We contacted support and got a hint for a workaround. I want to share the workaround we’re using now, since it might be helpful for someone else as well.
We are now using workload separation. This way we can make sure that the konnectivity-agent pods cannot disrupt our workload separated pods, because they don’t have a toleration for the taint we add.
Basically, you add a nodeSelector and toleration, and GKE Autopilot automatically provisions nodes with that taint.