Deploy the web-dvwa helm chart on Linode Kubernetes Engine
TypeScriptDeploying a Helm chart on a Kubernetes cluster can seem complex at first, but with Pulumi, it's straightforward. We're going to use Pulumi with the Kubernetes provider to deploy the
web-dvwa
Helm chart on Linode Kubernetes Engine (LKE).The
web-dvwa
stands for "Damn Vulnerable Web Application", which is a PHP/MySQL web application that is intentionally insecure. This application is commonly used as a learning tool for testing your web application security skills.A Helm chart is a collection of pre-configured Kubernetes resources that you can deploy as a single unit. Helm also allows you to easily package and distribute Kubernetes applications.
Here we are going to focus on the Pulumi side of things. You will need to have
Pulumi
,kubectl
,Helm
, and Linode CLI tools installed and configured appropriately before running the Pulumi program.Please keep in mind that handling infrastructure as code is a responsibility that involves managing sensitive items, such as secret keys or tokens, with care. Make sure that these are never hard-coded and are securely handled, perhaps via Pulumi's secret management features.
Below is a detailed Pulumi TypeScript program for deploying the
web-dvwa
Helm chart on an LKE cluster.import * as pulumi from "@pulumi/pulumi"; import * as kubernetes from "@pulumi/kubernetes"; // Assuming we have already set up and configured the kubeconfig for Linode Kubernetes Engine // Refer to Linode Kubernetes Engine docs on how to setup and download the kubeconfig file. // After that, ensure that Pulumi can access the kubeconfig by setting the KUBECONFIG environment variable // or by specifying the kubeconfig file path within the provider configuration. // Create a Kubernetes provider instance that uses the Linode Kubeconfig const linodeProvider = new kubernetes.Provider("ln-provider", { kubeconfig: "/path/to/your/kubeconfig/file", // Replace with the actual path to your kubeconfig file }); // Deploy the web-dvwa Helm chart using Pulumi's Kubernetes provider const dvwaChart = new kubernetes.helm.v3.Chart("web-dvwa", { repo: "some-repo", // Replace this with the Helm repository that hosts the web-dvwa chart chart: "dvwa", // This is the chart name for web-dvwa version: "some-version", // Replace this with the version number of the Helm Chart // Values to pass to the Helm chart, these should be tweaked as per application needs. // For a complete list of values, check the 'web-dvwa' Helm chart's `values.yaml`. values: { service: { type: "LoadBalancer", // Exposing DVWA with a LoadBalancer Service }, }, }, { provider: linodeProvider }); // Export the DVWA service endpoint to access the application export const dvwaServiceEndpoint = dvwaChart.getResourceProperty("v1/Service", "web-dvwa-service", "status");
Make sure that you replace placeholders like the Helm repository, chart version, and kubeconfig file path with the actual values that are applicable to your scenario. In this program:
-
We instantiate a
Provider
object to interact with our LKE cluster. For security reasons, it's recommended to store sensitive information like a kubeconfig file outside version control and provide its path at runtime. -
The
helm.v3.Chart
resource is deployed and provided with the nameweb-dvwa
. We specify the repository and version of the chart per the chart's repository details. Thevalues
used in the chart are configurations specified by the chart creators, which allow you to customize the deployment. In this case, we're specifying that we want to expose the DVWA using aLoadBalancer
type Service, which is a common way to expose applications on cloud providers. -
Finally, we export the service endpoint, which can be used to access the DVWA when it's up and running.
Note:
- Before deploying, ensure that
web-dvwa
is available in the Helm chart repository you have outlined. Otherwise, you may need to add the repository withhelm repo add
. - The application deployed by this chart is intentionally insecure. Do not expose this application on a production cluster or to the internet without proper security considerations.
- Make sure to review and understand the costs associated with deploying resources on Linode or any cloud provider, as costs can accumulate over time.
To run this program:
- Save the above code into a file called
index.ts
. - Run
npm install
to install the necessary Pulumi and cloud provider packages. - Run
pulumi up
to start the deployment. Pulumi will show you a preview of the deployment, and ask for confirmation before proceeding.
After deployment, you can check the status of the application by checking the outputs of your Pulumi deployment. If you're familiar with
kubectl
, you can also use it to check the services in your cluster.-