cilium-operator-resource-quota scopeselector is too broad

[stonith]

Bug report

General Information

Cilium CLI version: cilium-cli: 0.11.9 compiled with go1.18.3 on darwin/arm64
Orchestration system version in use: Client Version: version.Info{Major:"1", Minor:"21+", GitVersion:"v1.21.8-rc.0.32+3772b5d6bf8c21-dirty", GitCommit:"3772b5d6bf8c21c509a8a12432bfc820a1535e63", GitTreeState:"dirty", BuildDate:"2021-12-11T01:29:41Z", GoVersion:"go1.17.3", Compiler:"gc", Platform:"darwin/arm64"} Server Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.9-gke.2000", GitCommit:"4b8c7c146733b9eca0f0813a2d9b5ff557e9506b", GitTreeState:"clean", BuildDate:"2022-05-20T09:30:59Z", GoVersion:"go1.16.15b7", Compiler:"gc", Platform:"linux/amd64"}
Platform / infrastructure information: GKE

How to reproduce the issue

1. cilium install in a large cluster
2. run kubectl get resourcequotas cilium-operator-resource-quota

RESULT:

NAME                             AGE   REQUEST        LIMIT
cilium-operator-resource-quota   1m   pods: 15/15

The scopeselector is too broad, it catches other GKE pods like the konnectivity-agent:

  scopeSelector:
    matchExpressions:
    - operator: In
      scopeName: PriorityClass
      values:
      - system-cluster-critical

[tklauser]

It looks like the scopeSelector is defined in the helm charts in the cilium/cilium repo: https://github.com/cilium/cilium/blob/master/install/kubernetes/cilium/templates/cilium-resource-quota.yaml

I'm thus transferring this issue to that repository.

[github-actions]

This issue has been automatically marked as stale because it has not
had recent activity. It will be closed if no further activity occurs.

[github-actions]

This issue has not seen any activity since it was marked stale.
Closing.