diff --git a/docs/release-notes/next.md b/docs/release-notes/next.md
index 19087062f59..c663117239c 100644
--- a/docs/release-notes/next.md
+++ b/docs/release-notes/next.md
@@ -8,1233 +8,3 @@ hide_table_of_contents: true
 
 ## Related upstream release notes / changelogs
 
-
-<details>
-<summary><b>Update external-dns-management to <code>0.22.1</code></b></summary>
-
-# [gardener/external-dns-management]
-
-## 📰 Noteworthy
-
-- `[OPERATOR]` `gosec` was introduced for Static Application Security Testing (SAST). by @MartinWeindel [#394]
-## 🏃 Others
-
-- `[OPERATOR]` Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [#398]
-
-## Helm Charts
-- dns-controller-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.22.1`
-## Docker Images
-- dns-controller-manager: `europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.22.1`
-
-
-</details>
-
-<details>
-<summary><b>Update shoot-dns-service to <code>1.54.0</code></b></summary>
-
-# [gardener/gardener-extension-shoot-dns-service]
-
-## 🏃 Others
-
-- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.107.0 to 1.108.0. by @dependabot[bot] [#399]
-- `[OPERATOR]` Reduce default values for resource utilisation of shoot-dns-service controller in the control plane. by @MartinWeindel [#392]
-- `[OPERATOR]` `gosec` was introduced for Static Application Security Testing (SAST). by @MartinWeindel [#387]
-- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.105.0 to 1.106.0. by @dependabot[bot] [#390]
-- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.106.0 to 1.107.0. by @dependabot[bot] [#394]
-# [gardener/external-dns-management]
-
-## 📰 Noteworthy
-
-- `[OPERATOR]` `gosec` was introduced for Static Application Security Testing (SAST). by @MartinWeindel [gardener/external-dns-management#394]
-## 🏃 Others
-
-- `[OPERATOR]` Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [gardener/external-dns-management#398]
-
-## Helm Charts
-- admission-shoot-dns-service-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-application:v1.54.0`
-- admission-shoot-dns-service-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-runtime:v1.54.0`
-- shoot-dns-service: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-dns-service:v1.54.0`
-## Docker Images
-- gardener-extension-admission-shoot-dns-service: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.54.0`
-- gardener-extension-shoot-dns-service: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.54.0`
-
-
-</details>
-
-<details>
-<summary><b>Update shoot-flux to <code>0.11.0</code></b></summary>
-
-## What's Changed
-* Bump gardener to `v1.105.3` by @Duciwuci in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/119
-
-
-**Full Changelog**: https://github.com/stackitcloud/gardener-extension-shoot-flux/compare/v0.10.0...v0.11.0
-
-</details>
-
-<details>
-<summary><b>Update shoot-cert-service to <code>1.46.0</code></b></summary>
-
-# [gardener/gardener-extension-shoot-cert-service]
-
-## 🏃 Others
-
-- `[OPERATOR]` Reduce default values for resource utilisation of cert-management controller in the control plane. by @MartinWeindel [#308]
-- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.106.0 to 1.107.0. by @dependabot[bot] [#310]
-- `[OPERATOR]` Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [#311]
-- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.105.0 to 1.106.0. by @dependabot[bot] [#306]
-- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.107.0 to 1.108.0. by @dependabot[bot] [#315]
-
-## Helm Charts
-- shoot-cert-service: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-cert-service:v1.46.0`
-## Docker Images
-- gardener-extension-shoot-cert-service: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.46.0`
-
-
-</details>
-
-<details>
-<summary><b>Update backup-s3 to <code>0.7.0</code></b></summary>
-
-## General Changes
-* Revendor g/g v1.100 (https://github.com/metal-stack/gardener-extension-backup-s3/pull/11) @Gerrit91 
-
-
-</details>
-
-<details>
-<summary><b>Update cloudprofiles to <code>0.7.20</code></b></summary>
-
-**Full Changelog**: https://github.com/gardener-community/cloudprofiles/compare/0.7.19...0.7.20
-
-</details>
-
-<details>
-<summary><b>Update provider-azure to <code>1.49.0</code></b></summary>
-
-# [gardener/gardener-extension-provider-azure]
-
-## ⚠️ Breaking Changes
-
-- `[USER]` Deprecate DNSRecordConfig object. Please configure the target Azure management API via the provided secret by @kon-angelo [#1018]
-## ✨ New Features
-
-- `[USER]` Enable extra-create-metadata in csi-provisioner. by @kon-angelo [#1008]
-## 🏃 Others
-
-- `[DEPENDENCY]` Update go to version 1.23.3 by @hebelsan [#1005]
-- `[DEPENDENCY]` Update gardener/gardener to v1.108.0 by @hebelsan [#1014]
-- `[OPERATOR]` Create bastion vm from the info provided in the cloud profile bastion section by @hebelsan [#948]
-- `[OPERATOR]` Fix an issue where the subnet name was not calculated correctly in the migration to multi-subnet setup by @kon-angelo [#1004]
-- `[OPERATOR]` Updating CSI driver provisioner ClusterRole rules by @hebelsan [#988]
-- `[OPERATOR]` Remove outdated "Basic" SKU loadbalancer migration documentation. by @kon-angelo [#1017]
-- `[OPERATOR]` Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#998]
-- `[OPERATOR]` Add `NamespacedCloudProfile` admission mutation and validation to support custom machine images and types. by @LucaBernstein [#1016]
-- `[OPERATOR]` Added validation to prevent IPv6-only/dual-stack clusters as they are not supported, yet. by @ScheererJ [#993]
-- `[DEVELOPER]` Add gosec as sast makefile target by @hebelsan [#1006]
-- `[DEVELOPER]` Update gardener/gardener to v1.105.0 by @hebelsan [#989]
-
-## Helm Charts
-- admission-azure-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.49.0`
-- admission-azure-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.49.0`
-- provider-azure: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.49.0`
-## Docker Images
-- gardener-extension-admission-azure: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.49.0`
-- gardener-extension-provider-azure: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.49.0`
-
-
-</details>
-
-<details>
-<summary><b>Update provider-openstack to <code>1.43.0</code></b></summary>
-
-# [gardener/gardener-extension-provider-openstack]
-
-## ⚠️ Breaking Changes
-
-- `[OPERATOR]` Deprecated configuring bastion via helm chart config map by @hebelsan [#838]
-## 📰 Noteworthy
-
-- `[OPERATOR]` Added support for configuring bastion vm from CloudProfile's bastion section by @hebelsan [#838]
-## 🏃 Others
-
-- `[DEPENDENCY]` Add gosec as sast makefile target by @hebelsan [#902]
-- `[DEPENDENCY]` Update go to version 1.23.3 by @hebelsan [#900]
-- `[OPERATOR]` Fix an issue where provider-openstack required permissions for share network operations even when not required by the `InfrastructureConfig`. by @kon-angelo [#885]
-- `[OPERATOR]` Update gardener/gardener to v1.107.0 by @hebelsan [#896]
-- `[OPERATOR]` Fix an issue where the deletion with the flow reconciler would fail if the network was already deleted. by @kon-angelo [#898]
-- `[OPERATOR]` Added validation to prevent IPv6-only/dual-stack clusters as they are not supported, yet. by @ScheererJ [#886]
-- `[OPERATOR]` Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#895]
-- `[OPERATOR]` Fix possible nil-pointer deref when looking for networks. during reconciliation by @AndreasBurger [#879]
-- `[OPERATOR]` subnet overlapping, missing expected router and Policy doesn't allow .* to be performed errors are now non-retryable user errors. by @RadaBDimitrova [#894]
-- `[OPERATOR]` Updating CSI driver provisioner ClusterRole rules by @hebelsan [#880]
-- `[DEVELOPER]` Update gardener/gardener to v1.105.0 by @hebelsan [#881]
-
-## Helm Charts
-- admission-openstack-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.43.0`
-- admission-openstack-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.43.0`
-- provider-openstack: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.43.0`
-## Docker Images
-- gardener-extension-admission-openstack: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.43.0`
-- gardener-extension-provider-openstack: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.43.0`
-
-
-</details>
-
-<details>
-<summary><b>Update os-ubuntu to <code>1.26.0</code></b></summary>
-
-# [gardener/gardener-extension-os-ubuntu]
-
-## ⚠️ Breaking Changes
-
-- `[OPERATOR]` This extension is no longer able to run with Gardener versions lower than `v1.90` when the `UseGardenerNodeAgent` feature gate is disabled. by @rfranzke [#126]
-## ✨ New Features
-
-- `[OPERATOR]` Helm charts of extension and admission controller are published as OCI artifacts now. by @oliver-goetz [#143]
-## 🏃 Others
-
-- `[DEVELOPER]` The `vendor` directory was removed in favor of the `go mod cache`. by @LucaBernstein [#133]
-- `[DEVELOPER]` Static Application Security Testing (sast) with `gosec` got enabled on this repository. by @MrBatschner [#163]
-
-## Helm Charts
-- os-ubuntu: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-ubuntu:v1.26.0`
-## Docker Images
-- gardener-extension-os-ubuntu: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-ubuntu:v1.26.0`
-
-
-</details>
-
-<details>
-<summary><b>Update gardener-controlplane to <code>1.108.1</code></b></summary>
-
-# [gardener/gardener]
-
-## 🐛 Bug Fixes
-
-- `[OPERATOR]` The `seed.gardener.cloud/eu-access=true` label (in `CloudProfile`s and `Seeds`) or seed selector (in `Shoot`s) is no longer removed when the `eu-access-only` restriction is removed from the `.spec.accessRestrictions[]` field. Similarly, the `support.gardener.cloud/eu-access-for-cluster-{addons,nodes}` annotations in `Shoot`s are no longer removed when they are removed from the `.spec.accessRestrictions[].options` field. by @rfranzke [#10885]
-
-## Helm Charts
-- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.108.1`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.108.1`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.108.1`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.108.1`
-## Docker Images
-- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.108.1`
-- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.108.1`
-- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.108.1`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.108.1`
-- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.108.1`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.108.1`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.108.1`
-- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.108.1`
-
-
-</details>
-
-<details>
-<summary><b>Update gardener-controlplane to <code>1.108.1</code></b></summary>
-
-# [gardener/gardener]
-
-## 🐛 Bug Fixes
-
-- `[OPERATOR]` The `seed.gardener.cloud/eu-access=true` label (in `CloudProfile`s and `Seeds`) or seed selector (in `Shoot`s) is no longer removed when the `eu-access-only` restriction is removed from the `.spec.accessRestrictions[]` field. Similarly, the `support.gardener.cloud/eu-access-for-cluster-{addons,nodes}` annotations in `Shoot`s are no longer removed when they are removed from the `.spec.accessRestrictions[].options` field. by @rfranzke [#10885]
-
-## Helm Charts
-- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.108.1`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.108.1`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.108.1`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.108.1`
-## Docker Images
-- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.108.1`
-- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.108.1`
-- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.108.1`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.108.1`
-- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.108.1`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.108.1`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.108.1`
-- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.108.1`
-
-
-</details>
-
-<details>
-<summary><b>Update gardenlet to <code>1.108.1</code></b></summary>
-
-# [gardener/gardener]
-
-## 🐛 Bug Fixes
-
-- `[OPERATOR]` The `seed.gardener.cloud/eu-access=true` label (in `CloudProfile`s and `Seeds`) or seed selector (in `Shoot`s) is no longer removed when the `eu-access-only` restriction is removed from the `.spec.accessRestrictions[]` field. Similarly, the `support.gardener.cloud/eu-access-for-cluster-{addons,nodes}` annotations in `Shoot`s are no longer removed when they are removed from the `.spec.accessRestrictions[].options` field. by @rfranzke [#10885]
-
-## Helm Charts
-- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.108.1`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.108.1`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.108.1`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.108.1`
-## Docker Images
-- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.108.1`
-- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.108.1`
-- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.108.1`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.108.1`
-- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.108.1`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.108.1`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.108.1`
-- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.108.1`
-
-
-</details>
-
-<details>
-<summary><b>Update shoot-oidc-service to <code>0.29.0</code></b></summary>
-
-# [gardener/oidc-webhook-authenticator]
-
-## 🏃 Others
-
-- `[OPERATOR]` OWA is now built using go version 1.23.3. by @dimityrmirchev [gardener/oidc-webhook-authenticator#167]
-- `[DEVELOPER]` `gosec` is made available for SAST(static application security testing), it can be run with `make sast` or `make sast-report`.  by @vpnachev [gardener/oidc-webhook-authenticator#165]
-# [gardener/gardener-extension-shoot-oidc-service]
-
-## ⚠️ Breaking Changes
-
-- `[OPERATOR]` The type of the `imageVectorOverwrite` helm chart value is changed from string to object. by @dimityrmirchev [#251]
-## 🏃 Others
-
-- `[OPERATOR]` The following dependencies have been updated:  
-  - github.com/gardener/gardener v1.105.0 -> v1.106.0  
-  - k8s.io/api v0.29.8 -> v0.31.1  
-  - k8s.io/apimachinery v0.29.9 -> v0.31.1  
-  - k8s.io/client-go v0.29.9 -> v0.31.1  
-  - k8s.io/code-generator v0.29.9 -> v0.31.1  
-  - k8s.io/component-base v0.29.9 -> v0.31.1  
-  - sigs.k8s.io/controller-runtime v0.17.6 -> v0.19.0 by @vpnachev [#248]
-- `[DEVELOPER]` `gosec` is made available for SAST(static application security testing), it can be run with `make sast` or `make sast-report`, but is also incorporated in the `verify` and `verify-extended` makefile targets.  by @vpnachev [#248]
-## 📖 Documentation
-
-- `[USER]` Documentation now clarifies when Structured Authentication should be preferred over the Gardener OIDC extension. by @dimityrmirchev [#259]
-
-## Helm Charts
-- shoot-oidc-service: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.29.0`
-## Docker Images
-- gardener-extension-shoot-oidc-service: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.29.0`
-
-
-</details>
-
-<details>
-<summary><b>Update os-gardenlinux to <code>0.25.0</code></b></summary>
-
-# [gardener/gardener-extension-os-gardenlinux]
-
-## ⚠️ Breaking Changes
-
-- `[OPERATOR]` This extension is no longer able to run with Gardener versions lower than `v1.90` when the `UseGardenerNodeAgent` feature gate is disabled. by @rfranzke [#161]
-## ✨ New Features
-
-- `[OPERATOR]` Helm charts of extension and admission controller are published as OCI artifacts now. by @oliver-goetz [#188]
-## 🏃 Others
-
-- `[DEVELOPER]` Static Application Security Testing (sast) with `gosec` got enabled on this repository. by @MrBatschner [#212]
-- `[DEVELOPER]` The `vendor` directory was removed in favor of the `go mod cache`. by @timuthy [#170]
-- `[OPERATOR]` The cgroup drivers for containerd and kubelet are no longer configured through scripts that are run through `ExecStartPre` but instead through a mutating webhook that modifies the cgroup driver in the OSC. The cgroup driver always gets set to `systemd`. by @MrBatschner [#169]
-
-## Helm Charts
-- os-gardenlinux: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.25.0`
-## Docker Images
-- gardener-extension-os-gardenlinux: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.25.0`
-
-
-</details>
-
-<details>
-<summary><b>Update os-ubuntu to <code>1.27.0</code></b></summary>
-
-no release notes available
-
-## Helm Charts
-- os-ubuntu: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-ubuntu:v1.27.0`
-## Docker Images
-- gardener-extension-os-ubuntu: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-ubuntu:v1.27.0`
-
-
-</details>
-
-<details>
-<summary><b>Update runtime-gvisor to <code>0.16.0</code></b></summary>
-
-# [gardener/gardener-extension-runtime-gvisor]
-
-## 🏃 Others
-
-- `[OPERATOR]` Introduce `providerConfig.configFlags` with `net-raw` as first supported flag to start gVisor with NET_RAW capability. by @Roncossek [#154]
-- `[OPERATOR]` Gardener libraries were updated to 1.103. by @MrBatschner [#150]
-- `[DEVELOPER]` Static Application Security Testing (sast) with `gosec` got enabled on this repository. by @MrBatschner [#155]
-
-## Helm Charts
-- runtime-gvisor: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/runtime-gvisor:v0.16.0`
-## Docker Images
-- gardener-extension-runtime-gvisor-installation: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor-installation:v0.16.0`
-- gardener-extension-runtime-gvisor: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor:v0.16.0`
-
-
-</details>
-
-<details>
-<summary><b>Update shoot-flux to <code>0.12.0</code></b></summary>
-
-## What's Changed
-* Do nothing when cluster is hibernated by @maboehm in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/122
-* 🤖 Update module github.com/onsi/ginkgo/v2 to v2.22.0 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/120
-* 🤖 Update module github.com/onsi/gomega to v1.36.0 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/121
-* 🤖 Update k8s.io/utils digest to 6fe5fd8 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/111
-* 🤖 Update dependency go to v1.23.3 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/118
-* 🤖 Update module golang.org/x/tools to v0.27.0 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/116
-* 🤖 Update fluxcd (minor) by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/107
-
-
-**Full Changelog**: https://github.com/stackitcloud/gardener-extension-shoot-flux/compare/v0.11.0...v0.12.0
-
-</details>
-
-<details>
-<summary><b>Update networking-calico to <code>1.44.0</code></b></summary>
-
-# [gardener/gardener-extension-networking-calico]
-
-## 🏃 Others
-
-- `[OPERATOR]` `gosec` was introduced for Static Application Security Testing (SAST). by @ScheererJ [#503]
-- `[OPERATOR]` Correct iptable backend and iptable rule are set for IPv6 shoot clusters when running with node-local-dns. by @DockToFuture [#506]
-- `[OPERATOR]` Generate dual-stack configuration. by @axel7born [#512]
-
-## Helm Charts
-- admission-calico-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.44.0`
-- admission-calico-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.44.0`
-- networking-calico: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.44.0`
-## Docker Images
-- gardener-extension-admission-calico: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.44.0`
-- gardener-extension-networking-calico: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.44.0`
-
-
-</details>
-
-<details>
-<summary><b>Update gardener-metrics-exporter to <code>0.31.0</code></b></summary>
-
-# [gardener/gardener-metrics-exporter]
-
-## 🏃 Others
-
-- `[USER]` Remove duplicated metrics from README by @Sinscerly [#110]
-- `[OPERATOR]` Add cost_object_type label to garden_shoot_info metric by @chrkl [#112]
-- `[OPERATOR]` Add `is_hibernated` to the `garden_shoot_info` metric by @Sinscerly [#107]
-- `[OPERATOR]` Add `technical_id` to `garden_shoot_.+` metrics by @robinschneider [#111]
-
-</details>
-
-<details>
-<summary><b>Update gardener-metrics-exporter to <code>0.31.0</code></b></summary>
-
-# [gardener/gardener-metrics-exporter]
-
-## 🏃 Others
-
-- `[USER]` Remove duplicated metrics from README by @Sinscerly [#110]
-- `[OPERATOR]` Add cost_object_type label to garden_shoot_info metric by @chrkl [#112]
-- `[OPERATOR]` Add `is_hibernated` to the `garden_shoot_info` metric by @Sinscerly [#107]
-- `[OPERATOR]` Add `technical_id` to `garden_shoot_.+` metrics by @robinschneider [#111]
-
-</details>
-
-<details>
-<summary><b>Update gardener-controlplane to <code>1.109.0</code></b></summary>
-
-# [gardener/gardener]
-
-## ⚠️ Breaking Changes
-
-- `[OPERATOR]` The HVPA autoscaling option (which is unconditionally disabled since v1.105.0) is removed from the `etcd` component. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10800]
-- `[OPERATOR]` The `Baseline` and `HVPA` autoscaling modes (which are unconditionally disabled since v1.105.0) are removed for `{gardener,kube}-apiserver`. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10796]
-- `[OPERATOR]` The deprecated and unconditionally disabled `HVPA` and `HVPAForShootedSeed` feature gates are removed. The GA-ed and unconditionally enabled `VPAForETCD` and `VPAAndHPAForAPIServer` features gates are removed. If you have references to the feature gates, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#10853]
-- `[DEVELOPER]` Rename the controlplane exposure webhook (`ExposureWebhookName`) to seed provider webhook (`SeedProviderWebhookName`). by @LucaBernstein [#10788]
-## 📰 Noteworthy
-
-- `[OPERATOR]` The `gardener-scheduler` was improved to consider reconciliation backoffs. In the past, unassigned shoots were affected by frequent scheduler reconciliations and status updates which potentially strained the scheduler and etcd. by @timuthy [#10821]
-- `[DEVELOPER]` extension library: Provider extensions should rename control plane exposure webhook related packages to seed provider to reflect the naming change on their side (for example rename `pkg/webhook/controlplaneexposure` to `pkg/webhook/seedprovider`). by @LucaBernstein [#10788]
-## ✨ New Features
-
-- `[OPERATOR]` `NodeAgentAuthorizer` feature gate was introduced. It allows a webhook based authorization of `gardener-node-agents` with reduced permissions.  
-  ❗ This feature gate requires changes in `machine-controller-manager-provider-*`. Please check that you run a supported version before activating it. ❗ by @oliver-goetz [#10781]
-- `[USER]` Allow dual-stack shoots creation. by @axel7born [#10803]
-- `[USER]` shoot spec.kubernetes.clusterAutoscaler: Add support for startupTaints and statusTaints by @dhague [#10858]
-## 🐛 Bug Fixes
-
-- `[USER]` Fixed a bug where SSH key rotations for `Shoot`s did not properly update the authorized keys on the worker nodes (hence, the new key was unusable until a node restart or rollout). by @tobschli [#10671]
-- `[USER]` On `Shoot` deletion, Gardener now properly skips certain validation checks that are only relevant for creations or updates of `Shoot` resources. by @rfranzke [#10902]
-- `[OPERATOR]` Fixed an error in `BackupBucket` reconciliation by replacing `StrategicMergePatch` with `MergePatch` to properly handle `runtime.RawExtension` fields. by @seshachalam-yv [#10904]
-## 🏃 Others
-
-- `[OPERATOR]` update alpine to get latest security fixes by @DockToFuture [#10922]
-- `[OPERATOR]` Add support for `node-local-dns` in dual-stack cluster. by @axel7born [#10891]
-- `[OPERATOR]` Add dual stack support for VPN. by @DockToFuture [#10767]
-- `[OPERATOR]` Fix kubelet CSRs to allow IPv6 addresses to be used by @kron4eg [#10876]
-- `[OPERATOR]` Add dashboard for VPA admission-controller by @voelzmo [#10741]
-- `[OPERATOR]` The HVPA component is removed. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @ialidzhikov [#10851]
-- `[OPERATOR]` Added validation for `issuerURL` in the OIDC configuration to reject URLs containing fragments. by @acumino [#10888]
-- `[OPERATOR]` The `gardener/dependency-watchdog` image has been updated to `v1.3.0`. [Release Notes](https://redirect.github.com/gardener/dependency-watchdog/releases/tag/v1.3.0) by @rishabh-11 [#10930]
-- `[OPERATOR]` Adapt `configure-admission.sh` for new extension releases with changed value names for Helm charts. by @MartinWeindel [#10877]
-- `[DEPENDENCY]` The `registry.k8s.io/cpa/cluster-proportional-autoscaler` image has been updated to `v1.9.0`. by @gardener-ci-robot [#10898]
-- `[DEPENDENCY]` The `gardener/autoscaler` image has been updated to `v1.30.1`. [Release Notes](https://redirect.github.com/gardener/autoscaler/releases/tag/v1.30.1) by @gardener-ci-robot [#10914]
-- `[DEPENDENCY]` The `gardener/vpn2` image has been updated to `0.30.0`. [Release Notes](https://redirect.github.com/gardener/vpn2/releases/tag/0.30.0) by @gardener-ci-robot [#10872]
-- `[DEPENDENCY]` The `registry.k8s.io/coredns/coredns` image has been updated to `v1.11.4`. by @gardener-ci-robot [#10856]
-- `[DEPENDENCY]` The `gardener/gardener-discovery-server` image has been updated to `v0.3.0`. [Release Notes](https://redirect.github.com/gardener/gardener-discovery-server/releases/tag/v0.3.0) by @gardener-ci-robot [#10849]
-- `[DEPENDENCY]` The `gardener/etcd-druid` image has been updated to `v0.25.0`. [Release Notes](https://redirect.github.com/gardener/etcd-druid/releases/tag/v0.25.0) by @gardener-ci-robot [#10932]
-- `[DEPENDENCY]` The `gardener/machine-controller-manager` image has been updated to `v0.55.0`. [Release Notes](https://redirect.github.com/gardener/machine-controller-manager/releases/tag/v0.55.0) by @rishabh-11 [#10908]
-
-## Helm Charts
-- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.109.0`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.109.0`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.109.0`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.109.0`
-## Docker Images
-- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.109.0`
-- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.109.0`
-- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.109.0`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.109.0`
-- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.109.0`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.109.0`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.109.0`
-- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.109.0`
-
-
-</details>
-
-<details>
-<summary><b>Update gardener-controlplane to <code>1.109.0</code></b></summary>
-
-# [gardener/gardener]
-
-## ⚠️ Breaking Changes
-
-- `[OPERATOR]` The HVPA autoscaling option (which is unconditionally disabled since v1.105.0) is removed from the `etcd` component. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10800]
-- `[OPERATOR]` The `Baseline` and `HVPA` autoscaling modes (which are unconditionally disabled since v1.105.0) are removed for `{gardener,kube}-apiserver`. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10796]
-- `[OPERATOR]` The deprecated and unconditionally disabled `HVPA` and `HVPAForShootedSeed` feature gates are removed. The GA-ed and unconditionally enabled `VPAForETCD` and `VPAAndHPAForAPIServer` features gates are removed. If you have references to the feature gates, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#10853]
-- `[DEVELOPER]` Rename the controlplane exposure webhook (`ExposureWebhookName`) to seed provider webhook (`SeedProviderWebhookName`). by @LucaBernstein [#10788]
-## 📰 Noteworthy
-
-- `[OPERATOR]` The `gardener-scheduler` was improved to consider reconciliation backoffs. In the past, unassigned shoots were affected by frequent scheduler reconciliations and status updates which potentially strained the scheduler and etcd. by @timuthy [#10821]
-- `[DEVELOPER]` extension library: Provider extensions should rename control plane exposure webhook related packages to seed provider to reflect the naming change on their side (for example rename `pkg/webhook/controlplaneexposure` to `pkg/webhook/seedprovider`). by @LucaBernstein [#10788]
-## ✨ New Features
-
-- `[OPERATOR]` `NodeAgentAuthorizer` feature gate was introduced. It allows a webhook based authorization of `gardener-node-agents` with reduced permissions.  
-  ❗ This feature gate requires changes in `machine-controller-manager-provider-*`. Please check that you run a supported version before activating it. ❗ by @oliver-goetz [#10781]
-- `[USER]` Allow dual-stack shoots creation. by @axel7born [#10803]
-- `[USER]` shoot spec.kubernetes.clusterAutoscaler: Add support for startupTaints and statusTaints by @dhague [#10858]
-## 🐛 Bug Fixes
-
-- `[USER]` Fixed a bug where SSH key rotations for `Shoot`s did not properly update the authorized keys on the worker nodes (hence, the new key was unusable until a node restart or rollout). by @tobschli [#10671]
-- `[USER]` On `Shoot` deletion, Gardener now properly skips certain validation checks that are only relevant for creations or updates of `Shoot` resources. by @rfranzke [#10902]
-- `[OPERATOR]` Fixed an error in `BackupBucket` reconciliation by replacing `StrategicMergePatch` with `MergePatch` to properly handle `runtime.RawExtension` fields. by @seshachalam-yv [#10904]
-## 🏃 Others
-
-- `[OPERATOR]` update alpine to get latest security fixes by @DockToFuture [#10922]
-- `[OPERATOR]` Add support for `node-local-dns` in dual-stack cluster. by @axel7born [#10891]
-- `[OPERATOR]` Add dual stack support for VPN. by @DockToFuture [#10767]
-- `[OPERATOR]` Fix kubelet CSRs to allow IPv6 addresses to be used by @kron4eg [#10876]
-- `[OPERATOR]` Add dashboard for VPA admission-controller by @voelzmo [#10741]
-- `[OPERATOR]` The HVPA component is removed. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @ialidzhikov [#10851]
-- `[OPERATOR]` Added validation for `issuerURL` in the OIDC configuration to reject URLs containing fragments. by @acumino [#10888]
-- `[OPERATOR]` The `gardener/dependency-watchdog` image has been updated to `v1.3.0`. [Release Notes](https://redirect.github.com/gardener/dependency-watchdog/releases/tag/v1.3.0) by @rishabh-11 [#10930]
-- `[OPERATOR]` Adapt `configure-admission.sh` for new extension releases with changed value names for Helm charts. by @MartinWeindel [#10877]
-- `[DEPENDENCY]` The `registry.k8s.io/cpa/cluster-proportional-autoscaler` image has been updated to `v1.9.0`. by @gardener-ci-robot [#10898]
-- `[DEPENDENCY]` The `gardener/autoscaler` image has been updated to `v1.30.1`. [Release Notes](https://redirect.github.com/gardener/autoscaler/releases/tag/v1.30.1) by @gardener-ci-robot [#10914]
-- `[DEPENDENCY]` The `gardener/vpn2` image has been updated to `0.30.0`. [Release Notes](https://redirect.github.com/gardener/vpn2/releases/tag/0.30.0) by @gardener-ci-robot [#10872]
-- `[DEPENDENCY]` The `registry.k8s.io/coredns/coredns` image has been updated to `v1.11.4`. by @gardener-ci-robot [#10856]
-- `[DEPENDENCY]` The `gardener/gardener-discovery-server` image has been updated to `v0.3.0`. [Release Notes](https://redirect.github.com/gardener/gardener-discovery-server/releases/tag/v0.3.0) by @gardener-ci-robot [#10849]
-- `[DEPENDENCY]` The `gardener/etcd-druid` image has been updated to `v0.25.0`. [Release Notes](https://redirect.github.com/gardener/etcd-druid/releases/tag/v0.25.0) by @gardener-ci-robot [#10932]
-- `[DEPENDENCY]` The `gardener/machine-controller-manager` image has been updated to `v0.55.0`. [Release Notes](https://redirect.github.com/gardener/machine-controller-manager/releases/tag/v0.55.0) by @rishabh-11 [#10908]
-
-## Helm Charts
-- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.109.0`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.109.0`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.109.0`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.109.0`
-## Docker Images
-- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.109.0`
-- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.109.0`
-- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.109.0`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.109.0`
-- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.109.0`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.109.0`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.109.0`
-- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.109.0`
-
-
-</details>
-
-<details>
-<summary><b>Update gardenlet to <code>1.109.0</code></b></summary>
-
-# [gardener/gardener]
-
-## ⚠️ Breaking Changes
-
-- `[OPERATOR]` The HVPA autoscaling option (which is unconditionally disabled since v1.105.0) is removed from the `etcd` component. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10800]
-- `[OPERATOR]` The `Baseline` and `HVPA` autoscaling modes (which are unconditionally disabled since v1.105.0) are removed for `{gardener,kube}-apiserver`. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10796]
-- `[OPERATOR]` The deprecated and unconditionally disabled `HVPA` and `HVPAForShootedSeed` feature gates are removed. The GA-ed and unconditionally enabled `VPAForETCD` and `VPAAndHPAForAPIServer` features gates are removed. If you have references to the feature gates, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#10853]
-- `[DEVELOPER]` Rename the controlplane exposure webhook (`ExposureWebhookName`) to seed provider webhook (`SeedProviderWebhookName`). by @LucaBernstein [#10788]
-## 📰 Noteworthy
-
-- `[OPERATOR]` The `gardener-scheduler` was improved to consider reconciliation backoffs. In the past, unassigned shoots were affected by frequent scheduler reconciliations and status updates which potentially strained the scheduler and etcd. by @timuthy [#10821]
-- `[DEVELOPER]` extension library: Provider extensions should rename control plane exposure webhook related packages to seed provider to reflect the naming change on their side (for example rename `pkg/webhook/controlplaneexposure` to `pkg/webhook/seedprovider`). by @LucaBernstein [#10788]
-## ✨ New Features
-
-- `[OPERATOR]` `NodeAgentAuthorizer` feature gate was introduced. It allows a webhook based authorization of `gardener-node-agents` with reduced permissions.  
-  ❗ This feature gate requires changes in `machine-controller-manager-provider-*`. Please check that you run a supported version before activating it. ❗ by @oliver-goetz [#10781]
-- `[USER]` Allow dual-stack shoots creation. by @axel7born [#10803]
-- `[USER]` shoot spec.kubernetes.clusterAutoscaler: Add support for startupTaints and statusTaints by @dhague [#10858]
-## 🐛 Bug Fixes
-
-- `[USER]` Fixed a bug where SSH key rotations for `Shoot`s did not properly update the authorized keys on the worker nodes (hence, the new key was unusable until a node restart or rollout). by @tobschli [#10671]
-- `[USER]` On `Shoot` deletion, Gardener now properly skips certain validation checks that are only relevant for creations or updates of `Shoot` resources. by @rfranzke [#10902]
-- `[OPERATOR]` Fixed an error in `BackupBucket` reconciliation by replacing `StrategicMergePatch` with `MergePatch` to properly handle `runtime.RawExtension` fields. by @seshachalam-yv [#10904]
-## 🏃 Others
-
-- `[OPERATOR]` update alpine to get latest security fixes by @DockToFuture [#10922]
-- `[OPERATOR]` Add support for `node-local-dns` in dual-stack cluster. by @axel7born [#10891]
-- `[OPERATOR]` Add dual stack support for VPN. by @DockToFuture [#10767]
-- `[OPERATOR]` Fix kubelet CSRs to allow IPv6 addresses to be used by @kron4eg [#10876]
-- `[OPERATOR]` Add dashboard for VPA admission-controller by @voelzmo [#10741]
-- `[OPERATOR]` The HVPA component is removed. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @ialidzhikov [#10851]
-- `[OPERATOR]` Added validation for `issuerURL` in the OIDC configuration to reject URLs containing fragments. by @acumino [#10888]
-- `[OPERATOR]` The `gardener/dependency-watchdog` image has been updated to `v1.3.0`. [Release Notes](https://redirect.github.com/gardener/dependency-watchdog/releases/tag/v1.3.0) by @rishabh-11 [#10930]
-- `[OPERATOR]` Adapt `configure-admission.sh` for new extension releases with changed value names for Helm charts. by @MartinWeindel [#10877]
-- `[DEPENDENCY]` The `registry.k8s.io/cpa/cluster-proportional-autoscaler` image has been updated to `v1.9.0`. by @gardener-ci-robot [#10898]
-- `[DEPENDENCY]` The `gardener/autoscaler` image has been updated to `v1.30.1`. [Release Notes](https://redirect.github.com/gardener/autoscaler/releases/tag/v1.30.1) by @gardener-ci-robot [#10914]
-- `[DEPENDENCY]` The `gardener/vpn2` image has been updated to `0.30.0`. [Release Notes](https://redirect.github.com/gardener/vpn2/releases/tag/0.30.0) by @gardener-ci-robot [#10872]
-- `[DEPENDENCY]` The `registry.k8s.io/coredns/coredns` image has been updated to `v1.11.4`. by @gardener-ci-robot [#10856]
-- `[DEPENDENCY]` The `gardener/gardener-discovery-server` image has been updated to `v0.3.0`. [Release Notes](https://redirect.github.com/gardener/gardener-discovery-server/releases/tag/v0.3.0) by @gardener-ci-robot [#10849]
-- `[DEPENDENCY]` The `gardener/etcd-druid` image has been updated to `v0.25.0`. [Release Notes](https://redirect.github.com/gardener/etcd-druid/releases/tag/v0.25.0) by @gardener-ci-robot [#10932]
-- `[DEPENDENCY]` The `gardener/machine-controller-manager` image has been updated to `v0.55.0`. [Release Notes](https://redirect.github.com/gardener/machine-controller-manager/releases/tag/v0.55.0) by @rishabh-11 [#10908]
-
-## Helm Charts
-- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.109.0`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.109.0`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.109.0`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.109.0`
-## Docker Images
-- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.109.0`
-- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.109.0`
-- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.109.0`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.109.0`
-- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.109.0`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.109.0`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.109.0`
-- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.109.0`
-
-
-</details>
-
-<details>
-<summary><b>Update gardener-metrics-exporter to <code>0.32.0</code></b></summary>
-
-no release notes available
-
-</details>
-
-<details>
-<summary><b>Update gardener-metrics-exporter to <code>0.32.0</code></b></summary>
-
-no release notes available
-
-</details>
-
-<details>
-<summary><b>Update provider-aws to <code>1.59.0</code></b></summary>
-
-# [gardener/gardener-extension-provider-aws]
-
-## ⚠️ Breaking Changes
-
-- `[OPERATOR]` The Helm charts for the `application` and `runtime` parts of the gardener-extension-admission-aws admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the `runtime` chart on the Garden runtime cluster, and the `application` chart on the virtual garden. Additionally, the intermediate `global` level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#1100]
-## 📰 Noteworthy
-
-- `[DEVELOPER]` Updated AWS SDK from v1 to v2 by @AndreasBurger [#1060]
-## ✨ New Features
-
-- `[OPERATOR]` Adjustments for additional deployment of extension and admission controller on Garden runtime cluster by gardener-operator. by @MartinWeindel [#1100]
-- `[OPERATOR]` Support specification of extended resources in provider config node template without re-specifying core resources. by @elankath [#1010]
-## 🏃 Others
-
-- `[OPERATOR]` Fixed terraform deploy and integration tests for IPv6. by @axel7born [#1112]
-- `[OPERATOR]` update images of pause and alpine container by @hebelsan [#1101]
-- `[OPERATOR]` Add IPv4 ranges from Spec.Networking to Status.Networking. by @axel7born [#1094]
-- `[OPERATOR]` Filter pod ranges for IPv4 CIDRs to configure Custom-Route-Controller. by @axel7born [#1138]
-- `[OPERATOR]` Create bastion vm from the info provided in the cloud profile bastion section by @hebelsan [#1040]
-- `[OPERATOR]` Added validation to allow only IPv6-only shoot clusters, but not dual-stack as it is not supported, yet. by @ScheererJ [#1095]
-- `[OPERATOR]` Fixed an issue preventing the deployment of internal load balancers in IPv6-only shoots. by @axel7born [#1108]
-- `[OPERATOR]` Add `NamespacedCloudProfile` admission mutation and validation to support custom machine images and types. by @LucaBernstein [#1136]
-- `[OPERATOR]` Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#1117]
-- `[OPERATOR]` Fix an issue where the "0.0.0.0/0" route creation would fail if the nat-gateway was previously deleted. by @kon-angelo [#1111]
-- `[OPERATOR]` Update gardener to v1.106.1 by @hebelsan [#1110]
-- `[OPERATOR]` Dual-stack networking, i.e. networks with IPv4 and IPv6, are allowed now. by @ScheererJ [#1139]
-- `[OPERATOR]` AWS load balancers controller is always enabled for IPv6-only and dual-stack shoot clusters. by @ScheererJ [#1099]
-- `[OPERATOR]` Harmonize logging output from controller-runtime logger and kubernetes logger. by @DockToFuture [#1105]
-- `[OPERATOR]` `gosec` was introduced for Static Application Security Testing (SAST). by @DockToFuture [#1105]
-- `[DEPENDENCY]` Update go to version 1.23.3 by @hebelsan [#1121]
-- `[DEVELOPER]` Add gosec as sast makefile target by @hebelsan [#1123]
-## 📖 Documentation
-
-- `[USER]` Add overview documentation for IPv6 by @ScheererJ [#1143]
-# [gardener/aws-custom-route-controller]
-
-## ✨ New Features
-
-- `[USER]` `gosec` was introduced for Static Application Security Testing (SAST). by @ScheererJ [gardener/aws-custom-route-controller#34]
-- `[USER]` Update sdk version to v2 by @kon-angelo [gardener/aws-custom-route-controller#48]
-- `[USER]` The `aws-custom-route-controller` only adds node routes for IPv4 pod CIDR ranges and does not interfere with IPv6 routes. by @DockToFuture [gardener/aws-custom-route-controller#43]
-## 🏃 Others
-
-- `[OPERATOR]` Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [gardener/aws-custom-route-controller#44]
-- `[OPERATOR]` Bumps golang from 1.23.1 to 1.23.2. by @dependabot[bot] [gardener/aws-custom-route-controller#33]
-
-</details>
-
-<details>
-<summary><b>Update gardener-metrics-exporter to <code>0.33.0</code></b></summary>
-
-no release notes available
-
-## Docker Images
-- metrics-exporter: `europe-docker.pkg.dev/gardener-project/releases/gardener/metrics-exporter:0.33.0`
-
-
-</details>
-
-<details>
-<summary><b>Update gardener-metrics-exporter to <code>0.33.0</code></b></summary>
-
-no release notes available
-
-## Docker Images
-- metrics-exporter: `europe-docker.pkg.dev/gardener-project/releases/gardener/metrics-exporter:0.33.0`
-
-
-</details>
-
-<details>
-<summary><b>Update cert-management to <code>0.17.0</code></b></summary>
-
-# [gardener/cert-management]
-
-## ✨ New Features
-
-- `[USER]` Introduce the new Issuer type `SelfSigned` for creating self-signed certificates. by @RaphaelVogel [#228]
-- `[USER]` The certificate resource can now define a duration (the lifetime of the certificate). The issuer (especially Let's Encrypt) may ignore this field. by @marc1404 [#354]
-## 🐛 Bug Fixes
-
-- `[OPERATOR]` Cleanup status for orphan pending certificate resources by @MartinWeindel [#367]
-## 🏃 Others
-
-- `[DEVELOPER]` Use Pebble as an ACME server in the integration tests. by @marc1404 [#339]
-
-## Helm Charts
-- cert-controller-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/cert-controller-manager:v0.17.0`
-## Docker Images
-- cert-management: `europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.17.0`
-
-
-</details>
-
-<details>
-<summary><b>Update os-gardenlinux to <code>0.26.0</code></b></summary>
-
-# [gardener/gardener-extension-os-gardenlinux]
-
-## 🏃 Others
-
-- `[OPERATOR]` Adds an override.conf containerd dropin file to set LimitMEMLOCK and LimitNOFILE by @Roncossek [#214]
-
-## Helm Charts
-- os-gardenlinux: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.26.0`
-## Docker Images
-- gardener-extension-os-gardenlinux: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.26.0`
-
-
-</details>
-
-<details>
-<summary><b>Update networking-cilium to <code>1.38.0</code></b></summary>
-
-# [gardener/gardener-extension-networking-cilium]
-
-## 🏃 Others
-
-- `[OPERATOR]` IPv6 support is added to cilium extension for gardener shoot clusters. by @DockToFuture [#421]
-- `[OPERATOR]` `gosec` was introduced for Static Application Security Testing (SAST). by @ScheererJ [#420]
-
-## Helm Charts
-- admission-cilium-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.38.0`
-- admission-cilium-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.38.0`
-- networking-cilium: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.38.0`
-## Docker Images
-- gardener-extension-admission-cilium: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.38.0`
-- gardener-extension-networking-cilium: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.38.0`
-
-
-</details>
-
-<details>
-<summary><b>Update cert-management to <code>0.17.1</code></b></summary>
-
-# [gardener/cert-management]
-
-## 🐛 Bug Fixes
-
-- `[OPERATOR]` Fix panic if target issuer referenced but not allowed by @MartinWeindel [#371]
-
-## Helm Charts
-- cert-controller-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/cert-controller-manager:v0.17.1`
-## Docker Images
-- cert-management: `europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.17.1`
-
-
-</details>
-
-<details>
-<summary><b>Update shoot-cert-service to <code>1.47.0</code></b></summary>
-
-# [gardener/cert-management]
-
-## ✨ New Features
-
-- `[USER]` Introduce the new Issuer type `SelfSigned` for creating self-signed certificates. by @RaphaelVogel [gardener/cert-management#228]
-- `[USER]` The certificate resource can now define a duration (the lifetime of the certificate). The issuer (especially Let's Encrypt) may ignore this field. by @marc1404 [gardener/cert-management#354]
-## 🐛 Bug Fixes
-
-- `[OPERATOR]` Fix panic if target issuer referenced but not allowed by @MartinWeindel [gardener/cert-management#371]
-- `[OPERATOR]` Cleanup status for orphan pending certificate resources by @MartinWeindel [gardener/cert-management#367]
-## 🏃 Others
-
-- `[DEVELOPER]` Use Pebble as an ACME server in the integration tests. by @marc1404 [gardener/cert-management#339]
-# [gardener/gardener-extension-shoot-cert-service]
-
-## 🏃 Others
-
-- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.108.0 to 1.109.0. by @dependabot[bot] [#320]
-- `[OPERATOR]` Vertical scaling on CPU dropped in VPA resource by @MartinWeindel [#318]
-
-## Helm Charts
-- shoot-cert-service: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-cert-service:v1.47.0`
-## Docker Images
-- gardener-extension-shoot-cert-service: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.47.0`
-
-
-</details>
-
-<details>
-<summary><b>Update shoot-rsyslog-relp to <code>0.7.0</code></b></summary>
-
-# [gardener/gardener-extension-shoot-rsyslog-relp]
-
-## 📰 Noteworthy
-
-- `[DEVELOPER]` `gosec` is made available for SAST(static application security testing), it can be run with `make sast` or `make sast-report`, but is also incorporated in the `verify` and `verify-extended` makefile targets.  by @Kostov6 [#189]
-## 🐛 Bug Fixes
-
-- `[DEVELOPER]` An issue causing `make extension-up` to fail to patch the ControllerDeployment is now mitigated. by @ialidzhikov [#194]
-- `[DEVELOPER]` An issue causing `make extension-up` to do NOT generate a new tag for local source code changes is now fixed. by @ialidzhikov [#194]
-
-## Helm Charts
-- shoot-rsyslog-relp-admission-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-application:v0.7.0`
-- shoot-rsyslog-relp-admission-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-runtime:v0.7.0`
-- shoot-rsyslog-relp: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp:v0.7.0`
-## Docker Images
-- gardener-extension-shoot-rsyslog-relp-admission: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.7.0`
-- gardener-extension-shoot-rsyslog-relp: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.7.0`
-
-
-</details>
-
-<details>
-<summary><b>Update provider-openstack to <code>1.43.1</code></b></summary>
-
-# [gardener/gardener-extension-provider-openstack]
-
-## 🏃 Others
-
-- `[OPERATOR]` Fix an issue where the CSI-Provisioner was missing 'patch' permissions on PVs by @AndreasBurger [#924]
-
-## Helm Charts
-- admission-openstack-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.43.1`
-- admission-openstack-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.43.1`
-- provider-openstack: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.43.1`
-## Docker Images
-- gardener-extension-admission-openstack: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.43.1`
-- gardener-extension-provider-openstack: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.43.1`
-
-
-</details>
-
-<details>
-<summary><b>Update provider-aws to <code>1.59.1</code></b></summary>
-
-# [gardener/gardener-extension-provider-aws]
-
-## 🐛 Bug Fixes
-
-- `[USER]` Use ipv6 CIDR in ID string only for IPv6 only subnets. by @AndreasBurger [#1163]
-
-## Helm Charts
-- admission-aws-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-aws-application:v1.59.1`
-- admission-aws-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-aws-runtime:v1.59.1`
-- provider-aws: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-aws:v1.59.1`
-## Docker Images
-- gardener-extension-admission-aws: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-aws:v1.59.1`
-- gardener-extension-provider-aws: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-aws:v1.59.1`
-
-
-</details>
-
-<details>
-<summary><b>Update os-gardenlinux to <code>0.27.0</code></b></summary>
-
-# [gardener/gardener-extension-os-gardenlinux]
-
-## 🏃 Others
-
-- `[OPERATOR]` Container images for the gardenlinux extension are now built with Docker buildx to enable cross-platform builds and default to the `linux/amd64` architecture. by @MrBatschner [#217]
-- `[OPERATOR]` add delete to rbac for secret, secret/finalizer and mutatingwebhookcofigurations by @Roncossek [#219]
-
-## Helm Charts
-- os-gardenlinux: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.27.0`
-## Docker Images
-- gardener-extension-os-gardenlinux: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.27.0`
-
-
-</details>
-
-<details>
-<summary><b>Update provider-azure to <code>1.49.1</code></b></summary>
-
-# [gardener/gardener-extension-provider-azure]
-
-## 🐛 Bug Fixes
-
-- `[USER]` Support legacy CCM service tag key in flow reconciliation by @hebelsan [#1037]
-
-## Helm Charts
-- admission-azure-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.49.1`
-- admission-azure-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.49.1`
-- provider-azure: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.49.1`
-## Docker Images
-- gardener-extension-admission-azure: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.49.1`
-- gardener-extension-provider-azure: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.49.1`
-
-
-</details>
-
-<details>
-<summary><b>Update cloudprofiles to <code>0.7.21</code></b></summary>
-
-**Full Changelog**: https://github.com/gardener-community/cloudprofiles/compare/0.7.20...0.7.21
-
-</details>
-
-<details>
-<summary><b>Update gardener-controlplane to <code>1.110.0</code></b></summary>
-
-# [gardener/gardener]
-
-## ⚠️ Breaking Changes
-
-- `[DEVELOPER]` The `autoscaling.k8s.io/v1alpha1.Hvpa` and `autoscaling.k8s.io/v1alpha1.HvpaList` resources were removed from the `pkg/client/kubernetes.SeedScheme` and `pkg/operator/client.RuntimeScheme`    by @plkokanov [#10921]
-- `[DEVELOPER]` Extension webhooks need to remove the provider type `Predicates` and add an `ObjectSelector` against the object's provider type label instead. by @LucaBernstein [#10896]
-## ✨ New Features
-
-- `[OPERATOR]` Secrets for the `TokenRequestor` can be additionally annotated with `serviceaccount.resources.gardener.cloud/inject-ca-bundle=true` to get the current CA bundle injected as well by @maboehm [#10988]
-## 🐛 Bug Fixes
-
-- `[OPERATOR]` `seed-authorizer` and structured authorization webhooks of shoot kube-apiservers no longer use the default TTL for `AuthorizedTTL` and `UnauthorizedTTL`. by @oliver-goetz [#10703]
-- `[OPERATOR]` An issue was fixed in `gardener-operator` that led to an inactive Gardenlet controller after a certain period. Thus, the operator needed a restart to react on Gardenlet resources. by @timuthy [#10663]
-- `[OPERATOR]` Fixes the bug where ManagedResource were still in progressing phase because of `Completed` pods by @ary1992 [#10961]
-## 🏃 Others
-
-- `[OPERATOR]` Fixes the calculation of the maximum number of nodes for cluster autoscaling for dual-stack shoots. by @axel7born [#10994]
-- `[OPERATOR]` RBAC rules related to `HVPA` resources have been removed from `gardenlet` and `gardener-operator` - they are no longer necessary. by @plkokanov [#10921]
-- `[OPERATOR]` The resource-manager is no longer HVPA-aware.  by @ialidzhikov [#10860]
-- `[OPERATOR]` [NewVPN] Enable IPv6 for non-HA if needed. by @MartinWeindel [#10997]
-- `[OPERATOR]` Custom CAs are updated on existing nodes too. by @oliver-goetz [#10923]
-- `[OPERATOR]` Set env variables for dual-stack in kube-apiserver. by @axel7born [#10970]
-- `[DEPENDENCY]` The `gardener/machine-controller-manager` image has been updated to `v0.55.1`. [Release Notes](https://redirect.github.com/gardener/machine-controller-manager/releases/tag/v0.55.1) by @gardener-ci-robot [#10956]
-- `[DEPENDENCY]` The `quay.io/brancz/kube-rbac-proxy` image has been updated to `v0.18.2`. by @gardener-ci-robot [#10953]
-- `[DEPENDENCY]` The `credativ/vali` image has been updated to `v2.2.20`. [Release Notes](https://redirect.github.com/credativ/vali/releases/tag/v2.2.20) by @gardener-ci-robot [#10993]
-- `[DEPENDENCY]` The `credativ/plutono` image has been updated to `v7.5.35`. [Release Notes](https://redirect.github.com/credativ/plutono/releases/tag/v7.5.35) by @gardener-ci-robot [#10995]
-- `[DEPENDENCY]` The `quay.io/kiwigrid/k8s-sidecar` image has been updated to `1.28.1`. by @gardener-ci-robot [#10981]
-- `[DEPENDENCY]` The `gardener/apiserver-proxy` image has been updated to `v0.18.0`. [Release Notes](https://redirect.github.com/gardener/apiserver-proxy/releases/tag/v0.18.0) by @gardener-ci-robot [#10933]
-- `[DEPENDENCY]` The `registry.k8s.io/coredns/coredns` image has been updated to `v1.12.0`. by @gardener-ci-robot [#10909]
-- `[DEPENDENCY]` The `gardener/vpn2` image has been updated to `0.33.0`. [Release Notes](https://redirect.github.com/gardener/vpn2/releases/tag/0.33.0) by @gardener-ci-robot [#10996]
-- `[DEPENDENCY]` The `envoyproxy/envoy` image has been updated to `v1.32.2`. [Release Notes](https://redirect.github.com/envoyproxy/envoy/releases/tag/v1.32.2) by @gardener-ci-robot [#11000]
-- `[DEPENDENCY]` The `gardener/gardener-metrics-exporter` image has been updated to `0.31.0`. [Release Notes](https://redirect.github.com/gardener/gardener-metrics-exporter/releases/tag/0.31.0) by @gardener-ci-robot [#10941]
-- `[DEPENDENCY]` The `gardener/gardener-metrics-exporter` image has been updated to `0.33.0`. [Release Notes](https://redirect.github.com/gardener/gardener-metrics-exporter/releases/tag/0.33.0) by @gardener-ci-robot [#10952]
-- `[DEPENDENCY]` The `gardener/ext-authz-server` image has been updated to `0.11.0`. [Release Notes](https://redirect.github.com/gardener/ext-authz-server/releases/tag/0.11.0) by @gardener-ci-robot [#10935]
-- `[DEVELOPER]` The `HVPA` CRD has been removed from the codebase and is no longer generated. by @plkokanov [#10921]
-## 📖 Documentation
-
-- `[OPERATOR]` Improve shoot credential rotation documentation. by @marc1404 [#10998]
-
-## Helm Charts
-- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.0`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.0`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.0`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.0`
-## Docker Images
-- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.0`
-- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.0`
-- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.0`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.0`
-- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.0`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.0`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.0`
-- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.0`
-
-
-</details>
-
-<details>
-<summary><b>Update gardener-controlplane to <code>1.110.0</code></b></summary>
-
-# [gardener/gardener]
-
-## ⚠️ Breaking Changes
-
-- `[DEVELOPER]` The `autoscaling.k8s.io/v1alpha1.Hvpa` and `autoscaling.k8s.io/v1alpha1.HvpaList` resources were removed from the `pkg/client/kubernetes.SeedScheme` and `pkg/operator/client.RuntimeScheme`    by @plkokanov [#10921]
-- `[DEVELOPER]` Extension webhooks need to remove the provider type `Predicates` and add an `ObjectSelector` against the object's provider type label instead. by @LucaBernstein [#10896]
-## ✨ New Features
-
-- `[OPERATOR]` Secrets for the `TokenRequestor` can be additionally annotated with `serviceaccount.resources.gardener.cloud/inject-ca-bundle=true` to get the current CA bundle injected as well by @maboehm [#10988]
-## 🐛 Bug Fixes
-
-- `[OPERATOR]` `seed-authorizer` and structured authorization webhooks of shoot kube-apiservers no longer use the default TTL for `AuthorizedTTL` and `UnauthorizedTTL`. by @oliver-goetz [#10703]
-- `[OPERATOR]` An issue was fixed in `gardener-operator` that led to an inactive Gardenlet controller after a certain period. Thus, the operator needed a restart to react on Gardenlet resources. by @timuthy [#10663]
-- `[OPERATOR]` Fixes the bug where ManagedResource were still in progressing phase because of `Completed` pods by @ary1992 [#10961]
-## 🏃 Others
-
-- `[OPERATOR]` Fixes the calculation of the maximum number of nodes for cluster autoscaling for dual-stack shoots. by @axel7born [#10994]
-- `[OPERATOR]` RBAC rules related to `HVPA` resources have been removed from `gardenlet` and `gardener-operator` - they are no longer necessary. by @plkokanov [#10921]
-- `[OPERATOR]` The resource-manager is no longer HVPA-aware.  by @ialidzhikov [#10860]
-- `[OPERATOR]` [NewVPN] Enable IPv6 for non-HA if needed. by @MartinWeindel [#10997]
-- `[OPERATOR]` Custom CAs are updated on existing nodes too. by @oliver-goetz [#10923]
-- `[OPERATOR]` Set env variables for dual-stack in kube-apiserver. by @axel7born [#10970]
-- `[DEPENDENCY]` The `gardener/machine-controller-manager` image has been updated to `v0.55.1`. [Release Notes](https://redirect.github.com/gardener/machine-controller-manager/releases/tag/v0.55.1) by @gardener-ci-robot [#10956]
-- `[DEPENDENCY]` The `quay.io/brancz/kube-rbac-proxy` image has been updated to `v0.18.2`. by @gardener-ci-robot [#10953]
-- `[DEPENDENCY]` The `credativ/vali` image has been updated to `v2.2.20`. [Release Notes](https://redirect.github.com/credativ/vali/releases/tag/v2.2.20) by @gardener-ci-robot [#10993]
-- `[DEPENDENCY]` The `credativ/plutono` image has been updated to `v7.5.35`. [Release Notes](https://redirect.github.com/credativ/plutono/releases/tag/v7.5.35) by @gardener-ci-robot [#10995]
-- `[DEPENDENCY]` The `quay.io/kiwigrid/k8s-sidecar` image has been updated to `1.28.1`. by @gardener-ci-robot [#10981]
-- `[DEPENDENCY]` The `gardener/apiserver-proxy` image has been updated to `v0.18.0`. [Release Notes](https://redirect.github.com/gardener/apiserver-proxy/releases/tag/v0.18.0) by @gardener-ci-robot [#10933]
-- `[DEPENDENCY]` The `registry.k8s.io/coredns/coredns` image has been updated to `v1.12.0`. by @gardener-ci-robot [#10909]
-- `[DEPENDENCY]` The `gardener/vpn2` image has been updated to `0.33.0`. [Release Notes](https://redirect.github.com/gardener/vpn2/releases/tag/0.33.0) by @gardener-ci-robot [#10996]
-- `[DEPENDENCY]` The `envoyproxy/envoy` image has been updated to `v1.32.2`. [Release Notes](https://redirect.github.com/envoyproxy/envoy/releases/tag/v1.32.2) by @gardener-ci-robot [#11000]
-- `[DEPENDENCY]` The `gardener/gardener-metrics-exporter` image has been updated to `0.31.0`. [Release Notes](https://redirect.github.com/gardener/gardener-metrics-exporter/releases/tag/0.31.0) by @gardener-ci-robot [#10941]
-- `[DEPENDENCY]` The `gardener/gardener-metrics-exporter` image has been updated to `0.33.0`. [Release Notes](https://redirect.github.com/gardener/gardener-metrics-exporter/releases/tag/0.33.0) by @gardener-ci-robot [#10952]
-- `[DEPENDENCY]` The `gardener/ext-authz-server` image has been updated to `0.11.0`. [Release Notes](https://redirect.github.com/gardener/ext-authz-server/releases/tag/0.11.0) by @gardener-ci-robot [#10935]
-- `[DEVELOPER]` The `HVPA` CRD has been removed from the codebase and is no longer generated. by @plkokanov [#10921]
-## 📖 Documentation
-
-- `[OPERATOR]` Improve shoot credential rotation documentation. by @marc1404 [#10998]
-
-## Helm Charts
-- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.0`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.0`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.0`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.0`
-## Docker Images
-- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.0`
-- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.0`
-- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.0`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.0`
-- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.0`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.0`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.0`
-- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.0`
-
-
-</details>
-
-<details>
-<summary><b>Update gardenlet to <code>1.110.0</code></b></summary>
-
-# [gardener/gardener]
-
-## ⚠️ Breaking Changes
-
-- `[DEVELOPER]` The `autoscaling.k8s.io/v1alpha1.Hvpa` and `autoscaling.k8s.io/v1alpha1.HvpaList` resources were removed from the `pkg/client/kubernetes.SeedScheme` and `pkg/operator/client.RuntimeScheme`    by @plkokanov [#10921]
-- `[DEVELOPER]` Extension webhooks need to remove the provider type `Predicates` and add an `ObjectSelector` against the object's provider type label instead. by @LucaBernstein [#10896]
-## ✨ New Features
-
-- `[OPERATOR]` Secrets for the `TokenRequestor` can be additionally annotated with `serviceaccount.resources.gardener.cloud/inject-ca-bundle=true` to get the current CA bundle injected as well by @maboehm [#10988]
-## 🐛 Bug Fixes
-
-- `[OPERATOR]` `seed-authorizer` and structured authorization webhooks of shoot kube-apiservers no longer use the default TTL for `AuthorizedTTL` and `UnauthorizedTTL`. by @oliver-goetz [#10703]
-- `[OPERATOR]` An issue was fixed in `gardener-operator` that led to an inactive Gardenlet controller after a certain period. Thus, the operator needed a restart to react on Gardenlet resources. by @timuthy [#10663]
-- `[OPERATOR]` Fixes the bug where ManagedResource were still in progressing phase because of `Completed` pods by @ary1992 [#10961]
-## 🏃 Others
-
-- `[OPERATOR]` Fixes the calculation of the maximum number of nodes for cluster autoscaling for dual-stack shoots. by @axel7born [#10994]
-- `[OPERATOR]` RBAC rules related to `HVPA` resources have been removed from `gardenlet` and `gardener-operator` - they are no longer necessary. by @plkokanov [#10921]
-- `[OPERATOR]` The resource-manager is no longer HVPA-aware.  by @ialidzhikov [#10860]
-- `[OPERATOR]` [NewVPN] Enable IPv6 for non-HA if needed. by @MartinWeindel [#10997]
-- `[OPERATOR]` Custom CAs are updated on existing nodes too. by @oliver-goetz [#10923]
-- `[OPERATOR]` Set env variables for dual-stack in kube-apiserver. by @axel7born [#10970]
-- `[DEPENDENCY]` The `gardener/machine-controller-manager` image has been updated to `v0.55.1`. [Release Notes](https://redirect.github.com/gardener/machine-controller-manager/releases/tag/v0.55.1) by @gardener-ci-robot [#10956]
-- `[DEPENDENCY]` The `quay.io/brancz/kube-rbac-proxy` image has been updated to `v0.18.2`. by @gardener-ci-robot [#10953]
-- `[DEPENDENCY]` The `credativ/vali` image has been updated to `v2.2.20`. [Release Notes](https://redirect.github.com/credativ/vali/releases/tag/v2.2.20) by @gardener-ci-robot [#10993]
-- `[DEPENDENCY]` The `credativ/plutono` image has been updated to `v7.5.35`. [Release Notes](https://redirect.github.com/credativ/plutono/releases/tag/v7.5.35) by @gardener-ci-robot [#10995]
-- `[DEPENDENCY]` The `quay.io/kiwigrid/k8s-sidecar` image has been updated to `1.28.1`. by @gardener-ci-robot [#10981]
-- `[DEPENDENCY]` The `gardener/apiserver-proxy` image has been updated to `v0.18.0`. [Release Notes](https://redirect.github.com/gardener/apiserver-proxy/releases/tag/v0.18.0) by @gardener-ci-robot [#10933]
-- `[DEPENDENCY]` The `registry.k8s.io/coredns/coredns` image has been updated to `v1.12.0`. by @gardener-ci-robot [#10909]
-- `[DEPENDENCY]` The `gardener/vpn2` image has been updated to `0.33.0`. [Release Notes](https://redirect.github.com/gardener/vpn2/releases/tag/0.33.0) by @gardener-ci-robot [#10996]
-- `[DEPENDENCY]` The `envoyproxy/envoy` image has been updated to `v1.32.2`. [Release Notes](https://redirect.github.com/envoyproxy/envoy/releases/tag/v1.32.2) by @gardener-ci-robot [#11000]
-- `[DEPENDENCY]` The `gardener/gardener-metrics-exporter` image has been updated to `0.31.0`. [Release Notes](https://redirect.github.com/gardener/gardener-metrics-exporter/releases/tag/0.31.0) by @gardener-ci-robot [#10941]
-- `[DEPENDENCY]` The `gardener/gardener-metrics-exporter` image has been updated to `0.33.0`. [Release Notes](https://redirect.github.com/gardener/gardener-metrics-exporter/releases/tag/0.33.0) by @gardener-ci-robot [#10952]
-- `[DEPENDENCY]` The `gardener/ext-authz-server` image has been updated to `0.11.0`. [Release Notes](https://redirect.github.com/gardener/ext-authz-server/releases/tag/0.11.0) by @gardener-ci-robot [#10935]
-- `[DEVELOPER]` The `HVPA` CRD has been removed from the codebase and is no longer generated. by @plkokanov [#10921]
-## 📖 Documentation
-
-- `[OPERATOR]` Improve shoot credential rotation documentation. by @marc1404 [#10998]
-
-## Helm Charts
-- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.0`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.0`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.0`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.0`
-## Docker Images
-- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.0`
-- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.0`
-- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.0`
-- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.0`
-- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.0`
-- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.0`
-- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.0`
-- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.0`
-
-
-</details>
-
-<details>
-<summary><b>Update provider-openstack to <code>1.44.0</code></b></summary>
-
-# [gardener/gardener-extension-provider-openstack]
-
-## ⚠️ Breaking Changes
-
-- `[OPERATOR]` The Helm charts for the `application` and `runtime` parts of the gardener-extension-admission-openstack admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the `runtime` chart on the Garden runtime cluster, and the `application` chart on the virtual garden. Additionally, the intermediate `global` level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#901]
-## ✨ New Features
-
-- `[OPERATOR]` Adjustments for additional deployment of extension and admission controller on Garden runtime cluster by gardener-operator. by @MartinWeindel [#901]
-## 🐛 Bug Fixes
-
-- `[OPERATOR]` management of the router interface missed some of openstack's owner labels assigned to the routers network interface causing the infrastructure conciliation to fail due to dublicated router network interfaces by @crigertg [#917]
-## 🏃 Others
-
-- `[OPERATOR]` Update Cinder CSI `v1.30.1` -> `v1.31.2` for shoots on v1.31.x by @kon-angelo [#915]
-- `[OPERATOR]` Add `NamespacedCloudProfile` admission mutation and validation to support custom machine images and types. by @LucaBernstein [#911]
-- `[OPERATOR]` Update Cinder CSI `v1.30.1` -> `v1.30.2` for shoots on v1.30.x by @kon-angelo [#915]
-- `[USER]` Shoots with NodeLocalDNS enabled will use UDP instead of TCP for upstream DNS queries by default to avoid performance issues on OpenStack. by @domdom82 [#925]
-
-## Helm Charts
-- admission-openstack-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.44.0`
-- admission-openstack-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.44.0`
-- provider-openstack: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.44.0`
-## Docker Images
-- gardener-extension-admission-openstack: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.44.0`
-- gardener-extension-provider-openstack: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.44.0`
-
-
-</details>
-
-<details>
-<summary><b>Update provider-gcp to <code>1.41.0</code></b></summary>
-
-# [gardener/gardener-extension-provider-gcp]
-
-## ⚠️ Breaking Changes
-
-- `[OPERATOR]` `gardener-extension-admission-gcp` Helm chart has been removed. The admission can be deployed by applying `admission-gcp-application` and `admission-gcp-runtime` charts separately. With this change the `global` structure in Helm values of these charts has been removed. Still supported settings have been moved to other sections. by @oliver-goetz [#905]
-## ✨ New Features
-
-- `[OPERATOR]` The extension can now be deployed via `extensions.operator.gardener.cloud` CRD. by @oliver-goetz [#905]
-## 🏃 Others
-
-- `[DEPENDENCY]` Update go to version 1.23.3 by @hebelsan [#890]
-- `[DEPENDENCY]` Update csi-driver from v.15.0 to v.15.1 by @hebelsan [#907]
-- `[OPERATOR]` Add `NamespacedCloudProfile` admission mutation and validation to support custom machine images and types. by @LucaBernstein [#918]
-- `[OPERATOR]` Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#885]
-- `[OPERATOR]` Create bastion vm from the info provided in the cloud profile bastion section by @hebelsan [#826]
-- `[DEVELOPER]` Add gosec as sast makefile target by @hebelsan [#892]
-
-## Helm Charts
-- admission-gcp-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-application:v1.41.0`
-- admission-gcp-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-runtime:v1.41.0`
-- provider-gcp: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-gcp:v1.41.0`
-## Docker Images
-- gardener-extension-admission-gcp: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-gcp:v1.41.0`
-- gardener-extension-provider-gcp: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-gcp:v1.41.0`
-
-
-</details>
-
-<details>
-<summary><b>Update provider-alicloud to <code>1.56.0</code></b></summary>
-
-# [gardener/gardener-extension-provider-alicloud]
-
-## 🏃 Others
-
-- `[OPERATOR]` Alicloud Cloud Controller Manager is updated to v2.10.0 by @kevin-lacoo [#745]
-- `[OPERATOR]` The CIDR blocks used for shoot egress will now be provided via the status of the shoot's infrastructure-resource by @kevin-lacoo [#740]
-
-## Helm Charts
-- admission-alicloud-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-application:v1.56.0`
-- admission-alicloud-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-runtime:v1.56.0`
-- provider-alicloud: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-alicloud:v1.56.0`
-## Docker Images
-- gardener-extension-admission-alicloud: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.56.0`
-- gardener-extension-provider-alicloud: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.56.0`
-
-
-</details>
-
-<details>
-<summary><b>Update gardener-webterminal to <code>0.33.0</code></b></summary>
-
-# [gardener/terminal-controller-manager]
-
-## 🏃 Others
-
-- `[OPERATOR]` The component name is changed from `terminal` to `terminal-controller-manager`. by @ialidzhikov [#294]
-- `[OPERATOR]` Helm Chart: The `terminal-controller-manager-config` `volumeMount` is set to `readOnly` on the deployment by @petersutter [#289]
-
-## Docker Images
-- terminal-controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.33.0`
-
-
-</details>
-
-<details>
-<summary><b>Update gardener-webterminal to <code>0.33.0</code></b></summary>
-
-# [gardener/terminal-controller-manager]
-
-## 🏃 Others
-
-- `[OPERATOR]` The component name is changed from `terminal` to `terminal-controller-manager`. by @ialidzhikov [#294]
-- `[OPERATOR]` Helm Chart: The `terminal-controller-manager-config` `volumeMount` is set to `readOnly` on the deployment by @petersutter [#289]
-
-## Docker Images
-- terminal-controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.33.0`
-
-
-</details>
diff --git a/docs/release-notes/v1.109.md b/docs/release-notes/v1.109.md
new file mode 100644
index 00000000000..5f7eeede58e
--- /dev/null
+++ b/docs/release-notes/v1.109.md
@@ -0,0 +1,1240 @@
+---
+hide_table_of_contents: true
+---
+
+# Release Notes v1.109
+
+## Yake release notes and upgrade guide
+
+## Related upstream release notes / changelogs
+
+
+<details>
+<summary><b>Update external-dns-management to <code>0.22.1</code></b></summary>
+
+# [gardener/external-dns-management]
+
+## 📰 Noteworthy
+
+- `[OPERATOR]` `gosec` was introduced for Static Application Security Testing (SAST). by @MartinWeindel [#394]
+## 🏃 Others
+
+- `[OPERATOR]` Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [#398]
+
+## Helm Charts
+- dns-controller-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.22.1`
+## Docker Images
+- dns-controller-manager: `europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.22.1`
+
+
+</details>
+
+<details>
+<summary><b>Update shoot-dns-service to <code>1.54.0</code></b></summary>
+
+# [gardener/gardener-extension-shoot-dns-service]
+
+## 🏃 Others
+
+- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.107.0 to 1.108.0. by @dependabot[bot] [#399]
+- `[OPERATOR]` Reduce default values for resource utilisation of shoot-dns-service controller in the control plane. by @MartinWeindel [#392]
+- `[OPERATOR]` `gosec` was introduced for Static Application Security Testing (SAST). by @MartinWeindel [#387]
+- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.105.0 to 1.106.0. by @dependabot[bot] [#390]
+- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.106.0 to 1.107.0. by @dependabot[bot] [#394]
+# [gardener/external-dns-management]
+
+## 📰 Noteworthy
+
+- `[OPERATOR]` `gosec` was introduced for Static Application Security Testing (SAST). by @MartinWeindel [gardener/external-dns-management#394]
+## 🏃 Others
+
+- `[OPERATOR]` Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [gardener/external-dns-management#398]
+
+## Helm Charts
+- admission-shoot-dns-service-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-application:v1.54.0`
+- admission-shoot-dns-service-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-runtime:v1.54.0`
+- shoot-dns-service: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-dns-service:v1.54.0`
+## Docker Images
+- gardener-extension-admission-shoot-dns-service: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.54.0`
+- gardener-extension-shoot-dns-service: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.54.0`
+
+
+</details>
+
+<details>
+<summary><b>Update shoot-flux to <code>0.11.0</code></b></summary>
+
+## What's Changed
+* Bump gardener to `v1.105.3` by @Duciwuci in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/119
+
+
+**Full Changelog**: https://github.com/stackitcloud/gardener-extension-shoot-flux/compare/v0.10.0...v0.11.0
+
+</details>
+
+<details>
+<summary><b>Update shoot-cert-service to <code>1.46.0</code></b></summary>
+
+# [gardener/gardener-extension-shoot-cert-service]
+
+## 🏃 Others
+
+- `[OPERATOR]` Reduce default values for resource utilisation of cert-management controller in the control plane. by @MartinWeindel [#308]
+- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.106.0 to 1.107.0. by @dependabot[bot] [#310]
+- `[OPERATOR]` Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [#311]
+- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.105.0 to 1.106.0. by @dependabot[bot] [#306]
+- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.107.0 to 1.108.0. by @dependabot[bot] [#315]
+
+## Helm Charts
+- shoot-cert-service: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-cert-service:v1.46.0`
+## Docker Images
+- gardener-extension-shoot-cert-service: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.46.0`
+
+
+</details>
+
+<details>
+<summary><b>Update backup-s3 to <code>0.7.0</code></b></summary>
+
+## General Changes
+* Revendor g/g v1.100 (https://github.com/metal-stack/gardener-extension-backup-s3/pull/11) @Gerrit91 
+
+
+</details>
+
+<details>
+<summary><b>Update cloudprofiles to <code>0.7.20</code></b></summary>
+
+**Full Changelog**: https://github.com/gardener-community/cloudprofiles/compare/0.7.19...0.7.20
+
+</details>
+
+<details>
+<summary><b>Update provider-azure to <code>1.49.0</code></b></summary>
+
+# [gardener/gardener-extension-provider-azure]
+
+## ⚠️ Breaking Changes
+
+- `[USER]` Deprecate DNSRecordConfig object. Please configure the target Azure management API via the provided secret by @kon-angelo [#1018]
+## ✨ New Features
+
+- `[USER]` Enable extra-create-metadata in csi-provisioner. by @kon-angelo [#1008]
+## 🏃 Others
+
+- `[DEPENDENCY]` Update go to version 1.23.3 by @hebelsan [#1005]
+- `[DEPENDENCY]` Update gardener/gardener to v1.108.0 by @hebelsan [#1014]
+- `[OPERATOR]` Create bastion vm from the info provided in the cloud profile bastion section by @hebelsan [#948]
+- `[OPERATOR]` Fix an issue where the subnet name was not calculated correctly in the migration to multi-subnet setup by @kon-angelo [#1004]
+- `[OPERATOR]` Updating CSI driver provisioner ClusterRole rules by @hebelsan [#988]
+- `[OPERATOR]` Remove outdated "Basic" SKU loadbalancer migration documentation. by @kon-angelo [#1017]
+- `[OPERATOR]` Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#998]
+- `[OPERATOR]` Add `NamespacedCloudProfile` admission mutation and validation to support custom machine images and types. by @LucaBernstein [#1016]
+- `[OPERATOR]` Added validation to prevent IPv6-only/dual-stack clusters as they are not supported, yet. by @ScheererJ [#993]
+- `[DEVELOPER]` Add gosec as sast makefile target by @hebelsan [#1006]
+- `[DEVELOPER]` Update gardener/gardener to v1.105.0 by @hebelsan [#989]
+
+## Helm Charts
+- admission-azure-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.49.0`
+- admission-azure-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.49.0`
+- provider-azure: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.49.0`
+## Docker Images
+- gardener-extension-admission-azure: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.49.0`
+- gardener-extension-provider-azure: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.49.0`
+
+
+</details>
+
+<details>
+<summary><b>Update provider-openstack to <code>1.43.0</code></b></summary>
+
+# [gardener/gardener-extension-provider-openstack]
+
+## ⚠️ Breaking Changes
+
+- `[OPERATOR]` Deprecated configuring bastion via helm chart config map by @hebelsan [#838]
+## 📰 Noteworthy
+
+- `[OPERATOR]` Added support for configuring bastion vm from CloudProfile's bastion section by @hebelsan [#838]
+## 🏃 Others
+
+- `[DEPENDENCY]` Add gosec as sast makefile target by @hebelsan [#902]
+- `[DEPENDENCY]` Update go to version 1.23.3 by @hebelsan [#900]
+- `[OPERATOR]` Fix an issue where provider-openstack required permissions for share network operations even when not required by the `InfrastructureConfig`. by @kon-angelo [#885]
+- `[OPERATOR]` Update gardener/gardener to v1.107.0 by @hebelsan [#896]
+- `[OPERATOR]` Fix an issue where the deletion with the flow reconciler would fail if the network was already deleted. by @kon-angelo [#898]
+- `[OPERATOR]` Added validation to prevent IPv6-only/dual-stack clusters as they are not supported, yet. by @ScheererJ [#886]
+- `[OPERATOR]` Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#895]
+- `[OPERATOR]` Fix possible nil-pointer deref when looking for networks. during reconciliation by @AndreasBurger [#879]
+- `[OPERATOR]` subnet overlapping, missing expected router and Policy doesn't allow .* to be performed errors are now non-retryable user errors. by @RadaBDimitrova [#894]
+- `[OPERATOR]` Updating CSI driver provisioner ClusterRole rules by @hebelsan [#880]
+- `[DEVELOPER]` Update gardener/gardener to v1.105.0 by @hebelsan [#881]
+
+## Helm Charts
+- admission-openstack-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.43.0`
+- admission-openstack-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.43.0`
+- provider-openstack: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.43.0`
+## Docker Images
+- gardener-extension-admission-openstack: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.43.0`
+- gardener-extension-provider-openstack: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.43.0`
+
+
+</details>
+
+<details>
+<summary><b>Update os-ubuntu to <code>1.26.0</code></b></summary>
+
+# [gardener/gardener-extension-os-ubuntu]
+
+## ⚠️ Breaking Changes
+
+- `[OPERATOR]` This extension is no longer able to run with Gardener versions lower than `v1.90` when the `UseGardenerNodeAgent` feature gate is disabled. by @rfranzke [#126]
+## ✨ New Features
+
+- `[OPERATOR]` Helm charts of extension and admission controller are published as OCI artifacts now. by @oliver-goetz [#143]
+## 🏃 Others
+
+- `[DEVELOPER]` The `vendor` directory was removed in favor of the `go mod cache`. by @LucaBernstein [#133]
+- `[DEVELOPER]` Static Application Security Testing (sast) with `gosec` got enabled on this repository. by @MrBatschner [#163]
+
+## Helm Charts
+- os-ubuntu: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-ubuntu:v1.26.0`
+## Docker Images
+- gardener-extension-os-ubuntu: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-ubuntu:v1.26.0`
+
+
+</details>
+
+<details>
+<summary><b>Update gardener-controlplane to <code>1.108.1</code></b></summary>
+
+# [gardener/gardener]
+
+## 🐛 Bug Fixes
+
+- `[OPERATOR]` The `seed.gardener.cloud/eu-access=true` label (in `CloudProfile`s and `Seeds`) or seed selector (in `Shoot`s) is no longer removed when the `eu-access-only` restriction is removed from the `.spec.accessRestrictions[]` field. Similarly, the `support.gardener.cloud/eu-access-for-cluster-{addons,nodes}` annotations in `Shoot`s are no longer removed when they are removed from the `.spec.accessRestrictions[].options` field. by @rfranzke [#10885]
+
+## Helm Charts
+- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.108.1`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.108.1`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.108.1`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.108.1`
+## Docker Images
+- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.108.1`
+- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.108.1`
+- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.108.1`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.108.1`
+- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.108.1`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.108.1`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.108.1`
+- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.108.1`
+
+
+</details>
+
+<details>
+<summary><b>Update gardener-controlplane to <code>1.108.1</code></b></summary>
+
+# [gardener/gardener]
+
+## 🐛 Bug Fixes
+
+- `[OPERATOR]` The `seed.gardener.cloud/eu-access=true` label (in `CloudProfile`s and `Seeds`) or seed selector (in `Shoot`s) is no longer removed when the `eu-access-only` restriction is removed from the `.spec.accessRestrictions[]` field. Similarly, the `support.gardener.cloud/eu-access-for-cluster-{addons,nodes}` annotations in `Shoot`s are no longer removed when they are removed from the `.spec.accessRestrictions[].options` field. by @rfranzke [#10885]
+
+## Helm Charts
+- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.108.1`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.108.1`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.108.1`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.108.1`
+## Docker Images
+- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.108.1`
+- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.108.1`
+- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.108.1`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.108.1`
+- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.108.1`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.108.1`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.108.1`
+- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.108.1`
+
+
+</details>
+
+<details>
+<summary><b>Update gardenlet to <code>1.108.1</code></b></summary>
+
+# [gardener/gardener]
+
+## 🐛 Bug Fixes
+
+- `[OPERATOR]` The `seed.gardener.cloud/eu-access=true` label (in `CloudProfile`s and `Seeds`) or seed selector (in `Shoot`s) is no longer removed when the `eu-access-only` restriction is removed from the `.spec.accessRestrictions[]` field. Similarly, the `support.gardener.cloud/eu-access-for-cluster-{addons,nodes}` annotations in `Shoot`s are no longer removed when they are removed from the `.spec.accessRestrictions[].options` field. by @rfranzke [#10885]
+
+## Helm Charts
+- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.108.1`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.108.1`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.108.1`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.108.1`
+## Docker Images
+- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.108.1`
+- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.108.1`
+- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.108.1`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.108.1`
+- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.108.1`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.108.1`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.108.1`
+- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.108.1`
+
+
+</details>
+
+<details>
+<summary><b>Update shoot-oidc-service to <code>0.29.0</code></b></summary>
+
+# [gardener/oidc-webhook-authenticator]
+
+## 🏃 Others
+
+- `[OPERATOR]` OWA is now built using go version 1.23.3. by @dimityrmirchev [gardener/oidc-webhook-authenticator#167]
+- `[DEVELOPER]` `gosec` is made available for SAST(static application security testing), it can be run with `make sast` or `make sast-report`.  by @vpnachev [gardener/oidc-webhook-authenticator#165]
+# [gardener/gardener-extension-shoot-oidc-service]
+
+## ⚠️ Breaking Changes
+
+- `[OPERATOR]` The type of the `imageVectorOverwrite` helm chart value is changed from string to object. by @dimityrmirchev [#251]
+## 🏃 Others
+
+- `[OPERATOR]` The following dependencies have been updated:  
+  - github.com/gardener/gardener v1.105.0 -> v1.106.0  
+  - k8s.io/api v0.29.8 -> v0.31.1  
+  - k8s.io/apimachinery v0.29.9 -> v0.31.1  
+  - k8s.io/client-go v0.29.9 -> v0.31.1  
+  - k8s.io/code-generator v0.29.9 -> v0.31.1  
+  - k8s.io/component-base v0.29.9 -> v0.31.1  
+  - sigs.k8s.io/controller-runtime v0.17.6 -> v0.19.0 by @vpnachev [#248]
+- `[DEVELOPER]` `gosec` is made available for SAST(static application security testing), it can be run with `make sast` or `make sast-report`, but is also incorporated in the `verify` and `verify-extended` makefile targets.  by @vpnachev [#248]
+## 📖 Documentation
+
+- `[USER]` Documentation now clarifies when Structured Authentication should be preferred over the Gardener OIDC extension. by @dimityrmirchev [#259]
+
+## Helm Charts
+- shoot-oidc-service: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.29.0`
+## Docker Images
+- gardener-extension-shoot-oidc-service: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.29.0`
+
+
+</details>
+
+<details>
+<summary><b>Update os-gardenlinux to <code>0.25.0</code></b></summary>
+
+# [gardener/gardener-extension-os-gardenlinux]
+
+## ⚠️ Breaking Changes
+
+- `[OPERATOR]` This extension is no longer able to run with Gardener versions lower than `v1.90` when the `UseGardenerNodeAgent` feature gate is disabled. by @rfranzke [#161]
+## ✨ New Features
+
+- `[OPERATOR]` Helm charts of extension and admission controller are published as OCI artifacts now. by @oliver-goetz [#188]
+## 🏃 Others
+
+- `[DEVELOPER]` Static Application Security Testing (sast) with `gosec` got enabled on this repository. by @MrBatschner [#212]
+- `[DEVELOPER]` The `vendor` directory was removed in favor of the `go mod cache`. by @timuthy [#170]
+- `[OPERATOR]` The cgroup drivers for containerd and kubelet are no longer configured through scripts that are run through `ExecStartPre` but instead through a mutating webhook that modifies the cgroup driver in the OSC. The cgroup driver always gets set to `systemd`. by @MrBatschner [#169]
+
+## Helm Charts
+- os-gardenlinux: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.25.0`
+## Docker Images
+- gardener-extension-os-gardenlinux: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.25.0`
+
+
+</details>
+
+<details>
+<summary><b>Update os-ubuntu to <code>1.27.0</code></b></summary>
+
+no release notes available
+
+## Helm Charts
+- os-ubuntu: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-ubuntu:v1.27.0`
+## Docker Images
+- gardener-extension-os-ubuntu: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-ubuntu:v1.27.0`
+
+
+</details>
+
+<details>
+<summary><b>Update runtime-gvisor to <code>0.16.0</code></b></summary>
+
+# [gardener/gardener-extension-runtime-gvisor]
+
+## 🏃 Others
+
+- `[OPERATOR]` Introduce `providerConfig.configFlags` with `net-raw` as first supported flag to start gVisor with NET_RAW capability. by @Roncossek [#154]
+- `[OPERATOR]` Gardener libraries were updated to 1.103. by @MrBatschner [#150]
+- `[DEVELOPER]` Static Application Security Testing (sast) with `gosec` got enabled on this repository. by @MrBatschner [#155]
+
+## Helm Charts
+- runtime-gvisor: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/runtime-gvisor:v0.16.0`
+## Docker Images
+- gardener-extension-runtime-gvisor-installation: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor-installation:v0.16.0`
+- gardener-extension-runtime-gvisor: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor:v0.16.0`
+
+
+</details>
+
+<details>
+<summary><b>Update shoot-flux to <code>0.12.0</code></b></summary>
+
+## What's Changed
+* Do nothing when cluster is hibernated by @maboehm in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/122
+* 🤖 Update module github.com/onsi/ginkgo/v2 to v2.22.0 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/120
+* 🤖 Update module github.com/onsi/gomega to v1.36.0 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/121
+* 🤖 Update k8s.io/utils digest to 6fe5fd8 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/111
+* 🤖 Update dependency go to v1.23.3 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/118
+* 🤖 Update module golang.org/x/tools to v0.27.0 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/116
+* 🤖 Update fluxcd (minor) by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/107
+
+
+**Full Changelog**: https://github.com/stackitcloud/gardener-extension-shoot-flux/compare/v0.11.0...v0.12.0
+
+</details>
+
+<details>
+<summary><b>Update networking-calico to <code>1.44.0</code></b></summary>
+
+# [gardener/gardener-extension-networking-calico]
+
+## 🏃 Others
+
+- `[OPERATOR]` `gosec` was introduced for Static Application Security Testing (SAST). by @ScheererJ [#503]
+- `[OPERATOR]` Correct iptable backend and iptable rule are set for IPv6 shoot clusters when running with node-local-dns. by @DockToFuture [#506]
+- `[OPERATOR]` Generate dual-stack configuration. by @axel7born [#512]
+
+## Helm Charts
+- admission-calico-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.44.0`
+- admission-calico-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.44.0`
+- networking-calico: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.44.0`
+## Docker Images
+- gardener-extension-admission-calico: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.44.0`
+- gardener-extension-networking-calico: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.44.0`
+
+
+</details>
+
+<details>
+<summary><b>Update gardener-metrics-exporter to <code>0.31.0</code></b></summary>
+
+# [gardener/gardener-metrics-exporter]
+
+## 🏃 Others
+
+- `[USER]` Remove duplicated metrics from README by @Sinscerly [#110]
+- `[OPERATOR]` Add cost_object_type label to garden_shoot_info metric by @chrkl [#112]
+- `[OPERATOR]` Add `is_hibernated` to the `garden_shoot_info` metric by @Sinscerly [#107]
+- `[OPERATOR]` Add `technical_id` to `garden_shoot_.+` metrics by @robinschneider [#111]
+
+</details>
+
+<details>
+<summary><b>Update gardener-metrics-exporter to <code>0.31.0</code></b></summary>
+
+# [gardener/gardener-metrics-exporter]
+
+## 🏃 Others
+
+- `[USER]` Remove duplicated metrics from README by @Sinscerly [#110]
+- `[OPERATOR]` Add cost_object_type label to garden_shoot_info metric by @chrkl [#112]
+- `[OPERATOR]` Add `is_hibernated` to the `garden_shoot_info` metric by @Sinscerly [#107]
+- `[OPERATOR]` Add `technical_id` to `garden_shoot_.+` metrics by @robinschneider [#111]
+
+</details>
+
+<details>
+<summary><b>Update gardener-controlplane to <code>1.109.0</code></b></summary>
+
+# [gardener/gardener]
+
+## ⚠️ Breaking Changes
+
+- `[OPERATOR]` The HVPA autoscaling option (which is unconditionally disabled since v1.105.0) is removed from the `etcd` component. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10800]
+- `[OPERATOR]` The `Baseline` and `HVPA` autoscaling modes (which are unconditionally disabled since v1.105.0) are removed for `{gardener,kube}-apiserver`. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10796]
+- `[OPERATOR]` The deprecated and unconditionally disabled `HVPA` and `HVPAForShootedSeed` feature gates are removed. The GA-ed and unconditionally enabled `VPAForETCD` and `VPAAndHPAForAPIServer` features gates are removed. If you have references to the feature gates, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#10853]
+- `[DEVELOPER]` Rename the controlplane exposure webhook (`ExposureWebhookName`) to seed provider webhook (`SeedProviderWebhookName`). by @LucaBernstein [#10788]
+## 📰 Noteworthy
+
+- `[OPERATOR]` The `gardener-scheduler` was improved to consider reconciliation backoffs. In the past, unassigned shoots were affected by frequent scheduler reconciliations and status updates which potentially strained the scheduler and etcd. by @timuthy [#10821]
+- `[DEVELOPER]` extension library: Provider extensions should rename control plane exposure webhook related packages to seed provider to reflect the naming change on their side (for example rename `pkg/webhook/controlplaneexposure` to `pkg/webhook/seedprovider`). by @LucaBernstein [#10788]
+## ✨ New Features
+
+- `[OPERATOR]` `NodeAgentAuthorizer` feature gate was introduced. It allows a webhook based authorization of `gardener-node-agents` with reduced permissions.  
+  ❗ This feature gate requires changes in `machine-controller-manager-provider-*`. Please check that you run a supported version before activating it. ❗ by @oliver-goetz [#10781]
+- `[USER]` Allow dual-stack shoots creation. by @axel7born [#10803]
+- `[USER]` shoot spec.kubernetes.clusterAutoscaler: Add support for startupTaints and statusTaints by @dhague [#10858]
+## 🐛 Bug Fixes
+
+- `[USER]` Fixed a bug where SSH key rotations for `Shoot`s did not properly update the authorized keys on the worker nodes (hence, the new key was unusable until a node restart or rollout). by @tobschli [#10671]
+- `[USER]` On `Shoot` deletion, Gardener now properly skips certain validation checks that are only relevant for creations or updates of `Shoot` resources. by @rfranzke [#10902]
+- `[OPERATOR]` Fixed an error in `BackupBucket` reconciliation by replacing `StrategicMergePatch` with `MergePatch` to properly handle `runtime.RawExtension` fields. by @seshachalam-yv [#10904]
+## 🏃 Others
+
+- `[OPERATOR]` update alpine to get latest security fixes by @DockToFuture [#10922]
+- `[OPERATOR]` Add support for `node-local-dns` in dual-stack cluster. by @axel7born [#10891]
+- `[OPERATOR]` Add dual stack support for VPN. by @DockToFuture [#10767]
+- `[OPERATOR]` Fix kubelet CSRs to allow IPv6 addresses to be used by @kron4eg [#10876]
+- `[OPERATOR]` Add dashboard for VPA admission-controller by @voelzmo [#10741]
+- `[OPERATOR]` The HVPA component is removed. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @ialidzhikov [#10851]
+- `[OPERATOR]` Added validation for `issuerURL` in the OIDC configuration to reject URLs containing fragments. by @acumino [#10888]
+- `[OPERATOR]` The `gardener/dependency-watchdog` image has been updated to `v1.3.0`. [Release Notes](https://redirect.github.com/gardener/dependency-watchdog/releases/tag/v1.3.0) by @rishabh-11 [#10930]
+- `[OPERATOR]` Adapt `configure-admission.sh` for new extension releases with changed value names for Helm charts. by @MartinWeindel [#10877]
+- `[DEPENDENCY]` The `registry.k8s.io/cpa/cluster-proportional-autoscaler` image has been updated to `v1.9.0`. by @gardener-ci-robot [#10898]
+- `[DEPENDENCY]` The `gardener/autoscaler` image has been updated to `v1.30.1`. [Release Notes](https://redirect.github.com/gardener/autoscaler/releases/tag/v1.30.1) by @gardener-ci-robot [#10914]
+- `[DEPENDENCY]` The `gardener/vpn2` image has been updated to `0.30.0`. [Release Notes](https://redirect.github.com/gardener/vpn2/releases/tag/0.30.0) by @gardener-ci-robot [#10872]
+- `[DEPENDENCY]` The `registry.k8s.io/coredns/coredns` image has been updated to `v1.11.4`. by @gardener-ci-robot [#10856]
+- `[DEPENDENCY]` The `gardener/gardener-discovery-server` image has been updated to `v0.3.0`. [Release Notes](https://redirect.github.com/gardener/gardener-discovery-server/releases/tag/v0.3.0) by @gardener-ci-robot [#10849]
+- `[DEPENDENCY]` The `gardener/etcd-druid` image has been updated to `v0.25.0`. [Release Notes](https://redirect.github.com/gardener/etcd-druid/releases/tag/v0.25.0) by @gardener-ci-robot [#10932]
+- `[DEPENDENCY]` The `gardener/machine-controller-manager` image has been updated to `v0.55.0`. [Release Notes](https://redirect.github.com/gardener/machine-controller-manager/releases/tag/v0.55.0) by @rishabh-11 [#10908]
+
+## Helm Charts
+- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.109.0`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.109.0`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.109.0`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.109.0`
+## Docker Images
+- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.109.0`
+- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.109.0`
+- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.109.0`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.109.0`
+- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.109.0`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.109.0`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.109.0`
+- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.109.0`
+
+
+</details>
+
+<details>
+<summary><b>Update gardener-controlplane to <code>1.109.0</code></b></summary>
+
+# [gardener/gardener]
+
+## ⚠️ Breaking Changes
+
+- `[OPERATOR]` The HVPA autoscaling option (which is unconditionally disabled since v1.105.0) is removed from the `etcd` component. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10800]
+- `[OPERATOR]` The `Baseline` and `HVPA` autoscaling modes (which are unconditionally disabled since v1.105.0) are removed for `{gardener,kube}-apiserver`. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10796]
+- `[OPERATOR]` The deprecated and unconditionally disabled `HVPA` and `HVPAForShootedSeed` feature gates are removed. The GA-ed and unconditionally enabled `VPAForETCD` and `VPAAndHPAForAPIServer` features gates are removed. If you have references to the feature gates, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#10853]
+- `[DEVELOPER]` Rename the controlplane exposure webhook (`ExposureWebhookName`) to seed provider webhook (`SeedProviderWebhookName`). by @LucaBernstein [#10788]
+## 📰 Noteworthy
+
+- `[OPERATOR]` The `gardener-scheduler` was improved to consider reconciliation backoffs. In the past, unassigned shoots were affected by frequent scheduler reconciliations and status updates which potentially strained the scheduler and etcd. by @timuthy [#10821]
+- `[DEVELOPER]` extension library: Provider extensions should rename control plane exposure webhook related packages to seed provider to reflect the naming change on their side (for example rename `pkg/webhook/controlplaneexposure` to `pkg/webhook/seedprovider`). by @LucaBernstein [#10788]
+## ✨ New Features
+
+- `[OPERATOR]` `NodeAgentAuthorizer` feature gate was introduced. It allows a webhook based authorization of `gardener-node-agents` with reduced permissions.  
+  ❗ This feature gate requires changes in `machine-controller-manager-provider-*`. Please check that you run a supported version before activating it. ❗ by @oliver-goetz [#10781]
+- `[USER]` Allow dual-stack shoots creation. by @axel7born [#10803]
+- `[USER]` shoot spec.kubernetes.clusterAutoscaler: Add support for startupTaints and statusTaints by @dhague [#10858]
+## 🐛 Bug Fixes
+
+- `[USER]` Fixed a bug where SSH key rotations for `Shoot`s did not properly update the authorized keys on the worker nodes (hence, the new key was unusable until a node restart or rollout). by @tobschli [#10671]
+- `[USER]` On `Shoot` deletion, Gardener now properly skips certain validation checks that are only relevant for creations or updates of `Shoot` resources. by @rfranzke [#10902]
+- `[OPERATOR]` Fixed an error in `BackupBucket` reconciliation by replacing `StrategicMergePatch` with `MergePatch` to properly handle `runtime.RawExtension` fields. by @seshachalam-yv [#10904]
+## 🏃 Others
+
+- `[OPERATOR]` update alpine to get latest security fixes by @DockToFuture [#10922]
+- `[OPERATOR]` Add support for `node-local-dns` in dual-stack cluster. by @axel7born [#10891]
+- `[OPERATOR]` Add dual stack support for VPN. by @DockToFuture [#10767]
+- `[OPERATOR]` Fix kubelet CSRs to allow IPv6 addresses to be used by @kron4eg [#10876]
+- `[OPERATOR]` Add dashboard for VPA admission-controller by @voelzmo [#10741]
+- `[OPERATOR]` The HVPA component is removed. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @ialidzhikov [#10851]
+- `[OPERATOR]` Added validation for `issuerURL` in the OIDC configuration to reject URLs containing fragments. by @acumino [#10888]
+- `[OPERATOR]` The `gardener/dependency-watchdog` image has been updated to `v1.3.0`. [Release Notes](https://redirect.github.com/gardener/dependency-watchdog/releases/tag/v1.3.0) by @rishabh-11 [#10930]
+- `[OPERATOR]` Adapt `configure-admission.sh` for new extension releases with changed value names for Helm charts. by @MartinWeindel [#10877]
+- `[DEPENDENCY]` The `registry.k8s.io/cpa/cluster-proportional-autoscaler` image has been updated to `v1.9.0`. by @gardener-ci-robot [#10898]
+- `[DEPENDENCY]` The `gardener/autoscaler` image has been updated to `v1.30.1`. [Release Notes](https://redirect.github.com/gardener/autoscaler/releases/tag/v1.30.1) by @gardener-ci-robot [#10914]
+- `[DEPENDENCY]` The `gardener/vpn2` image has been updated to `0.30.0`. [Release Notes](https://redirect.github.com/gardener/vpn2/releases/tag/0.30.0) by @gardener-ci-robot [#10872]
+- `[DEPENDENCY]` The `registry.k8s.io/coredns/coredns` image has been updated to `v1.11.4`. by @gardener-ci-robot [#10856]
+- `[DEPENDENCY]` The `gardener/gardener-discovery-server` image has been updated to `v0.3.0`. [Release Notes](https://redirect.github.com/gardener/gardener-discovery-server/releases/tag/v0.3.0) by @gardener-ci-robot [#10849]
+- `[DEPENDENCY]` The `gardener/etcd-druid` image has been updated to `v0.25.0`. [Release Notes](https://redirect.github.com/gardener/etcd-druid/releases/tag/v0.25.0) by @gardener-ci-robot [#10932]
+- `[DEPENDENCY]` The `gardener/machine-controller-manager` image has been updated to `v0.55.0`. [Release Notes](https://redirect.github.com/gardener/machine-controller-manager/releases/tag/v0.55.0) by @rishabh-11 [#10908]
+
+## Helm Charts
+- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.109.0`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.109.0`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.109.0`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.109.0`
+## Docker Images
+- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.109.0`
+- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.109.0`
+- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.109.0`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.109.0`
+- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.109.0`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.109.0`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.109.0`
+- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.109.0`
+
+
+</details>
+
+<details>
+<summary><b>Update gardenlet to <code>1.109.0</code></b></summary>
+
+# [gardener/gardener]
+
+## ⚠️ Breaking Changes
+
+- `[OPERATOR]` The HVPA autoscaling option (which is unconditionally disabled since v1.105.0) is removed from the `etcd` component. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10800]
+- `[OPERATOR]` The `Baseline` and `HVPA` autoscaling modes (which are unconditionally disabled since v1.105.0) are removed for `{gardener,kube}-apiserver`. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10796]
+- `[OPERATOR]` The deprecated and unconditionally disabled `HVPA` and `HVPAForShootedSeed` feature gates are removed. The GA-ed and unconditionally enabled `VPAForETCD` and `VPAAndHPAForAPIServer` features gates are removed. If you have references to the feature gates, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#10853]
+- `[DEVELOPER]` Rename the controlplane exposure webhook (`ExposureWebhookName`) to seed provider webhook (`SeedProviderWebhookName`). by @LucaBernstein [#10788]
+## 📰 Noteworthy
+
+- `[OPERATOR]` The `gardener-scheduler` was improved to consider reconciliation backoffs. In the past, unassigned shoots were affected by frequent scheduler reconciliations and status updates which potentially strained the scheduler and etcd. by @timuthy [#10821]
+- `[DEVELOPER]` extension library: Provider extensions should rename control plane exposure webhook related packages to seed provider to reflect the naming change on their side (for example rename `pkg/webhook/controlplaneexposure` to `pkg/webhook/seedprovider`). by @LucaBernstein [#10788]
+## ✨ New Features
+
+- `[OPERATOR]` `NodeAgentAuthorizer` feature gate was introduced. It allows a webhook based authorization of `gardener-node-agents` with reduced permissions.  
+  ❗ This feature gate requires changes in `machine-controller-manager-provider-*`. Please check that you run a supported version before activating it. ❗ by @oliver-goetz [#10781]
+- `[USER]` Allow dual-stack shoots creation. by @axel7born [#10803]
+- `[USER]` shoot spec.kubernetes.clusterAutoscaler: Add support for startupTaints and statusTaints by @dhague [#10858]
+## 🐛 Bug Fixes
+
+- `[USER]` Fixed a bug where SSH key rotations for `Shoot`s did not properly update the authorized keys on the worker nodes (hence, the new key was unusable until a node restart or rollout). by @tobschli [#10671]
+- `[USER]` On `Shoot` deletion, Gardener now properly skips certain validation checks that are only relevant for creations or updates of `Shoot` resources. by @rfranzke [#10902]
+- `[OPERATOR]` Fixed an error in `BackupBucket` reconciliation by replacing `StrategicMergePatch` with `MergePatch` to properly handle `runtime.RawExtension` fields. by @seshachalam-yv [#10904]
+## 🏃 Others
+
+- `[OPERATOR]` update alpine to get latest security fixes by @DockToFuture [#10922]
+- `[OPERATOR]` Add support for `node-local-dns` in dual-stack cluster. by @axel7born [#10891]
+- `[OPERATOR]` Add dual stack support for VPN. by @DockToFuture [#10767]
+- `[OPERATOR]` Fix kubelet CSRs to allow IPv6 addresses to be used by @kron4eg [#10876]
+- `[OPERATOR]` Add dashboard for VPA admission-controller by @voelzmo [#10741]
+- `[OPERATOR]` The HVPA component is removed. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @ialidzhikov [#10851]
+- `[OPERATOR]` Added validation for `issuerURL` in the OIDC configuration to reject URLs containing fragments. by @acumino [#10888]
+- `[OPERATOR]` The `gardener/dependency-watchdog` image has been updated to `v1.3.0`. [Release Notes](https://redirect.github.com/gardener/dependency-watchdog/releases/tag/v1.3.0) by @rishabh-11 [#10930]
+- `[OPERATOR]` Adapt `configure-admission.sh` for new extension releases with changed value names for Helm charts. by @MartinWeindel [#10877]
+- `[DEPENDENCY]` The `registry.k8s.io/cpa/cluster-proportional-autoscaler` image has been updated to `v1.9.0`. by @gardener-ci-robot [#10898]
+- `[DEPENDENCY]` The `gardener/autoscaler` image has been updated to `v1.30.1`. [Release Notes](https://redirect.github.com/gardener/autoscaler/releases/tag/v1.30.1) by @gardener-ci-robot [#10914]
+- `[DEPENDENCY]` The `gardener/vpn2` image has been updated to `0.30.0`. [Release Notes](https://redirect.github.com/gardener/vpn2/releases/tag/0.30.0) by @gardener-ci-robot [#10872]
+- `[DEPENDENCY]` The `registry.k8s.io/coredns/coredns` image has been updated to `v1.11.4`. by @gardener-ci-robot [#10856]
+- `[DEPENDENCY]` The `gardener/gardener-discovery-server` image has been updated to `v0.3.0`. [Release Notes](https://redirect.github.com/gardener/gardener-discovery-server/releases/tag/v0.3.0) by @gardener-ci-robot [#10849]
+- `[DEPENDENCY]` The `gardener/etcd-druid` image has been updated to `v0.25.0`. [Release Notes](https://redirect.github.com/gardener/etcd-druid/releases/tag/v0.25.0) by @gardener-ci-robot [#10932]
+- `[DEPENDENCY]` The `gardener/machine-controller-manager` image has been updated to `v0.55.0`. [Release Notes](https://redirect.github.com/gardener/machine-controller-manager/releases/tag/v0.55.0) by @rishabh-11 [#10908]
+
+## Helm Charts
+- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.109.0`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.109.0`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.109.0`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.109.0`
+## Docker Images
+- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.109.0`
+- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.109.0`
+- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.109.0`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.109.0`
+- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.109.0`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.109.0`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.109.0`
+- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.109.0`
+
+
+</details>
+
+<details>
+<summary><b>Update gardener-metrics-exporter to <code>0.32.0</code></b></summary>
+
+no release notes available
+
+</details>
+
+<details>
+<summary><b>Update gardener-metrics-exporter to <code>0.32.0</code></b></summary>
+
+no release notes available
+
+</details>
+
+<details>
+<summary><b>Update provider-aws to <code>1.59.0</code></b></summary>
+
+# [gardener/gardener-extension-provider-aws]
+
+## ⚠️ Breaking Changes
+
+- `[OPERATOR]` The Helm charts for the `application` and `runtime` parts of the gardener-extension-admission-aws admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the `runtime` chart on the Garden runtime cluster, and the `application` chart on the virtual garden. Additionally, the intermediate `global` level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#1100]
+## 📰 Noteworthy
+
+- `[DEVELOPER]` Updated AWS SDK from v1 to v2 by @AndreasBurger [#1060]
+## ✨ New Features
+
+- `[OPERATOR]` Adjustments for additional deployment of extension and admission controller on Garden runtime cluster by gardener-operator. by @MartinWeindel [#1100]
+- `[OPERATOR]` Support specification of extended resources in provider config node template without re-specifying core resources. by @elankath [#1010]
+## 🏃 Others
+
+- `[OPERATOR]` Fixed terraform deploy and integration tests for IPv6. by @axel7born [#1112]
+- `[OPERATOR]` update images of pause and alpine container by @hebelsan [#1101]
+- `[OPERATOR]` Add IPv4 ranges from Spec.Networking to Status.Networking. by @axel7born [#1094]
+- `[OPERATOR]` Filter pod ranges for IPv4 CIDRs to configure Custom-Route-Controller. by @axel7born [#1138]
+- `[OPERATOR]` Create bastion vm from the info provided in the cloud profile bastion section by @hebelsan [#1040]
+- `[OPERATOR]` Added validation to allow only IPv6-only shoot clusters, but not dual-stack as it is not supported, yet. by @ScheererJ [#1095]
+- `[OPERATOR]` Fixed an issue preventing the deployment of internal load balancers in IPv6-only shoots. by @axel7born [#1108]
+- `[OPERATOR]` Add `NamespacedCloudProfile` admission mutation and validation to support custom machine images and types. by @LucaBernstein [#1136]
+- `[OPERATOR]` Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#1117]
+- `[OPERATOR]` Fix an issue where the "0.0.0.0/0" route creation would fail if the nat-gateway was previously deleted. by @kon-angelo [#1111]
+- `[OPERATOR]` Update gardener to v1.106.1 by @hebelsan [#1110]
+- `[OPERATOR]` Dual-stack networking, i.e. networks with IPv4 and IPv6, are allowed now. by @ScheererJ [#1139]
+- `[OPERATOR]` AWS load balancers controller is always enabled for IPv6-only and dual-stack shoot clusters. by @ScheererJ [#1099]
+- `[OPERATOR]` Harmonize logging output from controller-runtime logger and kubernetes logger. by @DockToFuture [#1105]
+- `[OPERATOR]` `gosec` was introduced for Static Application Security Testing (SAST). by @DockToFuture [#1105]
+- `[DEPENDENCY]` Update go to version 1.23.3 by @hebelsan [#1121]
+- `[DEVELOPER]` Add gosec as sast makefile target by @hebelsan [#1123]
+## 📖 Documentation
+
+- `[USER]` Add overview documentation for IPv6 by @ScheererJ [#1143]
+# [gardener/aws-custom-route-controller]
+
+## ✨ New Features
+
+- `[USER]` `gosec` was introduced for Static Application Security Testing (SAST). by @ScheererJ [gardener/aws-custom-route-controller#34]
+- `[USER]` Update sdk version to v2 by @kon-angelo [gardener/aws-custom-route-controller#48]
+- `[USER]` The `aws-custom-route-controller` only adds node routes for IPv4 pod CIDR ranges and does not interfere with IPv6 routes. by @DockToFuture [gardener/aws-custom-route-controller#43]
+## 🏃 Others
+
+- `[OPERATOR]` Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [gardener/aws-custom-route-controller#44]
+- `[OPERATOR]` Bumps golang from 1.23.1 to 1.23.2. by @dependabot[bot] [gardener/aws-custom-route-controller#33]
+
+</details>
+
+<details>
+<summary><b>Update gardener-metrics-exporter to <code>0.33.0</code></b></summary>
+
+no release notes available
+
+## Docker Images
+- metrics-exporter: `europe-docker.pkg.dev/gardener-project/releases/gardener/metrics-exporter:0.33.0`
+
+
+</details>
+
+<details>
+<summary><b>Update gardener-metrics-exporter to <code>0.33.0</code></b></summary>
+
+no release notes available
+
+## Docker Images
+- metrics-exporter: `europe-docker.pkg.dev/gardener-project/releases/gardener/metrics-exporter:0.33.0`
+
+
+</details>
+
+<details>
+<summary><b>Update cert-management to <code>0.17.0</code></b></summary>
+
+# [gardener/cert-management]
+
+## ✨ New Features
+
+- `[USER]` Introduce the new Issuer type `SelfSigned` for creating self-signed certificates. by @RaphaelVogel [#228]
+- `[USER]` The certificate resource can now define a duration (the lifetime of the certificate). The issuer (especially Let's Encrypt) may ignore this field. by @marc1404 [#354]
+## 🐛 Bug Fixes
+
+- `[OPERATOR]` Cleanup status for orphan pending certificate resources by @MartinWeindel [#367]
+## 🏃 Others
+
+- `[DEVELOPER]` Use Pebble as an ACME server in the integration tests. by @marc1404 [#339]
+
+## Helm Charts
+- cert-controller-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/cert-controller-manager:v0.17.0`
+## Docker Images
+- cert-management: `europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.17.0`
+
+
+</details>
+
+<details>
+<summary><b>Update os-gardenlinux to <code>0.26.0</code></b></summary>
+
+# [gardener/gardener-extension-os-gardenlinux]
+
+## 🏃 Others
+
+- `[OPERATOR]` Adds an override.conf containerd dropin file to set LimitMEMLOCK and LimitNOFILE by @Roncossek [#214]
+
+## Helm Charts
+- os-gardenlinux: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.26.0`
+## Docker Images
+- gardener-extension-os-gardenlinux: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.26.0`
+
+
+</details>
+
+<details>
+<summary><b>Update networking-cilium to <code>1.38.0</code></b></summary>
+
+# [gardener/gardener-extension-networking-cilium]
+
+## 🏃 Others
+
+- `[OPERATOR]` IPv6 support is added to cilium extension for gardener shoot clusters. by @DockToFuture [#421]
+- `[OPERATOR]` `gosec` was introduced for Static Application Security Testing (SAST). by @ScheererJ [#420]
+
+## Helm Charts
+- admission-cilium-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.38.0`
+- admission-cilium-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.38.0`
+- networking-cilium: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.38.0`
+## Docker Images
+- gardener-extension-admission-cilium: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.38.0`
+- gardener-extension-networking-cilium: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.38.0`
+
+
+</details>
+
+<details>
+<summary><b>Update cert-management to <code>0.17.1</code></b></summary>
+
+# [gardener/cert-management]
+
+## 🐛 Bug Fixes
+
+- `[OPERATOR]` Fix panic if target issuer referenced but not allowed by @MartinWeindel [#371]
+
+## Helm Charts
+- cert-controller-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/cert-controller-manager:v0.17.1`
+## Docker Images
+- cert-management: `europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.17.1`
+
+
+</details>
+
+<details>
+<summary><b>Update shoot-cert-service to <code>1.47.0</code></b></summary>
+
+# [gardener/cert-management]
+
+## ✨ New Features
+
+- `[USER]` Introduce the new Issuer type `SelfSigned` for creating self-signed certificates. by @RaphaelVogel [gardener/cert-management#228]
+- `[USER]` The certificate resource can now define a duration (the lifetime of the certificate). The issuer (especially Let's Encrypt) may ignore this field. by @marc1404 [gardener/cert-management#354]
+## 🐛 Bug Fixes
+
+- `[OPERATOR]` Fix panic if target issuer referenced but not allowed by @MartinWeindel [gardener/cert-management#371]
+- `[OPERATOR]` Cleanup status for orphan pending certificate resources by @MartinWeindel [gardener/cert-management#367]
+## 🏃 Others
+
+- `[DEVELOPER]` Use Pebble as an ACME server in the integration tests. by @marc1404 [gardener/cert-management#339]
+# [gardener/gardener-extension-shoot-cert-service]
+
+## 🏃 Others
+
+- `[OPERATOR]` Bumps github.com/gardener/gardener from 1.108.0 to 1.109.0. by @dependabot[bot] [#320]
+- `[OPERATOR]` Vertical scaling on CPU dropped in VPA resource by @MartinWeindel [#318]
+
+## Helm Charts
+- shoot-cert-service: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-cert-service:v1.47.0`
+## Docker Images
+- gardener-extension-shoot-cert-service: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.47.0`
+
+
+</details>
+
+<details>
+<summary><b>Update shoot-rsyslog-relp to <code>0.7.0</code></b></summary>
+
+# [gardener/gardener-extension-shoot-rsyslog-relp]
+
+## 📰 Noteworthy
+
+- `[DEVELOPER]` `gosec` is made available for SAST(static application security testing), it can be run with `make sast` or `make sast-report`, but is also incorporated in the `verify` and `verify-extended` makefile targets.  by @Kostov6 [#189]
+## 🐛 Bug Fixes
+
+- `[DEVELOPER]` An issue causing `make extension-up` to fail to patch the ControllerDeployment is now mitigated. by @ialidzhikov [#194]
+- `[DEVELOPER]` An issue causing `make extension-up` to do NOT generate a new tag for local source code changes is now fixed. by @ialidzhikov [#194]
+
+## Helm Charts
+- shoot-rsyslog-relp-admission-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-application:v0.7.0`
+- shoot-rsyslog-relp-admission-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-runtime:v0.7.0`
+- shoot-rsyslog-relp: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp:v0.7.0`
+## Docker Images
+- gardener-extension-shoot-rsyslog-relp-admission: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.7.0`
+- gardener-extension-shoot-rsyslog-relp: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.7.0`
+
+
+</details>
+
+<details>
+<summary><b>Update provider-openstack to <code>1.43.1</code></b></summary>
+
+# [gardener/gardener-extension-provider-openstack]
+
+## 🏃 Others
+
+- `[OPERATOR]` Fix an issue where the CSI-Provisioner was missing 'patch' permissions on PVs by @AndreasBurger [#924]
+
+## Helm Charts
+- admission-openstack-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.43.1`
+- admission-openstack-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.43.1`
+- provider-openstack: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.43.1`
+## Docker Images
+- gardener-extension-admission-openstack: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.43.1`
+- gardener-extension-provider-openstack: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.43.1`
+
+
+</details>
+
+<details>
+<summary><b>Update provider-aws to <code>1.59.1</code></b></summary>
+
+# [gardener/gardener-extension-provider-aws]
+
+## 🐛 Bug Fixes
+
+- `[USER]` Use ipv6 CIDR in ID string only for IPv6 only subnets. by @AndreasBurger [#1163]
+
+## Helm Charts
+- admission-aws-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-aws-application:v1.59.1`
+- admission-aws-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-aws-runtime:v1.59.1`
+- provider-aws: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-aws:v1.59.1`
+## Docker Images
+- gardener-extension-admission-aws: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-aws:v1.59.1`
+- gardener-extension-provider-aws: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-aws:v1.59.1`
+
+
+</details>
+
+<details>
+<summary><b>Update os-gardenlinux to <code>0.27.0</code></b></summary>
+
+# [gardener/gardener-extension-os-gardenlinux]
+
+## 🏃 Others
+
+- `[OPERATOR]` Container images for the gardenlinux extension are now built with Docker buildx to enable cross-platform builds and default to the `linux/amd64` architecture. by @MrBatschner [#217]
+- `[OPERATOR]` add delete to rbac for secret, secret/finalizer and mutatingwebhookcofigurations by @Roncossek [#219]
+
+## Helm Charts
+- os-gardenlinux: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.27.0`
+## Docker Images
+- gardener-extension-os-gardenlinux: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.27.0`
+
+
+</details>
+
+<details>
+<summary><b>Update provider-azure to <code>1.49.1</code></b></summary>
+
+# [gardener/gardener-extension-provider-azure]
+
+## 🐛 Bug Fixes
+
+- `[USER]` Support legacy CCM service tag key in flow reconciliation by @hebelsan [#1037]
+
+## Helm Charts
+- admission-azure-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.49.1`
+- admission-azure-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.49.1`
+- provider-azure: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.49.1`
+## Docker Images
+- gardener-extension-admission-azure: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.49.1`
+- gardener-extension-provider-azure: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.49.1`
+
+
+</details>
+
+<details>
+<summary><b>Update cloudprofiles to <code>0.7.21</code></b></summary>
+
+**Full Changelog**: https://github.com/gardener-community/cloudprofiles/compare/0.7.20...0.7.21
+
+</details>
+
+<details>
+<summary><b>Update gardener-controlplane to <code>1.110.0</code></b></summary>
+
+# [gardener/gardener]
+
+## ⚠️ Breaking Changes
+
+- `[DEVELOPER]` The `autoscaling.k8s.io/v1alpha1.Hvpa` and `autoscaling.k8s.io/v1alpha1.HvpaList` resources were removed from the `pkg/client/kubernetes.SeedScheme` and `pkg/operator/client.RuntimeScheme`    by @plkokanov [#10921]
+- `[DEVELOPER]` Extension webhooks need to remove the provider type `Predicates` and add an `ObjectSelector` against the object's provider type label instead. by @LucaBernstein [#10896]
+## ✨ New Features
+
+- `[OPERATOR]` Secrets for the `TokenRequestor` can be additionally annotated with `serviceaccount.resources.gardener.cloud/inject-ca-bundle=true` to get the current CA bundle injected as well by @maboehm [#10988]
+## 🐛 Bug Fixes
+
+- `[OPERATOR]` `seed-authorizer` and structured authorization webhooks of shoot kube-apiservers no longer use the default TTL for `AuthorizedTTL` and `UnauthorizedTTL`. by @oliver-goetz [#10703]
+- `[OPERATOR]` An issue was fixed in `gardener-operator` that led to an inactive Gardenlet controller after a certain period. Thus, the operator needed a restart to react on Gardenlet resources. by @timuthy [#10663]
+- `[OPERATOR]` Fixes the bug where ManagedResource were still in progressing phase because of `Completed` pods by @ary1992 [#10961]
+## 🏃 Others
+
+- `[OPERATOR]` Fixes the calculation of the maximum number of nodes for cluster autoscaling for dual-stack shoots. by @axel7born [#10994]
+- `[OPERATOR]` RBAC rules related to `HVPA` resources have been removed from `gardenlet` and `gardener-operator` - they are no longer necessary. by @plkokanov [#10921]
+- `[OPERATOR]` The resource-manager is no longer HVPA-aware.  by @ialidzhikov [#10860]
+- `[OPERATOR]` [NewVPN] Enable IPv6 for non-HA if needed. by @MartinWeindel [#10997]
+- `[OPERATOR]` Custom CAs are updated on existing nodes too. by @oliver-goetz [#10923]
+- `[OPERATOR]` Set env variables for dual-stack in kube-apiserver. by @axel7born [#10970]
+- `[DEPENDENCY]` The `gardener/machine-controller-manager` image has been updated to `v0.55.1`. [Release Notes](https://redirect.github.com/gardener/machine-controller-manager/releases/tag/v0.55.1) by @gardener-ci-robot [#10956]
+- `[DEPENDENCY]` The `quay.io/brancz/kube-rbac-proxy` image has been updated to `v0.18.2`. by @gardener-ci-robot [#10953]
+- `[DEPENDENCY]` The `credativ/vali` image has been updated to `v2.2.20`. [Release Notes](https://redirect.github.com/credativ/vali/releases/tag/v2.2.20) by @gardener-ci-robot [#10993]
+- `[DEPENDENCY]` The `credativ/plutono` image has been updated to `v7.5.35`. [Release Notes](https://redirect.github.com/credativ/plutono/releases/tag/v7.5.35) by @gardener-ci-robot [#10995]
+- `[DEPENDENCY]` The `quay.io/kiwigrid/k8s-sidecar` image has been updated to `1.28.1`. by @gardener-ci-robot [#10981]
+- `[DEPENDENCY]` The `gardener/apiserver-proxy` image has been updated to `v0.18.0`. [Release Notes](https://redirect.github.com/gardener/apiserver-proxy/releases/tag/v0.18.0) by @gardener-ci-robot [#10933]
+- `[DEPENDENCY]` The `registry.k8s.io/coredns/coredns` image has been updated to `v1.12.0`. by @gardener-ci-robot [#10909]
+- `[DEPENDENCY]` The `gardener/vpn2` image has been updated to `0.33.0`. [Release Notes](https://redirect.github.com/gardener/vpn2/releases/tag/0.33.0) by @gardener-ci-robot [#10996]
+- `[DEPENDENCY]` The `envoyproxy/envoy` image has been updated to `v1.32.2`. [Release Notes](https://redirect.github.com/envoyproxy/envoy/releases/tag/v1.32.2) by @gardener-ci-robot [#11000]
+- `[DEPENDENCY]` The `gardener/gardener-metrics-exporter` image has been updated to `0.31.0`. [Release Notes](https://redirect.github.com/gardener/gardener-metrics-exporter/releases/tag/0.31.0) by @gardener-ci-robot [#10941]
+- `[DEPENDENCY]` The `gardener/gardener-metrics-exporter` image has been updated to `0.33.0`. [Release Notes](https://redirect.github.com/gardener/gardener-metrics-exporter/releases/tag/0.33.0) by @gardener-ci-robot [#10952]
+- `[DEPENDENCY]` The `gardener/ext-authz-server` image has been updated to `0.11.0`. [Release Notes](https://redirect.github.com/gardener/ext-authz-server/releases/tag/0.11.0) by @gardener-ci-robot [#10935]
+- `[DEVELOPER]` The `HVPA` CRD has been removed from the codebase and is no longer generated. by @plkokanov [#10921]
+## 📖 Documentation
+
+- `[OPERATOR]` Improve shoot credential rotation documentation. by @marc1404 [#10998]
+
+## Helm Charts
+- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.0`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.0`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.0`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.0`
+## Docker Images
+- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.0`
+- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.0`
+- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.0`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.0`
+- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.0`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.0`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.0`
+- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.0`
+
+
+</details>
+
+<details>
+<summary><b>Update gardener-controlplane to <code>1.110.0</code></b></summary>
+
+# [gardener/gardener]
+
+## ⚠️ Breaking Changes
+
+- `[DEVELOPER]` The `autoscaling.k8s.io/v1alpha1.Hvpa` and `autoscaling.k8s.io/v1alpha1.HvpaList` resources were removed from the `pkg/client/kubernetes.SeedScheme` and `pkg/operator/client.RuntimeScheme`    by @plkokanov [#10921]
+- `[DEVELOPER]` Extension webhooks need to remove the provider type `Predicates` and add an `ObjectSelector` against the object's provider type label instead. by @LucaBernstein [#10896]
+## ✨ New Features
+
+- `[OPERATOR]` Secrets for the `TokenRequestor` can be additionally annotated with `serviceaccount.resources.gardener.cloud/inject-ca-bundle=true` to get the current CA bundle injected as well by @maboehm [#10988]
+## 🐛 Bug Fixes
+
+- `[OPERATOR]` `seed-authorizer` and structured authorization webhooks of shoot kube-apiservers no longer use the default TTL for `AuthorizedTTL` and `UnauthorizedTTL`. by @oliver-goetz [#10703]
+- `[OPERATOR]` An issue was fixed in `gardener-operator` that led to an inactive Gardenlet controller after a certain period. Thus, the operator needed a restart to react on Gardenlet resources. by @timuthy [#10663]
+- `[OPERATOR]` Fixes the bug where ManagedResource were still in progressing phase because of `Completed` pods by @ary1992 [#10961]
+## 🏃 Others
+
+- `[OPERATOR]` Fixes the calculation of the maximum number of nodes for cluster autoscaling for dual-stack shoots. by @axel7born [#10994]
+- `[OPERATOR]` RBAC rules related to `HVPA` resources have been removed from `gardenlet` and `gardener-operator` - they are no longer necessary. by @plkokanov [#10921]
+- `[OPERATOR]` The resource-manager is no longer HVPA-aware.  by @ialidzhikov [#10860]
+- `[OPERATOR]` [NewVPN] Enable IPv6 for non-HA if needed. by @MartinWeindel [#10997]
+- `[OPERATOR]` Custom CAs are updated on existing nodes too. by @oliver-goetz [#10923]
+- `[OPERATOR]` Set env variables for dual-stack in kube-apiserver. by @axel7born [#10970]
+- `[DEPENDENCY]` The `gardener/machine-controller-manager` image has been updated to `v0.55.1`. [Release Notes](https://redirect.github.com/gardener/machine-controller-manager/releases/tag/v0.55.1) by @gardener-ci-robot [#10956]
+- `[DEPENDENCY]` The `quay.io/brancz/kube-rbac-proxy` image has been updated to `v0.18.2`. by @gardener-ci-robot [#10953]
+- `[DEPENDENCY]` The `credativ/vali` image has been updated to `v2.2.20`. [Release Notes](https://redirect.github.com/credativ/vali/releases/tag/v2.2.20) by @gardener-ci-robot [#10993]
+- `[DEPENDENCY]` The `credativ/plutono` image has been updated to `v7.5.35`. [Release Notes](https://redirect.github.com/credativ/plutono/releases/tag/v7.5.35) by @gardener-ci-robot [#10995]
+- `[DEPENDENCY]` The `quay.io/kiwigrid/k8s-sidecar` image has been updated to `1.28.1`. by @gardener-ci-robot [#10981]
+- `[DEPENDENCY]` The `gardener/apiserver-proxy` image has been updated to `v0.18.0`. [Release Notes](https://redirect.github.com/gardener/apiserver-proxy/releases/tag/v0.18.0) by @gardener-ci-robot [#10933]
+- `[DEPENDENCY]` The `registry.k8s.io/coredns/coredns` image has been updated to `v1.12.0`. by @gardener-ci-robot [#10909]
+- `[DEPENDENCY]` The `gardener/vpn2` image has been updated to `0.33.0`. [Release Notes](https://redirect.github.com/gardener/vpn2/releases/tag/0.33.0) by @gardener-ci-robot [#10996]
+- `[DEPENDENCY]` The `envoyproxy/envoy` image has been updated to `v1.32.2`. [Release Notes](https://redirect.github.com/envoyproxy/envoy/releases/tag/v1.32.2) by @gardener-ci-robot [#11000]
+- `[DEPENDENCY]` The `gardener/gardener-metrics-exporter` image has been updated to `0.31.0`. [Release Notes](https://redirect.github.com/gardener/gardener-metrics-exporter/releases/tag/0.31.0) by @gardener-ci-robot [#10941]
+- `[DEPENDENCY]` The `gardener/gardener-metrics-exporter` image has been updated to `0.33.0`. [Release Notes](https://redirect.github.com/gardener/gardener-metrics-exporter/releases/tag/0.33.0) by @gardener-ci-robot [#10952]
+- `[DEPENDENCY]` The `gardener/ext-authz-server` image has been updated to `0.11.0`. [Release Notes](https://redirect.github.com/gardener/ext-authz-server/releases/tag/0.11.0) by @gardener-ci-robot [#10935]
+- `[DEVELOPER]` The `HVPA` CRD has been removed from the codebase and is no longer generated. by @plkokanov [#10921]
+## 📖 Documentation
+
+- `[OPERATOR]` Improve shoot credential rotation documentation. by @marc1404 [#10998]
+
+## Helm Charts
+- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.0`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.0`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.0`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.0`
+## Docker Images
+- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.0`
+- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.0`
+- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.0`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.0`
+- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.0`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.0`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.0`
+- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.0`
+
+
+</details>
+
+<details>
+<summary><b>Update gardenlet to <code>1.110.0</code></b></summary>
+
+# [gardener/gardener]
+
+## ⚠️ Breaking Changes
+
+- `[DEVELOPER]` The `autoscaling.k8s.io/v1alpha1.Hvpa` and `autoscaling.k8s.io/v1alpha1.HvpaList` resources were removed from the `pkg/client/kubernetes.SeedScheme` and `pkg/operator/client.RuntimeScheme`    by @plkokanov [#10921]
+- `[DEVELOPER]` Extension webhooks need to remove the provider type `Predicates` and add an `ObjectSelector` against the object's provider type label instead. by @LucaBernstein [#10896]
+## ✨ New Features
+
+- `[OPERATOR]` Secrets for the `TokenRequestor` can be additionally annotated with `serviceaccount.resources.gardener.cloud/inject-ca-bundle=true` to get the current CA bundle injected as well by @maboehm [#10988]
+## 🐛 Bug Fixes
+
+- `[OPERATOR]` `seed-authorizer` and structured authorization webhooks of shoot kube-apiservers no longer use the default TTL for `AuthorizedTTL` and `UnauthorizedTTL`. by @oliver-goetz [#10703]
+- `[OPERATOR]` An issue was fixed in `gardener-operator` that led to an inactive Gardenlet controller after a certain period. Thus, the operator needed a restart to react on Gardenlet resources. by @timuthy [#10663]
+- `[OPERATOR]` Fixes the bug where ManagedResource were still in progressing phase because of `Completed` pods by @ary1992 [#10961]
+## 🏃 Others
+
+- `[OPERATOR]` Fixes the calculation of the maximum number of nodes for cluster autoscaling for dual-stack shoots. by @axel7born [#10994]
+- `[OPERATOR]` RBAC rules related to `HVPA` resources have been removed from `gardenlet` and `gardener-operator` - they are no longer necessary. by @plkokanov [#10921]
+- `[OPERATOR]` The resource-manager is no longer HVPA-aware.  by @ialidzhikov [#10860]
+- `[OPERATOR]` [NewVPN] Enable IPv6 for non-HA if needed. by @MartinWeindel [#10997]
+- `[OPERATOR]` Custom CAs are updated on existing nodes too. by @oliver-goetz [#10923]
+- `[OPERATOR]` Set env variables for dual-stack in kube-apiserver. by @axel7born [#10970]
+- `[DEPENDENCY]` The `gardener/machine-controller-manager` image has been updated to `v0.55.1`. [Release Notes](https://redirect.github.com/gardener/machine-controller-manager/releases/tag/v0.55.1) by @gardener-ci-robot [#10956]
+- `[DEPENDENCY]` The `quay.io/brancz/kube-rbac-proxy` image has been updated to `v0.18.2`. by @gardener-ci-robot [#10953]
+- `[DEPENDENCY]` The `credativ/vali` image has been updated to `v2.2.20`. [Release Notes](https://redirect.github.com/credativ/vali/releases/tag/v2.2.20) by @gardener-ci-robot [#10993]
+- `[DEPENDENCY]` The `credativ/plutono` image has been updated to `v7.5.35`. [Release Notes](https://redirect.github.com/credativ/plutono/releases/tag/v7.5.35) by @gardener-ci-robot [#10995]
+- `[DEPENDENCY]` The `quay.io/kiwigrid/k8s-sidecar` image has been updated to `1.28.1`. by @gardener-ci-robot [#10981]
+- `[DEPENDENCY]` The `gardener/apiserver-proxy` image has been updated to `v0.18.0`. [Release Notes](https://redirect.github.com/gardener/apiserver-proxy/releases/tag/v0.18.0) by @gardener-ci-robot [#10933]
+- `[DEPENDENCY]` The `registry.k8s.io/coredns/coredns` image has been updated to `v1.12.0`. by @gardener-ci-robot [#10909]
+- `[DEPENDENCY]` The `gardener/vpn2` image has been updated to `0.33.0`. [Release Notes](https://redirect.github.com/gardener/vpn2/releases/tag/0.33.0) by @gardener-ci-robot [#10996]
+- `[DEPENDENCY]` The `envoyproxy/envoy` image has been updated to `v1.32.2`. [Release Notes](https://redirect.github.com/envoyproxy/envoy/releases/tag/v1.32.2) by @gardener-ci-robot [#11000]
+- `[DEPENDENCY]` The `gardener/gardener-metrics-exporter` image has been updated to `0.31.0`. [Release Notes](https://redirect.github.com/gardener/gardener-metrics-exporter/releases/tag/0.31.0) by @gardener-ci-robot [#10941]
+- `[DEPENDENCY]` The `gardener/gardener-metrics-exporter` image has been updated to `0.33.0`. [Release Notes](https://redirect.github.com/gardener/gardener-metrics-exporter/releases/tag/0.33.0) by @gardener-ci-robot [#10952]
+- `[DEPENDENCY]` The `gardener/ext-authz-server` image has been updated to `0.11.0`. [Release Notes](https://redirect.github.com/gardener/ext-authz-server/releases/tag/0.11.0) by @gardener-ci-robot [#10935]
+- `[DEVELOPER]` The `HVPA` CRD has been removed from the codebase and is no longer generated. by @plkokanov [#10921]
+## 📖 Documentation
+
+- `[OPERATOR]` Improve shoot credential rotation documentation. by @marc1404 [#10998]
+
+## Helm Charts
+- controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.0`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.0`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.0`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.0`
+## Docker Images
+- admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.0`
+- apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.0`
+- controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.0`
+- gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.0`
+- node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.0`
+- operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.0`
+- resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.0`
+- scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.0`
+
+
+</details>
+
+<details>
+<summary><b>Update provider-openstack to <code>1.44.0</code></b></summary>
+
+# [gardener/gardener-extension-provider-openstack]
+
+## ⚠️ Breaking Changes
+
+- `[OPERATOR]` The Helm charts for the `application` and `runtime` parts of the gardener-extension-admission-openstack admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the `runtime` chart on the Garden runtime cluster, and the `application` chart on the virtual garden. Additionally, the intermediate `global` level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#901]
+## ✨ New Features
+
+- `[OPERATOR]` Adjustments for additional deployment of extension and admission controller on Garden runtime cluster by gardener-operator. by @MartinWeindel [#901]
+## 🐛 Bug Fixes
+
+- `[OPERATOR]` management of the router interface missed some of openstack's owner labels assigned to the routers network interface causing the infrastructure conciliation to fail due to dublicated router network interfaces by @crigertg [#917]
+## 🏃 Others
+
+- `[OPERATOR]` Update Cinder CSI `v1.30.1` -> `v1.31.2` for shoots on v1.31.x by @kon-angelo [#915]
+- `[OPERATOR]` Add `NamespacedCloudProfile` admission mutation and validation to support custom machine images and types. by @LucaBernstein [#911]
+- `[OPERATOR]` Update Cinder CSI `v1.30.1` -> `v1.30.2` for shoots on v1.30.x by @kon-angelo [#915]
+- `[USER]` Shoots with NodeLocalDNS enabled will use UDP instead of TCP for upstream DNS queries by default to avoid performance issues on OpenStack. by @domdom82 [#925]
+
+## Helm Charts
+- admission-openstack-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.44.0`
+- admission-openstack-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.44.0`
+- provider-openstack: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.44.0`
+## Docker Images
+- gardener-extension-admission-openstack: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.44.0`
+- gardener-extension-provider-openstack: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.44.0`
+
+
+</details>
+
+<details>
+<summary><b>Update provider-gcp to <code>1.41.0</code></b></summary>
+
+# [gardener/gardener-extension-provider-gcp]
+
+## ⚠️ Breaking Changes
+
+- `[OPERATOR]` `gardener-extension-admission-gcp` Helm chart has been removed. The admission can be deployed by applying `admission-gcp-application` and `admission-gcp-runtime` charts separately. With this change the `global` structure in Helm values of these charts has been removed. Still supported settings have been moved to other sections. by @oliver-goetz [#905]
+## ✨ New Features
+
+- `[OPERATOR]` The extension can now be deployed via `extensions.operator.gardener.cloud` CRD. by @oliver-goetz [#905]
+## 🏃 Others
+
+- `[DEPENDENCY]` Update go to version 1.23.3 by @hebelsan [#890]
+- `[DEPENDENCY]` Update csi-driver from v.15.0 to v.15.1 by @hebelsan [#907]
+- `[OPERATOR]` Add `NamespacedCloudProfile` admission mutation and validation to support custom machine images and types. by @LucaBernstein [#918]
+- `[OPERATOR]` Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#885]
+- `[OPERATOR]` Create bastion vm from the info provided in the cloud profile bastion section by @hebelsan [#826]
+- `[DEVELOPER]` Add gosec as sast makefile target by @hebelsan [#892]
+
+## Helm Charts
+- admission-gcp-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-application:v1.41.0`
+- admission-gcp-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-runtime:v1.41.0`
+- provider-gcp: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-gcp:v1.41.0`
+## Docker Images
+- gardener-extension-admission-gcp: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-gcp:v1.41.0`
+- gardener-extension-provider-gcp: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-gcp:v1.41.0`
+
+
+</details>
+
+<details>
+<summary><b>Update provider-alicloud to <code>1.56.0</code></b></summary>
+
+# [gardener/gardener-extension-provider-alicloud]
+
+## 🏃 Others
+
+- `[OPERATOR]` Alicloud Cloud Controller Manager is updated to v2.10.0 by @kevin-lacoo [#745]
+- `[OPERATOR]` The CIDR blocks used for shoot egress will now be provided via the status of the shoot's infrastructure-resource by @kevin-lacoo [#740]
+
+## Helm Charts
+- admission-alicloud-application: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-application:v1.56.0`
+- admission-alicloud-runtime: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-runtime:v1.56.0`
+- provider-alicloud: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-alicloud:v1.56.0`
+## Docker Images
+- gardener-extension-admission-alicloud: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.56.0`
+- gardener-extension-provider-alicloud: `europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.56.0`
+
+
+</details>
+
+<details>
+<summary><b>Update gardener-webterminal to <code>0.33.0</code></b></summary>
+
+# [gardener/terminal-controller-manager]
+
+## 🏃 Others
+
+- `[OPERATOR]` The component name is changed from `terminal` to `terminal-controller-manager`. by @ialidzhikov [#294]
+- `[OPERATOR]` Helm Chart: The `terminal-controller-manager-config` `volumeMount` is set to `readOnly` on the deployment by @petersutter [#289]
+
+## Docker Images
+- terminal-controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.33.0`
+
+
+</details>
+
+<details>
+<summary><b>Update gardener-webterminal to <code>0.33.0</code></b></summary>
+
+# [gardener/terminal-controller-manager]
+
+## 🏃 Others
+
+- `[OPERATOR]` The component name is changed from `terminal` to `terminal-controller-manager`. by @ialidzhikov [#294]
+- `[OPERATOR]` Helm Chart: The `terminal-controller-manager-config` `volumeMount` is set to `readOnly` on the deployment by @petersutter [#289]
+
+## Docker Images
+- terminal-controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.33.0`
+
+
+</details>
diff --git a/docs/versioned_docs/version-1.109.x/architecture-configuration/_category_.json b/docs/versioned_docs/version-1.109.x/architecture-configuration/_category_.json
new file mode 100644
index 00000000000..49958c8f63f
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/architecture-configuration/_category_.json
@@ -0,0 +1,8 @@
+{
+  "label": "Architecture / Configuration",
+  "position": 2,
+  "link": {
+    "type": "generated-index",
+    "description": "Architecture description of the YAKE Gardener distribution"
+  }
+}
diff --git a/docs/versioned_docs/version-1.109.x/architecture-configuration/architecture.md b/docs/versioned_docs/version-1.109.x/architecture-configuration/architecture.md
new file mode 100644
index 00000000000..62f2bddc514
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/architecture-configuration/architecture.md
@@ -0,0 +1,46 @@
+---
+sidebar_position: 1
+---
+
+# Architecture
+
+## High Level Overview
+![YAKE High Level Overview](high-level-overview.excalidraw.png "YAKE High Level Overview")
+
+Let's start off with the very high level overview in the block diagram above. The most important aspect to note is that all deployments needed for the [Gardener](https://gardener.cloud/) installation are based on helm charts. Since the helm charts developed in the Gardener upstream are distributed over several repositories in the Gardener [Github organization](https://github.com/gardener/external-dns-management), we consolidated the relevant charts in another [repository](https://github.com/gardener-community/gardener-charts) hosted on Github. Consequently, YAKE fetches helm charts from several helm repositories and deploys the components for the Gardener installation into the base cluster.
+
+## Detailed Architecture
+
+A more detailed view of the YAKE architecture is depicted in the block diagram below.
+
+![YAKE architecture](yake-architecture.png "YAKE architecture")
+
+### Main entry points
+
+Conceptually, there are two entry points for Gardener operators to interact with the configuration:
+
+1. The `yake-config` secret in the base cluster
+2. The YAKE configuration git repository
+
+The reason for having a dedicated `yake-config` secret lies in the assumption that an operator does not want to store credentials such as dnsprovider credentials in a git repository. Of course, this could also be handled by solutions like [sops](https://github.com/mozilla/sops), but we wanted to let the operator decide where to store the `yake-config` secret in the end.
+
+### General Concepts
+
+As observed from the figure, the YAKE concept divides the installation process into tree separate stages: The `configuration`, `pre-gardener` stage and the `gardener` stage. The configuration stages transfer the content of the `yake-config` secret into separate secrets serving as values for the eventually deployed helm charts. Consequently, the default values given in the upstream values files for the helm charts are extended by the `*-base-values` secrets, so that all components come with a meaningful base configuration. This base configuration is assumed to be homogeneous across many Gardener environments. For the parts which are environment specific, another set of secrets stores another set of values for the helm charts. These secrets are pulled in from the YAKE configuration git repository and managed by a GitOps workflow.
+
+As we assume that the underlying base cluster does not come with any services installed, the `pre-gardener` stage ensures that the required services are deployed to the cluster. In more detail, the following services and resources are deployed:
+
+- [cert-manager](https://cert-manager.io/) for internal certificate handling
+- [cert-management](https://github.com/gardener/cert-management) for browser trusted certificate handling
+  - An `issuer` resource representing a certificate issuer in the base cluster
+- [external-dns-management](https://github.com/gardener/external-dns-management) for creation of DNS entries
+  - A `dnsprovider` resource representing a DNS provider such as azure-dns, aws-route53 etc. in the base cluster
+- [ingress-nginx](https://kubernetes.github.io/ingress-nginx/) as ingress controller
+
+In the `gardener` stage, the gardener specific components are deployed to the base cluster and to the [virtual garden](https://github.com/gardener/garden-setup#concept-the-virtual-cluster). The most important aspect to note here is that the [gardenlet](https://gardener.cloud/docs/gardener/concepts/gardenlet/) is deployed to the base cluster, i.e. the base cluster also serves as initial seed cluster for the resulting Gardener environment.
+
+
+
+### backups
+
+### webterminal
diff --git a/docs/versioned_docs/version-1.109.x/architecture-configuration/extensions-config.md b/docs/versioned_docs/version-1.109.x/architecture-configuration/extensions-config.md
new file mode 100644
index 00000000000..b5708dcd938
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/architecture-configuration/extensions-config.md
@@ -0,0 +1,110 @@
+---
+sidebar_position: 4
+---
+
+# Gardener Extensions Configuration
+Other than the core Gardener components, Gardener extensions are configured through a YAKE internal helm chart. Consequently, you cannot retrieve any information about possible values via e.g. the [helm](https://helm.sh) cli. For this reason the `extension-values` Secret is documented here. As the other configuration secrets, the secret's header looks like the following:
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: extensions-values
+  namespace: flux-system
+type: Opaque
+stringData:
+  values.yaml: |
+  ...
+```
+Possbile values are:
+
+| Field                              | Subfield                                                                                                                                                                                                                       | Description                                            |
+|:-----------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| :----------------------------------------------------- |
+| `os-ubuntu`                        |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [os-ubuntu values](https://github.com/gardener/gardener-extension-os-ubuntu/blob/master/charts/gardener-extension-os-ubuntu/values.yaml)                                                                      | values for the extension's helm chart                  |
+| `os-coreos`                        |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [os-coreos values](https://github.com/gardener/gardener-extension-os-coreos/blob/master/charts/gardener-extension-os-coreos/values.yaml)                                                                      | values for the extension's helm chart                  |
+| `os-gardenlinux`                   |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [os-gardenlinux-values](https://github.com/gardener/gardener-extension-os-gardenlinux/blob/master/charts/gardener-extension-os-gardenlinux/values.yaml)                                                       | values for the extension's helm chart                  |
+| `provider-hcloud`                  |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [provider-hcloud-values](https://github.com/23technologies/gardener-extension-provider-hcloud/blob/main/charts/gardener-extension-provider-hcloud/values.yaml)                                                | values for the extension's helm chart                  |
+| `provider-azure`                   |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `admission` <br /> bool                                                                                                                                                                                                        | enables the extension's admission controller           |
+|                                    | `values`  <br /> [provider-azure-values](https://github.com/gardener/gardener-extension-provider-azure/blob/master/charts/gardener-extension-provider-azure/values.yaml)                                                       | values for the extension's helm chart                  |
+| `provider-openstack`               |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `admission` <br /> bool                                                                                                                                                                                                        | enables the extension's admission controller           |
+|                                    | `values`  <br /> [provider-openstack-values](https://github.com/gardener/gardener-extension-provider-openstack/blob/master/charts/gardener-extension-provider-openstack/values.yaml)                                           | values for the extension's helm chart                  |
+| `provider-aws`                     |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [provider-aws-values](https://github.com/gardener/gardener-extension-provider-aws/blob/master/charts/gardener-extension-provider-aws/values.yaml)                                                             | values for the extension's helm chart                  |
+| `provider-gcp`                     |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [provider-gcp-values](https://github.com/gardener/gardener-extension-provider-gcp/blob/master/charts/gardener-extension-provider-gcp/values.yaml)                                                             | values for the extension's helm chart                  |
+| `provider-alicloud`                |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [provider-alicloud-values](https://github.com/gardener/gardener-extension-provider-alicloud/blob/master/charts/gardener-extension-provider-alicloud/values.yaml)                                              | values for the extension's helm chart                  |
+| `backup-s3`                        |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [backup-s3 values](https://github.com/metal-stack/gardener-extension-backup-s3/blob/main/charts/gardener-extension-backup-s3/values.yaml)                                                                     | values for the extension's helm chart                  |
+| `networking-calico`                |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [networking-calico-values](https://github.com/gardener/gardener-extension-networking-calico/blob/master/charts/gardener-extension-networking-calico/values.yaml)                                              | values for the extension's helm chart                  |
+| `networking-cilium`                |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [networking-cilium-values](https://github.com/gardener/gardener-extension-networking-cilium/blob/master/charts/gardener-extension-networking-cilium/values.yaml)                                              |                                                        |
+| `runtime-gvisor`                   |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [runtime-gvisor-values](https://github.com/gardener/gardener-extension-runtime-gvisor/blob/master/charts/gardener-extension-runtime-gvisor/values.yaml)                                                       | values for the extension's helm chart                  |
+| `shoot-dns-service`                |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `globallyEnabled` <br /> bool                                                                                                                                                                                                  | enables the extension globally, i.e. for every `Shoot` |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [shoot-dns-service-values](https://github.com/gardener/gardener-extension-shoot-dns-service/blob/master/charts/gardener-extension-shoot-dns-service/values.yaml)                                              | values for the extension's helm chart                  |
+| `shoot-cert-service`               |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `globallyEnabled` <br /> bool                                                                                                                                                                                                  | enables the extension globally, i.e. for every `Shoot` |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [shoot-cert-service-values](https://github.com/gardener/gardener-extension-shoot-cert-service/blob/master/charts/gardener-extension-shoot-cert-service/values.yaml)                                           | values for the extension's helm chart                  |
+| `shoot-oidc-service`               |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `globallyEnabled` <br /> bool                                                                                                                                                                                                  | enables the extension globally, i.e. for every `Shoot` |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [shoot-oidc-service-values](https://github.com/gardener/gardener-extension-shoot-oidc-service/blob/master/charts/gardener-extension-shoot-oidc-service/values.yaml)                                           | values for the extension's helm chart                  |
+| `shoot-networking-filter`          |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `globallyEnabled` <br /> bool                                                                                                                                                                                                  | enables the extension globally, i.e. for every `Shoot` |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [shoot-networking-filter-values](https://github.com/gardener/gardener-extension-shoot-networking-filter/blob/master/charts/gardener-extension-shoot-networking-filter/values.yaml)                            | values for the extension's helm chart                  |
+| `shoot-networking-problemdetector` |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `globallyEnabled` <br /> bool                                                                                                                                                                                                  | enables the extension globally, i.e. for every `Shoot` |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [shoot-networking-problemdetector-values](https://github.com/gardener/gardener-extension-shoot-networking-problemdetector/blob/master/charts/gardener-extension-shoot-networking-problemdetector/values.yaml) | values for the extension's helm chart                  |
+| `shoot-rsyslog-relp`               |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `globallyEnabled` <br /> bool                                                                                                                                                                                                  | enables the extension globally, i.e. for every `Shoot` |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [shoot-rsyslog-relp-values](https://github.com/gardener/gardener-extension-shoot-rsyslog-relp/blob/master/charts/gardener-extension-shoot-rsyslog-relp/values.yaml)                                           | values for the extension's helm chart                  |
+| `shoot-flux`                       |                                                                                                                                                                                                                                |                                                        |
+|                                    | `enabled` <br /> bool                                                                                                                                                                                                          | enables the extension                                  |
+|                                    | `globallyEnabled` <br /> bool                                                                                                                                                                                                  | enables the extension globally, i.e. for every `Shoot` |
+|                                    | `version` <br /> string                                                                                                                                                                                                        | version of the extension                               |
+|                                    | `values`  <br /> [shoot-flux-values](https://github.com/stackitcloud/gardener-extension-shoot-flux/blob/main/charts/gardener-extension-shoot-flux/values.yaml)                                                   | values for the extension's helm chart                  |
diff --git a/docs/versioned_docs/version-1.109.x/architecture-configuration/helm-flux.md b/docs/versioned_docs/version-1.109.x/architecture-configuration/helm-flux.md
new file mode 100644
index 00000000000..0223aa7e4aa
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/architecture-configuration/helm-flux.md
@@ -0,0 +1,78 @@
+---
+sidebar_position: 4
+---
+
+# Working with Helm and Flux
+
+On this page, you'll find some useful information on how to work with the commandline interfaces for [helm](https://helm.sh/) and [flux](https://fluxcd.io/) in the context of your YAKE-based Gardener installation.
+
+## Useful Helm Commands
+
+First things first. As already introduced in the [architecture description](./architecture.md), most of the YAKE helm charts stem from a helm repository hosted at `gardener.community.github.io/gardener-charts`. Consider adding this helm repository to your local repository cache by
+
+```sh
+helm repo add gardener-charts https://gardener-community.github.io/gardener-charts
+helm repo update
+```
+
+Afterwards you can use get further information about the charts using the helm cli.
+
+### Show upstream chart info
+
+E.g., for the `cloudprofiles` chart:
+
+```sh
+helm show chart gardener-charts/cloudprofiles
+```
+
+### Show upstream helm default values
+
+E.g., for the `cloudprofiles` chart:
+
+```sh
+helm show values gardener-charts/cloudprofiles
+```
+
+## Useful Flux Commands
+
+### Check flux versions
+
+The flux controllers running in the basecluster are maintained by YAKE itself, i.e. the flux controllers will be updated with YAKE updates. You can check the state of your cli version and the version of the cluster side components by
+
+```sh
+flux version
+```
+
+If you feel like your cli version is outdated. Go ahead and download a recent version from [the Github release page](https://github.com/fluxcd/flux2/releases). If you feel like your in-cluster components are outdated, think about updating YAKE.
+
+### Reconcile of a resource
+
+If you want to get fast feedback in your GitOps workflow you can trigger the reconciliation of resources manually using the `flux reconcile command`. If you want a `helmrelease` to be reconciled immediately, you can achieve this by the following command:
+
+```sh
+flux reconcile helmrelease <NAME_OF_HELMRELEASE>
+```
+
+### Suspend/Resume Reconciliation of a resource
+
+Maybe you want to get your hands dirty and do some manual (i.e. not GitOps driven) configuration changes. For instance, this could be useful in staging environments for rapid prototyping. In this case, you need to make sure that flux does not revert your "dirty" changes and suspend the reconciliation of the affected resources. Checkout the help for `flux suspend` to get further information
+
+```sh
+flux suspend -h
+```
+
+E.g., a helmrelease can be suspended by
+
+```sh
+flux suspend helmrelease <NAME_OF_HELMRELEASE>
+```
+
+Don't forget to resume the reconciliation, when you are done with your experiments so that flux will take over the control of your deployed resources again:
+
+```sh
+flux resume helmrelease <NAME_OF_HELMRELEASE>
+```
+
+:::note
+Sometimes you will need to `suspend` and `resume` resources in order to trigger an update of the deployed resources. If have the impression that the state in the cluster does not match your definitions in the git repository, try to `suspend` and `resume` the corresponding resources, wait for reconciliation, and see that the state matches the git repository again.
+:::
diff --git a/docs/versioned_docs/version-1.109.x/architecture-configuration/high-level-overview.excalidraw.png b/docs/versioned_docs/version-1.109.x/architecture-configuration/high-level-overview.excalidraw.png
new file mode 100644
index 00000000000..d8760eea59d
Binary files /dev/null and b/docs/versioned_docs/version-1.109.x/architecture-configuration/high-level-overview.excalidraw.png differ
diff --git a/docs/versioned_docs/version-1.109.x/architecture-configuration/yake-architecture.png b/docs/versioned_docs/version-1.109.x/architecture-configuration/yake-architecture.png
new file mode 100644
index 00000000000..5642a80ec64
Binary files /dev/null and b/docs/versioned_docs/version-1.109.x/architecture-configuration/yake-architecture.png differ
diff --git a/docs/versioned_docs/version-1.109.x/architecture-configuration/yake-config-gitrepo.md b/docs/versioned_docs/version-1.109.x/architecture-configuration/yake-config-gitrepo.md
new file mode 100644
index 00000000000..4864d4a25ef
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/architecture-configuration/yake-config-gitrepo.md
@@ -0,0 +1,60 @@
+---
+sidebar_position: 3
+---
+
+# The YAKE config git repository
+As already introduced in the [architecture diagram](./architecture.md), values for the helm charts deployed for the Gardener installation are configured and maintained in a GitOps workflow. For instance, your repository tree looks like this:
+```
+.
+├── config
+│   ├── cloudprofiles-values.yaml
+│   ├── dashboard-values.yaml
+│   ├── extensions-values.yaml
+│   ├── gardener-values.yaml
+│   ├── gardenlet-values.yaml
+│   ├── identity-values.yaml
+│   └── kustomization.yaml
+├── flux
+│   ├── yake-env-config.yaml
+│   └── yake-env-garden-content.yaml
+├── garden-content
+│   ├── admin-clusterrolebinding.yaml
+│   ├── kustomization.yaml
+│   ├── project-dev.yaml
+│   └── rbac.yaml
+└── kustomization.yaml
+```
+The top-level `kustomization.yaml` file contains [`Kustomization`](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/) pointing to the files in the `flux` directory. Inside the `flux` directory two flux `Kustomizations` [`Kustomization`](https://fluxcd.io/flux/components/kustomize/api/)s reside which point to the `config` directory and the `garden-content` directory.
+
+:::caution
+The top-level `kustomization.yaml` is of type `kustomize.config.k8s.io/v1beta1`, whereas the `Kustomization`s in the `flux` directory are of type `kustomize.toolkit.fluxcd.io/v1beta2`. Therefore, you will only find the `Kustomization`s defined in the `flux` directory in your base cluster, when watching `Kustomization` resources.
+:::
+
+### The `config` Directory
+In the `config` directory, you find configuration files defining values for the deployed helm charts. All files entail the same "header", and are constructed like in the following example for `cloudprofiles-values.yaml`
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudprofiles-values
+  namespace: flux-system
+type: Opaque
+stringData:
+  values.yaml: |
+```
+Below of the key `stringData.values.yaml` you can insert your configuration.
+
+:::tip
+As the upstream helm charts are distributed over several repositories, there is no single documentation page for possible helm chart values. You can get information on the default values by e.g.
+```sh
+helm repo add gardener-charts https://gardener-community.github.io/gardener-charts
+helm repo update
+helm show values gardener-charts/<CHART_NAME>
+```
+:::
+
+### The `garden-content` Directory
+In the `garden-content` Directory, resources to be deployed to the [virtual garden](https://github.com/gardener/garden-setup#concept-the-virtual-cluster) are defined. You can easily add some resources, if you need more than if the example from above does not fit your needs. For instance, you can create [`Project`](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.Project)s or further [`Cloudprofile`](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.CloudProfile)s here.
+:::note
+The `garden-content` folder also contains a `kustomization.yaml` file which just lists the resources to be deployed to the [virtual garden](https://github.com/gardener/garden-setup#concept-the-virtual-cluster). You can just comment our resources you do not want to deploy for a moment but still keep in you git repository for documentation purposes.
+:::
diff --git a/docs/versioned_docs/version-1.109.x/architecture-configuration/yake-config-secret.md b/docs/versioned_docs/version-1.109.x/architecture-configuration/yake-config-secret.md
new file mode 100644
index 00000000000..2e2b027c33b
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/architecture-configuration/yake-config-secret.md
@@ -0,0 +1,41 @@
+---
+sidebar_position: 2
+---
+
+# The YAKE config secret
+Via the `yake-config` secret, some basic parameters for the resulting Gardener installation are configured. In particular, values which should be kept secret such as dnsprovider credentials are set in `yake-config`.
+As the `yake-config` secret serves as input values for the `configuration` helm chart (see [architecture](./architecture.md)), the secret is defined as
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: yake-config
+  namespace: flux-system
+type: Opaque
+stringData:
+  values.yaml: |
+  ...
+```
+
+and the configuration needs to be inserted below `stringData.values.yaml`. The configuration options are listed and explained below.
+
+| Field                          | Subfield                         | Subfield                                                                                                       | Description                                                                                                       |
+| :----------------------------- | :------------------------------- | :------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------- |
+| `clusterIdentity` <br />string |                                  |                                                                                                                | a unique identifier for your garden cluster                                                                       |
+| `dashboard`                    |                                  |                                                                                                                |                                                                                                                   |
+|                                | `clientSecret` <br />string      |                                                                                                                | client secret e.g. some value obtained by `openssl rand -hex 20`                                                  |
+|                                | `sessionSecret` <br />string     |                                                                                                                | session secret e.g. some value obtained by `openssl rand -hex 20`                                                 |
+| `kubeApiServer`                |                                  |                                                                                                                |                                                                                                                   |
+|                                | `basicAuthPassword` <br />string |                                                                                                                | basic auth password for kubeapiserver e.g. `openssl rand -hex 20`                                                 |
+| `issuer`                       |                                  |                                                                                                                |                                                                                                                   |
+|                                | `acme`                           |                                                                                                                |                                                                                                                   |
+|                                |                                  | `email` <br />string                                                                                           | Email address used for certificate handlin                                                                        |
+|                                |                                  | `server` <br />string                                                                                          | acme server, letsencryp production by default                                                                     |
+|                                | `ca`                             |                                                                                                                | ca of the acme server, not needed when using letsencrypt production                                               |
+| `domains`                      |                                  |                                                                                                                |                                                                                                                   |
+|                                | `global`                         |                                                                                                                | global means used for ingress, gardener defaultDomain and internalDomain                                          |
+|                                |                                  | `domain` <br />string                                                                                          | domain for your gardener installation, e.g. the dashboard will appear under dashboard.domain                      |
+|                                |                                  | `provider` <br />string                                                                                        | DNS provider for your installation, e.g. azure-dns, aws-route53, openstack-designate etc.                         |
+|                                |                                  | `credentials` <br />[dnscredentials](https://github.com/gardener/external-dns-management/tree/master/examples) | DNS provider credential, see [examples](https://github.com/gardener/external-dns-management/tree/master/examples) |
+| `registryOverwrite`            |                                  |                                                                                                                | See Guide [Use different container registry](../guides/registryOverwrite.md)                                       |
diff --git a/docs/versioned_docs/version-1.109.x/faq.md b/docs/versioned_docs/version-1.109.x/faq.md
new file mode 100644
index 00000000000..316bc6c4195
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/faq.md
@@ -0,0 +1,16 @@
+---
+sidebar_position: 5
+title: FAQ
+---
+
+### Which Gardener version do I get with YAKE?
+
+We keep the pace of the Gardener upstream and release new Gardener versions with YAKE as soon as possible. This enables YAKE users the keep their installation up-to-date, and get the experience of new features in a two week rhythm.
+
+### Can I migrate from my garden-setup-based installation to YAKE?
+
+Yes, this is possible. Most probably our support is required but we are happy to help in these kind of scenarios.
+
+### Will YAKE support the Gardener operator at some day?
+
+Most likely, yes. As of writing this, there are no clear plans to integrate the Gardener operator into YAKE, as this would introduce a complex migration path. However, we are always willing to improve YAKE and once the time is ready, the Gardener operator will be introduced to manage the garden in YAKE.
diff --git a/docs/versioned_docs/version-1.109.x/guides/_category_.json b/docs/versioned_docs/version-1.109.x/guides/_category_.json
new file mode 100644
index 00000000000..7503fc9cebc
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/guides/_category_.json
@@ -0,0 +1,8 @@
+{
+  "label": "Guides",
+  "position": 4,
+  "link": {
+    "type": "generated-index",
+    "description": "Advanced topics and guides"
+  }
+}
diff --git a/docs/versioned_docs/version-1.109.x/guides/installation.md b/docs/versioned_docs/version-1.109.x/guides/installation.md
new file mode 100644
index 00000000000..5cdba3cd0ae
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/guides/installation.md
@@ -0,0 +1,9 @@
+---
+sidebar_position: 10
+---
+
+# Installation
+
+The process of installing YAKE can differ slightly depending on your kubernetes environment. So this section will be expanded to include more providers over time.
+
+[AKS](https://github.com/YAKEcloud/yake-install-examples/tree/main/azure)
diff --git a/docs/versioned_docs/version-1.109.x/guides/managed-seeds.md b/docs/versioned_docs/version-1.109.x/guides/managed-seeds.md
new file mode 100644
index 00000000000..493fc15ebd0
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/guides/managed-seeds.md
@@ -0,0 +1,137 @@
+---
+sidebar_position: 30
+---
+
+# Scaling out with Managed Seeds
+
+## Deployment of `ManagedSeeds` in YAKE
+
+Conceptually, a [managed seed](https://gardener.cloud/docs/gardener/usage/managed_seed/) is a `Shoot` cluster which is registered as `Seed` cluster. Thus, an operator has to deploy two resources to the virtual garden: a `Shoot` and a `ManagedSeed`. In consequence, Gardener will take care for the `Shoot` and register it as `Seed`.
+In YAKE, you can maintain managed seeds via the GitOps approach. For this, two `Kustomization`s are required. One is responsible for the creation of `Shoot` Clusters and the other one for the creation of `ManagedSeed` resources. Examples for these `Kustomization`s are given below.
+
+```yaml
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: shoots
+  namespace: flux-system
+spec:
+  kubeConfig:
+	secretRef:
+	  name: gardener-internal-kubeconfig
+  interval: 1m0s
+  dependsOn:
+	- name: yake-env-garden-content
+  sourceRef:
+	kind: GitRepository
+	name: yake-config
+  path: ./seeds/shoots
+  prune: false
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: seeds
+  namespace: flux-system
+spec:
+  kubeConfig:
+	secretRef:
+	  name: gardener-internal-kubeconfig
+  interval: 1m0s
+  dependsOn:
+	- name: yake-env-garden-content
+	- name: shoots
+  sourceRef:
+	kind: GitRepository
+	name: yake-config
+  path: ./seeds
+  prune: false
+```
+
+In this example, the `Kustomization`s point to a directory called `seeds` (and the subdirectory `seeds/shoots`) in the repository root. Consequently, all required manifests have to be stored in these directories. As the directory names already indicate, the `Shoot` manifests are organized in the `seeds/shoots` directory and the `ManagedSeed` manifests in the seeds directory, respectively. The easiest option to obtain a valid `Shoot` manifest for your YAKE environment is to configure a shoot via the Gardener dashboard and just copy over the corresponding yaml manifest.
+:::tip
+It is recommended to use a dedicated cloud provider secret for the `Shoots` to be registered as `Seeds`. Therefore, you might need to create a corresponding secret. Also here, the easiest way to create it is via the Gardener Dashboard.
+:::
+:::note
+Keep in mind that the `Shoot` will be used as `Seed` and should be equipped with meaningful resources, e.g. a minimum amount of 3 workers with 8vCPU and 32GB RAM.
+:::
+
+For the `ManagedSeed` manifest, an example is given below. You can also find an example in the [Gardener upstream repository](https://github.com/gardener/gardener/blob/master/example/55-managedseed-gardenlet.yaml).
+
+```yaml
+apiVersion: seedmanagement.gardener.cloud/v1alpha1
+kind: ManagedSeed
+metadata:
+  name: my-region-0
+  namespace: garden # Must be garden
+spec:
+  shoot:
+    name: my-region-0 # has to be the name of the shoot to be used
+  # gardenlet specifies that the ManagedSeed controller should deploy a gardenlet into the cluster
+  # with the given deployment parameters and GardenletConfiguration.
+  gardenlet:
+    config: # GardenletConfiguration resource
+      apiVersion: gardenlet.config.gardener.cloud/v1alpha1
+      kind: GardenletConfiguration
+      seedConfig:
+        metadata:
+          labels:
+            name: my-region-0
+        taints:
+          seed.gardener.cloud/protected: false
+        spec:
+          dns:
+            provider:
+              type: # a valid dns provider
+              secretRef:
+                name: default-domain-gardener-... # the default-domain-secret of your environment
+                namespace: garden
+          ingress:
+            domain: ingress.my-region-0.garden.BASEDOMAIN # replace BASEDOMAIN with your domain
+            controller:
+              kind: nginx
+          networks:
+            shootDefaults:
+              pods: 100.74.0.0/16
+              services: 100.96.0.0/13
+          provider:
+            region: MYREGION
+            type: # your cluster provider type
+          backup:
+            provider: # your backup provider type
+            region: # your backup provider region
+            secretRef:
+              name: # your backup provider secret
+              namespace: # your backup provider secret namespace
+          settings:
+            scheduling:
+              visible: true
+            excessCapacityReservation:
+              enabled: true
+      featureGates:
+        HVPA: true
+        HVPAForShootedSeed: true
+```
+
+:::note
+You will need to provide a `Secret` for your backup provider in advance, if you want to enable backups on this `Seed`.
+:::
+
+## Deployment of wildcard certificate for Grafana/Prometheus dashboards
+
+We prepared everything in YAKE so that the only thing you need to do is to set a label in the `SeedConfig` in your `managedSeed` resource with `yake.cloud/generate-controlplane-cert="true"`:
+``` yaml
+apiVersion: seedmanagement.gardener.cloud/v1alpha1
+kind: ManagedSeed
+spec:
+  shoot:
+    ...
+  gardenlet:
+    ...
+      seedConfig:
+        metadata:
+          labels:
+            ...
+            yake.cloud/generate-controlplane-cert: "true"
+```
+When this label is set, your Grafana/Prometheus dashboard should be equipped with a browser trusted certificate.
diff --git a/docs/versioned_docs/version-1.109.x/guides/openid-connect.md b/docs/versioned_docs/version-1.109.x/guides/openid-connect.md
new file mode 100644
index 00000000000..b2c2d10a7ef
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/guides/openid-connect.md
@@ -0,0 +1,48 @@
+---
+sidebar_position: 40
+---
+
+# Authentication with OpenID Connect
+
+YAKE and Gardener do not have their own user authentication and should be connected to an external authentication provider of your choice. Part of our setup is the *[Dex](https://dexidp.io/)* OpenID service which can be connected via [connectors](https://dexidp.io/docs/connectors/) to many authentication providers and protocols like
+
+* [OpenID Connect](https://dexidp.io/docs/connectors/oidc/)
+* [SAML](https://dexidp.io/docs/connectors/saml/)
+* [LDAP](https://dexidp.io/docs/connectors/ldap/)
+* [GitHub](https://dexidp.io/docs/connectors/github/)
+
+*Authentication* means checking if the user credentials are valid, most commonly username + password and maybe an OTP token. This part is happening in the external authentication provider, which also is responsible for user creation, password changes, password policies, locking/deleting users etc.
+
+*Authorization* means deciding what an user is allowed to do and see. This part is always done *inside* of Gardener by adding members to projects. Group membership or other information from the authentication provider is not used for authorization.
+
+## Static users
+
+The default YAKE configuration has created a user in Dex with a static password, and assiged admin permissions to that user. This is just to get started or for very minimal setups. While not recommended, you could add more users with static passwords in the same manner and add them as members to projects. We advise to remove that configuration after you have configured a centralised authentication provider. To do so, remove the `staticPasswords` section from `config/identity-values.yaml` and adjust `garden-content/admin-clusterrolebinding.yaml`.
+
+## Identity component configuration
+
+The identity component in YAKE (Dex) is configured via the `identity-values` secret in the cluster. Our GitOps workflow will manage this secret via `config/identity-values.yaml` in git.
+
+Shown here is an example configuration with OpenID connect. You need to refer to the Dex documentation for [connectors](https://dexidp.io/docs/connectors/) for a complete list of options.
+
+The YAKE identity component will need to be added as a new *client* in your OpenID provider first, which will allow you to fill the values for `clientID` and `clientSecret`.
+
+```
+apiVersion: v1
+kind: Secret
+metadata:
+  name: identity-values
+  namespace: flux-system
+type: Opaque
+stringData:
+  values.yaml: |
+    connectors:
+    - type: oidc
+      id: iam
+      name: Company IAM
+      config:
+        issuer: https://auth.example.org
+        clientID: 811910b8-91a3-11ed-aa17-f7f643bfc07a
+        clientSecret: faoli3koo8keix0Cuicae2phi5aaPaed
+        redirectURI: https://identity.gardener.example.org/oidc/callback
+```
diff --git a/docs/versioned_docs/version-1.109.x/guides/registryOverwrite.md b/docs/versioned_docs/version-1.109.x/guides/registryOverwrite.md
new file mode 100644
index 00000000000..623e4a6e0e7
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/guides/registryOverwrite.md
@@ -0,0 +1,144 @@
+---
+sidebar_position: 30
+---
+
+# Use custom container registry
+
+YAKE in its default configuration will use container images from public container registries, whichever the developers of the respective component decided to publish to "upstream". Larger installations could run into rate limits of specific registries or have other reasons not to use those registries directly, and pull the same images from a registry mirror instead.
+
+For environments that prefer and can provide an internal registry, YAKE has a config switch to easily reconfigure all components to pull from this registry.
+
+The setup and mirroring procedure of such an internal registry mirror is not covered in this guide. We use and recommend harbors [proxy cache](https://goharbor.io/docs/2.1.0/administration/configure-proxy-cache/) mode, as it won't require to identify, pull and push each single image in each version/tag beforehand, which will change frequently and even with patch updates.
+
+This feature only affects components deployed by YAKE and Gardener, from the basecluster down to each shoot node (f.e. `calico-node` pods), but will not alter anything else deployed to a shoot or custom deployments on the basecluster.
+
+## Full example
+
+The registryOverwrite configuration option in `yake-config` allows you to specify replacement pairs as "originalURL: replacementURL", and will then look for and replace all registries that start with `originalURL` and replace that part of the full path with `replacementURL`. If you only want to mirror certain upstream registries, for example docker.io because of rate limits, you can only specify that and everything else will be left unchanged. To pull all containers currently used in YAKE from your internal registry you need all of the following overwrites:
+
+```
+registryOverwrite:
+  eu.gcr.io: myregistry.io/eu.gcr.io
+  registry.k8s.io: myregistry.io/registry.k8s.io
+  quay.io: myregistry.io/quay.io
+  docker.io: myregistry.io/docker.io
+  gcr.io: myregistry.io/gcr.io
+  ghcr.io: myregistry.io/ghcr.io
+  registry.k8s.io: myregistry.io/registry.k8s.io
+  mcr.microsoft.com: myregistry.io/mcr.microsoft.com
+  public.ecr.aws: myregistry.io/public.ecr.aws
+  registry.eu-central-1.aliyuncs.com: myregistry.io/registry.eu-central-1.aliyuncs.com
+```
+Replacements look only for the *prefix* of the full repository path. Wildcards or other expressions are currently not supported, so certain mirror layouts would require a very lengthy replacement map. We recommend to follow a structure similar to the one above, so one project or folder or subfolder for each upstream registry, and inside of that the same structure as the original registry uses.
+
+## Replacement mechanism examples
+
+Given the following replacement map
+```
+registryOverwrite:
+  eu.gcr.io: myregistry.io/eu.gcr.io
+```
+
+the following replacements would be performed
+
+| Original                         | Will be replaced? | Replacement                                    |
+| -------------------------------- | ----------------- | ---------------------------------------------- |
+| eu.gcr.io/examplefolder/example1 | Yes               | myregistry.io/eu.gcr.io/examplefolder/example1 |
+| eu.gcr.io/otherexample/example2  | Yes               | myregistry.io/eu.gcr.io/otherexample/example2  |
+| registry.k8s.io/kube-apiserver        | No                |                                                |
+
+---
+
+Given the following replacement map
+```
+registryOverwrite:
+  eu.gcr.io/examplefolder: myregistry.io/mirror-example
+```
+
+the following replacements would be performed
+
+
+| Original                         | Will be replaced? | Replacement                           |
+| -------------------------------- | ----------------- | ------------------------------------- |
+| eu.gcr.io/examplefolder/example1 | Yes               | myregistry.io/mirror-example/example1 |
+| eu.gcr.io/otherexample/example2  | No                |                                       |
+| registry.k8s.io/kube-apiserver        | No                |                                       |
+
+---
+
+Given the following replacement map
+```
+registryOverwrite:
+  eu.gcr.io/examplefolder: myregistry.io/mirror-example
+  eu.gcr.io/otherexample: myregistry.io/mirror-example
+  registry.k8s.io: myregistry.io/mirror-example
+```
+
+the following replacements would be performed
+
+
+| Original                         | Will be replaced? | Replacement                                 |
+| -------------------------------- | ----------------- | ------------------------------------------- |
+| eu.gcr.io/examplefolder/example1 | Yes               | myregistry.io/mirror-example/example1       |
+| eu.gcr.io/otherexample/example2  | Yes               | myregistry.io/mirror-example/example2       |
+| registry.k8s.io/kube-apiserver        | Yes               | myregistry.io/mirror-example/kube-apiserver |
+
+---
+
+Given the following replacement map
+```
+registryOverwrite:
+  gcr.io: myregistry.io
+```
+
+the following replacements would be performed
+
+
+| Original                         | Will be replaced? | Replacement |
+| -------------------------------- | ----------------- | ----------- |
+| eu.gcr.io/examplefolder/example1 | No                |             |
+| eu.gcr.io/otherexample/example2  | No                |             |
+| registry.k8s.io/kube-apiserver        | No                |             |
+
+
+
+## Flux configuration to change repository
+
+YAKE includes flux's controllers in a specific version and installs available updates with each release. Due to the way we include flux, unfortunately it can't use the registryOverwrite map to change where the flux images are pulled from and needs it's own instructions to use an internal registry.
+
+In your configuration git you will have a file `flux/yake-base.yaml`, that needs to be changed similar to the following example, where you would change the `newName` parameters to point to your internal registry mirror.
+
+```
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: yake-base
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  path: ./
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: yake
+  patches:
+    - patch: |-
+        apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+        kind: Kustomization
+        metadata:
+          name: not-used
+        spec:
+          images:
+            - name: ghcr.io/fluxcd/helm-controller
+              newName: changeme.internal.mirror/ghcr.io/fluxcd/helm-controller
+            - name: ghcr.io/fluxcd/kustomize-controller
+              newName: changeme.internal.mirror/ghcr.io/fluxcd/kustomize-controller
+            - name: ghcr.io/fluxcd/notification-controller
+              newName: changeme.internal.mirror/ghcr.io/fluxcd/notification-controller
+            - name: ghcr.io/fluxcd/source-controller
+              newName: changeme.internal.mirror/ghcr.io/fluxcd/source-controller
+      target:
+        kind: Kustomization
+        name: flux-system
+        namespace: flux-system
+```
diff --git a/docs/versioned_docs/version-1.109.x/guides/serviceaccount-tokens.md b/docs/versioned_docs/version-1.109.x/guides/serviceaccount-tokens.md
new file mode 100644
index 00000000000..3df9ad85c94
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/guides/serviceaccount-tokens.md
@@ -0,0 +1,68 @@
+---
+sidebar_position: 50
+---
+
+# ServiceAccounts and Tokens
+
+For automated operations, you can create a ServiceAccount in either:
+
+* The Gardener API to:
+  * Create, delete, modify Shoots
+  * Create new admin kubeconfigs for Shoots
+* A specific Shoot:
+  * With fine-grained RBAC for certain namespaces in a cluster
+
+## ServiceAccount in the Gardener API
+
+The easiest way to create a ServiceAccount for the Gardener API is via the Gardener Dashboard in the Members Page of a Project. You can then download a kubeconfig for a ServiceAccount to use it with kubectl, with a default token duration of 30 days.
+
+A ServiceAccount needs to be assigned Roles to read and write certain resources. A ServiceAccount with the Service Account Manager Role can create new tokens for itself with longer durations, which we can use to automate prolonged access. This example would generate a new token and save it to the existing kubeconfig file, which could be done periodically (until access gets revoked).
+
+  ```bash
+export KUBECONFIG=from-dashboard-kubeconfig.yaml
+NEW_TOKEN="$(kubectl create token my-serviceaccount --duration=48h)"
+kubectl config set-credentials my-serviceaccount --token=$NEW_TOKEN
+```
+
+There is currently no explicit limit for the maximum allowed token duration. Please be aware that this could change in the future, and the API could return a token with a shorter duration than requested.
+
+## ServiceAccount in the Shoot
+
+The Gardener API will only provide certificate-based Admin (full Shoot access) or Viewer (read-only access) kubeconfigs for a Shoot. Such kubeconfig files have an embedded client certificate with a set expiration date and cannot be revoked earlier than that, other than rotating the entire cluster Certificate Authority. It is not possible to create fine-grained RBAC to limit or extend the permissions of such a kubeconfig.
+
+This is why you should only use ServiceAccounts for automated operations of a cluster. ServiceAccounts can be deleted, audited, and have the exact permissions required. Here's how to create a ServiceAccount in the default Namespace, create a Token with a certain duration, and create a new kubeconfig file that contains that token:
+
+   ```bash
+kubectl create serviceaccount my-service-account
+
+CLUSTER_NAME=$(kubectl config view --minify -o jsonpath='{.clusters[0].name}')
+CLUSTER_SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
+CA_CERT=$(kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}')
+TOKEN=$(kubectl create token my-service-account --duration=48h)
+
+cat << EOF > sa-kubeconfig.yaml
+apiVersion: v1
+kind: Config
+clusters:
+- name: ${CLUSTER_NAME}
+  cluster:
+    certificate-authority-data: ${CA_CERT}
+    server: ${CLUSTER_SERVER}
+contexts:
+- name: my-service-account@${CLUSTER_NAME}
+  context:
+    cluster: ${CLUSTER_NAME}
+    user: my-service-account
+current-context: my-service-account@${CLUSTER_NAME}
+users:
+- name: my-service-account
+  user:
+    token: ${TOKEN}
+EOF
+
+export KUBECONFIG=sa-kubeconfig.yaml
+kubectl auth can-i --list
+...
+```
+
+You then need to create [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) to allow that ServiceAccount certain operations.
diff --git a/docs/versioned_docs/version-1.109.x/installation/_category_.json b/docs/versioned_docs/version-1.109.x/installation/_category_.json
new file mode 100644
index 00000000000..421f22a408d
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/installation/_category_.json
@@ -0,0 +1,8 @@
+{
+  "label": "Installation",
+  "position": 3,
+  "link": {
+    "type": "generated-index",
+    "description": "Installation instructions"
+  }
+}
diff --git a/docs/versioned_docs/version-1.109.x/installation/prerequisites.md b/docs/versioned_docs/version-1.109.x/installation/prerequisites.md
new file mode 100644
index 00000000000..582bdd3d259
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/installation/prerequisites.md
@@ -0,0 +1,60 @@
+---
+sidebar_position: 1
+title: Prerequisites
+---
+
+Before you can start with your YAKE deployment, you should check whether you have everything you need at hand. In the following, the prerequisites are listed and detailed.
+
+## Deployment Host
+
+This can be any workstation machine, laptop, VM, whatnot, as long as it is connected to the internet. Most preferably, it is a Linux-based host, however, macOS or WSL should also work fine.
+
+### Tools
+
+To use YAKE efficiently you will need these tools:
+
+- [git](https://git-scm.com/downloads)
+- [kubectl](https://kubernetes.io/docs/reference/kubectl/)
+- [flux](https://fluxcd.io/flux/installation/)
+- [helm](https://helm.sh/docs/intro/install/) (optional)
+
+We recommend using an interactive tool like [k9s](https://k9scli.io/) as a more convenient way of working with your clusters.
+
+## Git Repository
+
+To store and manage the configuration of your Gardener environment you need a git repository (see also [architecture](/docs/architecture-configuration/architecture.md)), which is accessible via ssh over the internet. Of course, you can host your configuration git repository on forges like GitHub or GitLab. Conceptually, the forge needs to support ssh deploy keys. However, this should not be a limitation with modern forges.
+
+:::note
+A local git repository will not work with YAKE, as the [flux](https://fluxcd.io/) controllers need be able to access the repository.
+:::
+
+## Domain and DNS provider
+
+For the Gardener installation, you need a domain under which e.g. the Gardener dashboard is served. Moreover, a DNS provider like azure-dns, aws-route53, or openstack-designate is required. Make sure to delegate a domain to your DNS provider of choice (see [here](https://gardener.cloud/docs/extensions/others/gardener-extension-shoot-dns-service/docs/usage/dns_names/#gardener-dns-extension) for a list of supported DNS providers by Gardener). You will also need the DNS provider credentials in order to configure these for YAKE.
+
+## Kubernetes Cluster
+
+As Gardener is installed on top of Kubernetes itself, you need a base cluster which hosts your Gardener installation. This needs to be a cluster with "full cloud support", i.e. you need to have a cluster with
+
+- 3x 4vcpu, 8GB RAM (control plane) and 3x 8vcpu 16GB RAM (workers) for a production ready setup (**or** 4x 4vcpu, 8GB RAM for a working basic setup)
+- a working load balancer service
+- a running [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) like [calico](https://www.tigera.io/project-calico/) or [cilium](https://cilium.io/)
+- a running [CSI](https://kubernetes-csi.github.io/) for your cloud provider's volumes
+  Moreover, the cluster needs to be hosted on a cloud provider with existing Gardener extension. Checkout this [list](https://gardener.cloud/docs/extensions/infrastructure-extensions/) for the infrastructure extensions maintained in the [gardener organization on GitHub](https://github.com/gardener).
+
+Moreover, you should consider the following aspects:
+
+- As YAKE ships with a deployement of [ingress-nginx](https://kubernetes.github.io/ingress-nginx/), you must not install any ingress controller into the base cluster
+- As Gardener uses the `192.168.123.0/24`internally, your pod network of the base cluster should not interfere with that range. Therefore, it is recommended to use `172.16.0.0/16` as pod network in the base cluster. For the service network no restrictions are known.
+
+:::tip
+There are more provider extensions than the ones hosted in the Gardener organization on GitHub. For instance, there is the [provider-hcloud](https://github.com/23technologies/gardener-extension-provider-hcloud) extension supporting managed Kubernetes on the [Hetzner cloud](https://www.hetzner.com/cloud). If you are interested in a custom extension, you can also contact us, and we can discuss on a development plan for another extension.
+:::
+
+:::warning
+A local Kubernetes cluster like k3s, kind, minikube or similar will not work for a production deployment of Gardener. If you want to start locally for development purposes, checkout [Gardener's Getting started locally guide](https://gardener.cloud/docs/gardener/development/getting_started_locally/).
+:::
+
+## Basic Kubernetes, Helm and Flux Knowledge
+
+If you are entirely new to [Kubernetes](https://kubernetes.io/) and related tooling like [Helm](https://helm.sh) and [Flux](https://fluxcd.io/) your learning curve will be really steep, when using YAKE. If you already have some experience with those tools, you can consult the [Helm/Flux page](/docs/architecture-configuration/helm-flux.md) for some basic commands and explanation. Otherwise, you could also contact us for a training.
diff --git a/docs/versioned_docs/version-1.109.x/overview.md b/docs/versioned_docs/version-1.109.x/overview.md
new file mode 100644
index 00000000000..eefe077bde3
--- /dev/null
+++ b/docs/versioned_docs/version-1.109.x/overview.md
@@ -0,0 +1,35 @@
+---
+sidebar_position: 1
+---
+
+# Overview
+
+YAKE is thea GitOps driven installer and lifecycle management tool for [Gardener](https://gardener.cloud/). It helps you
+to deploy your Gardener setup fast and reliably. It is also your companion, when it comes to upgrading and maintaining
+your setup. All YAKE releases are carefully selected and tested sets of upstream Gardener components. With YAKE you can
+run and configure your complete Gardener setup through your git config-repository. Based on [Flux](https://fluxcd.io/),
+the actual state of the system is always reconciled to the declarative configuration from your gitrepository which results
+in full control of your Gardener installation.
+
+## Support
+
+When you decide to build your productive Gardener environment based on YAKE, you will also get support from the 23T engineers.
+We tackle all kinds of issues. From simple configuration questions to advanced Gardener operation topics... We'll be by your side 🙂.
+
+## Getting Started
+
+### Locally
+
+Checkout the [Readme](https://github.com/YAKEcloud/yake/blob/main/README.md) in the repository for getting started locally.
+
+### In the cloud (production scenario)
+
+First, make sure that you satisfy the requirements below and then follow the installtion guide.
+
+#### What you'll need
+
+- A Kubernetes cluster (also called base cluster) running in the cloud
+- A DNS provider e.g. azure-dns, aws-route53, openstack-designate
+- A domain delegated to the DNS provider of choice
+- A remote git repository which is accessible (read and write) via ssh
+- Basic knowledge about Flux, Helm and Kustomize
diff --git a/docs/versioned_sidebars/version-1.109.x-sidebars.json b/docs/versioned_sidebars/version-1.109.x-sidebars.json
new file mode 100644
index 00000000000..caea0c03ba6
--- /dev/null
+++ b/docs/versioned_sidebars/version-1.109.x-sidebars.json
@@ -0,0 +1,8 @@
+{
+  "tutorialSidebar": [
+    {
+      "type": "autogenerated",
+      "dirName": "."
+    }
+  ]
+}
diff --git a/docs/versions.json b/docs/versions.json
index 6eb4201b9d7..218c01a66fa 100644
--- a/docs/versions.json
+++ b/docs/versions.json
@@ -1,4 +1,5 @@
 [
+  "1.109.x",
   "1.108.x",
   "1.107.x",
   "1.106.x",