I am working with EKS and Cilium and need to add a taint to the Nodegroup. The problem is I can't add the Cilium taint until after I have Cilium loaded into the cluster (cat and mouse). What is the recommended way to add the taint after the nodegroup has been created (and cilium has been loaded)?

Current code for NodeGroup

// Create an EKS managed node group.
eks.createManagedNodeGroup(`${eksClusterName}-node-group`, {
  cluster: cluster,
  enableIMDSv2: true,
  instanceTypes: [instanceType],
  labels: {
    ondemand: "true",
  },
  nodeGroupName: `${eksClusterName}-nodegroup`,
  nodeRoleArn: cluster.instanceRoles[0].arn,
  scalingConfig: {
    desiredSize: desiredSize,
    maxSize: maxSize,
    minSize: minSize,
  },
  tags: tags,
  taints: 
    serviceMesh == "cilium"
      ? [
          {
            key: "node.cilium.io/agent-not-ready",
            value: "true",
            effect: "NO_EXECUTE",
          },
        ]
      : [],
});

I instantiate argocd in this repo and have access to do a depends on argocd (but I can't have the nodegroup do this because argocd needs the nodegroup)

just so i understand - you want to prevent pods from being scheduled until cilium has started and had an opportunity to initialize the node’s CNI? i would look into installing cilium with a toleration for the agent-not-ready taint, so its pods can still be scheduled despite the taint. i think that should allow it to initialize the node for you.

yes, i am going to see if i can put an annotation on the argocd namespace to bypass this. thanks for the idea