From 1378fb2f1575e80aa7f39ca8ac9bd35c5af4a655 Mon Sep 17 00:00:00 2001
From: Gerrit91 <info@gerritschwerthelm.de>
Date: Wed, 8 Nov 2023 08:47:05 +0100
Subject: [PATCH] Progress.

---
 architecture.drawio.svg                       | 45 +++++++----
 .../templates/deployment.yaml                 |  3 +
 charts/images.yaml                            |  2 +-
 example/controller-registration.yaml          |  2 +-
 example/shoot.yaml                            |  8 +-
 pkg/controller/actuator.go                    | 76 ++++++++++++++++++-
 6 files changed, 114 insertions(+), 22 deletions(-)

diff --git a/architecture.drawio.svg b/architecture.drawio.svg
index 3d5d88e..d0e7d23 100644
--- a/architecture.drawio.svg
+++ b/architecture.drawio.svg
@@ -1,4 +1,4 @@
-<svg host="65bd71144e" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="1064px" height="631px" viewBox="-0.5 -0.5 1064 631" content="&lt;mxfile&gt;&lt;diagram id=&quot;IFFBy75YnD9M4-Z65ViC&quot; name=&quot;Page-1&quot;&gt;5Vrbbqs4FP2aSGceUgEOJHns7cx5mJEqZaSZ8+iCC1YJRrZpkvn6scEmYDtpTkou0760eOPr8trb3ouMwP1y/TuFZfYnSVA+CrxkPQIPoyDwvWgq/knLRllmIGwsKcWJsm0NC/wv0k2VtcIJYr2KnJCc47JvjElRoJj3bJBSsupXeyF5f9QSpsgyLGKY29a/ccKzxjoLva39B8Jppkf2PfVmCXVlZWAZTMiqYwKPI3BPCeHN03J9j3KJnsalafd9x9t2YhQV/JAGQdPgDeaVWpuaF9/oxVJSFQmS9b0RuFtlmKNFCWP5diX2V9gyvsxFyRePqjtEOVrvnJLfLlRQBJEl4nQjqugGkcJGs2Oiyqst1BNdJ+vA3Bqh2t607XuLgHhQILgBmViALJBYvAmKWB7vr5xxSl7RPckJFZaCFKLm3QvOc8MEc5wWohgLOJCw30mwsODWrXqxxEkih3FC3d+MM6HtAhsMgHX0K+Tzz0K+wDPgmNlwBKEDj9bFPwJIaAGSQpqgAtGx4BsqGCbFGFYJ5hf30jYWK6DaiNYBqgWv56UD4DS1cGrhEeYCLhGr1/5pvdZE30VT30XTIdx2dv1uC/wD3TYYwm3nFiAskyf4l6SiC/qTUVGP1YH+tXpGY1hihqhY19XFyYl3xjgJbHjivGKSNvLWS1fidMFFOgqiXJLxWZijVD6pi3MTTzmRN1ees3FJyXpjQYoScTlWRUJ5RlJSwPxxa72LK7EXOhp08BUY0s0/ai/qwk9ZuAl18WHdffmwUSXGIeW38iK/dYva9h1LLFSLRNeIc8gYjhujqlIPv8a8HV08N4NPQ1XcDi4Leuxm+XLN+xkhICIVjXUtnaZAmiJdLXAzh6IccvzW799Fg7qpWCTcdCqUBBecdXp+kobOhQ8Y/jozMoR36k+mnkHBZgZbQrZLOYyj0UkIdROGfU7N3yNVXXpCFIvJy7g6JNOGI82ucHMwaQ4Orb4VO+qb51jFjSuMrSA8Y2z17dT5rSzGTGSL42s9e86KD7DwuTggUWhcm88qLfgObaG5J37Wu+EheJ9KXPDtZHoP/86TpkTTS6oLvq231BGdQ5xfQbSKZn1wzqoo+LakoHSWr5DDmdCfVU7wr1BPMB0VOLK2EzqqLSjUVwvnYXFpNwWOmH4yN9Uhwcz32UYktcuv6awubp7MWQM7K3hcC1REfiastypkLnDxymxV4Ru6SW/k6zKvitffrC0SQ+GS1SlWBktpjHNSJWehdWigOgYOjwcujw+GgNVOJhJU5mTD5CJoT9AyUcVFnFeNjOP99cdC/I0FEMxG992segBlxi2p7FdUesn8yZJpdR3sCTAfzaWPE2AMrVoHxp0CjKltDyzABHaitqw45Ehyr2HhEtUTkkJgBJfS+YpnVtZb4WYjko6DnsWB9TqqP8O/4LSisBEUB+Glfxwv/f8FL70heGkRKQwM4oVG5GqmpVrtYaTZkZYQ246axVgd/aqngLl7wrvmNflg/UkwrGcBvd2fQCs/jtxaJOuxe36JqBvtl7HfrQ+igblhn/g2WVzb0qFEP0AdEeGOjaZHkmHuIEPkJkPn1uW6ymrbByPiLDIDQHhcRJybSvTU6GigiDg3WekNzEpbotzHShVOEsgyV8iS9ifIZXpQWwIPtGmX/t1csIvHnQ9xP7vc3U9k0QrM+2T2w+CYLz9Hctz1yeaSFJ8YZ7VvpuGHUnxiSCLzw878Y0hoK7fiBskwk57hkRfx50W8Kfj4uc42xUsOcVF/1B4Fd3JO5ocqj+EExZBaZP40qkDogf4+uyQ838GzI2QZUdz+QrXZ4O0PfcHjfw==&lt;/diagram&gt;&lt;/mxfile&gt;">
+<svg host="65bd71144e" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="894px" height="631px" viewBox="-0.5 -0.5 894 631" content="&lt;mxfile&gt;&lt;diagram id=&quot;IFFBy75YnD9M4-Z65ViC&quot; name=&quot;Page-1&quot;&gt;5Vtdb6M4FP01kXYfUgEOpHns18w+7EojZaXdeXTBJVYJRrZpkv31a4NNwHYSkpI0076k+GKwfXzu5d4DHYGH5fo7hcXiL5KgbBR4yXoEHkdB4E8AEH+kZaMs0TSsLSnFibJtDXP8H1JGT1lLnCDW6cgJyTguusaY5DmKeccGKSWrbrcXknVHLWCKLMM8hplt/QcnfFFbb0Nva/8D4XShR/Y9dWYJdWdlYAuYkFXLBJ5G4IESwuuj5foBZRI9jUt93bcdZ5uJUZTzPhcE9QVvMCvV2tS8+EYvlpIyT5Ds743A/WqBOZoXMJZnV2J/hW3Bl5lo+eLQHl9N6Q1RjtYtk5rPd0SWiNON6KLPRgobzY6Jaq+2UE90n0UL5sYI1famzb23CIgDBYIbkIkFyByJxZugiLXw7soZp+QVPZCMUGHJSS563r/gLDNMMMNpLpqxQAgJ+71EBgtu3akTS5wkchgn1N3NuBDaLrDBAFhHx5DPvwj5As+A49aGIwgdeDQu/h5AQguQFNIE5YiOBd9QzjDJx7BMMP9wL21isQKqiWgtoBrwOl46AE5TC6cGHmHO4RKxau2f1mtN9F009V00HcJtb6/fbYHf020b43sAmVmAsIV8gn9JKrqgPxsV9Vgt6F/LZzSGBWaIikVcXZyceBeMk8CGJ85KJmkjs166Ek8XnKejIMokGZ+FOUrlkUqc63jKicxcecbGBSXrjQUpSkRyrJqE8gVJSQ6zp631Pi7FXuho0MJXwEo3/6q9qBo/ZeNGPAhV+3HdPvu4US3GIeV3MpPf+kVl+4YlGOqKRPeIM8gYjmuj6lKNv8a8GV4c16NPQ9XcDi4beuydpGCkpLGuEHRZAmmKdDcVJyVee6lDUQY5fusWGy4eVJeKRcJNq0NBcM5Z684/pKGV8QHDYW+NEuFAf51mbzlYz2DLyGYp/UganYVRN2HYJdXsEKmq1g9EsZi8DKxDMu1k0uh+w5Gmd2zVsW4bPKrUc6wCxxUGVxBeMLhqd27h81bkYybKxfG1Pnwuig+w8PlwQKLQyJsd1W4wO5e24DvEhTpR/KzJYR+8z6Uu+HY1vYd/l6lToulHygu+LbhUEZ1DnF1BtIpuu+BcVFLwbU1BCS1foYgzob+onuBfoaBgOipwlG1ndFRbUahSC+fD4qPdFDhi+tncVIcEs+BnG1HVLr+ms7q4eTZnDeyq4GktUBH1mbDeqZA5x/krs2WF39BNeiNPF1mZv/5ubZEYChesKrEWsJDGOCNlchFah0auPAYOjwcujw+GgNUuJhJUZGTD5LpoR9EyUcV5nJW1juP9/edc/MZi1cxG92BV3UOaOVhEOyWV/YpKp5gfqphW2V9HgBm8lj5NgDHEah0Ydwowprg9HVaACexCbVlyyJHkXs3CJaomJJXACC6l8+XPrKi2ws1GJB0HPYsH1uuoeg//gtOSwlpRHISX/mm89K+Rl95ZeGkRKQwM4pkvP+p5qqv2MNK8kZYQmxvVq7NudKyngJl7wrvmNXln/0kwrGcBvf/nFMsvrJUf40C9HAJMHR4xu4pIHRnSd2h+TXOgPxhaKrezBJtgrq1s0agb1E7Y1FMjcC8y6I3vkCHqSYZWpuZKf7XtnVH0NjKDRnhaFJ2Z6vXUuNFAUXRmstIbmJW2rLmPlSoEJZAtXGFO2n9ALkuKyhJ4oCnV9Md2wS4et17e/Wxzdz+RxVVg1iWzHwanvC3qx3HXa56rovjEeL77Zunel+ITQ0aZ9csTTiGhrfaKrJNhJj3DIy/i50Wcyfn4uapQxUkOcV69CR8F93JO5sstj+EExZBaZP40SkLoge4+u2Q/38GzQT5O2KG41mr0WApeqShCVtD+4uAEycsCxQFd7/do4UU/4rDFQDu8/upZ5QlfYBix8nDYDeywW3Pw0mml9Vp2duQXGEf2D/eVNfbVoXu0o4O/eaNwOlT0F83tJ/J19+1/GoCn/wE=&lt;/diagram&gt;&lt;/mxfile&gt;">
     <defs/>
     <g>
         <rect x="113" y="170" width="460" height="460" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/>
@@ -54,7 +54,7 @@
                 </text>
             </switch>
         </g>
-        <rect x="153" y="340" width="250" height="200" rx="30" ry="30" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/>
+        <rect x="153" y="340" width="250" height="250" rx="37.5" ry="37.5" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/>
         <rect x="163" y="340" width="150" height="30" fill="none" stroke="none" pointer-events="all"/>
         <g transform="translate(-0.5 -0.5)">
             <switch>
@@ -89,12 +89,12 @@
                 </text>
             </switch>
         </g>
-        <path d="M 163 410 Q 83 410 83 455 Q 83 500 156.63 500" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/>
-        <path d="M 161.88 500 L 154.88 503.5 L 156.63 500 L 154.88 496.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/>
+        <path d="M 163 410 Q 83 410 83 450 Q 83 490 156.63 490" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/>
+        <path d="M 161.88 490 L 154.88 493.5 L 156.63 490 L 154.88 486.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/>
         <g transform="translate(-0.5 -0.5)">
             <switch>
                 <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
-                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 455px; margin-left: 83px;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 450px; margin-left: 83px;">
                         <div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;">
                             <div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">
                                 cluster forwarding
@@ -104,13 +104,13 @@
                         </div>
                     </div>
                 </foreignObject>
-                <text x="83" y="458" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="11px" text-anchor="middle">
+                <text x="83" y="453" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="11px" text-anchor="middle">
                     cluster forwarding...
                 </text>
             </switch>
         </g>
-        <path d="M 343 400 Q 659.5 400 659.5 120.37" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/>
-        <path d="M 659.5 115.12 L 663 122.12 L 659.5 120.37 L 656 122.12 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/>
+        <path d="M 343 400 Q 589.5 400 589.5 120.37" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/>
+        <path d="M 589.5 115.12 L 593 122.12 L 589.5 120.37 L 586 122.12 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/>
         <rect x="163" y="380" width="180" height="40" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/>
         <g transform="translate(-0.5 -0.5)">
             <switch>
@@ -145,7 +145,7 @@
                 </text>
             </switch>
         </g>
-        <rect x="603" y="170" width="460" height="460" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/>
+        <rect x="603" y="170" width="290" height="460" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/>
         <rect x="603" y="170" width="60" height="30" fill="none" stroke="none" pointer-events="all"/>
         <g transform="translate(-0.5 -0.5)">
             <switch>
@@ -233,11 +233,11 @@
                 </text>
             </switch>
         </g>
-        <path d="M 590.5 30 C 544.5 30 533 60 569.8 66 C 533 79.2 574.4 108 604.3 96 C 625 120 694 120 717 96 C 763 96 763 72 734.25 60 C 763 36 717 12 676.75 24 C 648 6 602 6 590.5 30 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/>
+        <path d="M 520.5 30 C 474.5 30 463 60 499.8 66 C 463 79.2 504.4 108 534.3 96 C 555 120 624 120 647 96 C 693 96 693 72 664.25 60 C 693 36 647 12 606.75 24 C 578 6 532 6 520.5 30 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/>
         <g transform="translate(-0.5 -0.5)">
             <switch>
                 <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
-                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 228px; height: 1px; padding-top: 60px; margin-left: 534px;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 228px; height: 1px; padding-top: 60px; margin-left: 464px;">
                         <div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;">
                             <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
                                 External Audit Sinks
@@ -247,7 +247,7 @@
                         </div>
                     </div>
                 </foreignObject>
-                <text x="648" y="64" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">
+                <text x="578" y="64" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">
                     External Audit Sinks...
                 </text>
             </switch>
@@ -292,7 +292,7 @@
                 </text>
             </switch>
         </g>
-        <path d="M 343 500 Q 583 500 583 445 Q 583 390 626.63 390" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/>
+        <path d="M 343 550 Q 583 550 583 470 Q 583 390 626.63 390" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/>
         <path d="M 631.88 390 L 624.88 393.5 L 626.63 390 L 624.88 386.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/>
         <path d="M 813 390 Q 883 330 817.83 274.14" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/>
         <path d="M 813.85 270.73 L 821.44 272.63 L 817.83 274.14 L 816.89 277.94 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/>
@@ -314,6 +314,25 @@
                 </text>
             </switch>
         </g>
+        <rect x="163" y="530" width="180" height="40" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/>
+        <g transform="translate(-0.5 -0.5)">
+            <switch>
+                <foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;">
+                    <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 178px; height: 1px; padding-top: 550px; margin-left: 164px;">
+                        <div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;">
+                            <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
+                                audittailer-vpn-gateway
+                            </div>
+                        </div>
+                    </div>
+                </foreignObject>
+                <text x="253" y="554" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">
+                    audittailer-vpn-gateway
+                </text>
+            </switch>
+        </g>
+        <path d="M 163 510 Q 163 520 123 520 Q 83 520 83 535 Q 83 550 156.63 550" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/>
+        <path d="M 161.88 550 L 154.88 553.5 L 156.63 550 L 154.88 546.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/>
     </g>
     <switch>
         <g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/>
diff --git a/charts/gardener-extension-audit/templates/deployment.yaml b/charts/gardener-extension-audit/templates/deployment.yaml
index fdb9a5f..b1c8e9d 100644
--- a/charts/gardener-extension-audit/templates/deployment.yaml
+++ b/charts/gardener-extension-audit/templates/deployment.yaml
@@ -19,6 +19,9 @@ spec:
         {{- end }}
         checksum/configmap-{{ include "name" . }}-config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
       labels:
+        networking.gardener.cloud/to-runtime-apiserver: allowed
+        networking.gardener.cloud/to-dns: allowed
+        networking.resources.gardener.cloud/to-all-shoots-kube-apiserver-tcp-443: allowed
 {{ include "labels" . | indent 8 }}
     spec:
       containers:
diff --git a/charts/images.yaml b/charts/images.yaml
index 10113b4..d1ceb6d 100644
--- a/charts/images.yaml
+++ b/charts/images.yaml
@@ -2,7 +2,7 @@ images:
 - name: audit-forwarder
   sourceRepository: https://github.com/metal-stack/audit-forwarder
   repository: ghcr.io/metal-stack/audit-forwarder
-  tag: "latest"
+  tag: "support-audit-extension" # TODO: Pinning
 - name: fluent-bit
   sourceRepository: https://github.com/fluent/fluent-bit
   repository: fluent/fluent-bit
diff --git a/example/controller-registration.yaml b/example/controller-registration.yaml
index e102be4..fec1daa 100644
--- a/example/controller-registration.yaml
+++ b/example/controller-registration.yaml
@@ -5,7 +5,7 @@ metadata:
   name: audit
 type: helm
 providerConfig:
-  chart: H4sIAAAAAAAAA+0ca2/bOLKf9SsIdxdogZNkO46zENC7S1PfbnBtEiS9LA6HQ0BLtK1GErUUlSbX9r/f8CGZkmXLTlKn3XpQwBJFzgw5D86Qk04xC0hCmE1uOUmykCY2zoOQu88eD7oAB/v78heg/iufe3uDXn+/PxyK9t5gMOw+Q/uPyMNSyDOOGULPGKV8Vb+2798pTJfJ/2iGGXfucBw9mIYQ8HAwWCr/fnevJv/hAH5Q9xHm1wo/uPxxGl4SJuTuoZuehdN0/tp1ek7XCkjmszDlsu0Q/UaiGPlCOdCEMsRnBEmFQaUCWQmOiYeWaZZ1UyPw1EvwQ8NS+w+o70zpo9Bos//BsFez/32Anf1vA1x3Sr2p0ADMCcpmyPZRx3Fc+HdDkoAydxryWT52fBq7hbLMH2bYv3aL4bZPE85oFIE6MTINMw6toFEOoFU+wkE/vfAx/EoCl6Pzi+PTk5f6ldziOI2IuwyL2IvQqFBTT2LsWJbrojPgAk+JdkskweOIZKgysTxNqXZZujFMptJ7+ZQx4nM0J4sqZK3UxP5n81ZL7Z8TEAYsXfbwSHDz+G842B/u4r9twBryv5qRKIU92+Hp/WLBFv/f6/f2q/Lvdw8ODnb+fxvw6ZONAjIJE4I6Im7rIPvLF2tp7Ca6w7YgO1nm2AiPSZQ5ED861+ROYZEv+ZiwhIAeOSF1BYUKjiUobnCUa1Y+fUJh4kd5UDLoID1wBSOLY+sMCiweWtJD05eUFmcRJqAziU/kcOecRARnxDkB5ho5K1kLY9hGFGcIiS/hBM1wdsbg+y3qZDPc3x96QPZSkAdSor/D8RSVI1IWJnyCOj9nf/85q/dkJKVZyCm7W4UC5kiaEHr3RgiTNeZdF0hA0ojexSThOvAvlSNzIeMwl+upjeEHhDX8PwRGk3Aa49SWwr+BYIkym4I0P7KQk/Yzgvb4v5b/gxns7fz/VkC7oYp5X0oJnxYCVk6wckxwHSaBh46kYrzDqRUTjgPMsQcuQWX/zW67WYP0oAwC7QafKpuVt1Ee2mvw6wL9Z2gEXeZoIHoX7EiK2VVVXT30WSBZOesqOsO7PbXIHhU2sf/7nga2xX/D+vlfv7fX3eX/W4HHMuxSSb6qMSsqpQkjANu25a85EanBjuA9ckq9zhw9ulB5x49oHkAMgqN0hnsSSzl/fRSgViJXRwFWzVlqfH4UAqPQMwEPAt3U9IDZWrsnW4FT3yepaAfG+Pu7lGRynRj5Iw8ZCVCnBb+ziACFWTm+08Zf03jNslzhonVDroyRm7FjDiz5+CPddFVgxGZ0xYCS3jhnGd+QohyzGU015BvaT9bw//MA/p4bQIv/H3YPenX/D087/78NqLhNnZIpJ/imFPvau8BX8f1ZSnxBmJGbUPD5W5iJjPRtGIdgsF35JY1CHyuHUVigbjyiecIV0Qx4ESGe8sMx5v7s7Xp8DBWCwiQ0AmNRpFtPEsrlPpEVTWWW3xZeF939GfGvszw2ci5pjc1xc0UML2Qmj35y3msundew8GeYz1BnrRSu81JOWZ1CAA8mX4a3WsHqytDgHsy2sLWmEv1SjCgUqdjmcAh+r5SV3abZCuT6eahTzx7Ms5IvX7yFz+rEpFPFc5ZH0RkFNb2rqK4akZYfK8tO4xiDeZYNNnKXntbN+9haCq9cwn23eY564V0jyKpgiPGtwOLnjMG62oyIlzAi2SuD9/ktinzWnS/uEj8zpyHwzQiO+Ezq0ea4jcFtdMJpQhmxaUpUGGfPLXUZdjXktBhxWA6o4/5IxjNKr/Xq2qX3e7XC+S0dnREGFmmLiyqTMd1LhaKO6nQmLrNq2IIwExdfxi1cZfX053lsm4GNfKBhgjp/6Zi4SHJjqpcyi7ejwzej86vR29HR++PTk6uTw3eji7PDo1HZEyF5avoPRmPPaERoEpIoOCeTaqtuFzbvlb7UKRfwvh604Pf43eGvo0tg9vT86vRydP77+fH7BV495MpLPeN4wG08L1jlCIW4ssUFK2Sr5GVQLl2PkGHF7tcRNNBjlFOfQgL0/uisnpIwktGc+aRiBGWj9JWc/ltcpC6O+IwS7TJ73VqIWq4ajfKYvBN7asOUlRobrMaio5Jwu995qMSXHS01MbMgdaMfIzg4TSJwyZzlZLnkhXxCnxz6vkB80r55PEd4MgmTkN95ZYtQn+Aw4eFhwydUJhZvctgvpxfg7oI8gqdj6Z908+iW+LmZYD7X6yI3w4tK1FN8lAsiIqDRbQoakJlRy7yHja7J3dJLkvIaZWEcQsrZAlV0nDR8ltbXQFCQXONKpjqM05RGdHr3T8Frp3pVM6MZl4LQY5QCL2z6NQ30i/MP02WtffxRQEAmOI/4OxrAuEG/qz9tpN7rKffm/LYZywrev4WsdQePBWvk/+ChIHZguSwBHOfBlGx4ENB2/7M/OKjl/3uDwS7/3wpobzTl6IXIyJqy55eoV78CSmVe4t70xhC4FQcGZzR4U+rJa6kn38bJASQX/0rwDQ4jEQBL9Fk+bp3wg08MvgdvuYb9szH2H1QI3mL/e4N+v17/A487+98GiOsT07KlsHHOZ5SF/1MFkNe/yFBqfjsUwZoRdk4jsol9b2K5LI9EkKZ/bHG58yujeSoDNxsZdzrVyxyrkuyIrr5iNoMXCHPGulW4Jhkhh5l6+Chse5EQDuJQBseVilC1IIu04pzLslKdx/nm3dF6DIinPIUFJYp5yEX0Y9rM4AYrMe9ae3XBAni+PoNpndUFrkrKrUzFOIFANChb12bCWBpjweasBeC6m1jrdBaZyAhg42pZykD+aVgpN8F7KmwTTojzE17Dt4rnBaQ+pSwIk9XKL3fr5VTaGN+MRtEug4OaeusTc+gbiG0tUjdvVcaMOYuVfY6CRNzi+cBDBupAYkgq0ZggLErBdX78twdZHxDQ+Guvm1jfw5z1a2gA7/TVfDaQ0Kd8xTKt4NAq79qN3aSFHwjaPoA05Y6gBl9UzmAeJ8Z86h15u7BG/KcPuu4fArbmf92F+G9X/70laKz/0Wb1bWRvXJaiaDdxfFZJy9a7ty1P6G356KHBYE9mdNWjdHmWiBn43o1O5p9agg+D9e0fKyd7DzfQZv/9Qb3+o7+3P9jZ/zZglf0X2+qTuoGnXqA/OSy1f3VF8yj/AUBr/e/BQf3v/4b7u/PfrYCqZ5H5SlG/4qHpzGcii5AVtDYskPgj3+VFJhxPPST3CvGWGkUtx5MTys8gFRJVZJZ5xuqhnjVPkdCnL5Zl1C3oWl+zqsND+9BolH2oQ9nGXkvLNzw0wVFGLGuxGMJD//lv0fy72u5VG2SHTXd0ov5Y3ECqegFPPhe3dSnOM1WHIS/6LXVTqSZ7bq7z/E+r59eW5uM4omM3xiLyccd5GAWuRO2+of41YZMQcqbiotjAqoQ3pXQakat5pZMaa+M4GA70MCm5zp7T7eiG8v9m6Dm9nnP7fc+qtzCrzl9fiZn11QfHcSyrEtp5lrrXL4ozRKBo+eWn5orupnpunEpVF53cDxlNCl2d11Y39pBVz72uum7VJcm9va5V/kGmZ5mz6ex2xx3sYAc72MEOdrA5/B/CcOBuAFAAAA==
+  chart: H4sIAAAAAAAAA+0ca2/bOLKf9SsIdxdogZNkO7azENC7S1PfbnBtEiS9LA6HQ0BLtK1GErUUlSbX9r/f8CGZkmXLTtKk3XoQwDLFGQ45D85w6MwwC0hCmE1uOEmykCY2zoOQu88eDroA+8Oh/ASof8rn3t6g1x/2RyPR3hsMRt1naPiAPKyEPOOYIfSMUcrX9Wt7/53CbJX8D+eYcecWx9G9xxACHg0GK+Xf7+7V5D8awAfqPsD8WuEHlz9OwwvChNw9dN2zcJouvnadntO1ApL5LEy5bDtAv5EoRr5QDjSlDPE5QVJhUKlAVoJj4qFVmmVd1wZ46iX4oWGl/QfUd2b0QcZos//BqFez/yHAzv4fA1x3Rr2Z0ADMCcrmyPZRx3Fc+LsmSUCZOwv5PJ84Po3dQlkWD3PsX7kFuu3ThDMaRaBOjMzCjEMraJQDZJWPcNBPL3wMn3KAi/HZ+dHJ8Uv9ldzgOI2Iu4qK2IvQuFBTT1LsWJbrolPgAs+IdkskwZOIZKgysTxNqXZZujFMZtJ7+ZQx4nO0GBZVhrVSk/qfzVuttH9OQBiwdNn9I8Ht47/RYDjaxX+PARvI/3JOohT2bIend4sFW/x/r98bVuXf7+7v7+/8/2PAp082Csg0TAjqiLitg+wvX6yVsZvoDtuC7GSZuBGekChzIH50rsitoiK/5BPCEgJ65ITUFSNUaKwgcY2jXLPy6RMKEz/Kg5JBB2nENYws49YZFFQ8tKKHHl+OtDyLMAGdSXwi0Z0zEhGcEecYmGvkrGQtjGEbUZwhJN6EUzTH2SmD9zeok81xfzjyYNgLMTwMJfo7HM9QiZGyMOFT1Pk5+/vPWb0nIynNQk7Z7ToSMEfSRNC7M0GYrDHvukACkkb0NiYJ14F/qRyZCxmHuVxPbQw/IGzg/yEwmoazGKe2FP41BEuU2RSk+ZGFnLSfEbTH/7X8H8xgb+f/HwW0G6qY94WU8EkhYOUEK8cEV2ESeOhQKsY7nFox4TjAHHvgElT23+y2mzVII2UQaDf4VNmsvI3y0F6DXxfkP0Mj6DJHA9G7YEeOmF1W1dVDnwWRtbOukjO821OL7EFhG/u/62lgW/w3qp//9Xt73V3+/yjwUIZdKslXNWY1SmnCCMC2bflpTkRqsCN4j5xSrzNHYxcq7/gRzQOIQXCUznFPUinnr48C1Erk6ijAqjlLTc+PQmAUeibgQaCbmh4wW2v3ZCtw6vskFe3AGH9/m5JMrhMjf+QhIwHqtNB3lgmgMCvxO238NeFrluUKF61bcmVgbseOiVjy8Ue67aoAxnbjCoRyvEnOMr7liBJnuzEVyje0n2zg/xcB/B03gBb/Pxp06/l/b9jfxX+PAhW3qVMy5QTflGLfeBf4Kr4/S4kvBmbkOhR8/hZmIiN9G8YhGGxXvkmj0MfKYRQWqBsPaZ5wNWgGvIgQT/nhGHN//nYzPkaKQGESmoCxKNKtJwnlcp/IiqYyy28Lr4vu/pz4V1keGzmXtMbmuLkihhcyk0c/Oe81l85rWPhTzOeos1EK13kpp6xOIYAHky/DW61hdW1ocAdmW9gqlKjgKCH8I2WgvEtbPKc2AzUIY2KDvmeEwcRB3aOIfiTBZvgBSHUdBiMZzZkPMl7GBTQ7m4P/yGxxkLTgweZ+ag8GewvKLYr4SzH7wiiKLRuHMGK5FnablSqQuuChTj0TMs99vnzxll6r059Olc5pHkWnFEzutmKGCiMtX1ZUiMYxBldTNtjIXXnyuOhja4165RLuu81z1ErkGgFjhUKMbwQVP2cM1tVmRHwJI5K9MnhfVITks+58fpv4mTkNQW9OcMTn0ia2p20gt40TzhLKiE1TokJSe+F1VlFXKCcFxkGJUKf9kUxASa/06tqlJ3+1xpGvxNYKLopuJmO6lwqrHdXpVBTmatSCMBNFPKOiWFk9/XoRp2dgIx9omKDOXzomLZJcm+qlzOLt+ODN+Oxy/HZ8+P7o5Pjy+ODd+Pz04HBc9kRIngD/g9HYMxoRmoYkCs7ItNqq24X/8sp9wSkX8K67QcHv0buDX8cXwOzJ2eXJxfjs97Oj90u8esiVBUrjqMNtPPtY59SFuLLlBStkq+RljFy6HiHDit1vImgYj1FOfQrJ3PvD03p6VbpUE6dslJs2p/8WReFljM8o0S6z162F2+Wq0SiPyTsRHzRMWamxwWosOioJt/ud+0p81TFZEzNLUjf6MYKDkyQCl8xZTlZLXsgn9MmB7wvCx+2bx3OEp9MwCfmtV7YI9QkOYJs9aHiFyiTpTQ57/+wc3F2QR/B0JP2Tbh7fED83k+Xnel3kZnheieCKl3JBRDQ3vklBAzIzAlv0sNEVuV1Z8ClLQkt4CClnC6Oio6ThtbS+hgHFkBuUl6ponKY0orPbfwpeO9Wy05xmXApC4ygFXtr0axroF2c5psva+CingIBMcR7xdzQAvEG/q19tpd6bKff2/LYZyxrev4UM/Glhg/wfrBr2W5bLK4CTPJiRLQ8C2uo/w8F+Lf/fGwxGu/z/MUBb8IyjFyIja8qeX6JevQSUyljeve5NINgpDgxOafCm1JPXUk++jZMDCMj/leBrHEYiaJTks3zSOuF7nxh8Dx5mA/tnE+zf6yJ4i/3vDfr9+v0feNzZ/2OAKJ+Yli2FjXM+pyz8n7oAefWLDD8W1aEI1oywMxqRbex7G8tleSQCG/1hi+LOr4zmqQx2bGTUdKqnLVYlQRBdfcVsBl8gNJjoVuGaZFQZZurho7Dt5YFwEIcyoKzcCFULsjxWnHN5rVTnPr5ZO9qMAfGUp7CgRDEP8bt+TJsZ3GIlFl1rX12wAJ5vzmBaZ3WJq1WHYQ1LhhMI3oKydWMmjKUxFmzBWgCuu4m1TmeZiYwANa6WpQx+n4aVchO8o8I20YTYOOE1eut4XiLqU8qCMFmv/HK3Xj1KG+PbjVG0y+Cgpt76xBz6BmJbi1TlrcqYMWexss9RkIgqng88ZKAOJIZEDE0IwuIquM4p/3Yv64MBNP3a122s737O+jU0gHf6aj4bhtAnY8UyreHQKmvtxm7Swg8EbR9AmnJHUMjnlXOLh4kxn3pHflzYIP7Th0N3DwFb87/uUvy3u//9SNB4/0eb1beRvXF5FUW7iaPTSlq2Wd22PNW25aOHBoM9mdFVj5/l+Rtm4Hu3Os1+agneDza3f6yc7B3cQJv99we13//1+3vDwc7+HwPW2X+xrT6pG3jqBfqTw0r7V2WNB/kHAK33f/f367//Gw1357+PAuoOiMxXijsfHprNfSayCHmD1oYFEj/yXX0xg+OZh+ReIb6lxkWQo+kx5aeQColbZJZ5xuqhnrVIkdCnL5Zl1Pr1XV/zJoSHhtBoXJVQh7KNvVZeefDQFEcZsazlCwQe+s9/i+bf1Xav2iA7bKprifvHomqnauyefC4qXCnOM3V3QRbHLVXdU5M9M9d58dPqRanPfJxEdOLGWEQ+7iQPo8CVpN031L8ibBpCzlQUVw2qSngzSmcRuVzcDlK4No6D0UCjScl19pxuRzeU/5uh5/R6zs33Pave0qw6f30lZtZXLxzHsaxKaOdZqhZeXGgQgaLll6+ab3Q33efGqVR10cn9kNGk0NXF3erGHvLWc6+rSpT6SnJvr2uVP8j0LHM2nd3uuIMd7GAHO9jBDraH/wM5NEJSAFAAAA==
   values:
     image:
       tag: v0.1.0
diff --git a/example/shoot.yaml b/example/shoot.yaml
index 880ee2f..c8909e1 100644
--- a/example/shoot.yaml
+++ b/example/shoot.yaml
@@ -42,9 +42,6 @@ spec:
     providerConfig:
       apiVersion: calico.networking.extensions.gardener.cloud/v1alpha1
       kind: NetworkConfig
-      backend: none
-      typha:
-        enabled: false
   provider:
     type: local
     workers:
@@ -58,8 +55,11 @@ spec:
       maxSurge: 1
       maxUnavailable: 0
   kubernetes:
-    version: 1.25.4
+    version: 1.26.0
     kubelet:
+      seccompDefault: true
       serializeImagePulls: false
       registryPullQPS: 10
       registryBurst: 20
+      protectKernelDefaults: true
+      streamingConnectionIdleTimeout: 5m
diff --git a/pkg/controller/actuator.go b/pkg/controller/actuator.go
index c5c4b65..2f2a5c5 100644
--- a/pkg/controller/actuator.go
+++ b/pkg/controller/actuator.go
@@ -658,7 +658,7 @@ func seedObjects(auditConfig *v1alpha1.AuditConfig, secrets map[string]*corev1.S
     Name                  forward
     Match                 audit
     Host                  audit-cluster-forwarding-vpn-gateway
-    Port                  9090
+    Port                  9876
     Require_ack_response  True
     Compress              gzip
     tls                   On
@@ -748,9 +748,53 @@ func seedObjects(auditConfig *v1alpha1.AuditConfig, secrets map[string]*corev1.S
 										Name:  "AUDIT_TLS_VHOST",
 										Value: "audittailer",
 									},
+									{
+										Name:  "AUDIT_PROXY_HOST",
+										Value: "vpn-seed-server",
+									},
+									{
+										Name:  "AUDIT_PROXY_PORT",
+										Value: "9443",
+									},
+									{
+										Name:  "AUDIT_PROXY_CA_FILE",
+										Value: "/proxy/ca/bundle.crt",
+									},
+									{
+										Name:  "AUDIT_PROXY_CLIENT_CRT_FILE",
+										Value: "/proxy/client/tls.crt",
+									},
+									{
+										Name:  "AUDIT_PROXY_CLIENT_KEY_FILE",
+										Value: "/proxy/client/tls.key",
+									},
+								},
+								VolumeMounts: []corev1.VolumeMount{
+									{
+										Name:      "ca-vpn",
+										MountPath: "/proxy/ca",
+										ReadOnly:  true,
+									},
+									{
+										Name:      "http-proxy",
+										MountPath: "/proxy/client",
+										ReadOnly:  true,
+									},
 								},
 							},
 						},
+						Volumes: []corev1.Volume{
+							{
+								Name:      "ca-vpn",
+								MountPath: "/proxy/ca",
+								ReadOnly:  true,
+							},
+							{
+								Name:      "http-proxy",
+								MountPath: "/proxy/client",
+								ReadOnly:  true,
+							},
+						},
 					},
 				},
 			},
@@ -760,7 +804,28 @@ func seedObjects(auditConfig *v1alpha1.AuditConfig, secrets map[string]*corev1.S
 			return nil, err
 		}
 
-		objects = append(objects, auditForwarder)
+		auditforwarderService := &corev1.Service{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "audit-cluster-forwarding-vpn-gateway",
+				Namespace: namespace,
+				Labels: map[string]string{
+					"app": "audit-cluster-forwarding-vpn-gateway",
+				},
+			},
+			Spec: corev1.ServiceSpec{
+				Selector: map[string]string{
+					"app": "audit-cluster-forwarding-vpn-gateway",
+				},
+				Ports: []corev1.ServicePort{
+					{
+						Port:       9876,
+						TargetPort: intstr.FromInt(9876),
+					},
+				},
+			},
+		}
+
+		objects = append(objects, auditForwarder, auditforwarderService)
 
 		auditforwarderNetworkpolicies := []client.Object{
 			&networkingv1.NetworkPolicy{
@@ -913,6 +978,10 @@ func shootObjects(secrets map[string]*corev1.Secret) ([]client.Object, error) {
 		}
 	)
 
+	audittailerServerSecret := secrets["audittailer-server"].DeepCopy()
+	audittailerServerSecret.Namespace = v1alpha1.ShootAudittailerNamespace
+	audittailerServerSecret.ObjectMeta.ResourceVersion = ""
+
 	return []client.Object{
 		&corev1.Namespace{
 			ObjectMeta: metav1.ObjectMeta{
@@ -922,6 +991,7 @@ func shootObjects(secrets map[string]*corev1.Secret) ([]client.Object, error) {
 				},
 			},
 		},
+		audittailerServerSecret,
 		audittailerConfig,
 		&appsv1.Deployment{
 			ObjectMeta: metav1.ObjectMeta{
@@ -1083,7 +1153,7 @@ func shootObjects(secrets map[string]*corev1.Secret) ([]client.Object, error) {
 			Subjects: []rbacv1.Subject{
 				{
 					Kind:      "ServiceAccount",
-					Name:      "audittailer-client",
+					Name:      "audit-cluster-forwarding-vpn-gateway",
 					Namespace: "kube-system",
 				},
 			},