# Capturing kubectl set command in terraform

What you are asking for doesn’t exist. Here is the open Terraform Github issue for what you are asking for:

github.com/hashicorp/terraform-provider-kubernetes/issues/723

Even if that did exist, I wouldn’t consider that IaC as it’s not declarative (might as well just run a bash script).

In my opinion, the real solution is for AWS to allow the provisioning of bare clusters so that “addons” can be managed completely through IaC tools. But that also does not exist:

The closest you’re going to get will be to use a null_resource to execute the patch. Here’s an example in that Github issue:

github.com/hashicorp/terraform-provider-kubernetes/issues/723#issuecomment-679423792

So your final result will look similar to this:

resource "null_resource" "patch_aws_cni" {
triggers = {
always_run = timestamp()
}
provisioner "local-exec" {
command = <<EOF
# do all those commands to get kubectl and auth info, then run:
kubectl set env daemonset -n kube-system aws-node WARM_IP_TARGET=2,MINIMUM_IP_TARGET=12
EOF
}
}