diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 88238e9..19a8eb5 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -31,15 +31,20 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v3
 
-    - name: Make tag
-      run: |
-        [ "${GITHUB_EVENT_NAME}" == 'pull_request' ] && echo "tag=${GITHUB_HEAD_REF##*/}" >> $GITHUB_ENV || true
-        [ "${GITHUB_EVENT_NAME}" == 'release' ] && echo "tag=${GITHUB_REF##*/}" >> $GITHUB_ENV || true
-        [ "${GITHUB_EVENT_NAME}" == 'push' ] && echo "tag=latest" >> $GITHUB_ENV || true
+    - name: Docker meta
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
 
     - name: Build and push image
-      uses: docker/build-push-action@v4
+      uses: docker/build-push-action@v6
       with:
         context: .
         push: true
-        tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.tag }}
+        sbom: true
+        tags: ${{ steps.meta.outputs.tags }}
diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml
new file mode 100644
index 0000000..8a2478c
--- /dev/null
+++ b/.github/workflows/helm.yaml
@@ -0,0 +1,58 @@
+---
+name: Helm Chart Release Action
+on:
+  pull_request:
+    branches:
+        - main
+  release:
+    types:
+        - published
+  push:
+    branches:
+        - main
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    name: Docker Build
+    runs-on: ubuntu-latest
+
+    steps:
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        - name: Make tag
+          run: |
+            [ "${GITHUB_EVENT_NAME}" == 'pull_request' ] && echo "tag=v0.0.0-pull-request.${{ github.event.number }}" >> $GITHUB_ENV || true
+            [ "${GITHUB_EVENT_NAME}" == 'release' ] && echo "tag=${GITHUB_REF##*/}" >> $GITHUB_ENV || true
+            [ "${GITHUB_EVENT_NAME}" == 'push' ] && echo "tag=v0.0.0-${GITHUB_REF##*/}" >> $GITHUB_ENV || true
+
+        - name: Docker meta
+          id: meta
+          uses: docker/metadata-action@v5
+          with:
+            images: |
+              ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+        # the replacement can be checked with:
+        # helm show values oci://ghcr.io/metal-stack/charts/<chart>:<tag>
+        - name: Patch container image tags in values.yaml
+          uses: mikefarah/yq@v4
+          with:
+            cmd: yq e -i '.image.tag="${{ steps.meta.outputs.version }}"' charts/${{ github.event.repository.name }}/values.yaml
+
+        # we can replace this with the helm/chart-releaser-action after
+        # https://github.com/helm/chart-releaser-action/issues/107 was resolved
+        - name: Release Helm OCI Artifact
+          uses: appany/helm-oci-chart-releaser@v0.4.2
+          with:
+            name: ${{ github.event.repository.name }}
+            repository: ${{ github.repository_owner }}/charts
+            tag: ${{ env.tag }}
+            path: charts/${{ github.event.repository.name }}
+            registry: ${{ env.REGISTRY }}
+            registry_username: ${{ secrets.DOCKER_REGISTRY_USER }}
+            registry_password: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
diff --git a/cmd/gardener-extension-audit/app/app.go b/cmd/gardener-extension-audit/app/app.go
index 1981566..4f77fbd 100644
--- a/cmd/gardener-extension-audit/app/app.go
+++ b/cmd/gardener-extension-audit/app/app.go
@@ -20,7 +20,7 @@ import (
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 
-	componentbaseconfig "k8s.io/component-base/config"
+	configv1alpha1 "k8s.io/component-base/config/v1alpha1"
 )
 
 var log = logf.Log.WithName("gardener-extension-audit")
@@ -53,7 +53,7 @@ func NewControllerManagerCommand(ctx context.Context) *cobra.Command {
 }
 
 func (o *Options) run(ctx context.Context) error {
-	util.ApplyClientConnectionConfigurationToRESTConfig(&componentbaseconfig.ClientConnectionConfiguration{
+	util.ApplyClientConnectionConfigurationToRESTConfig(&configv1alpha1.ClientConnectionConfiguration{
 		QPS:   100.0,
 		Burst: 130,
 	}, o.restOptions.Completed().Config)
diff --git a/example/10-s3-secret.yaml b/example/10-s3-secret.yaml
new file mode 100644
index 0000000..77fce41
--- /dev/null
+++ b/example/10-s3-secret.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: s3-secret
+  namespace: garden-local
+stringData:
+  access_key_id: <aws-access-key-id>
+  secret_access_key: <aws-secret-access-key>
\ No newline at end of file
diff --git a/example/controller-registration.yaml b/example/controller-registration.yaml
index cd31ff6..425bbe1 100644
--- a/example/controller-registration.yaml
+++ b/example/controller-registration.yaml
@@ -7,7 +7,7 @@ helm:
   rawChart: H4sIAAAAAAAAA+0ca2/bRjKf+SsWTIqmQEi9lYJA7s6x1dZIYguyL71DURgrciWxJrksH47dJP/9Zh+klg+Jku3Yl4YDA5KWO4/dnZmdmV16iSOHBCQyyHVCgtilgYFTx006T+4PugAvRyP+CVD+5N97g2GvP+qPx6y9NxyOu0/Q6B5l2AhpnOAIoScRpcm2fk3Pv1JYblr/wxWOEvMG+96debAFHg+HG9e/3+2V1n88eDl+grr3ML5G+MbXH4fuexKxdbfQVU/DYZj/1HtmV9ccEtuRGya86QD9Qjwf2Uw30IJGKFkRxPUF5fqjBdgnFtqkWNpVRr9rAgPtsSfgG4eN9u9Q21zSe+HRZP/DQb9k/6PRaNDa/0NAp7Ok1pJpAE4IilfIsJE+x/Dl2c8Hs6PJyWR28cvB4ZuLo+NZJ+tn2DRIIup5oDcRWbpxAq2gOiagCW9gomfPbQyfZgf+3k9mZ8enJz/In+Qa+6FHOpuosE0HTTJ9tDhFXdM6HTTF9iVeEumASIDnHolRYQRpGFLpnGSjGyy5n7JpFBE7QWu2qMBWC1Xq34hj2mj/CYE1ghmN7x4J7h//jYejcRv/PQTssP4XK+KFsGmbSXi7WLDB//f6vVFx/fvdly9ftv7/IeDjRwM5ZOEGBOkscNOR8fmztjF4Y91J4PBOmorr4TnxYhPiR/OS3Agq/Ec6J1FAQI9Ml3YYhwKNDSSusJdKUT5+RG5ge6mTC2giibhFkCpuWUBGxUIbekj+nFN1FG4AOhPYhKObM+IRHBPzBISrlSwXzfVhdxGSIcSeuAu0wvE0gufXSI9XuD8aW8D2PWMPrFh/M8FLlGOEkRskC6R/F//ru7jcMyIhjd2ERjfbSMAYSR1B69YEYbDKuMsL4pDQozc+CRIZ+efKEXcg41Cn67GN4RuEHfw/xEsLd+nj0OCLfwUxFI0MCqv5IXIT0lwjaIz/x4OS/x+NB63/fxCQbqhg3u/5Cp9mCyycYKFMcOkGjoUOuWK8w6HmkwQ7OMEWuASR/te77XoNkkgxxN81PpU3C28jPLRV49cZ+U/QCLqcoCHrnYnDOcYXRXW10CdGZOuoi+QU7/bYS3avsI/937Ya2GD//dFgXLL/3qDX5v8PAvdl2LmSfFFjFlxyE0YAhmHwT3UgXINNJrtn5nodmxI7U3nT9mjqQAyCvXCFe5xKPn5ZIRAzkYoKgVZylpKe7bkgKPQMwINANzE8ELbUbvFWkNS2ScjaQbDk/CYkMZ+niPyZuhFxkN5A36wSQG6c4+tN8tXhS5H5DGete0qlYO4njoqYy/FnuO+sAMZ+fBlCzm+eRnGyJ0eOsx9PgVKJlmu0CsJnnHrJa2xfQr9c0lKzxQkl9L+sZNZA4RMKpE2N6+L1CAdLgp7FxI5IgqxX28md8W5cLGaBtW5E9KnxIZKUMRe0DMHTgHmQ7M1AJlNlZ/LsNt7kWa03UcYMCeEL9IwnfWzgmRCsX5bm8E5Zyii7fkLz8ZAEdmk2v6pQYYf9f53A3TIA2L7/97r9fr+8/496bfz/IFDYNmVKLqz3KF/2naOAL7L3xyGxGeOIXLlMzl/cmFUk3rq+Cw67y5+EnmtjsWFkXks2HtI0SATTGGRhIb7Yh32c2Ku3u8kxFgQyk5AElEnh23oQ0ITHCXHWlFd5mtKrrLu9IvZlnPpKzs2tsT5vKizDc17JAQd5LqU0X8PET3GyQvpOKbz+Ax+yqEKBDKpcikvbIurW0PAWwjaIlSlRJlFAkg80AuWthHgJNSJQA9cnBuh7TCIYOKi759EPxNkN34FV3Q8jTOeggIbsszd25F6xk7ad0CMS0zSyQcGqhADNiFfgvGKDVTHXE2AkdmgMh4P7oCyU9AOZw8/LfFtnDPrdfnfNocHOfswWN7P5LCLFLnDOl9pockICuKpbSC8n+mpZEzb0ymNR3NSLdKap500pLOhNwcsIjDB/WLAQ6vsYPGneYKDOxsL6uo8hDeZVhyR2p36M0kY6Sj5UoODja0bFTqMI5tWICPvheiR+pci+Pgfl32Xns5vAjtVhMHorgr1kxU1+f9oKchMfdxnQiBg0JCLjMtZOdRN1gXKaYRzkCGXamXaKOTPyjerVln1qI7Y0IXbUrAome4ms0RSdpuw4ukTNcWN2dK2coxdmTz5ep6EseP+DugHSX+hlv6xsL7AlRa4d13GUj4w5mJqBHQcMO36l6v4G3BrPX2IqlreOp3iymWU9ZjPH3BXJA4Uy39zI5HN1arfh1nBm5Dy6NDzYMz2VDjS+ZW2wMDKbQbobLKheh72gEYQbJfSfeKOK/0fMDkcUfBJcqd5DeL3XB4dvJidHF2eTw9nk/OLk4N3kbHpwOMk7IsTTk58i6ltKI0ILl3jOjCyKrbKdbb5WHtSYuXk08Z/OJj8d/6fMfGOOVyH3dnJwNJldTN5ODs+PT08ebjx7hmaZvMfvDn6evAdhT2cXp+8ns19nx+cVWS3U4ZdIlLpzp7YQvU33mHOJq+ufeSLhXRTO+UbJLKqwS+3iloBfRBNqU89C54fTcq0rDwRUnLyRR9ClKsQaY1146HVLCXI+a9RLffKOBes1QxZOVxHVZx3FCjfvkndd8U1nFnXCVFZd6RcR7JwGHgQQSZSSzSvP1se1yYFtM8InzaHOU4QXCzdwkxsrb2Hq4xxAzHtQ8wjlFaujFALx5Rlszk7qwbdjvpvK5sk1sVO1cvlUzgsP3c4K6VT2kE8IS60m1yFz+Go6tO5hoEtys/H0PT+fr+AhJEID4IqOg5rH3PpqGDKWO5z1F9ESGlJw1DdvmKx68Q7AisYJXwiJIxS4EqKWNNDOCuuqy9q5rp6BdK3vqAN4w35XPtpLvXdT7v3lbTKWLbJ/NTWzvxPsUP8DRwIBaZTyO+Dz1FmSPQuBTef/o2G5/jcYDntt/e8hQDqNZYKes4pMXfXsB9QrXwEIebK7rhVOqXOUq8hrriL/H0VDSFb/HeAr7HosoeLk43TeONY7Fwu/Gn+2g/1HEMLf6UWgBvsfvBxU7n/2x639PwiUD+/4YuM0WdHI/Uvci7/8kUc869sBHswZiWbUI/sY+T7mG6Uei6Xkh8EO93+OaBry+MpAypl+sSypFXIS1tUWwsbwA6KRuWxl/okHsm4svnxgBl5lhB3f5TFs4UUBMSFVXn6a8LcNZLplq3cHdhOAfUtDmFAihIeUQX4N6wXcYybWXUs/O2ABSbq7gGFZ1IpUm6rGNVOGA4gXnbx1ZyGUqVEmbC2aA/67TjRdrwrBLrcDB3ZDlUfxtoddvySKoGezahw/yd+Nsih6iAnPI/nHGWS+x97SFOpoQqAfJCV622SuELUpjRw32G5WPBjYiUvTGPZjl7XzMKRkQ/LEA/o6bO/MlKIgoyIYm+SnyAnYVREbZIhBM4gPCSaaE4TZa0gyV/7nnUwcGEj6pZ/7mHhFAAj+bZbK3WycMoh0QgohVQxx1K76dad95zU0gKP9YtsPsJB1xWwutkio5dfGlI2xQR4IQv8AneGbW3ZZRq363E/MvMP+v0P8J+tRtw8Bm97/GY165fsf3e6wjf8eAjZc3OIrfv8pXOWOxC5HzYuI+gb08hyDHYzzqjj6/rePelaw1i39/HCqv9DZM93arfD9+ffv95OAHXdntXdQGfBrsSHPtR9FqHzGjSxXlRIoySrwLdUtCwciIKMgqn/+/KKCWOLHnCIg8BN/fS9JQ+oY3NXmkq5PX2EKXXZzpxCd3ibTT/iNVemCj6eFFH636z35eYvBv1poOBzwMRYPRnhlmK//Xucsj23oG2B3/4/FznSLbaCp/tcflv1/fzBq/f+DwDb/n8Uij1rJe+wJ+pvDRvsXJ2n38g+Amt7/6Q0q7/+37/89EIhLcjylyy7FWWi5sqMsWIBNO8H25babawleWojvFexXqNyUO16c0GQKgQG7RayphXYL9bR1Fok+ftY05TKUfNdHvSpmoRE0KnfJRAC5qVeUzAlORB94Sj4cBxAXgFKfsftqDnQcsLPHjbfHLLTAXkw0rXoXy0K//Z41/yp2fNEGKX7doSt7U4kdKYsLIBb/nh2/hjiNxTUwfnNDE0fPYlpm6oq4ySqdmzb1O+t4Tv069+i842MW/HTmqetB1MVId46ofUmihQspaXbyr1AVy7ykdOmRi/VFS4FrYN8ZDyUaX2N9wP4jlGjI/41Tz+z1zOuve1S9yqj0f7xiI+uLB6ZpalohurM0cVEju23DYkXNzh/Vv/tV9+YXDrlRsE4ddgEs0+r1W1i1Pfj7UZAm8x/y5SXwo5pW84pQpU2+vCOEepovm38jb2lp2S2I9f12MT3Qg1/cgE++P2j5f4qwNHXy9HbbbqGFFlpooYUWWmihhRZaaKGFFlpooYUWWmihhRZaaKGFFlpooYUWWmihhRZaaKGFLwj/A3RGleoAeAAA
   values:
     image:
-      tag: v0.1.10
+      tag: v0.1.12
 ---
 apiVersion: core.gardener.cloud/v1beta1
 kind: ControllerRegistration
diff --git a/example/shoot.yaml b/example/shoot.yaml
index 2a7f8c7..a0e03d3 100644
--- a/example/shoot.yaml
+++ b/example/shoot.yaml
@@ -33,12 +33,26 @@ spec:
         #   secretResourceName: splunk-secret
         #   tls: true
         #   tlshost: <hostname for splunk host if needed for tls sni|certificate verification>
+        # s3:
+        #   enabled: true
+        #   bucket: "my-audit-logs"
+        #   region: "eu-west-1"
+        #   prefix: "cluster-logs"  # optional
+        #   secretResourceName: s3-secret
+        #   filesystemBufferSize: "1G"  # optional
+        #   endpoint: "https://custom-s3-endpoint"  # optional, for S3-compatible storage
+        #   tlsEnabled: true  # optional
   # resources:
   #   - name: splunk-secret
   #     resourceRef:
   #       apiVersion: v1
   #       kind: Secret
   #       name: splunk-secret
+  #   - name: s3-secret
+  #     resourceRef:
+  #       apiVersion: v1
+  #       kind: Secret
+  #       name: s3-secret
   networking:
     type: calico
     nodes: 10.10.0.0/16
diff --git a/go.mod b/go.mod
index 3a992ef..642798c 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.24
 
 require (
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
-	github.com/gardener/gardener v1.108.2
+	github.com/gardener/gardener v1.113.2
 	github.com/go-logr/logr v1.4.2
 	github.com/golang/mock v1.6.0
 	github.com/metal-stack/metal-lib v0.20.2
@@ -12,13 +12,13 @@ require (
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
 	github.com/stretchr/testify v1.10.0
-	k8s.io/api v0.31.2
-	k8s.io/apimachinery v0.31.2
-	k8s.io/client-go v0.31.2
-	k8s.io/code-generator v0.31.2
-	k8s.io/component-base v0.31.2
-	k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078
-	sigs.k8s.io/controller-runtime v0.19.6
+	k8s.io/api v0.32.2
+	k8s.io/apimachinery v0.32.2
+	k8s.io/client-go v0.32.2
+	k8s.io/code-generator v0.32.2
+	k8s.io/component-base v0.32.2
+	k8s.io/utils v0.0.0-20241210054802-24370beab758
+	sigs.k8s.io/controller-runtime v0.20.2
 )
 
 replace k8s.io/code-generator => k8s.io/code-generator v0.29.5
@@ -27,25 +27,24 @@ require (
 	dario.cat/mergo v1.0.1 // indirect
 	github.com/BurntSushi/toml v1.4.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.3.0 // indirect
+	github.com/Masterminds/semver/v3 v3.3.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/andybalholm/brotli v1.1.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
-	github.com/cyphar/filepath-securejoin v0.3.1 // indirect
+	github.com/cyphar/filepath-securejoin v0.3.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
-	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/fluent/fluent-operator/v2 v2.9.0 // indirect
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/gardener/cert-management v0.16.0 // indirect
-	github.com/gardener/etcd-druid v0.24.1 // indirect
-	github.com/gardener/hvpa-controller/api v0.17.0 // indirect
-	github.com/gardener/machine-controller-manager v0.54.0 // indirect
+	github.com/gardener/cert-management v0.17.5 // indirect
+	github.com/gardener/etcd-druid v0.27.0 // indirect
+	github.com/gardener/machine-controller-manager v0.56.1 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/errors v0.22.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
@@ -56,23 +55,22 @@ require (
 	github.com/gobuffalo/flect v1.0.3 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
+	github.com/google/btree v1.1.3 // indirect
+	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
+	github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
-	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/ironcore-dev/vgopath v0.1.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
 	github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
@@ -80,66 +78,68 @@ require (
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/moby/spdystream v0.4.0 // indirect
+	github.com/moby/spdystream v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
-	github.com/onsi/ginkgo/v2 v2.21.0 // indirect
+	github.com/onsi/ginkgo/v2 v2.22.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.78.1 // indirect
+	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.80.1 // indirect
 	github.com/prometheus/client_golang v1.20.5 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.60.1 // indirect
+	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
-	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/afero v1.12.0 // indirect
 	github.com/spf13/cast v1.7.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
+	go.opentelemetry.io/otel v1.32.0 // indirect
+	go.opentelemetry.io/otel/trace v1.32.0 // indirect
 	go.uber.org/mock v0.5.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.32.0 // indirect
-	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
-	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/oauth2 v0.25.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/term v0.28.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.8.0 // indirect
-	golang.org/x/tools v0.27.0 // indirect
+	golang.org/x/crypto v0.33.0 // indirect
+	golang.org/x/exp v0.0.0-20250218142911-aa4b98e5adaa // indirect
+	golang.org/x/mod v0.23.0 // indirect
+	golang.org/x/net v0.35.0 // indirect
+	golang.org/x/oauth2 v0.26.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/term v0.29.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/time v0.10.0 // indirect
+	golang.org/x/tools v0.30.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect
+	google.golang.org/protobuf v1.36.1 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	helm.sh/helm/v3 v3.16.2 // indirect
-	istio.io/api v1.23.3 // indirect
-	istio.io/client-go v1.23.2 // indirect
-	k8s.io/apiextensions-apiserver v0.31.2 // indirect
-	k8s.io/autoscaler/vertical-pod-autoscaler v1.2.1 // indirect
+	helm.sh/helm/v3 v3.17.1 // indirect
+	istio.io/api v1.24.3 // indirect
+	istio.io/client-go v1.24.2 // indirect
+	k8s.io/apiextensions-apiserver v0.32.2 // indirect
+	k8s.io/autoscaler/vertical-pod-autoscaler v1.2.2 // indirect
 	k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect
-	k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect
+	k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 // indirect
 	k8s.io/klog v1.0.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-aggregator v0.31.2 // indirect
-	k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 // indirect
-	k8s.io/kubelet v0.31.2 // indirect
-	k8s.io/metrics v0.31.2 // indirect
+	k8s.io/kube-aggregator v0.32.2 // indirect
+	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
+	k8s.io/kubelet v0.32.2 // indirect
+	k8s.io/metrics v0.32.2 // indirect
 	sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20231015215740-bf15e44028f9 // indirect
-	sigs.k8s.io/controller-tools v0.16.5 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/controller-tools v0.17.2 // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
diff --git a/go.sum b/go.sum
index dd20673..d6b3a57 100644
--- a/go.sum
+++ b/go.sum
@@ -13,6 +13,8 @@ cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiy
 dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
 dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
 github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
 github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
@@ -30,8 +32,8 @@ github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0=
-github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
+github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4=
+github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
 github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
@@ -59,8 +61,8 @@ github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE=
-github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc=
+github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM=
+github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -79,8 +81,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
 github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
-github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
+github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
+github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
 github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
 github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
 github.com/fluent/fluent-operator/v2 v2.9.0 h1:VFGgRPOI+yxnOrTIAL6sgFCtc+quDda12iyVL1lRQag=
@@ -89,20 +91,18 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
-github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
+github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/gardener/cert-management v0.16.0 h1:OlE8nnPgqUii5jBknwASy5EtQlJ3Udy2f7VKIk35A4Q=
-github.com/gardener/cert-management v0.16.0/go.mod h1:09sH/cxbK3o4xdwCjM7HE9gGX2wq2lLhhVIqiMpmZy4=
-github.com/gardener/etcd-druid v0.24.1 h1:BfFQXOevuJ5oOvM3rkQSJ5XITMJzY/a2j54e7XcBIos=
-github.com/gardener/etcd-druid v0.24.1/go.mod h1:6C0eyfdlw6CowLm/l4ZiKwrvkc+5NHrnc/rY2wCUwys=
-github.com/gardener/gardener v1.108.2 h1:01xR8U7YJc6L+wgN86DpKzmKP84F+Aeg7XxeF3mxtzM=
-github.com/gardener/gardener v1.108.2/go.mod h1:dmgxecs+i3vWlitYftNuCGVRu0ZWYTlKLBFE6iV+dBk=
-github.com/gardener/hvpa-controller/api v0.17.0 h1:1mNeP+xsnjPH6GhewugU5srslXiTCJgYIFCMuRXwI7w=
-github.com/gardener/hvpa-controller/api v0.17.0/go.mod h1:eKrL7j6/YX8PaoP80xxi3+UFmQgHVf/QCPsGwNnmDeE=
-github.com/gardener/machine-controller-manager v0.54.0 h1:V7EOODiaBO9VesskdCgxMvo5vgMAmtmUTdb9Y9Nwp50=
-github.com/gardener/machine-controller-manager v0.54.0/go.mod h1:RPpnU8gmTrhDAd79+iKqKlbANiXCRkXoJW+z+5zSTME=
+github.com/gardener/cert-management v0.17.5 h1:feqNpdgkF2RJP5xPidbkUx2MS15m4mBWGNE5mo3sg34=
+github.com/gardener/cert-management v0.17.5/go.mod h1:jazLDc7bcJ0T8axC96A52X7AqeIYsEyALpYsuTFuhbw=
+github.com/gardener/etcd-druid v0.27.0 h1:vqcusx1O3G01BU3CHke6nZEYvDfiFqgCGS59mQCK0LM=
+github.com/gardener/etcd-druid v0.27.0/go.mod h1:SKjfV8bvdLGF1ynFbWF4ioK2a6M33g7N6lct45p50J8=
+github.com/gardener/gardener v1.113.2 h1:iNO/2sI2LpP8pJ98ooRg+vALbK+v+HN6RDLSMnaGCx8=
+github.com/gardener/gardener v1.113.2/go.mod h1:U2ft1QQafhDGyP1O2dK3KF614775gZ48fqbU2Vj2Szc=
+github.com/gardener/machine-controller-manager v0.56.1 h1:8L+69IArB0+r+ma+CJe/6SE7NMDs2GU9095RGSzwydk=
+github.com/gardener/machine-controller-manager v0.56.1/go.mod h1:eCng7De6OE15rndmMm6Q1fwMQI39esASCd3WKZ/lLmY=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
@@ -146,8 +146,6 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
@@ -171,9 +169,11 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
-github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU=
-github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M=
+github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
+github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -193,8 +193,8 @@ github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OI
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
-github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg=
+github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -203,8 +203,8 @@ github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
-github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
-github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
@@ -219,8 +219,6 @@ github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
-github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/ironcore-dev/vgopath v0.1.5 h1:+I46zEFfbmNIGIGylqedT2bMXw8V7yVP16GJkG64gAw=
@@ -236,8 +234,8 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
-github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -268,8 +266,8 @@ github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4
 github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8=
-github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
+github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
+github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -307,8 +305,8 @@ github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3Ro
 github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0=
 github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
 github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
-github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
-github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM=
+github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
@@ -329,8 +327,8 @@ github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRah
 github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ=
 github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
 github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
-github.com/onsi/gomega v1.35.0 h1:xuM1M/UvMp9BCdS4hojhS9/4jEuVqS9Er3bqupeaoPM=
-github.com/onsi/gomega v1.35.0/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=
+github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -339,15 +337,15 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.78.1 h1:Fm9Z+FabnB+6EoGq15j+pyLmaK6hYrYOpBlTzOLTQ+E=
-github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.78.1/go.mod h1:SvsRXw4m1F2vk7HquU5h475bFpke27mIUswfyw9u3ug=
+github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.80.1 h1:DP+PUNVOc+Bkft8a4QunLzaZ0RspWuD3tBbcPHr2PeE=
+github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.80.1/go.mod h1:6x4x0t9BP35g4XcjkHE9EB3RxhyfxpdpmZKd/Qyk8+M=
 github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
 github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
-github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc=
-github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw=
+github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
+github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -362,8 +360,8 @@ github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
-github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
+github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs=
+github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4=
 github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
 github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
 github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
@@ -404,6 +402,10 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
+go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
+go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM=
+go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
@@ -427,15 +429,15 @@ golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf
 golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
+golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
 golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
-golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
+golang.org/x/exp v0.0.0-20250218142911-aa4b98e5adaa h1:t2QcU6V556bFjYgu4L6C+6VrCPyJZ+eyRsABUPs1mz4=
+golang.org/x/exp v0.0.0-20250218142911-aa4b98e5adaa/go.mod h1:BHOTPb3L19zxehTsLoJXVaTktb06DFgmdW6Wb9s8jqk=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -462,8 +464,8 @@ golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
-golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
+golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -503,15 +505,15 @@ golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
-golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
-golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
+golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70=
-golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
+golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -525,8 +527,8 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -572,8 +574,8 @@ golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -590,8 +592,8 @@ golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@@ -608,14 +610,14 @@ golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
-golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
+golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -652,8 +654,8 @@ golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
-golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o=
-golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q=
+golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
+golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -681,8 +683,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
 google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc=
-google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I=
+google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q=
+google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -703,8 +705,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk=
+google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -729,42 +731,42 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-helm.sh/helm/v3 v3.16.2 h1:Y9v7ry+ubQmi+cb5zw1Llx8OKHU9Hk9NQ/+P+LGBe2o=
-helm.sh/helm/v3 v3.16.2/go.mod h1:SyTXgKBjNqi2NPsHCW5dDAsHqvGIu0kdNYNH9gQaw70=
+helm.sh/helm/v3 v3.17.1 h1:gzVoAD+qVuoJU6KDMSAeo0xRJ6N1znRxz3wyuXRmJDk=
+helm.sh/helm/v3 v3.17.1/go.mod h1:nvreuhuR+j78NkQcLC3TYoprCKStLyw5P4T7E5itv2w=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-istio.io/api v1.23.3 h1:+CP0AHz8/+WJ7ZKJLbilHEiqBCi5KLe1Yil9bJI39ow=
-istio.io/api v1.23.3/go.mod h1:QPSTGXuIQdnZFEm3myf9NZ5uBMwCdJWUvfj9ZZ+2oBM=
-istio.io/client-go v1.23.2 h1:BIt6A+KaUOFin3SzXiDq2Fr/TMBev1+c836R0BfUfhU=
-istio.io/client-go v1.23.2/go.mod h1:E08wpMtUulJk2tlWOCUVakjy1bKFxUNm22tM1R1QY0Y=
+istio.io/api v1.24.3 h1:iwWWPM0uEQ+oxRHvIWoB8MQ4bjF3dRQj+M5IDVczg0M=
+istio.io/api v1.24.3/go.mod h1:MQnRok7RZ20/PE56v0LxmoWH0xVxnCQPNuf9O7PAN1I=
+istio.io/client-go v1.24.2 h1:JTTfBV6dv+AAW+AfccyrdX4T1f9CpsXd1Yzo1s/IYAI=
+istio.io/client-go v1.24.2/go.mod h1:dgZ9EmJzh1EECzf6nQhwNL4R6RvlyeH/RXeNeNp/MRg=
 k8s.io/api v0.19.0/go.mod h1:I1K45XlvTrDjmj5LoM5LuP/KYrhWbjUKT/SoPG0qTjw=
-k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0=
-k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk=
-k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0=
-k8s.io/apiextensions-apiserver v0.31.2/go.mod h1:i+Geh+nGCJEGiCGR3MlBDkS7koHIIKWVfWeRFiOsUcM=
+k8s.io/api v0.32.2 h1:bZrMLEkgizC24G9eViHGOPbW+aRo9duEISRIJKfdJuw=
+k8s.io/api v0.32.2/go.mod h1:hKlhk4x1sJyYnHENsrdCWw31FEmCijNGPJO5WzHiJ6Y=
+k8s.io/apiextensions-apiserver v0.32.2 h1:2YMk285jWMk2188V2AERy5yDwBYrjgWYggscghPCvV4=
+k8s.io/apiextensions-apiserver v0.32.2/go.mod h1:GPwf8sph7YlJT3H6aKUWtd0E+oyShk/YHWQHf/OOgCA=
 k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA=
-k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw=
-k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
-k8s.io/apiserver v0.31.2 h1:VUzOEUGRCDi6kX1OyQ801m4A7AUPglpsmGvdsekmcI4=
-k8s.io/apiserver v0.31.2/go.mod h1:o3nKZR7lPlJqkU5I3Ove+Zx3JuoFjQobGX1Gctw6XuE=
-k8s.io/autoscaler/vertical-pod-autoscaler v1.2.1 h1:t5t0Rsn4b7iQfiVlGdWSEnEx8pjrSM96Sn4Dvo1QH/Q=
-k8s.io/autoscaler/vertical-pod-autoscaler v1.2.1/go.mod h1:9ywHbt0kTrLyeNGgTNm7WEns34PmBMEr+9bDKTxW6wQ=
+k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ=
+k8s.io/apimachinery v0.32.2/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/apiserver v0.32.2 h1:WzyxAu4mvLkQxwD9hGa4ZfExo3yZZaYzoYvvVDlM6vw=
+k8s.io/apiserver v0.32.2/go.mod h1:PEwREHiHNU2oFdte7BjzA1ZyjWjuckORLIK/wLV5goM=
+k8s.io/autoscaler/vertical-pod-autoscaler v1.2.2 h1:d6nrlgROIvGJrBZnmyTibA2CvXIylet/vBE1EicilRo=
+k8s.io/autoscaler/vertical-pod-autoscaler v1.2.2/go.mod h1:9ywHbt0kTrLyeNGgTNm7WEns34PmBMEr+9bDKTxW6wQ=
 k8s.io/client-go v0.19.0/go.mod h1:H9E/VT95blcFQnlyShFgnFT9ZnJOAceiUHM3MlRC+mU=
-k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc=
-k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs=
+k8s.io/client-go v0.32.2 h1:4dYCD4Nz+9RApM2b/3BtVvBHw54QjMFUl1OLcJG5yOA=
+k8s.io/client-go v0.32.2/go.mod h1:fpZ4oJXclZ3r2nDOv+Ux3XcJutfrwjKTCHz2H3sww94=
 k8s.io/code-generator v0.29.5 h1:WqSdBPVV1B3jsPnKtPS39U02zj6Q7+FsjhAj1EPBJec=
 k8s.io/code-generator v0.29.5/go.mod h1:7TYnI0dYItL2cKuhhgPSuF3WED9uMdELgbVXFfn/joE=
-k8s.io/component-base v0.31.2 h1:Z1J1LIaC0AV+nzcPRFqfK09af6bZ4D1nAOpWsy9owlA=
-k8s.io/component-base v0.31.2/go.mod h1:9PeyyFN/drHjtJZMCTkSpQJS3U9OXORnHQqMLDz0sUQ=
+k8s.io/component-base v0.32.2 h1:1aUL5Vdmu7qNo4ZsE+569PV5zFatM9hl+lb3dEea2zU=
+k8s.io/component-base v0.32.2/go.mod h1:PXJ61Vx9Lg+P5mS8TLd7bCIr+eMJRQTyXe8KvkrvJq0=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks=
 k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo=
-k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8=
+k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 h1:si3PfKm8dDYxgfbeA6orqrtLkvvIeH8UqffFJDl0bz4=
+k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
 k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
@@ -773,33 +775,35 @@ k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-aggregator v0.31.2 h1:Uw1zUP2D/4wiSjKWVVzSOcCGLuW/+IdRwjjC0FJooYU=
-k8s.io/kube-aggregator v0.31.2/go.mod h1:41/VIXH+/Qcg9ERNAY6bRF/WQR6xL1wFgYagdHac1X4=
+k8s.io/kube-aggregator v0.32.2 h1:kg9pke+i2qRbJwX1UKwZV4fsCRvmbaCEFk38R4FqHmw=
+k8s.io/kube-aggregator v0.32.2/go.mod h1:rRm+xY1yIFIt3zBc727nG5SBLYywywD87klfIAw+7+c=
 k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
-k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 h1:1Wof1cGQgA5pqgo8MxKPtf+qN6Sh/0JzznmeGPm1HnE=
-k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8/go.mod h1:Os6V6dZwLNii3vxFpxcNaTmH8LJJBkOTg1N0tOA0fvA=
-k8s.io/kubelet v0.31.2 h1:6Hytyw4LqWqhgzoi7sPfpDGClu2UfxmPmaiXPC4FRgI=
-k8s.io/kubelet v0.31.2/go.mod h1:0E4++3cMWi2cJxOwuaQP3eMBa7PSOvAFgkTPlVc/2FA=
-k8s.io/metrics v0.31.2 h1:sQhujR9m3HN/Nu/0fTfTscjnswQl0qkQAodEdGBS0N4=
-k8s.io/metrics v0.31.2/go.mod h1:QqqyReApEWO1UEgXOSXiHCQod6yTxYctbAAQBWZkboU=
+k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
+k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas=
+k8s.io/kubelet v0.32.2 h1:WFTSYdt3BB1aTApDuKNI16x/4MYqqX8WBBBBh3KupDg=
+k8s.io/kubelet v0.32.2/go.mod h1:cC1ms5RS+lu0ckVr6AviCQXHLSPKEBC3D5oaCBdTGkI=
+k8s.io/metrics v0.32.2 h1:7t/rZzTHFrGa9f94XcgLlm3ToAuJtdlHANcJEHlYl9g=
+k8s.io/metrics v0.32.2/go.mod h1:VL3nJpzcgB6L5nSljkkzoE0nilZhVgcjCfNRgoylaIQ=
 k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno=
-k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
+k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-sigs.k8s.io/controller-runtime v0.19.6 h1:fuq53qTLQ7aJTA7aNsklNnu7eQtSFqJUomOyM+phPLk=
-sigs.k8s.io/controller-runtime v0.19.6/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4=
+sigs.k8s.io/controller-runtime v0.20.2 h1:/439OZVxoEc02psi1h4QO3bHzTgu49bb347Xp4gW1pc=
+sigs.k8s.io/controller-runtime v0.20.2/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY=
 sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20231015215740-bf15e44028f9 h1:O27fSMHw4u0h+Rj8bNzcZk5jY0iZCO0J8/mCpigpnbw=
 sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20231015215740-bf15e44028f9/go.mod h1:TF/lVLWS+JNNaVqJuDDictY2hZSXSsIHCx4FClMvqFg=
-sigs.k8s.io/controller-tools v0.16.5 h1:5k9FNRqziBPwqr17AMEPPV/En39ZBplLAdOwwQHruP4=
-sigs.k8s.io/controller-tools v0.16.5/go.mod h1:8vztuRVzs8IuuJqKqbXCSlXcw+lkAv/M2sTpg55qjMY=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/controller-tools v0.17.2 h1:jNFOKps8WnaRKZU2R+4vRCHnXyJanVmXBWqkuUPFyFg=
+sigs.k8s.io/controller-tools v0.17.2/go.mod h1:4q5tZG2JniS5M5bkiXY2/potOiXyhoZVw/U48vLkXk0=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
diff --git a/pkg/apis/audit/types.go b/pkg/apis/audit/types.go
index 41989a8..9de0401 100644
--- a/pkg/apis/audit/types.go
+++ b/pkg/apis/audit/types.go
@@ -54,6 +54,9 @@ type AuditBackends struct {
 
 	// Splunk will forward the audit data to a splunk HEC endpoint.
 	Splunk *AuditBackendSplunk
+
+	// S3 will store audit logs in an S3 bucket.
+	S3 *AuditBackendS3
 }
 
 type AuditBackendLog struct {
@@ -66,6 +69,7 @@ type AuditBackendClusterForwarding struct {
 	Enabled bool
 
 	// FilesystemBufferSize is the maximum disk space for the fluent-bit file system buffer.
+	// +optional
 	FilesystemBufferSize *string
 }
 
@@ -74,6 +78,7 @@ type AuditBackendSplunk struct {
 	Enabled bool
 
 	// FilesystemBufferSize is the maximum disk space for the fluent-bit file system buffer.
+	// +optional
 	FilesystemBufferSize *string
 
 	// Index is the splunk index that should be used.
@@ -102,3 +107,52 @@ type AuditBackendSplunk struct {
 	// CustomData contains a map of custom key value pairs. The custom data is added to each audit log entry using fluentbit's modify filter.
 	CustomData map[string]string
 }
+
+type AuditBackendS3 struct {
+	// Enabled allows to turn this backend on.
+	Enabled bool
+
+	// FilesystemBufferSize is the maximum disk space for the fluent-bit file system buffer.
+	// +optional
+	FilesystemBufferSize *string
+
+	// Bucket is the S3 bucket name where audit logs will be stored.
+	Bucket string
+
+	// Region is the AWS region where the bucket is located.
+	Region string
+
+	// Prefix is the prefix (folder path) where audit logs will be stored in the bucket. Defaults to "/audit-logs".
+	// +optional
+	Prefix *string
+
+	// S3KeyFormat is the folder structure in which the audit logs will be stored in the bucket. Defaults to "/%Y/%m/%d/%H/%M/%S/$UUID".
+	// +optional
+	S3KeyFormat *string
+
+	// SecretResourceName is a reference under Shoot.spec.resources to the secret used to authenticate against AWS.
+	// The referenced secret must contain:
+	// - access_key_id: Required, AWS access key ID
+	// - secret_access_key: Required, AWS secret access key
+	SecretResourceName string
+
+	// Endpoint is the custom S3 endpoint URL (optional, for S3-compatible storage).
+	// +optional
+	Endpoint *string
+
+	// TlsEnabled determines whether TLS should be used to communicate with S3.
+	// +optional
+	TlsEnabled *bool
+
+	// TotalFileSize specify file size in S3. Minimum size is 1M, maximum size is 1G. Defaults to 100M.
+	// +optional
+	TotalFileSize *string
+
+	// UploadTimeout specify the amount of time in which the logs are uploaded and creates a new file in S3. Defaults to 10m.
+	// +optional
+	UploadTimeout *string
+
+	// UseCompression enables gzip compression for the S3 objects.
+	// +optional
+	UseCompression *bool
+}
diff --git a/pkg/apis/audit/v1alpha1/defaults.go b/pkg/apis/audit/v1alpha1/defaults.go
index 63185a0..ca43045 100644
--- a/pkg/apis/audit/v1alpha1/defaults.go
+++ b/pkg/apis/audit/v1alpha1/defaults.go
@@ -34,6 +34,7 @@ func DefaultBackends(backends *AuditBackends) {
 
 	defaultBackendClusterForwarding(backends.ClusterForwarding)
 	defaultBackendSplunk(backends.Splunk)
+	defaultBackendS3(backends.S3)
 }
 
 func defaultBackendClusterForwarding(backend *AuditBackendClusterForwarding) {
@@ -55,3 +56,33 @@ func defaultBackendSplunk(backend *AuditBackendSplunk) {
 		backend.FilesystemBufferSize = pointer.Pointer("900M")
 	}
 }
+
+func defaultBackendS3(backend *AuditBackendS3) {
+	if backend == nil {
+		return
+	}
+
+	if backend.FilesystemBufferSize == nil {
+		backend.FilesystemBufferSize = pointer.Pointer("900M")
+	}
+
+	if backend.TlsEnabled == nil {
+		backend.TlsEnabled = pointer.Pointer(true)
+	}
+
+	if backend.TotalFileSize == nil {
+		backend.TotalFileSize = pointer.Pointer("100M")
+	}
+
+	if backend.UploadTimeout == nil {
+		backend.UploadTimeout = pointer.Pointer("10m")
+	}
+
+	if backend.Prefix == nil {
+		backend.Prefix = pointer.Pointer("/audit-logs")
+	}
+
+	if backend.S3KeyFormat == nil {
+		backend.S3KeyFormat = pointer.Pointer("/%Y/%m/%d/%H/%M/%S/$UUID")
+	}
+}
diff --git a/pkg/apis/audit/v1alpha1/types.go b/pkg/apis/audit/v1alpha1/types.go
index 74ca888..e5d7ee0 100644
--- a/pkg/apis/audit/v1alpha1/types.go
+++ b/pkg/apis/audit/v1alpha1/types.go
@@ -70,6 +70,10 @@ type AuditBackends struct {
 	// +optional
 	Splunk *AuditBackendSplunk `json:"splunk,omitempty"`
 
+	// S3 will store audit logs in an S3 bucket.
+	// +optional
+	S3 *AuditBackendS3 `json:"s3,omitempty"`
+
 	// Possible backends that would be helpful as well:
 	// - Forward
 	// - Loki
@@ -88,6 +92,7 @@ type AuditBackendClusterForwarding struct {
 	Enabled bool `json:"enabled"`
 
 	// FilesystemBufferSize is the maximum disk space for the fluent-bit file system buffer.
+	// +optional
 	FilesystemBufferSize *string `json:"bufferSize,omitempty"`
 }
 type AuditBackendSplunk struct {
@@ -95,6 +100,7 @@ type AuditBackendSplunk struct {
 	Enabled bool `json:"enabled"`
 
 	// FilesystemBufferSize is the maximum disk space for the fluent-bit file system buffer.
+	// +optional
 	FilesystemBufferSize *string `json:"bufferSize,omitempty"`
 
 	// Index is the splunk index that should be used.
@@ -124,3 +130,52 @@ type AuditBackendSplunk struct {
 	// The keys and the values may only contain letters, numbers, '_' or '.'. Empty keys or values are also not accepted.
 	CustomData map[string]string `json:"customData,omitempty"`
 }
+
+type AuditBackendS3 struct {
+	// Enabled allows to turn this backend on.
+	Enabled bool `json:"enabled"`
+
+	// FilesystemBufferSize is the maximum disk space for the fluent-bit file system buffer.
+	// +optional
+	FilesystemBufferSize *string `json:"bufferSize,omitempty"`
+
+	// Bucket is the S3 bucket name where audit logs will be stored.
+	Bucket string `json:"bucket"`
+
+	// Region is the AWS region where the bucket is located.
+	Region string `json:"region"`
+
+	// Prefix is the prefix (folder path) where audit logs will be stored in the bucket. Must start with a /. Defaults to "/audit-logs".
+	// +optional
+	Prefix *string `json:"prefix,omitempty"`
+
+	// S3KeyFormat is the folder structure in which the audit logs will be stored in the bucket. Must start with a /. Defaults to "/%Y/%m/%d/%H/%M/%S/$UUID".
+	// +optional
+	S3KeyFormat *string `json:"s3KeyFormat,omitempty"`
+
+	// SecretResourceName is a reference under Shoot.spec.resources to the secret used to authenticate against AWS.
+	// The referenced secret must contain:
+	// - access_key_id: Required, AWS access key ID
+	// - secret_access_key: Required, AWS secret access key
+	SecretResourceName string `json:"secretResourceName"`
+
+	// Endpoint is the custom S3 endpoint URL (optional, for S3-compatible storage).
+	// +optional
+	Endpoint *string `json:"endpoint,omitempty"`
+
+	// TlsEnabled determines whether TLS should be used to communicate with S3. Defaults to "true".
+	// +optional
+	TlsEnabled *bool `json:"tlsEnabled,omitempty"`
+
+	// TotalFileSize specify file size in S3. Minimum size is 1M, maximum size is 1G. Defaults to 100M.
+	// +optional
+	TotalFileSize *string `json:"totalFileSize,omitempty"`
+
+	// UploadTimeout specify the amount of time in which the logs are uploaded and creates a new file in S3. Defaults to 10m.
+	// +optional
+	UploadTimeout *string `json:"uploadTimeout,omitempty"`
+
+	// UseCompression enables gzip compression for the S3 objects.
+	// +optional
+	UseCompression *bool `json:"useCompression,omitempty"`
+}
diff --git a/pkg/apis/audit/v1alpha1/zz_generated.conversion.go b/pkg/apis/audit/v1alpha1/zz_generated.conversion.go
index bc2b3a1..1a22d91 100644
--- a/pkg/apis/audit/v1alpha1/zz_generated.conversion.go
+++ b/pkg/apis/audit/v1alpha1/zz_generated.conversion.go
@@ -45,6 +45,16 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddGeneratedConversionFunc((*AuditBackendS3)(nil), (*audit.AuditBackendS3)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha1_AuditBackendS3_To_audit_AuditBackendS3(a.(*AuditBackendS3), b.(*audit.AuditBackendS3), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*audit.AuditBackendS3)(nil), (*AuditBackendS3)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_audit_AuditBackendS3_To_v1alpha1_AuditBackendS3(a.(*audit.AuditBackendS3), b.(*AuditBackendS3), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddGeneratedConversionFunc((*AuditBackendSplunk)(nil), (*audit.AuditBackendSplunk)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha1_AuditBackendSplunk_To_audit_AuditBackendSplunk(a.(*AuditBackendSplunk), b.(*audit.AuditBackendSplunk), scope)
 	}); err != nil {
@@ -130,6 +140,48 @@ func Convert_audit_AuditBackendLog_To_v1alpha1_AuditBackendLog(in *audit.AuditBa
 	return autoConvert_audit_AuditBackendLog_To_v1alpha1_AuditBackendLog(in, out, s)
 }
 
+func autoConvert_v1alpha1_AuditBackendS3_To_audit_AuditBackendS3(in *AuditBackendS3, out *audit.AuditBackendS3, s conversion.Scope) error {
+	out.Enabled = in.Enabled
+	out.FilesystemBufferSize = (*string)(unsafe.Pointer(in.FilesystemBufferSize))
+	out.Bucket = in.Bucket
+	out.Region = in.Region
+	out.Prefix = (*string)(unsafe.Pointer(in.Prefix))
+	out.S3KeyFormat = (*string)(unsafe.Pointer(in.S3KeyFormat))
+	out.SecretResourceName = in.SecretResourceName
+	out.Endpoint = (*string)(unsafe.Pointer(in.Endpoint))
+	out.TlsEnabled = (*bool)(unsafe.Pointer(in.TlsEnabled))
+	out.TotalFileSize = (*string)(unsafe.Pointer(in.TotalFileSize))
+	out.UploadTimeout = (*string)(unsafe.Pointer(in.UploadTimeout))
+	out.UseCompression = (*bool)(unsafe.Pointer(in.UseCompression))
+	return nil
+}
+
+// Convert_v1alpha1_AuditBackendS3_To_audit_AuditBackendS3 is an autogenerated conversion function.
+func Convert_v1alpha1_AuditBackendS3_To_audit_AuditBackendS3(in *AuditBackendS3, out *audit.AuditBackendS3, s conversion.Scope) error {
+	return autoConvert_v1alpha1_AuditBackendS3_To_audit_AuditBackendS3(in, out, s)
+}
+
+func autoConvert_audit_AuditBackendS3_To_v1alpha1_AuditBackendS3(in *audit.AuditBackendS3, out *AuditBackendS3, s conversion.Scope) error {
+	out.Enabled = in.Enabled
+	out.FilesystemBufferSize = (*string)(unsafe.Pointer(in.FilesystemBufferSize))
+	out.Bucket = in.Bucket
+	out.Region = in.Region
+	out.Prefix = (*string)(unsafe.Pointer(in.Prefix))
+	out.S3KeyFormat = (*string)(unsafe.Pointer(in.S3KeyFormat))
+	out.SecretResourceName = in.SecretResourceName
+	out.Endpoint = (*string)(unsafe.Pointer(in.Endpoint))
+	out.TlsEnabled = (*bool)(unsafe.Pointer(in.TlsEnabled))
+	out.TotalFileSize = (*string)(unsafe.Pointer(in.TotalFileSize))
+	out.UploadTimeout = (*string)(unsafe.Pointer(in.UploadTimeout))
+	out.UseCompression = (*bool)(unsafe.Pointer(in.UseCompression))
+	return nil
+}
+
+// Convert_audit_AuditBackendS3_To_v1alpha1_AuditBackendS3 is an autogenerated conversion function.
+func Convert_audit_AuditBackendS3_To_v1alpha1_AuditBackendS3(in *audit.AuditBackendS3, out *AuditBackendS3, s conversion.Scope) error {
+	return autoConvert_audit_AuditBackendS3_To_v1alpha1_AuditBackendS3(in, out, s)
+}
+
 func autoConvert_v1alpha1_AuditBackendSplunk_To_audit_AuditBackendSplunk(in *AuditBackendSplunk, out *audit.AuditBackendSplunk, s conversion.Scope) error {
 	out.Enabled = in.Enabled
 	out.FilesystemBufferSize = (*string)(unsafe.Pointer(in.FilesystemBufferSize))
@@ -170,6 +222,7 @@ func autoConvert_v1alpha1_AuditBackends_To_audit_AuditBackends(in *AuditBackends
 	out.Log = (*audit.AuditBackendLog)(unsafe.Pointer(in.Log))
 	out.ClusterForwarding = (*audit.AuditBackendClusterForwarding)(unsafe.Pointer(in.ClusterForwarding))
 	out.Splunk = (*audit.AuditBackendSplunk)(unsafe.Pointer(in.Splunk))
+	out.S3 = (*audit.AuditBackendS3)(unsafe.Pointer(in.S3))
 	return nil
 }
 
@@ -182,6 +235,7 @@ func autoConvert_audit_AuditBackends_To_v1alpha1_AuditBackends(in *audit.AuditBa
 	out.Log = (*AuditBackendLog)(unsafe.Pointer(in.Log))
 	out.ClusterForwarding = (*AuditBackendClusterForwarding)(unsafe.Pointer(in.ClusterForwarding))
 	out.Splunk = (*AuditBackendSplunk)(unsafe.Pointer(in.Splunk))
+	out.S3 = (*AuditBackendS3)(unsafe.Pointer(in.S3))
 	return nil
 }
 
diff --git a/pkg/apis/audit/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/audit/v1alpha1/zz_generated.deepcopy.go
index 2f26f0d..ce61fef 100644
--- a/pkg/apis/audit/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/audit/v1alpha1/zz_generated.deepcopy.go
@@ -50,6 +50,62 @@ func (in *AuditBackendLog) DeepCopy() *AuditBackendLog {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AuditBackendS3) DeepCopyInto(out *AuditBackendS3) {
+	*out = *in
+	if in.FilesystemBufferSize != nil {
+		in, out := &in.FilesystemBufferSize, &out.FilesystemBufferSize
+		*out = new(string)
+		**out = **in
+	}
+	if in.Prefix != nil {
+		in, out := &in.Prefix, &out.Prefix
+		*out = new(string)
+		**out = **in
+	}
+	if in.S3KeyFormat != nil {
+		in, out := &in.S3KeyFormat, &out.S3KeyFormat
+		*out = new(string)
+		**out = **in
+	}
+	if in.Endpoint != nil {
+		in, out := &in.Endpoint, &out.Endpoint
+		*out = new(string)
+		**out = **in
+	}
+	if in.TlsEnabled != nil {
+		in, out := &in.TlsEnabled, &out.TlsEnabled
+		*out = new(bool)
+		**out = **in
+	}
+	if in.TotalFileSize != nil {
+		in, out := &in.TotalFileSize, &out.TotalFileSize
+		*out = new(string)
+		**out = **in
+	}
+	if in.UploadTimeout != nil {
+		in, out := &in.UploadTimeout, &out.UploadTimeout
+		*out = new(string)
+		**out = **in
+	}
+	if in.UseCompression != nil {
+		in, out := &in.UseCompression, &out.UseCompression
+		*out = new(bool)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditBackendS3.
+func (in *AuditBackendS3) DeepCopy() *AuditBackendS3 {
+	if in == nil {
+		return nil
+	}
+	out := new(AuditBackendS3)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *AuditBackendSplunk) DeepCopyInto(out *AuditBackendSplunk) {
 	*out = *in
@@ -96,6 +152,11 @@ func (in *AuditBackends) DeepCopyInto(out *AuditBackends) {
 		*out = new(AuditBackendSplunk)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.S3 != nil {
+		in, out := &in.S3, &out.S3
+		*out = new(AuditBackendS3)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
diff --git a/pkg/apis/audit/zz_generated.deepcopy.go b/pkg/apis/audit/zz_generated.deepcopy.go
index 435563f..e92764d 100644
--- a/pkg/apis/audit/zz_generated.deepcopy.go
+++ b/pkg/apis/audit/zz_generated.deepcopy.go
@@ -50,6 +50,62 @@ func (in *AuditBackendLog) DeepCopy() *AuditBackendLog {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AuditBackendS3) DeepCopyInto(out *AuditBackendS3) {
+	*out = *in
+	if in.FilesystemBufferSize != nil {
+		in, out := &in.FilesystemBufferSize, &out.FilesystemBufferSize
+		*out = new(string)
+		**out = **in
+	}
+	if in.Prefix != nil {
+		in, out := &in.Prefix, &out.Prefix
+		*out = new(string)
+		**out = **in
+	}
+	if in.S3KeyFormat != nil {
+		in, out := &in.S3KeyFormat, &out.S3KeyFormat
+		*out = new(string)
+		**out = **in
+	}
+	if in.Endpoint != nil {
+		in, out := &in.Endpoint, &out.Endpoint
+		*out = new(string)
+		**out = **in
+	}
+	if in.TlsEnabled != nil {
+		in, out := &in.TlsEnabled, &out.TlsEnabled
+		*out = new(bool)
+		**out = **in
+	}
+	if in.TotalFileSize != nil {
+		in, out := &in.TotalFileSize, &out.TotalFileSize
+		*out = new(string)
+		**out = **in
+	}
+	if in.UploadTimeout != nil {
+		in, out := &in.UploadTimeout, &out.UploadTimeout
+		*out = new(string)
+		**out = **in
+	}
+	if in.UseCompression != nil {
+		in, out := &in.UseCompression, &out.UseCompression
+		*out = new(bool)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditBackendS3.
+func (in *AuditBackendS3) DeepCopy() *AuditBackendS3 {
+	if in == nil {
+		return nil
+	}
+	out := new(AuditBackendS3)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *AuditBackendSplunk) DeepCopyInto(out *AuditBackendSplunk) {
 	*out = *in
@@ -96,6 +152,11 @@ func (in *AuditBackends) DeepCopyInto(out *AuditBackends) {
 		*out = new(AuditBackendSplunk)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.S3 != nil {
+		in, out := &in.S3, &out.S3
+		*out = new(AuditBackendS3)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
diff --git a/pkg/apis/config/types.go b/pkg/apis/config/types.go
index ceb30cf..b160696 100644
--- a/pkg/apis/config/types.go
+++ b/pkg/apis/config/types.go
@@ -3,7 +3,7 @@ package config
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	healthcheckconfig "github.com/gardener/gardener/extensions/pkg/apis/config"
+	healthcheckconfigv1alpha1 "github.com/gardener/gardener/extensions/pkg/apis/config/v1alpha1"
 	"github.com/metal-stack/gardener-extension-audit/pkg/apis/audit/v1alpha1"
 )
 
@@ -17,5 +17,5 @@ type ControllerConfiguration struct {
 	DefaultBackends *v1alpha1.AuditBackends
 
 	// HealthCheckConfig is the config for the health check controller
-	HealthCheckConfig *healthcheckconfig.HealthCheckConfig
+	HealthCheckConfig *healthcheckconfigv1alpha1.HealthCheckConfig
 }
diff --git a/pkg/apis/config/v1alpha1/zz_generated.conversion.go b/pkg/apis/config/v1alpha1/zz_generated.conversion.go
index c3bba23..40215b3 100644
--- a/pkg/apis/config/v1alpha1/zz_generated.conversion.go
+++ b/pkg/apis/config/v1alpha1/zz_generated.conversion.go
@@ -12,7 +12,6 @@ package v1alpha1
 import (
 	unsafe "unsafe"
 
-	apisconfig "github.com/gardener/gardener/extensions/pkg/apis/config"
 	configv1alpha1 "github.com/gardener/gardener/extensions/pkg/apis/config/v1alpha1"
 	auditv1alpha1 "github.com/metal-stack/gardener-extension-audit/pkg/apis/audit/v1alpha1"
 	config "github.com/metal-stack/gardener-extension-audit/pkg/apis/config"
@@ -42,7 +41,7 @@ func RegisterConversions(s *runtime.Scheme) error {
 
 func autoConvert_v1alpha1_ControllerConfiguration_To_config_ControllerConfiguration(in *ControllerConfiguration, out *config.ControllerConfiguration, s conversion.Scope) error {
 	out.DefaultBackends = (*auditv1alpha1.AuditBackends)(unsafe.Pointer(in.DefaultBackends))
-	out.HealthCheckConfig = (*apisconfig.HealthCheckConfig)(unsafe.Pointer(in.HealthCheckConfig))
+	out.HealthCheckConfig = (*configv1alpha1.HealthCheckConfig)(unsafe.Pointer(in.HealthCheckConfig))
 	return nil
 }
 
diff --git a/pkg/apis/config/zz_generated.deepcopy.go b/pkg/apis/config/zz_generated.deepcopy.go
index 4ef581f..de94e08 100644
--- a/pkg/apis/config/zz_generated.deepcopy.go
+++ b/pkg/apis/config/zz_generated.deepcopy.go
@@ -10,7 +10,7 @@
 package config
 
 import (
-	apisconfig "github.com/gardener/gardener/extensions/pkg/apis/config"
+	configv1alpha1 "github.com/gardener/gardener/extensions/pkg/apis/config/v1alpha1"
 	v1alpha1 "github.com/metal-stack/gardener-extension-audit/pkg/apis/audit/v1alpha1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
@@ -26,7 +26,7 @@ func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) {
 	}
 	if in.HealthCheckConfig != nil {
 		in, out := &in.HealthCheckConfig, &out.HealthCheckConfig
-		*out = new(apisconfig.HealthCheckConfig)
+		*out = new(configv1alpha1.HealthCheckConfig)
 		(*in).DeepCopyInto(*out)
 	}
 	return
diff --git a/pkg/cmd/config.go b/pkg/cmd/config.go
index 8450623..b0630f5 100644
--- a/pkg/cmd/config.go
+++ b/pkg/cmd/config.go
@@ -4,7 +4,7 @@ import (
 	"errors"
 	"os"
 
-	healthcheckconfig "github.com/gardener/gardener/extensions/pkg/apis/config"
+	healthcheckconfigv1alpha1 "github.com/gardener/gardener/extensions/pkg/apis/config/v1alpha1"
 	configapi "github.com/metal-stack/gardener-extension-audit/pkg/apis/config"
 	"github.com/metal-stack/gardener-extension-audit/pkg/apis/config/v1alpha1"
 
@@ -81,7 +81,7 @@ func (c *AuthServiceConfig) Apply(config *configapi.ControllerConfiguration) {
 }
 
 // ApplyHealthCheckConfig applies the HealthCheckConfig.
-func (c *AuthServiceConfig) ApplyHealthCheckConfig(config *healthcheckconfig.HealthCheckConfig) {
+func (c *AuthServiceConfig) ApplyHealthCheckConfig(config *healthcheckconfigv1alpha1.HealthCheckConfig) {
 	if c.config.HealthCheckConfig != nil {
 		*config = *c.config.HealthCheckConfig
 	}
diff --git a/pkg/controller/audit/actuator.go b/pkg/controller/audit/actuator.go
index a01de3c..45ee6c5 100644
--- a/pkg/controller/audit/actuator.go
+++ b/pkg/controller/audit/actuator.go
@@ -148,6 +148,20 @@ func (a *actuator) shootBackends(ctx context.Context, cluster *extensions.Cluste
 		backendMap["splunk"] = splunkBackend
 	}
 
+	if pointer.SafeDeref(backends.S3).Enabled {
+		s3Secret, err := a.findBackendSecret(ctx, cluster, secrets, backends.S3.SecretResourceName)
+		if err != nil {
+			return nil, err
+		}
+
+		s3Backend, err := backend.NewS3(backends.S3, s3Secret)
+		if err != nil {
+			return nil, fmt.Errorf("error creating s3 backend: %w", err)
+		}
+
+		backendMap["s3"] = s3Backend
+	}
+
 	return backendMap, nil
 }
 
diff --git a/pkg/controller/audit/add.go b/pkg/controller/audit/add.go
index 8a1a043..2667239 100644
--- a/pkg/controller/audit/add.go
+++ b/pkg/controller/audit/add.go
@@ -45,7 +45,7 @@ func AddToManager(ctx context.Context, mgr manager.Manager) error {
 // AddToManagerWithOptions adds a controller with the given Options to the given manager.
 // The opts.Reconciler is being set with a newly instantiated actuator.
 func AddToManagerWithOptions(ctx context.Context, mgr manager.Manager, opts AddOptions) error {
-	return extension.Add(ctx, mgr, extension.AddArgs{
+	return extension.Add(mgr, extension.AddArgs{
 		Actuator:          NewActuator(mgr, opts.Config),
 		ControllerOptions: opts.ControllerOptions,
 		Name:              ControllerName,
diff --git a/pkg/controller/audit/backend/s3.go b/pkg/controller/audit/backend/s3.go
new file mode 100644
index 0000000..18ae992
--- /dev/null
+++ b/pkg/controller/audit/backend/s3.go
@@ -0,0 +1,151 @@
+package backend
+
+import (
+	"fmt"
+	"path"
+	"strings"
+
+	"github.com/gardener/gardener/pkg/extensions"
+	"github.com/metal-stack/gardener-extension-audit/pkg/apis/audit/v1alpha1"
+	"github.com/metal-stack/gardener-extension-audit/pkg/fluentbitconfig"
+	"github.com/metal-stack/metal-lib/pkg/pointer"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+const (
+	s3SecretAccessKeyIDKey     = "access_key_id"
+	s3SecretSecretAccessKeyKey = "secret_access_key"
+)
+
+type S3 struct {
+	backend *v1alpha1.AuditBackendS3
+	secret  *corev1.Secret
+}
+
+func NewS3(backend *v1alpha1.AuditBackendS3, secret *corev1.Secret) (S3, error) {
+	if err := validateS3Secret(secret); err != nil {
+		return S3{}, err
+	}
+	if err := validateS3Backend(backend); err != nil {
+		return S3{}, err
+	}
+
+	return S3{
+		backend: backend,
+		secret:  secret,
+	}, nil
+}
+
+func validateS3Backend(backend *v1alpha1.AuditBackendS3) error {
+	if backend.Bucket == "" {
+		return fmt.Errorf("backend must contain a bucket")
+	}
+	if backend.Region == "" {
+		return fmt.Errorf("backend must contain a region")
+	}
+
+	if !strings.HasPrefix(pointer.SafeDeref(backend.S3KeyFormat), "/") {
+		return fmt.Errorf("s3KeyFormat must start with a /")
+	}
+
+	if !strings.HasPrefix(pointer.SafeDeref(backend.Prefix), "/") {
+		return fmt.Errorf("prefix must start with a /")
+	}
+
+	return nil
+}
+
+func validateS3Secret(secret *corev1.Secret) error {
+	if _, ok := secret.Data[s3SecretAccessKeyIDKey]; !ok {
+		return fmt.Errorf("referenced S3 secret does not contain %q", s3SecretAccessKeyIDKey)
+	}
+
+	if _, ok := secret.Data[s3SecretSecretAccessKeyKey]; !ok {
+		return fmt.Errorf("referenced S3 secret does not contain %q", s3SecretSecretAccessKeyKey)
+	}
+	return nil
+}
+
+func (s S3) FluentBitConfig(*extensions.Cluster) fluentbitconfig.Config {
+	s3Config := map[string]string{
+		"match":                "audit",
+		"name":                 "s3",
+		"retry_limit":          "no_limits", // Let FluentBit only discard data if store_dir_limit_size is reached
+		"store_dir_limit_size": pointer.SafeDeref(s.backend.FilesystemBufferSize),
+		"bucket":               s.backend.Bucket,
+		"region":               s.backend.Region,
+		"json_date_key":        "timestamp",
+		"use_put_object":       "On",
+	}
+
+	if s.backend.S3KeyFormat != nil {
+		s3Config["s3_key_format"] = *s.backend.S3KeyFormat
+	}
+
+	if s.backend.Prefix != nil {
+		s3Config["s3_key_format"] = path.Join(*s.backend.Prefix, s3Config["s3_key_format"])
+	}
+
+	if s.backend.Endpoint != nil {
+		s3Config["endpoint"] = *s.backend.Endpoint
+	}
+
+	if s.backend.UploadTimeout != nil {
+		s3Config["upload_timeout"] = *s.backend.UploadTimeout
+	}
+
+	if s.backend.TotalFileSize != nil {
+		s3Config["total_file_size"] = *s.backend.TotalFileSize
+	}
+
+	if s.backend.TlsEnabled != nil && *s.backend.TlsEnabled {
+		s3Config["tls"] = "On"
+	}
+
+	if s.backend.UseCompression != nil && *s.backend.UseCompression {
+		s3Config["compression"] = "gzip"
+
+	}
+
+	return fluentbitconfig.Config{
+		Output: []fluentbitconfig.Output{s3Config},
+	}
+}
+
+func (s S3) PatchAuditWebhook(sts *appsv1.StatefulSet) {
+	// Add AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY ENV, this ENVs are used to authenticate on the s3 object storage.
+	sts.Spec.Template.Spec.Containers[0].Env = append(sts.Spec.Template.Spec.Containers[0].Env,
+		corev1.EnvVar{
+			Name: "AWS_ACCESS_KEY_ID",
+			ValueFrom: &corev1.EnvVarSource{
+				SecretKeyRef: &corev1.SecretKeySelector{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: s.secret.Name,
+					},
+					Key: s3SecretAccessKeyIDKey,
+				},
+			},
+		},
+		corev1.EnvVar{
+			Name: "AWS_SECRET_ACCESS_KEY",
+			ValueFrom: &corev1.EnvVarSource{
+				SecretKeyRef: &corev1.SecretKeySelector{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: s.secret.Name,
+					},
+					Key: s3SecretSecretAccessKeyKey,
+				},
+			},
+		},
+	)
+}
+
+func (s S3) AdditionalShootObjects(*extensions.Cluster) []client.Object {
+	return []client.Object{}
+}
+
+func (s S3) AdditionalSeedObjects(_ *extensions.Cluster) []client.Object {
+	return []client.Object{}
+}
diff --git a/pkg/controller/audit/backend/s3_test.go b/pkg/controller/audit/backend/s3_test.go
new file mode 100644
index 0000000..7fd05f2
--- /dev/null
+++ b/pkg/controller/audit/backend/s3_test.go
@@ -0,0 +1,181 @@
+package backend
+
+import (
+	"github.com/gardener/gardener/pkg/extensions"
+	"github.com/metal-stack/gardener-extension-audit/pkg/apis/audit/v1alpha1"
+	"github.com/metal-stack/gardener-extension-audit/pkg/fluentbitconfig"
+	"github.com/metal-stack/metal-lib/pkg/pointer"
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	"testing"
+)
+
+func Test_S3FluentBitConfig(t *testing.T) {
+	validSecretData := map[string][]byte{
+		s3SecretAccessKeyIDKey:     []byte("key"),
+		s3SecretSecretAccessKeyKey: []byte("secret"),
+	}
+	tt := []struct {
+		desc            string
+		backend         v1alpha1.AuditBackendS3
+		secretData      map[string][]byte
+		assertionError  func(*testing.T, error)
+		assertionConfig func(*testing.T, fluentbitconfig.Config)
+	}{
+		{
+			desc: "secret missing",
+			backend: v1alpha1.AuditBackendS3{
+				Enabled: true,
+				Bucket:  "bucket",
+				Region:  "region",
+			},
+			secretData: map[string][]byte{},
+			assertionError: func(t *testing.T, err error) {
+				assert.Error(t, err)
+				assert.ErrorContains(t, err, "secret")
+			},
+		},
+		{
+			desc: "missing bucket",
+			backend: v1alpha1.AuditBackendS3{
+				Enabled: true,
+				Region:  "region",
+			},
+			secretData: validSecretData,
+			assertionError: func(t *testing.T, err error) {
+				assert.Error(t, err)
+				assert.ErrorContains(t, err, "bucket")
+			},
+		},
+		{
+			desc: "missing region",
+			backend: v1alpha1.AuditBackendS3{
+				Enabled: true,
+				Bucket:  "bucket",
+			},
+			secretData: validSecretData,
+			assertionError: func(t *testing.T, err error) {
+				assert.Error(t, err)
+				assert.ErrorContains(t, err, "region")
+			},
+		},
+		{
+			desc: "prefix dose not start with /",
+			backend: v1alpha1.AuditBackendS3{
+				Enabled: true,
+				Bucket:  "bucket",
+				Region:  "region",
+				Prefix:  pointer.Pointer("audit"),
+			},
+			secretData: validSecretData,
+			assertionError: func(t *testing.T, err error) {
+				assert.Error(t, err)
+				assert.ErrorContains(t, err, "prefix")
+			},
+		},
+
+		{
+			desc: "prefix dose not start with /",
+			backend: v1alpha1.AuditBackendS3{
+				Enabled:     true,
+				Bucket:      "bucket",
+				Region:      "region",
+				S3KeyFormat: pointer.Pointer("audit"),
+			},
+			secretData: validSecretData,
+			assertionError: func(t *testing.T, err error) {
+				assert.Error(t, err)
+				assert.ErrorContains(t, err, "s3KeyFormat")
+			},
+		},
+		{
+			desc: "valid secret",
+			backend: v1alpha1.AuditBackendS3{
+				Enabled: true,
+				Bucket:  "bucket",
+				Region:  "region",
+			},
+			secretData: validSecretData,
+			assertionError: func(t *testing.T, err error) {
+				assert.NoError(t, err)
+			},
+			assertionConfig: func(t *testing.T, c fluentbitconfig.Config) {},
+		},
+		{
+			desc: "with default config",
+			backend: v1alpha1.AuditBackendS3{
+				Enabled: true,
+				Bucket:  "bucket",
+				Region:  "region",
+			},
+			secretData: validSecretData,
+			assertionError: func(t *testing.T, err error) {
+				assert.NoError(t, err)
+			},
+			assertionConfig: func(t *testing.T, c fluentbitconfig.Config) {
+				assert.Len(t, c.Output, 1)
+				o := c.Output[0]
+				assert.Equal(t, o["match"], "audit")
+				assert.Equal(t, o["name"], "s3")
+				assert.Equal(t, o["retry_limit"], "no_limits")
+				assert.Equal(t, o["store_dir_limit_size"], "900M")
+				assert.Equal(t, o["bucket"], "bucket")
+				assert.Equal(t, o["region"], "region")
+				assert.Equal(t, o["json_date_key"], "timestamp")
+				assert.Equal(t, o["use_put_object"], "On")
+				assert.Equal(t, o["s3_key_format"], "/audit-logs/%Y/%m/%d/%H/%M/%S/$UUID")
+				assert.Equal(t, o["upload_timeout"], "10m")
+				assert.Equal(t, o["total_file_size"], "100M")
+				assert.Equal(t, o["tls"], "On")
+			},
+		},
+
+		{
+			desc: "with changes config config",
+			backend: v1alpha1.AuditBackendS3{
+				Enabled:              true,
+				Bucket:               "bucket",
+				Region:               "region",
+				FilesystemBufferSize: pointer.Pointer("1G"),
+				S3KeyFormat:          pointer.Pointer("/%Y/%m/%d/$UUID"),
+				Prefix:               pointer.Pointer("/logs"),
+				UploadTimeout:        pointer.Pointer("2m"),
+				TotalFileSize:        pointer.Pointer("99M"),
+				TlsEnabled:           pointer.Pointer(false),
+				UseCompression:       pointer.Pointer(true),
+			},
+			secretData: validSecretData,
+			assertionError: func(t *testing.T, err error) {
+				assert.NoError(t, err)
+			},
+			assertionConfig: func(t *testing.T, c fluentbitconfig.Config) {
+				assert.Len(t, c.Output, 1)
+				o := c.Output[0]
+				assert.Equal(t, o["store_dir_limit_size"], "1G")
+				assert.Equal(t, o["json_date_key"], "timestamp")
+				assert.Equal(t, o["use_put_object"], "On")
+				assert.Equal(t, o["s3_key_format"], "/logs/%Y/%m/%d/$UUID")
+				assert.Equal(t, o["upload_timeout"], "2m")
+				assert.Equal(t, o["total_file_size"], "99M")
+				assert.Equal(t, o["compression"], "gzip")
+				assert.NotEqual(t, o["tls"], "On")
+			},
+		},
+	}
+	for _, tc := range tt {
+		t.Run(tc.desc, func(t *testing.T) {
+			backends := &v1alpha1.AuditBackends{
+				S3: &tc.backend,
+			}
+			v1alpha1.DefaultBackends(backends)
+			s3, err := NewS3(backends.S3, &corev1.Secret{
+				Data: tc.secretData,
+			})
+			tc.assertionError(t, err)
+			if err == nil {
+				config := s3.FluentBitConfig(&extensions.Cluster{})
+				tc.assertionConfig(t, config)
+			}
+		})
+	}
+}
diff --git a/pkg/controller/healthcheck/registration.go b/pkg/controller/healthcheck/registration.go
index a07b474..eba6ed4 100644
--- a/pkg/controller/healthcheck/registration.go
+++ b/pkg/controller/healthcheck/registration.go
@@ -4,7 +4,8 @@ import (
 	"context"
 	"time"
 
-	extensionsconfig "github.com/gardener/gardener/extensions/pkg/apis/config"
+	extensionsconfigv1alpha1 "github.com/gardener/gardener/extensions/pkg/apis/config/v1alpha1"
+
 	"github.com/gardener/gardener/extensions/pkg/controller/healthcheck"
 	"github.com/gardener/gardener/extensions/pkg/controller/healthcheck/general"
 	gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
@@ -21,15 +22,14 @@ var (
 	defaultSyncPeriod = 60 * time.Second
 	// DefaultAddOptions contains configuration for the health check controller.
 	DefaultAddOptions = healthcheck.DefaultAddArgs{
-		HealthCheckConfig: extensionsconfig.HealthCheckConfig{SyncPeriod: metav1.Duration{Duration: defaultSyncPeriod}},
+		HealthCheckConfig: extensionsconfigv1alpha1.HealthCheckConfig{SyncPeriod: metav1.Duration{Duration: defaultSyncPeriod}},
 	}
 )
 
 // RegisterHealthChecks registers health checks for each extension resource
 // HealthChecks are grouped by extension (e.g worker), extension.type (e.g aws) and  Health Check Type (e.g SystemComponentsHealthy)
-func RegisterHealthChecks(ctx context.Context, mgr manager.Manager, opts healthcheck.DefaultAddArgs) error {
+func RegisterHealthChecks(_ context.Context, mgr manager.Manager, opts healthcheck.DefaultAddArgs) error {
 	return healthcheck.DefaultRegistration(
-		ctx,
 		audit.Type,
 		extensionsv1alpha1.SchemeGroupVersion.WithKind(extensionsv1alpha1.ExtensionResource),
 		func() client.ObjectList { return &extensionsv1alpha1.ExtensionList{} },