We contacted support and got a hint for a workaround. I want to share the workaround we’re using now, since it might be helpful for someone else as well.
We are now using workload separation. This way we can make sure that the konnectivity-agent pods cannot disrupt our workload separated pods, because they don’t have a toleration for the taint we add.
Basically, you add a nodeSelector and toleration, and GKE Autopilot automatically provisions nodes with that taint.
Hi!
Has it been working reliably for you? We tried this, but the next day we started seeing evicted pods again: “Preempted in order to admit critical pod”, the critical pod being kube-system/gke-system-balloon-pod.
We hadn’t seen this issue since we changed the compute class to Balanced.