interactive={toolbar}
-          tooltip={toolbar && "Node shell"}
-        />
-        <span className="title">Shell</span>
-      </MenuItem>
-      {
-        node.isUnschedulable()
-          ? (
-            <MenuItem onClick={unCordon}>
-              <Icon
-                material="play_circle_filled"
-                tooltip={toolbar && "Uncordon"}
-                interactive={toolbar}
-              />
-              <span className="title">Uncordon</span>
-            </MenuItem>
-          )
-          : (
-            <MenuItem onClick={cordon}>
-              <Icon
-                material="pause_circle_filled"
-                tooltip={toolbar && "Cordon"}
-                interactive={toolbar}
-              />
-              <span className="title">Cordon</span>
-            </MenuItem>
-          )
-      }
-      <MenuItem onClick={drain}>
-        <Icon
-          material="delete_sweep"
-          tooltip={toolbar && "Drain"}
-          interactive={toolbar}
-        />
-        <span className="title">Drain</span>
-      </MenuItem>
-    </>
-  );
-}
--- a/extensions/node-menu/tsconfig.json
+++ b/extensions/node-menu/tsconfig.json
@ -1,27 +0,0 @@
-{
-  "compilerOptions": {
-    "outDir": "dist",
-    "module": "CommonJS",
-    "target": "ES2017",
-    "lib": ["ESNext", "DOM", "DOM.Iterable"],
-    "moduleResolution": "Node",
-    "sourceMap": false,
-    "declaration": false,
-    "strict": false,
-    "noImplicitAny": true,
-    "skipLibCheck": true,
-    "esModuleInterop": true,
-    "allowSyntheticDefaultImports": true,
-    "experimentalDecorators": true,
-    "useDefineForClassFields": true,
-    "jsx": "react"
-  },
-  "include": [
-    "./*.ts",
-    "./*.tsx"
-  ],
-  "exclude": [
-    "node_modules",
-    "*.js"
-  ]
-}
--- a/extensions/node-menu/webpack.config.js
+++ b/extensions/node-menu/webpack.config.js
@ -1,44 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-const path = require("path");
-
-module.exports = [
-  {
-    entry: "./renderer.tsx",
-    context: __dirname,
-    target: "electron-renderer",
-    mode: "production",
-    optimization: {
-      minimize: false,
-    },
-    module: {
-      rules: [
-        {
-          test: /\.tsx?$/,
-          use: "ts-loader",
-          exclude: /node_modules/,
-        },
-      ],
-    },
-    externals: [
-      {
-        "@k8slens/extensions": "var global.LensExtensions",
-        "react": "var global.React",
-        "react-dom": "var global.ReactDOM",
-        "mobx": "var global.Mobx",
-        "mobx-react": "var global.MobxReact",
-      },
-    ],
-    resolve: {
-      extensions: [ ".tsx", ".ts", ".js" ],
-    },
-    output: {
-      libraryTarget: "commonjs2",
-      globalObject: "this",
-      filename: "renderer.js",
-      path: path.resolve(__dirname, "dist"),
-    },
-  },
-];
--- a/extensions/pod-menu/package.json
+++ b/extensions/pod-menu/package.json
@ -1,22 +0,0 @@
-{
-  "name": "lens-pod-menu",
-  "version": "6.1.0",
-  "description": "Lens pod menu",
-  "renderer": "dist/renderer.js",
-  "lens": {
-    "metadata": {},
-    "styles": []
-  },
-  "scripts": {
-    "build": "npx webpack",
-    "dev": "npx webpack -- --watch",
-    "test": "npx jest --passWithNoTests --env=jsdom src $@"
-  },
-  "files": [
-    "dist/**/*"
-  ],
-  "dependencies": {},
-  "devDependencies": {
-    "@k8slens/extensions": "file:../../src/extensions/npm/extensions"
-  }
-}
--- a/extensions/pod-menu/renderer.tsx
+++ b/extensions/pod-menu/renderer.tsx
@ -1,39 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-import { Renderer } from "@k8slens/extensions";
-import type { PodAttachMenuProps } from "./src/attach-menu";
-import { PodAttachMenu } from "./src/attach-menu";
-import type { PodShellMenuProps } from "./src/shell-menu";
-import { PodShellMenu } from "./src/shell-menu";
-import type { PodLogsMenuProps } from "./src/logs-menu";
-import { PodLogsMenu } from "./src/logs-menu";
-import React from "react";
-
-export default class PodMenuRendererExtension extends Renderer.LensExtension {
-  kubeObjectMenuItems = [
-    {
-      kind: "Pod",
-      apiVersions: ["v1"],
-      components: {
-        MenuItem: (props: PodAttachMenuProps) => <PodAttachMenu {...props} />,
-      },
-    },
-    {
-      kind: "Pod",
-      apiVersions: ["v1"],
-      components: {
-        MenuItem: (props: PodShellMenuProps) => <PodShellMenu {...props} />,
-      },
-    },
-    {
-      kind: "Pod",
-      apiVersions: ["v1"],
-      components: {
-        MenuItem: (props: PodLogsMenuProps) => <PodLogsMenu {...props} />,
-      },
-    },
-  ];
-}
--- a/extensions/pod-menu/src/attach-menu.tsx
+++ b/extensions/pod-menu/src/attach-menu.tsx
@ -1,106 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-
-
-import React from "react";
-import { Renderer, Common } from "@k8slens/extensions";
-
-type Pod = Renderer.K8sApi.Pod;
-
-const {
-  Component: {
-    createTerminalTab,
-    terminalStore,
-    MenuItem,
-    Icon,
-    SubMenu,
-    StatusBrick,
-  },
-  Navigation,
-} = Renderer;
-const {
-  Util,
-  App,
-} = Common;
-
-export interface PodAttachMenuProps extends Renderer.Component.KubeObjectMenuProps<Pod> {
-}
-
-export class PodAttachMenu extends React.Component<PodAttachMenuProps> {
-  async attachToPod(container?: string) {
-    const { object: pod } = this.props;
-
-    const kubectlPath = App.Preferences.getKubectlPath() || "kubectl";
-    const commandParts = [
-      kubectlPath,
-      "attach",
-      "-i",
-      "-t",
-      "-n", pod.getNs(),
-      pod.getName(),
-    ];
-
-    if (window.navigator.platform !== "Win32") {
-      commandParts.unshift("exec");
-    }
-
-    if (container) {
-      commandParts.push("-c", container);
-    }
-
-    const shell = createTerminalTab({
-      title: `Pod: ${pod.getName()} (namespace: ${pod.getNs()}) [Attached]`,
-    });
-
-    terminalStore.sendCommand(commandParts.join(" "), {
-      enter: true,
-      tabId: shell.id,
-    });
-
-    Navigation.hideDetails();
-  }
-
-  render() {
-    const { object, toolbar } = this.props;
-    const containers = object.getRunningContainers();
-
-    if (!containers.length) return null;
-
-    return (
-      <MenuItem onClick={Util.prevDefault(() => this.attachToPod(containers[0].name))}>
-        <Icon
-          material="pageview"
-          interactive={toolbar}
-          tooltip={toolbar && "Attach to Pod"}
-        />
-        <span className="title">Attach Pod</span>
-        {containers.length > 1 && (
-          <>
-            <Icon className="arrow" material="keyboard_arrow_right"/>
-            <SubMenu>
-              {
-                containers.map(container => {
-                  const { name } = container;
-
-                  return (
-                    <MenuItem
-                      key={name}
-                      onClick={Util.prevDefault(() => this.attachToPod(name))}
-                      className="flex align-center"
-                    >
-                      <StatusBrick/>
-                      <span>{name}</span>
-                    </MenuItem>
-                  );
-                })
-              }
-            </SubMenu>
-          </>
-        )}
-      </MenuItem>
-    );
-  }
-}
--- a/extensions/pod-menu/src/logs-menu.tsx
+++ b/extensions/pod-menu/src/logs-menu.tsx
@ -1,87 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-import React from "react";
-import { Renderer, Common } from "@k8slens/extensions";
-
-type Pod = Renderer.K8sApi.Pod;
-type IPodContainer = Renderer.K8sApi.IPodContainer;
-
-const {
-  Component: {
-    logTabStore,
-    MenuItem,
-    Icon,
-    SubMenu,
-    StatusBrick,
-  },
-  Navigation,
-} = Renderer;
-const {
-  Util,
-} = Common;
-
-export interface PodLogsMenuProps extends Renderer.Component.KubeObjectMenuProps<Pod> {
-}
-
-export class PodLogsMenu extends React.Component<PodLogsMenuProps> {
-  showLogs(container: IPodContainer) {
-    Navigation.hideDetails();
-    const pod = this.props.object;
-
-    logTabStore.createPodTab({
-      selectedPod: pod,
-      selectedContainer: container,
-    });
-  }
-
-  render() {
-    const { object: pod, toolbar } = this.props;
-    const containers = pod.getAllContainers();
-    const statuses = pod.getContainerStatuses();
-
-    if (!containers.length) return null;
-
-    return (
-      <MenuItem onClick={Util.prevDefault(() => this.showLogs(containers[0]))}>
-        <Icon
-          material="subject"
-          interactive={toolbar}
-          tooltip={toolbar && "Pod Logs"}
-        />
-        <span className="title">Logs</span>
-        {containers.length > 1 && (
-          <>
-            <Icon className="arrow" material="keyboard_arrow_right"/>
-            <SubMenu>
-              {
-                containers.map(container => {
-                  const { name } = container;
-                  const status = statuses.find(status => status.name === name);
-                  const brick = status ? (
-                    <StatusBrick
-                      className={Util.cssNames(Object.keys(status.state)[0], { ready: status.ready })}
-                    />
-                  ) : null;
-
-                  return (
-                    <MenuItem
-                      key={name}
-                      onClick={Util.prevDefault(() => this.showLogs(container))}
-                      className="flex align-center"
-                    >
-                      {brick}
-                      <span>{name}</span>
-                    </MenuItem>
-                  );
-                })
-              }
-            </SubMenu>
-          </>
-        )}
-      </MenuItem>
-    );
-  }
-}
--- a/extensions/pod-menu/src/shell-menu.tsx
+++ b/extensions/pod-menu/src/shell-menu.tsx
@ -1,114 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-
-
-import React from "react";
-import { Renderer, Common } from "@k8slens/extensions";
-
-type Pod = Renderer.K8sApi.Pod;
-
-const {
-  Component: {
-    createTerminalTab,
-    terminalStore,
-    MenuItem,
-    Icon,
-    SubMenu,
-    StatusBrick,
-  },
-  Navigation,
-} = Renderer;
-const {
-  Util,
-  App,
-} = Common;
-
-export interface PodShellMenuProps extends Renderer.Component.KubeObjectMenuProps<Pod> {
-}
-
-export class PodShellMenu extends React.Component<PodShellMenuProps> {
-  async execShell(container?: string) {
-    const { object: pod } = this.props;
-
-    const kubectlPath = App.Preferences.getKubectlPath() || "kubectl";
-    const commandParts = [
-      kubectlPath,
-      "exec",
-      "-i",
-      "-t",
-      "-n", pod.getNs(),
-      pod.getName(),
-    ];
-
-    if (window.navigator.platform !== "Win32") {
-      commandParts.unshift("exec");
-    }
-
-    if (container) {
-      commandParts.push("-c", container);
-    }
-
-    commandParts.push("--");
-
-    if (pod.getSelectedNodeOs() === "windows") {
-      commandParts.push("powershell");
-    } else {
-      commandParts.push('sh -c "clear; (bash || ash || sh)"');
-    }
-
-    const shell = createTerminalTab({
-      title: `Pod: ${pod.getName()} (namespace: ${pod.getNs()})`,
-    });
-
-    terminalStore.sendCommand(commandParts.join(" "), {
-      enter: true,
-      tabId: shell.id,
-    });
-
-    Navigation.hideDetails();
-  }
-
-  render() {
-    const { object, toolbar } = this.props;
-    const containers = object.getRunningContainers();
-
-    if (!containers.length) return null;
-
-    return (
-      <MenuItem onClick={Util.prevDefault(() => this.execShell(containers[0].name))}>
-        <Icon
-          svg="ssh"
-          interactive={toolbar}
-          tooltip={toolbar && "Pod Shell"} 
-        />
-        <span className="title">Shell</span>
-        {containers.length > 1 && (
-          <>
-            <Icon className="arrow" material="keyboard_arrow_right"/>
-            <SubMenu>
-              {
-                containers.map(container => {
-                  const { name } = container;
-
-                  return (
-                    <MenuItem
-                      key={name}
-                      onClick={Util.prevDefault(() => this.execShell(name))}
-                      className="flex align-center"
-                    >
-                      <StatusBrick/>
-                      <span>{name}</span>
-                    </MenuItem>
-                  );
-                })
-              }
-            </SubMenu>
-          </>
-        )}
-      </MenuItem>
-    );
-  }
-}
--- a/extensions/pod-menu/tsconfig.json
+++ b/extensions/pod-menu/tsconfig.json
@ -1,27 +0,0 @@
-{
-  "compilerOptions": {
-    "outDir": "dist",
-    "module": "CommonJS",
-    "target": "ES2017",
-    "lib": ["ESNext", "DOM", "DOM.Iterable"],
-    "moduleResolution": "Node",
-    "sourceMap": false,
-    "declaration": false,
-    "strict": false,
-    "noImplicitAny": true,
-    "skipLibCheck": true,
-    "esModuleInterop": true,
-    "allowSyntheticDefaultImports": true,
-    "experimentalDecorators": true,
-    "useDefineForClassFields": true,
-    "jsx": "react"
-  },
-  "include": [
-    "./*.ts",
-    "./*.tsx"
-  ],
-  "exclude": [
-    "node_modules",
-    "*.js"
-  ]
-}
--- a/extensions/pod-menu/webpack.config.js
+++ b/extensions/pod-menu/webpack.config.js
@ -1,44 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-const path = require("path");
-
-module.exports = [
-  {
-    entry: "./renderer.tsx",
-    context: __dirname,
-    target: "electron-renderer",
-    mode: "production",
-    optimization: {
-      minimize: false,
-    },
-    module: {
-      rules: [
-        {
-          test: /\.tsx?$/,
-          use: "ts-loader",
-          exclude: /node_modules/,
-        },
-      ],
-    },
-    externals: [
-      {
-        "@k8slens/extensions": "var global.LensExtensions",
-        "react": "var global.React",
-        "react-dom": "var global.ReactDOM",
-        "mobx": "var global.Mobx",
-        "mobx-react": "var global.MobxReact",
-      },
-    ],
-    resolve: {
-      extensions: [ ".tsx", ".ts", ".js" ],
-    },
-    output: {
-      libraryTarget: "commonjs2",
-      globalObject: "this",
-      filename: "renderer.js",
-      path: path.resolve(__dirname, "dist"),
-    },
-  },
-];
--- a/integration/tests/cluster-pages.tests.ts
+++ b/integration/tests/cluster-pages.tests.ts
@ -76,60 +76,6 @@ describeIf(minikubeReady(TEST_NAMESPACE))("Minikube based tests", () => {
    10 * 60 * 1000,
  );

-  it(
-    "show logs and highlight the log search entries",
-    async () => {
-      await navigateToPods(frame);
-
-      const namespacesSelector = await frame.waitForSelector(
-        ".NamespaceSelect",
-      );
-
-      await namespacesSelector.click();
-      await namespacesSelector.type("kube-system");
-      await namespacesSelector.press("Enter");
-      await namespacesSelector.click();
-
-      const kubeApiServerRow = await frame.waitForSelector(
-        "div.TableCell >> text=kube-apiserver",
-      );
-
-      await kubeApiServerRow.click();
-      await frame.waitForSelector(".Drawer", { state: "visible" });
-
-      const showPodLogsIcon = await frame.waitForSelector(
-        ".Drawer .drawer-title .Icon >> text=subject",
-      );
-
-      showPodLogsIcon.click();
-
-      // Check if controls are available
-      await frame.waitForSelector(".Dock.isOpen");
-      await frame.waitForSelector(".LogList .VirtualList");
-      await frame.waitForSelector(".LogResourceSelector");
-
-      const logSearchInput = await frame.waitForSelector(
-        ".LogSearch .SearchInput input",
-      );
-
-      await logSearchInput.type(":");
-      await frame.waitForSelector(".LogList .list span.active");
-
-      const showTimestampsButton = await frame.waitForSelector(
-        "[data-testid='log-controls'] .show-timestamps",
-      );
-
-      await showTimestampsButton.click();
-
-      const showPreviousButton = await frame.waitForSelector(
-        "[data-testid='log-controls'] .show-previous",
-      );
-
-      await showPreviousButton.click();
-    },
-    10 * 60 * 1000,
-  );
-
  it(
    "should show the default namespaces",
    async () => {
--- a/package.json
+++ b/package.json
@ -1,16 +1,51 @@
 {
-  "name": "open-lens",
+  "name": "@k8slens/open-lens",
  "productName": "OpenLens",
  "description": "OpenLens - Open Source IDE for Kubernetes",
  "homepage": "https://github.com/lensapp/lens",
-  "version": "6.3.0-alpha.0",
+  "version": "6.4.0-alpha.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/lensapp/lens.git"
+  },
+  "keywords": [],
+  "bugs": {
+    "url": "https://github.com/lensapp/lens/issues"
+  },
  "main": "static/build/main.js",
+  "exports": {
+    "./main": "./static/build/library/main.js",
+    "./renderer": "./static/build/library/renderer.js",
+    "./common": "./static/build/library/common.js",
+    "./styles": "./static/build/library/renderer.css"
+  },
+  "typesVersions": {
+    "*": {
+      "main": [
+        "./src/main/library.ts"
+      ],
+      "renderer": [
+        "./src/renderer/library.ts"
+      ],
+      "common": [
+        "./src/common/library.ts"
+      ]
+    }
+  },
+  "files": [
+    "build/download_binaries.ts",
+    "build/*.plist",
+    "build/installer.nsh",
+    "build/notarize.js",
+    "src/**/*",
+    "static/build/library/**/*",
+    "templates/**/*",
+    "types/*",
+    "tsconfig.json"
+  ],
  "copyright": "© 2022 OpenLens Authors",
  "license": "MIT",
-  "author": {
-    "name": "OpenLens Authors",
-    "email": "info@k8slens.dev"
-  },
+  "author": "OpenLens Authors <info@k8slens.dev>",
  "scripts": {
    "adr:create": "echo \"What is the title?\"; read title; adr new \"$title\"",
    "adr:change-status": "echo \"Decision number?:\"; read decision; adr status $decision",
@ -22,13 +57,14 @@
    "dev-run": "nodemon --watch ./static/build/main.js --exec \"electron --remote-debugging-port=9223 --inspect .\"",
    "dev:main": "yarn run compile:main --watch --progress",
    "dev:renderer": "yarn run ts-node webpack/dev-server.ts",
+    "compile-library": "env NODE_ENV=production yarn run webpack --config webpack/library-bundle.ts",
    "compile": "env NODE_ENV=production concurrently yarn:compile:*",
    "compile:main": "yarn run webpack --config webpack/main.ts",
    "compile:renderer": "yarn run webpack --config webpack/renderer.ts",
    "compile:extension-types": "yarn run webpack --config webpack/extensions.ts",
    "compile:node-fetch": "yarn run webpack --config ./webpack/node-fetch.ts",
-    "postinstall": "yarn run compile:node-fetch",
-    "npm:fix-package-version": "yarn run ts-node build/set_npm_version.ts",
+    "prepare": "yarn run compile:node-fetch",
+    "npm:fix-extensions-package-version": "yarn run ts-node build/set_extensions_npm_version.ts",
    "build:linux": "yarn run compile && electron-builder --linux --dir",
    "build:mac": "yarn run compile && electron-builder --mac --dir",
    "build:win": "yarn run compile && electron-builder --win --dir",
@ -58,13 +94,7 @@
    "bundledHelmVersion": "3.7.2",
    "sentryDsn": "",
    "contentSecurityPolicy": "script-src 'unsafe-eval' 'self'; frame-src http://*.localhost:*/; img-src * data:",
-    "welcomeRoute": "/welcome",
-    "extensions": [
-      "kube-object-event-status",
-      "metrics-cluster-feature",
-      "node-menu",
-      "pod-menu"
-    ]
+    "welcomeRoute": "/welcome"
  },
  "engines": {
    "node": ">=16 <17"
@ -85,7 +115,7 @@
    },
    "modulePathIgnorePatterns": [
      "<rootDir>/dist",
-      "<rootDir>/src/extensions/npm"
+      "<rootDir>/packages"
    ],
    "setupFiles": [
      "<rootDir>/src/jest.setup.ts",
@ -112,6 +142,7 @@
      "LICENSE"
    ],
    "linux": {
+      "executableName": "open-lens",
      "category": "Network",
      "artifactName": "${productName}-${version}.${arch}.${ext}",
      "target": [
@ -140,6 +171,7 @@
      ]
    },
    "mac": {
+      "executableName": "OpenLens",
      "hardenedRuntime": true,
      "gatekeeperAssess": false,
      "entitlements": "build/entitlements.mac.plist",
@ -160,6 +192,7 @@
      ]
    },
    "win": {
+      "executableName": "OpenLens.exe",
      "target": [
        "nsis"
      ],
@ -210,7 +243,6 @@
    "@sentry/electron": "^3.0.8",
    "@sentry/integrations": "^6.19.3",
    "@side/jest-runtime": "^1.0.1",
-    "@types/circular-dependency-plugin": "5.0.5",
    "abort-controller": "^3.0.0",
    "auto-bind": "^4.0.0",
    "await-lock": "^2.2.2",
@ -234,14 +266,9 @@
    "joi": "^17.7.0",
    "js-yaml": "^4.1.0",
    "jsdom": "^16.7.0",
-    "kube-object-event-status": "file:./extensions/kube-object-event-status",
-    "lens-metrics-cluster-feature": "file:./extensions/metrics-cluster-feature",
-    "lens-node-menu": "file:./extensions/node-menu",
-    "lens-pod-menu": "file:./extensions/pod-menu",
    "lodash": "^4.17.15",
    "marked": "^4.2.4",
    "md5-file": "^5.0.0",
-    "metrics-cluster-feature": "file:./extensions/metrics-cluster-feature",
    "mobx": "^6.7.0",
    "mobx-observable-history": "^2.0.3",
    "mobx-react": "^7.6.0",
@ -249,15 +276,11 @@
    "mock-fs": "^5.2.0",
    "moment": "^2.29.4",
    "moment-timezone": "^0.5.40",
-    "monaco-editor": "^0.29.1",
-    "monaco-editor-webpack-plugin": "^5.0.0",
    "node-fetch": "^3.3.0",
-    "node-menu": "file:./extensions/node-menu",
    "node-pty": "0.10.1",
    "npm": "^8.19.3",
    "p-limit": "^3.1.0",
    "path-to-regexp": "^6.2.0",
-    "pod-menu": "file:./extensions/pod-menu",
    "proper-lockfile": "^4.1.2",
    "react": "^17.0.2",
    "react-dom": "^17.0.2",
@ -321,7 +344,7 @@
    "@types/memorystream": "^0.3.0",
    "@types/mini-css-extract-plugin": "^2.4.0",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^16.18.9",
+    "@types/node": "^16.18.10",
    "@types/proper-lockfile": "^4.1.2",
    "@types/randomcolor": "^0.5.7",
    "@types/react": "^17.0.45",
@ -365,7 +388,7 @@
    "electron": "^19.1.9",
    "electron-builder": "^23.6.0",
    "electron-notarize": "^0.3.0",
-    "esbuild": "^0.16.9",
+    "esbuild": "^0.16.10",
    "esbuild-loader": "^2.20.0",
    "eslint": "^8.30.0",
    "eslint-import-resolver-typescript": "^3.5.2",
@ -388,6 +411,8 @@
    "memorystream": "^0.3.1",
    "mini-css-extract-plugin": "^2.7.2",
    "mock-http": "^1.1.0",
+    "monaco-editor": "^0.29.1",
+    "monaco-editor-webpack-plugin": "^5.0.0",
    "node-gyp": "^8.3.0",
    "node-loader": "^2.0.0",
    "nodemon": "^2.0.20",
@ -404,7 +429,7 @@
    "react-select-event": "^5.5.1",
    "react-table": "^7.8.0",
    "react-window": "^1.8.8",
-    "sass": "^1.57.0",
+    "sass": "^1.57.1",
    "sass-loader": "^12.6.0",
    "sharp": "^0.31.2",
    "style-loader": "^3.3.1",
@ -414,7 +439,7 @@
    "ts-node": "^10.9.1",
    "type-fest": "^2.14.0",
    "typed-emitter": "^1.4.0",
-    "typedoc": "0.23.22",
+    "typedoc": "0.23.23",
    "typedoc-plugin-markdown": "^3.13.6",
    "typescript": "^4.9.4",
    "typescript-plugin-css-modules": "^3.4.0",
@ -424,5 +449,26 @@
    "webpack-node-externals": "^3.0.0",
    "xterm": "^4.19.0",
    "xterm-addon-fit": "^0.5.0"
+  },
+  "peerDependencies": {
+    "@types/byline": "^4.2.33",
+    "@types/chart.js": "^2.9.36",
+    "@types/color": "^3.0.3",
+    "@types/crypto-js": "^3.1.47",
+    "@types/lodash": "^4.14.191",
+    "@types/proper-lockfile": "^4.1.2",
+    "@types/react-dom": "^17.0.16",
+    "@types/react-router-dom": "^5.3.3",
+    "@types/react-virtualized-auto-sizer": "^1.0.1",
+    "@types/react-window": "^1.8.5",
+    "@types/request-promise-native": "^1.0.18",
+    "@types/tar": "^6.1.3",
+    "@types/tcp-port-used": "^1.0.1",
+    "@types/url-parse": "^1.4.8",
+    "@types/uuid": "^8.3.4",
+    "monaco-editor": "^0.29.1",
+    "react-select": "^5.7.0",
+    "typed-emitter": "^1.4.0",
+    "xterm-addon-fit": "^0.5.0"
  }
 }
--- a/src/extensions/npm/extensions/.gitignore
+++ b/src/extensions/npm/extensions/.gitignore
--- a/src/extensions/npm/extensions/package.json
+++ b/src/extensions/npm/extensions/package.json
--- a/src/common/cluster-store/allowed-resources-injection-token.ts
+++ b/src/common/cluster-store/allowed-resources-injection-token.ts
@ -5,7 +5,8 @@

 import { getInjectionToken } from "@ogre-tools/injectable";
 import type { IComputedValue } from "mobx";
+import type { KubeApiResourceDescriptor } from "../rbac";

-export const allowedResourcesInjectionToken = getInjectionToken<IComputedValue<Set<string>>>({
-  id: "allowed-resources",
+export const shouldShowResourceInjectionToken = getInjectionToken<IComputedValue<boolean>, KubeApiResourceDescriptor>({
+  id: "should-show-resource",
 });
--- a/src/common/cluster/authorization-namespace-review.injectable.ts
+++ b/src/common/cluster/authorization-namespace-review.injectable.ts
@ -1,87 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-import type { KubeConfig } from "@kubernetes/client-node";
-import { AuthorizationV1Api } from "@kubernetes/client-node";
-import { getInjectable } from "@ogre-tools/injectable";
-import type { Logger } from "../logger";
-import loggerInjectable from "../logger.injectable";
-import type { KubeApiResource } from "../rbac";
-
-/**
- * Requests the permissions for actions on the kube cluster
- * @param namespace The namespace of the resources
- * @param availableResources List of available resources in the cluster to resolve glob values fir api groups
- * @returns list of allowed resources names
- */
-export type RequestNamespaceResources = (namespace: string, availableResources: KubeApiResource[]) => Promise<string[]>; 
-
-/**
- * @param proxyConfig This config's `currentContext` field must be set, and will be used as the target cluster
- */
-export type AuthorizationNamespaceReview = (proxyConfig: KubeConfig) => RequestNamespaceResources; 
-
-interface Dependencies { 
-  logger: Logger;
-}
-
-const authorizationNamespaceReview = ({ logger }: Dependencies): AuthorizationNamespaceReview => {
-  return (proxyConfig) => {
-
-    const api = proxyConfig.makeApiClient(AuthorizationV1Api);
-
-    return async (namespace, availableResources) => {
-      try {
-        const { body } = await api.createSelfSubjectRulesReview({
-          apiVersion: "authorization.k8s.io/v1",
-          kind: "SelfSubjectRulesReview",
-          spec: { namespace },
-        });
-
-        const resources = new Set<string>();
-
-        body.status?.resourceRules.forEach(resourceRule => {
-          if (!resourceRule.verbs.some(verb => ["*", "list"].includes(verb)) || !resourceRule.resources) {
-            return;
-          }
-
-          const apiGroups = resourceRule.apiGroups;
-
-          if (resourceRule.resources.length === 1 && resourceRule.resources[0] === "*" && apiGroups) {
-            if (apiGroups[0] === "*") {
-              availableResources.forEach(resource => resources.add(resource.apiName));
-            } else {
-              availableResources.forEach((apiResource)=> {
-                if (apiGroups.includes(apiResource.group || "")) {
-                  resources.add(apiResource.apiName);
-                }
-              });
-            }
-          } else {
-            resourceRule.resources.forEach(resource => resources.add(resource));
-          }
-          
-        });
-
-        return [...resources];
-      } catch (error) {
-        logger.error(`[AUTHORIZATION-NAMESPACE-REVIEW]: failed to create subject rules review: ${error}`, { namespace });
-
-        return [];
-      }
-    };
-  };
-};
-
-const authorizationNamespaceReviewInjectable = getInjectable({
-  id: "authorization-namespace-review",
-  instantiate: (di) => {
-    const logger = di.inject(loggerInjectable);
-
-    return authorizationNamespaceReview({ logger });
-  },
-});
-
-export default authorizationNamespaceReviewInjectable;
--- a/src/common/cluster/cluster.ts
+++ b/src/common/cluster/cluster.ts
@ -9,8 +9,8 @@ import type { KubeConfig } from "@kubernetes/client-node";
 import { HttpError } from "@kubernetes/client-node";
 import type { Kubectl } from "../../main/kubectl/kubectl";
 import type { KubeconfigManager } from "../../main/kubeconfig-manager/kubeconfig-manager";
-import type { KubeApiResource, KubeResource } from "../rbac";
-import { apiResourceRecord, apiResources } from "../rbac";
+import type { KubeApiResource, KubeApiResourceDescriptor } from "../rbac";
+import { formatKubeApiResource } from "../rbac";
 import type { VersionDetector } from "../../main/cluster-detectors/version-detector";
 import type { DetectorRegistry } from "../../main/cluster-detectors/detector-registry";
 import plimit from "p-limit";
@ -25,8 +25,8 @@ import assert from "assert";
 import type { Logger } from "../logger";
 import type { BroadcastMessage } from "../ipc/broadcast-message.injectable";
 import type { LoadConfigfromFile } from "../kube-helpers/load-config-from-file.injectable";
-import type { RequestNamespaceResources } from "./authorization-namespace-review.injectable";
-import type { RequestListApiResources } from "./list-api-resources.injectable";
+import type { CanListResource, RequestNamespaceListPermissions, RequestNamespaceListPermissionsFor } from "./request-namespace-list-permissions.injectable";
+import type { RequestApiResources } from "../../main/cluster/request-api-resources.injectable";

 export interface ClusterDependencies {
  readonly directoryForKubeConfigs: string;
@ -36,8 +36,8 @@ export interface ClusterDependencies {
  createContextHandler: (cluster: Cluster) => ClusterContextHandler;
  createKubectl: (clusterVersion: string) => Kubectl;
  createAuthorizationReview: (config: KubeConfig) => CanI;
-  createAuthorizationNamespaceReview: (config: KubeConfig) => RequestNamespaceResources;
-  createListApiResources: (cluster: Cluster) => RequestListApiResources;
+  requestApiResources: RequestApiResources;
+  requestNamespaceListPermissionsFor: RequestNamespaceListPermissionsFor;
  createListNamespaces: (config: KubeConfig) => ListNamespaces;
  createVersionDetector: (cluster: Cluster) => VersionDetector;
  broadcastMessage: BroadcastMessage;
@ -49,7 +49,7 @@ export interface ClusterDependencies {
 *
 * @beta
 */
-export class Cluster implements ClusterModel, ClusterState {
+export class Cluster implements ClusterModel {
  /** Unique id for a cluster */
  public readonly id: ClusterId;
  private kubeCtl: Kubectl | undefined;
@ -62,7 +62,6 @@ export class Cluster implements ClusterModel, ClusterState {
  protected readonly _proxyKubeconfigManager: KubeconfigManager | undefined;
  protected readonly eventsDisposer = disposer();
  protected activated = false;
-  private readonly resourceAccessStatuses = new Map<KubeApiResource, boolean>();

  public get contextHandler() {
    // TODO: remove these once main/renderer are seperate classes
@ -163,25 +162,21 @@ export class Cluster implements ClusterModel, ClusterState {
   * @observable
   */
  @observable metadata: ClusterMetadata = {};
+
  /**
   * List of allowed namespaces verified via K8S::SelfSubjectAccessReview api
-   *
-   * @observable
   */
-  @observable allowedNamespaces: string[] = [];
-  /**
-   * List of allowed resources
-   *
-   * @observable
-   * @internal
-   */
-  @observable allowedResources: string[] = [];
+  readonly allowedNamespaces = observable.array<string>();
+
  /**
   * List of accessible namespaces provided by user in the Cluster Settings
-   *
-   * @observable
   */
-  @observable accessibleNamespaces: string[] = [];
+  readonly accessibleNamespaces = observable.array<string>();
+
+  private readonly knownResources = observable.array<KubeApiResource>();
+
+  // The formatting of this is `group.name` or `name` (if in core)
+  private readonly allowedResources = observable.set<string>();

  /**
   * Labels for the catalog entity
@ -299,7 +294,7 @@ export class Cluster implements ClusterModel, ClusterState {
    }

    if (model.accessibleNamespaces) {
-      this.accessibleNamespaces = model.accessibleNamespaces;
+      this.accessibleNamespaces.replace(model.accessibleNamespaces);
    }

    if (model.labels) {
@ -433,8 +428,7 @@ export class Cluster implements ClusterModel, ClusterState {
    this.accessible = false;
    this.ready = false;
    this.activated = false;
-    this.allowedNamespaces = [];
-    this.resourceAccessStatuses.clear();
+    this.allowedNamespaces.clear();
    this.dependencies.logger.info(`[CLUSTER]: disconnected`, { id: this.id });
  }

@ -474,8 +468,7 @@ export class Cluster implements ClusterModel, ClusterState {
     this.dependencies.logger.info(`[CLUSTER]: refreshAccessibility`, this.getMeta());
     const proxyConfig = await this.getProxyKubeconfig();
     const canI = this.dependencies.createAuthorizationReview(proxyConfig);
-     const requestNamespaceResources = this.dependencies.createAuthorizationNamespaceReview(proxyConfig);
-     const listApiResources = this.dependencies.createListApiResources(this);
+     const requestNamespaceListPermissions = this.dependencies.requestNamespaceListPermissionsFor(proxyConfig);

     this.isAdmin = await canI({
       namespace: "kube-system",
@ -486,8 +479,9 @@ export class Cluster implements ClusterModel, ClusterState {
       verb: "watch",
       resource: "*",
     });
-     this.allowedNamespaces = await this.getAllowedNamespaces(proxyConfig);
-     this.allowedResources = await this.getAllowedResources(listApiResources, requestNamespaceResources);
+     this.allowedNamespaces.replace(await this.requestAllowedNamespaces(proxyConfig));
+     this.knownResources.replace(await this.dependencies.requestApiResources(this));
+     this.allowedResources.replace(await this.getAllowedResources(requestNamespaceListPermissions));
     this.ready = true;
   }

@ -600,7 +594,7 @@ export class Cluster implements ClusterModel, ClusterState {
      accessible: this.accessible,
      isAdmin: this.isAdmin,
      allowedNamespaces: this.allowedNamespaces,
-      allowedResources: this.allowedResources,
+      allowedResources: [...this.allowedResources],
      isGlobalWatchEnabled: this.isGlobalWatchEnabled,
    });
  }
@ -611,8 +605,8 @@ export class Cluster implements ClusterModel, ClusterState {
   */
  @action setState(state: ClusterState) {
    this.accessible = state.accessible;
-    this.allowedNamespaces = state.allowedNamespaces;
-    this.allowedResources = state.allowedResources;
+    this.allowedNamespaces.replace(state.allowedNamespaces);
+    this.allowedResources.replace(state.allowedResources);
    this.apiUrl = state.apiUrl;
    this.disconnected = state.disconnected;
    this.isAdmin = state.isAdmin;
@ -644,7 +638,7 @@ export class Cluster implements ClusterModel, ClusterState {
    this.dependencies.broadcastMessage(`cluster:${this.id}:connection-update`, update);
  }

-  protected async getAllowedNamespaces(proxyConfig: KubeConfig) {
+  protected async requestAllowedNamespaces(proxyConfig: KubeConfig) {
    if (this.accessibleNamespaces.length) {
      return this.accessibleNamespaces;
    }
@ -668,69 +662,28 @@ export class Cluster implements ClusterModel, ClusterState {
    }
  }

-  protected async getAllowedResources(listApiResources:RequestListApiResources, requestNamespaceResources: RequestNamespaceResources) {
+  protected async getAllowedResources(requestNamespaceListPermissions: RequestNamespaceListPermissions) {
+    if (!this.allowedNamespaces.length) {
+      return [];
+    }
+
    try {
-      if (!this.allowedNamespaces.length) {
-        return [];
-      }
+      const apiLimit = plimit(5); // 5 concurrent api requests
+      const canListResourceCheckers = await Promise.all((
+        this.allowedNamespaces.map(namespace => apiLimit(() => requestNamespaceListPermissions(namespace)))
+      ));
+      const canListNamespacedResource: CanListResource = (resource) => canListResourceCheckers.some(fn => fn(resource));

-      const unknownResources = new Map<string, KubeApiResource>(apiResources.map(resource => ([resource.apiName, resource])));
-
-      const availableResources =  await listApiResources();
-      const availableResourcesNames = new Set(availableResources.map(apiResource => apiResource.apiName));
-
-      [...unknownResources.values()].map(unknownResource => {
-        if (!availableResourcesNames.has(unknownResource.apiName)) {
-          this.resourceAccessStatuses.set(unknownResource, false);
-          unknownResources.delete(unknownResource.apiName);
-        }
-      });
-
-      if (unknownResources.size > 0) {
-        const apiLimit = plimit(5); // 5 concurrent api requests
-
-        await Promise.all(this.allowedNamespaces.map(namespace => apiLimit(async () => {
-          if (unknownResources.size === 0) {
-            return;
-          }
-
-          const namespaceResources = await requestNamespaceResources(namespace, availableResources);
-
-          for (const resourceName of namespaceResources) {
-            const unknownResource = unknownResources.get(resourceName);
-
-            if (unknownResource) {
-              this.resourceAccessStatuses.set(unknownResource, true);
-              unknownResources.delete(resourceName);
-            }
-          }
-        })));
-
-        for (const forbiddenResource of unknownResources.values()) {
-          this.resourceAccessStatuses.set(forbiddenResource, false);
-        }
-      }
-
-      return apiResources
-        .filter((resource) => this.resourceAccessStatuses.get(resource))
-        .map(apiResource => apiResource.apiName);
+      return this.knownResources
+        .filter(canListNamespacedResource)
+        .map(formatKubeApiResource);
    } catch (error) {
      return [];
    }
  }

-  isAllowedResource(kind: string): boolean {
-    if ((kind as KubeResource) in apiResourceRecord) {
-      return this.allowedResources.includes(kind);
-    }
-
-    const apiResource = apiResources.find(resource => resource.kind === kind);
-
-    if (apiResource) {
-      return this.allowedResources.includes(apiResource.apiName);
-    }
-
-    return true; // allowed by default for other resources
+  shouldShowResource(resource: KubeApiResourceDescriptor): boolean {
+    return this.allowedResources.has(formatKubeApiResource(resource));
  }

  isMetricHidden(resource: ClusterMetricsResourceType): boolean {
--- a/src/common/cluster/is-allowed-resource.ts
+++ b/src/common/cluster/is-allowed-resource.ts
@ -1,20 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-import type { KubeResource } from "../rbac";
-import { apiResourceRecord, apiResources } from "../rbac";
-
-export const isAllowedResource = (allowedResources: string[]) => (kind: string): boolean => {
-  if ((kind as KubeResource) in apiResourceRecord) {
-    return allowedResources.includes(kind);
-  }
-
-  const apiResource = apiResources.find(resource => resource.kind === kind);
-
-  if (apiResource) {
-    return allowedResources.includes(apiResource.apiName);
-  }
-
-  return true; // allowed by default for other resources
-};
--- a/src/common/cluster/list-api-resources.injectable.ts
+++ b/src/common/cluster/list-api-resources.injectable.ts
@ -1,91 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-import type {
-  V1APIGroupList,
-  V1APIResourceList,
-  V1APIVersions,
-} from "@kubernetes/client-node";
-import { getInjectable } from "@ogre-tools/injectable";
-import type { K8sRequest } from "../../main/k8s-request.injectable";
-import k8SRequestInjectable from "../../main/k8s-request.injectable";
-import type { Logger } from "../logger";
-import loggerInjectable from "../logger.injectable";
-import type { KubeApiResource, KubeResource } from "../rbac";
-import type { Cluster } from "./cluster";
-import plimit from "p-limit";
-
-export type RequestListApiResources = () => Promise<KubeApiResource[]>;
-
-/**
- * @param proxyConfig This config's `currentContext` field must be set, and will be used as the target cluster
- */
-export type ListApiResources = (cluster: Cluster) => RequestListApiResources;
-
-interface Dependencies {
-  logger: Logger;
-  k8sRequest: K8sRequest;
-}
-
-const listApiResources = ({ k8sRequest, logger }: Dependencies): ListApiResources => {
-  return (cluster) => {
-    const clusterRequest = (path: string) => k8sRequest(cluster, path);
-    const apiLimit = plimit(5);
-
-    return async () => {
-      const resources: KubeApiResource[] = [];
-
-      try {
-        const resourceListGroups:{ group:string;path:string }[] = [];
-
-        await Promise.all(
-          [
-            clusterRequest("/api").then((response:V1APIVersions)=>response.versions.forEach(version => resourceListGroups.push({ group:version, path:`/api/${version}` }))),
-            clusterRequest("/apis").then((response:V1APIGroupList) => response.groups.forEach(group => {
-              const preferredVersion = group.preferredVersion?.groupVersion;
-
-              if (preferredVersion) {
-                resourceListGroups.push({ group:group.name, path:`/apis/${preferredVersion}` });
-              }
-            })),
-          ],
-        );
-
-        await Promise.all(
-          resourceListGroups.map(({ group, path }) => apiLimit(async () => {
-            const apiResources:V1APIResourceList = await clusterRequest(path);
-
-            if (apiResources.resources) {
-              resources.push(
-                ...apiResources.resources.filter(resource => resource.verbs.includes("list")).map((resource) => ({
-                  apiName: resource.name as KubeResource,
-                  kind: resource.kind,
-                  group,
-                })),
-              );
-            }
-          }),
-          ),
-        );
-      } catch (error) {
-        logger.error(`[LIST-API-RESOURCES]: failed to list api resources: ${error}`);
-      }
-
-      return resources;
-    };
-  };
-};
-
-const listApiResourcesInjectable = getInjectable({
-  id: "list-api-resources",
-  instantiate: (di) => {
-    const k8sRequest = di.inject(k8SRequestInjectable);
-    const logger = di.inject(loggerInjectable);
-
-    return listApiResources({ k8sRequest, logger });
-  },
-});
-
-export default listApiResourcesInjectable;
--- a/src/common/cluster/request-namespace-list-permissions.injectable.ts
+++ b/src/common/cluster/request-namespace-list-permissions.injectable.ts
@ -0,0 +1,78 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+
+import type { KubeConfig } from "@kubernetes/client-node";
+import { AuthorizationV1Api } from "@kubernetes/client-node";
+import { getInjectable } from "@ogre-tools/injectable";
+import loggerInjectable from "../logger.injectable";
+import type { KubeApiResource } from "../rbac";
+
+export type CanListResource = (resource: KubeApiResource) => boolean;
+
+/**
+ * Requests the permissions for actions on the kube cluster
+ * @param namespace The namespace of the resources
+ */
+export type RequestNamespaceListPermissions = (namespace: string) => Promise<CanListResource>;
+
+/**
+ * @param proxyConfig This config's `currentContext` field must be set, and will be used as the target cluster
+ */
+export type RequestNamespaceListPermissionsFor = (proxyConfig: KubeConfig) => RequestNamespaceListPermissions;
+
+const requestNamespaceListPermissionsForInjectable = getInjectable({
+  id: "request-namespace-list-permissions-for",
+  instantiate: (di): RequestNamespaceListPermissionsFor => {
+    const logger = di.inject(loggerInjectable);
+
+    return (proxyConfig) => {
+      const api = proxyConfig.makeApiClient(AuthorizationV1Api);
+
+      return async (namespace) => {
+        try {
+          const { body: { status }} = await api.createSelfSubjectRulesReview({
+            apiVersion: "authorization.k8s.io/v1",
+            kind: "SelfSubjectRulesReview",
+            spec: { namespace },
+          });
+
+          if (!status || status.incomplete) {
+            logger.warn(`[AUTHORIZATION-NAMESPACE-REVIEW]: allowing all resources in namespace="${namespace}" due to incomplete SelfSubjectRulesReview: ${status?.evaluationError}`);
+
+            return () => true;
+          }
+
+          const { resourceRules } = status;
+
+          return (resource) => {
+            const resourceRule = resourceRules.find(({
+              apiGroups = [],
+              resources = [],
+            }) => {
+              const isAboutRelevantApiGroup = apiGroups.includes("*") || apiGroups.includes(resource.group);
+              const isAboutResource = resources.includes("*") || resources.includes(resource.apiName);
+
+              return isAboutRelevantApiGroup && isAboutResource;
+            });
+
+            if (!resourceRule) {
+              return false;
+            }
+
+            const { verbs } = resourceRule;
+
+            return verbs.includes("*") || verbs.includes("list");
+          };
+        } catch (error) {
+          logger.error(`[AUTHORIZATION-NAMESPACE-REVIEW]: failed to create subject rules review`, { namespace, error });
+
+          return () => true;
+        }
+      };
+    };
+  },
+});
+
+export default requestNamespaceListPermissionsForInjectable;
--- a/src/common/configure-packages.ts
+++ b/src/common/configure-packages.ts
@ -1,27 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-
-import * as Mobx from "mobx";
-import * as Immer from "immer";
-
-/**
- * Setup default configuration for external npm-packages
- */
-export default function configurePackages() {
-  // Docs: https://mobx.js.org/configuration.html
-  Mobx.configure({
-    enforceActions: "never",
-
-    // TODO: enable later (read more: https://mobx.js.org/migrating-from-4-or-5.html)
-    // computedRequiresReaction: true,
-    // reactionRequiresObservable: true,
-    // observableRequiresReaction: true,
-  });
-
-  // Docs: https://immerjs.github.io/immer/
-  // Required in `utils/storage-helper.ts`
-  Immer.setAutoFreeze(false); // allow to merge mobx observables
-  Immer.enableMapSet(); // allow to merge maps and sets
-}
--- a/src/common/fetch/download-json.injectable.ts
+++ b/src/common/fetch/download-json.injectable.ts
@ -1,55 +0,0 @@
-/**
- * Copyright (c) OpenLens Authors. All rights reserved.
- * Licensed under MIT License. See LICENSE in root directory for more information.
- */
-import { getInjectable } from "@ogre-tools/injectable";
-import type { RequestInit, Response } from "node-fetch";
-import type { AsyncResult } from "../utils/async-result";
-import fetchInjectable from "./fetch.injectable";
-
-export interface DownloadJsonOptions {
-  signal?: AbortSignal | null | undefined;
-}
-
-export type DownloadJson = (url: string, opts?: DownloadJsonOptions) => Promise<AsyncResult<unknown, string>>;
-
-const downloadJsonInjectable = getInjectable({
-  id: "download-json",
-  instantiate: (di): DownloadJson => {
-    const fetch = di.inject(fetchInjectable);
-
-    return async (url, opts) => {
-      let result: Response;
-
-      try {
-        result = await fetch(url, opts as RequestInit);
-      } catch (error) {
-        return {
-          callWasSuccessful: false,
-          error: String(error),
-        };
-      }
-
-      if (result.status < 200 || 300 <= result.status) {
-        return {
-          callWasSuccessful: false,
-          error: result.statusText,
-        };
-      }
-
-      try {
-        return {
-          callWasSuccessful: true,
-          response: await result.json(),
-        };
-      } catch (error) {
-        return {
-          callWasSuccessful: false,
-          error: String(error),
-        };
-      }
-    };
-  },
-});
-
-export default downloadJsonInjectable;
--- a/src/common/fetch/download-json/impl.ts
+++ b/src/common/fetch/download-json/impl.ts
@ -0,0 +1,46 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+import type { AsyncResult } from "../../utils/async-result";
+import type { Fetch } from "../fetch.injectable";
+import type { RequestInit, Response } from "node-fetch";
+
+export interface DownloadJsonOptions {
+  signal?: AbortSignal | null | undefined;
+}
+
+export type DownloadJson = (url: string, opts?: DownloadJsonOptions) => Promise<AsyncResult<unknown, string>>;
+
+export const downloadJsonWith = (fetch: Fetch): DownloadJson => async (url, opts) => {
+  let result: Response;
+
+  try {
+    result = await fetch(url, opts as RequestInit);
+  } catch (error) {
+    return {
+      callWasSuccessful: false,
+      error: String(error),
+    };
+  }
+
+  if (result.status < 200 || 300 <= result.status) {
+    return {
+      callWasSuccessful: false,
+      error: result.statusText,
+    };
+  }
+
+  try {
+    return {
+      callWasSuccessful: true,
+      response: await result.json(),
+    };
+  } catch (error) {
+    return {
+      callWasSuccessful: false,
+      error: String(error),
+    };
+  }
+};
+
--- a/src/common/fetch/download-json/normal.injectable.ts
+++ b/src/common/fetch/download-json/normal.injectable.ts
@ -0,0 +1,14 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+import { getInjectable } from "@ogre-tools/injectable";
+import fetchInjectable from "../fetch.injectable";
+import { downloadJsonWith } from "./impl";
+
+const downloadJsonInjectable = getInjectable({
+  id: "download-json",
+  instantiate: (di) => downloadJsonWith(di.inject(fetchInjectable)),
+});
+
+export default downloadJsonInjectable;
--- a/src/common/fetch/download-json/proxy.injectable.ts
+++ b/src/common/fetch/download-json/proxy.injectable.ts
@ -0,0 +1,14 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+import { getInjectable } from "@ogre-tools/injectable";
+import proxyFetchInjectable from "../proxy-fetch.injectable";
+import { downloadJsonWith } from "./impl";
+
+const proxyDownloadJsonInjectable = getInjectable({
+  id: "proxy-download-json",
+  instantiate: (di) => downloadJsonWith(di.inject(proxyFetchInjectable)),
+});
+
+export default proxyDownloadJsonInjectable;
--- a/src/common/fetch/fetch-module.injectable.ts
+++ b/src/common/fetch/fetch-module.injectable.ts
@ -0,0 +1,19 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+import { getInjectable } from "@ogre-tools/injectable";
+import type * as FetchModule from "node-fetch";
+
+const { NodeFetch } = require("../../../build/webpack/node-fetch.bundle") as { NodeFetch: typeof FetchModule };
+
+/**
+ * NOTE: while using this module can cause side effects, this specific injectable is not marked as
+ * such since sometimes the request can be wholely within the perview of unit test
+ */
+const nodeFetchModuleInjectable = getInjectable({
+  id: "node-fetch-module",
+  instantiate: () => NodeFetch,
+});
+
+export default nodeFetchModuleInjectable;
--- a/src/common/fetch/fetch.injectable.ts
+++ b/src/common/fetch/fetch.injectable.ts
@ -3,32 +3,17 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import { HttpsProxyAgent } from "hpagent";
-import type * as FetchModule from "node-fetch";
-import userStoreInjectable from "../user-store/user-store.injectable";
-
-const { NodeFetch: { default: fetch }} = require("../../../build/webpack/node-fetch.bundle") as { NodeFetch: typeof FetchModule };
-
-type Response = FetchModule.Response;
-type RequestInit = FetchModule.RequestInit;
+import type { RequestInit, Response } from "node-fetch";
+import nodeFetchModuleInjectable from "./fetch-module.injectable";

 export type Fetch = (url: string, init?: RequestInit) => Promise<Response>;

 const fetchInjectable = getInjectable({
  id: "fetch",
  instantiate: (di): Fetch => {
-    const { httpsProxy, allowUntrustedCAs } = di.inject(userStoreInjectable);
-    const agent = httpsProxy
-      ? new HttpsProxyAgent({
-        proxy: httpsProxy,
-        rejectUnauthorized: !allowUntrustedCAs,
-      })
-      : undefined;
+    const { default: fetch } = di.inject(nodeFetchModuleInjectable);

-    return (url, init = {}) => fetch(url, {
-      agent,
-      ...init,
-    });
+    return (url, init) => fetch(url, init);
  },
  causesSideEffects: true,
 });
--- a/src/common/fetch/proxy-fetch.injectable.ts
+++ b/src/common/fetch/proxy-fetch.injectable.ts
@ -0,0 +1,30 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+import { getInjectable } from "@ogre-tools/injectable";
+import { HttpsProxyAgent } from "hpagent";
+import userStoreInjectable from "../user-store/user-store.injectable";
+import type { Fetch } from "./fetch.injectable";
+import fetchInjectable from "./fetch.injectable";
+
+const proxyFetchInjectable = getInjectable({
+  id: "proxy-fetch",
+  instantiate: (di): Fetch => {
+    const fetch = di.inject(fetchInjectable);
+    const { httpsProxy, allowUntrustedCAs } = di.inject(userStoreInjectable);
+    const agent = httpsProxy
+      ? new HttpsProxyAgent({
+        proxy: httpsProxy,
+        rejectUnauthorized: !allowUntrustedCAs,
+      })
+      : undefined;
+
+    return (url, init = {}) => fetch(url, {
+      agent,
+      ...init,
+    });
+  },
+});
+
+export default proxyFetchInjectable;
--- a/src/common/front-end-routing/routes/cluster/config/config-maps/config-maps-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/config-maps/config-maps-route.injectable.ts
@ -3,22 +3,19 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const configMapsRouteInjectable = getInjectable({
  id: "config-maps-route",
-
-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "configmaps");
-
-    return {
-      path: "/configmaps",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
-
+  instantiate: (di) => ({
+    path: "/configmaps",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "configmaps",
+      group: "v1",
+    }),
+  }),
  injectionToken: frontEndRouteInjectionToken,
 });

--- a/src/common/front-end-routing/routes/cluster/config/horizontal-pod-autoscalers/horizontal-pod-autoscalers-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/horizontal-pod-autoscalers/horizontal-pod-autoscalers-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const horizontalPodAutoscalersRouteInjectable = getInjectable({
  id: "horizontal-pod-autoscalers-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "horizontalpodautoscalers");
-
-    return {
-      path: "/hpa",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/hpa",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "horizontalpodautoscalers",
+      group: "autoscaling",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/config/leases/leases-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/leases/leases-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const leasesRouteInjectable = getInjectable({
  id: "leases",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "leases");
-
-    return {
-      path: "/leases",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/leases",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "leases",
+      group: "coordination.k8s.io",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/config/limit-ranges/limit-ranges-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/limit-ranges/limit-ranges-route.injectable.ts
@ -3,24 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const limitRangesRouteInjectable = getInjectable({
  id: "limit-ranges-route",

-  instantiate: (di) => {
-    const limitRangesIsAllowed = di.inject(
-      isAllowedResourceInjectable,
-      "limitranges",
-    );
-
-    return {
-      path: "/limitranges",
-      clusterFrame: true,
-      isEnabled: limitRangesIsAllowed,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/limitranges",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "limitranges",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/config/pod-disruption-budgets/pod-disruption-budgets-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/pod-disruption-budgets/pod-disruption-budgets-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const podDisruptionBudgetsRouteInjectable = getInjectable({
  id: "pod-disruption-budgets-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "poddisruptionbudgets");
-
-    return {
-      path: "/poddisruptionbudgets",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/poddisruptionbudgets",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "poddisruptionbudgets",
+      group: "policy",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/config/priority-classes/priority-classes-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/priority-classes/priority-classes-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const priorityClassesRouteInjectable = getInjectable({
  id: "priority-classes-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "priorityclasses");
-
-    return {
-      path: "/priorityclasses",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/priorityclasses",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "priorityclasses",
+      group: "scheduling.k8s.io",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/config/resource-quotas/resource-quotas-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/resource-quotas/resource-quotas-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const resourceQuotasRouteInjectable = getInjectable({
  id: "resource-quotas-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "resourcequotas");
-
-    return {
-      path: "/resourcequotas",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/resourcequotas",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "resourcequotas",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/config/runtime-classes/runtime-classes-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/runtime-classes/runtime-classes-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const runtimeClassesRouteInjectable = getInjectable({
  id: "runtime-classes-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "runtimeclasses");
-
-    return {
-      path: "/runtimeclasses",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/runtimeclasses",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "runtimeclasses",
+      group: "node.k8s.io",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/config/secrets/secrets-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/secrets/secrets-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const secretsRouteInjectable = getInjectable({
  id: "secrets-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "secrets");
-
-    return {
-      path: "/secrets",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/secrets",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "secrets",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/events/events-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/events/events-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../front-end-route-injection-token";

 const eventsRouteInjectable = getInjectable({
  id: "events-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "events");
-
-    return {
-      path: "/events",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/events",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "events",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/namespaces/namespaces-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/namespaces/namespaces-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../front-end-route-injection-token";

 const namespacesRouteInjectable = getInjectable({
  id: "namespaces-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "namespaces");
-
-    return {
-      path: "/namespaces",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/namespaces",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "namespaces",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/network/endpoints/endpoints-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/network/endpoints/endpoints-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const endpointsRouteInjectable = getInjectable({
  id: "endpoints-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "endpoints");
-
-    return {
-      path: "/endpoints",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/endpoints",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "endpoints",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/network/ingresses/ingresses-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/network/ingresses/ingresses-route.injectable.ts
@ -3,21 +3,27 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
+import { computedOr } from "../../../../../utils/computed-or";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const ingressesRouteInjectable = getInjectable({
  id: "ingresses-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "ingresses");
-
-    return {
-      path: "/ingresses",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/ingresses",
+    clusterFrame: true,
+    isEnabled: computedOr(
+      di.inject(shouldShowResourceInjectionToken, {
+        apiName: "ingresses",
+        group: "networking.k8s.io",
+      }),
+      di.inject(shouldShowResourceInjectionToken, {
+        apiName: "ingresses",
+        group: "extensions",
+      }),
+    ),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/network/network-policies/network-policies-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/network/network-policies/network-policies-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const networkPoliciesRouteInjectable = getInjectable({
  id: "network-policies-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "networkpolicies");
-
-    return {
-      path: "/network-policies",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/network-policies",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "networkpolicies",
+      group: "networking.k8s.io",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/network/services/services-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/network/services/services-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const servicesRouteInjectable = getInjectable({
  id: "services-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "services");
-
-    return {
-      path: "/services",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/services",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "services",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/nodes/nodes-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/nodes/nodes-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../front-end-route-injection-token";

 const nodesRouteInjectable = getInjectable({
  id: "nodes-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "nodes");
-
-    return {
-      path: "/nodes",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/nodes",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "nodes",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/overview/cluster-overview-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/overview/cluster-overview-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../front-end-route-injection-token";

 const clusterOverviewRouteInjectable = getInjectable({
  id: "cluster-overview-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "nodes");
-
-    return {
-      path: "/overview",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/overview",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "nodes",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/storage/persistent-volume-claims/persistent-volume-claims-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/storage/persistent-volume-claims/persistent-volume-claims-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const persistentVolumeClaimsRouteInjectable = getInjectable({
  id: "persistent-volume-claims-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "persistentvolumeclaims");
-
-    return {
-      path: "/persistent-volume-claims",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/persistent-volume-claims",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "persistentvolumeclaims",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/storage/persistent-volumes/persistent-volumes-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/storage/persistent-volumes/persistent-volumes-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const persistentVolumesRouteInjectable = getInjectable({
  id: "persistent-volumes-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "persistentvolumes");
-
-    return {
-      path: "/persistent-volumes",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/persistent-volumes",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "persistentvolumes",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/storage/storage-classes/storage-classes-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/storage/storage-classes/storage-classes-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const storageClassesRouteInjectable = getInjectable({
  id: "storage-classes-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "storageclasses");
-
-    return {
-      path: "/storage-classes",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/storage-classes",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "storageclasses",
+      group: "storage.k8s.io",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/user-management/cluster-role-bindings/cluster-role-bindings-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/user-management/cluster-role-bindings/cluster-role-bindings-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const clusterRoleBindingsRouteInjectable = getInjectable({
  id: "cluster-role-bindings-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "clusterrolebindings");
-
-    return {
-      path: "/cluster-role-bindings",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/cluster-role-bindings",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "clusterrolebindings",
+      group: "rbac.authorization.k8s.io",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/user-management/cluster-roles/cluster-roles-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/user-management/cluster-roles/cluster-roles-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const clusterRolesRouteInjectable = getInjectable({
  id: "cluster-roles-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "clusterroles");
-
-    return {
-      path: "/cluster-roles",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/cluster-roles",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "clusterroles",
+      group: "rbac.authorization.k8s.io",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/user-management/pod-security-policies/pod-security-policies-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/user-management/pod-security-policies/pod-security-policies-route.injectable.ts
@ -3,19 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const podSecurityPoliciesRouteInjectable = getInjectable({
  id: "pod-security-policies-route",

  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "podsecuritypolicies");
-
    return {
      path: "/pod-security-policies",
      clusterFrame: true,
-      isEnabled: isAllowedResource,
+      isEnabled: di.inject(shouldShowResourceInjectionToken, {
+        apiName: "podsecuritypolicies",
+        group: "policy",
+      }),
    };
  },

--- a/src/common/front-end-routing/routes/cluster/user-management/role-bindings/role-bindings-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/user-management/role-bindings/role-bindings-route.injectable.ts
@ -3,19 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const roleBindingsRouteInjectable = getInjectable({
  id: "role-bindings-route",

  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "rolebindings");
-
    return {
      path: "/role-bindings",
      clusterFrame: true,
-      isEnabled: isAllowedResource,
+      isEnabled: di.inject(shouldShowResourceInjectionToken, {
+        apiName: "rolebindings",
+        group: "rbac.authorization.k8s.io",
+      }),
    };
  },

--- a/src/common/front-end-routing/routes/cluster/user-management/roles/roles-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/user-management/roles/roles-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const rolesRouteInjectable = getInjectable({
  id: "roles-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "roles");
-
-    return {
-      path: "/roles",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/roles",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "roles",
+      group: "rbac.authorization.k8s.io",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/user-management/service-accounts/service-accounts-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/user-management/service-accounts/service-accounts-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const serviceAccountsRouteInjectable = getInjectable({
  id: "service-accounts-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "serviceaccounts");
-
-    return {
-      path: "/service-accounts",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/service-accounts",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "serviceaccounts",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/workloads/cron-jobs/cron-jobs-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/workloads/cron-jobs/cron-jobs-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const cronJobsRouteInjectable = getInjectable({
  id: "cron-jobs-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "cronjobs");
-
-    return {
-      path: "/cronjobs",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/cronjobs",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "cronjobs",
+      group: "batch",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/workloads/daemonsets/daemonsets-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/workloads/daemonsets/daemonsets-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const daemonsetsRouteInjectable = getInjectable({
  id: "daemonsets-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "daemonsets");
-
-    return {
-      path: "/daemonsets",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/daemonsets",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "daemonsets",
+      group: "apps",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/workloads/deployments/deployments-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/workloads/deployments/deployments-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const deploymentsRouteInjectable = getInjectable({
  id: "deployments-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "deployments");
-
-    return {
-      path: "/deployments",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/deployments",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "deployments",
+      group: "apps",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/workloads/jobs/jobs-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/workloads/jobs/jobs-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const jobsRouteInjectable = getInjectable({
  id: "jobs-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "jobs");
-
-    return {
-      path: "/jobs",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/jobs",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "jobs",
+      group: "batch",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/src/common/front-end-routing/routes/cluster/workloads/pods/pods-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/workloads/pods/pods-route.injectable.ts
@ -3,21 +3,20 @@
 * Licensed under MIT License. See LICENSE in root directory for more information.
 */
 import { getInjectable } from "@ogre-tools/injectable";
-import isAllowedResourceInjectable from "../../../../../utils/is-allowed-resource.injectable";
+import { shouldShowResourceInjectionToken } from "../../../../../cluster-store/allowed-resources-injection-token";
 import { frontEndRouteInjectionToken } from "../../../../front-end-route-injection-token";

 const podsRouteInjectable = getInjectable({
  id: "pods-route",

-  instantiate: (di) => {
-    const isAllowedResource = di.inject(isAllowedResourceInjectable, "pods");
-
-    return {
-      path: "/pods",
-      clusterFrame: true,
-      isEnabled: isAllowedResource,
-    };
-  },
+  instantiate: (di) => ({
+    path: "/pods",
+    clusterFrame: true,
+    isEnabled: di.inject(shouldShowResourceInjectionToken, {
+      apiName: "pods",
+      group: "v1",
+    }),
+  }),

  injectionToken: frontEndRouteInjectionToken,
 });
--- a/Show More
+++ b/Show More