Deploy the vulnerable-log4j helm chart on Kubernetes

Question

Pulumi · Accepted Answer

To deploy the `vulnerable-log4j` helm chart on Kubernetes using Pulumi, you first need to have a Kubernetes cluster running and have `kubectl` configured to talk to the cluster. This example assumes you already have a Kubernetes cluster configured and that Pulumi is set up with access to your cluster.

We will be using the `@pulumi/kubernetes` package which provides a `Chart` resource that allows us to deploy Helm charts into a Kubernetes cluster. The `Chart` resource is a higher-level abstraction that represents a Helm chart installation. By specifying the chart's name, version, and configuration options, Pulumi can manage the lifecycle of the Helm chart deployment just like any other Kubernetes resource.

Here's a TypeScript program that uses Pulumi to deploy the `vulnerable-log4j` helm chart:

```typescript
import * as k8s from "@pulumi/kubernetes";

// Instantiate a Kubernetes Chart for the vulnerable-log4j.
// This assumes the Helm chart is available in a chart repository,
// which you must add to your Helm repository list using `helm repo add`.
const log4jChart = new k8s.helm.v3.Chart("vulnerable-log4j", {
    chart: "vulnerable-log4j",
    // You can specify the `version` to pin to a specific chart version.
    // version: "1.2.3",
    // If the chart requires custom values, specify them as an object.
    // values: {
    //     key: "value",
    // },
    // If the chart is in a custom repository, not in the default Helm repo, you can specify `repo`.
    // repo: "https://my-custom-helm-chart-repository.com",
    // Specify the namespace if you want to deploy it to a particular namespace.
    // namespace: "my-namespace",
});

// To access resources within the chart once it's deployed, use the `getResource` function.
// For example, to get a reference to a deployment within the chart, you could use:
// const deployment = log4jChart.getResource("apps/v1/Deployment", "vulnerable-log4j-deployment");
```

Before you run the Pulumi program, you need to perform a few prerequisites:

1. Install Pulumi: Follow the instructions on the Pulumi website to install the Pulumi CLI.
2. Set up your Kubernetes cluster configuration so that the `kubectl` command can interact with your cluster. Pulumi uses this configuration to deploy resources to your cluster.
3. Install Node.js and npm if they are not already installed because Pulumi programs for Kubernetes are written in TypeScript/JavaScript.
4. Create a new directory for your project, navigate to it, and run `pulumi new kubernetes-typescript` to create a new Pulumi project.

After fulfilling the prerequisites and setting up your project, you can include the Pulumi program above in your `index.ts` file.

To run the program and apply it to your Kubernetes cluster, run the `pulumi up` command in your terminal. This command compiles the TypeScript into JavaScript, displays a preview of the resources Pulumi will create or modify, and prompts you to confirm the deployment. After confirmation, Pulumi will apply the changes to your cluster and deploy the `vulnerable-log4j` helm chart.

Please replace placeholders as necessary, especially if the Helm chart you're deploying is hosted on a custom Helm repository, and ensure you have added the required repository to your Helm setup.

As a note, deploying a known vulnerable application like `vulnerable-log4j` should only be done in a secure and controlled environment, such as for testing or educational purposes. Ensure that this application is never exposed to the internet or used in production environments.