How to categorize this issue?

/area control-plane
/kind bug

What happened:
In DWD we patch Scale subresource of Deployments with an annotation. See here. This requires a cluster role for the prober to allow patching Deployment/Scale subresource across shoot namespaces. The cluster role that is currently configured lacks this role.
A Canary Issue-4364 reported a problem where DWD was unable to scale down MCM, CA and KCM and thus could not prevent nodes from being stopped resulting in a down time for the customer.

What you expected to happen:
On AWS where kube-proxy path optimisation is not in play, DWD should have been able to prevent KCM marking nodes as Unknown and MCM subsequently replacing these nodes.