[WIP][DRAFT] Helm charts for deploying RPC2 infra

[chris-gorham]

Description

Work in progress....

Creating Helm charts to deploy RPC2.0 infra.

Test plan

Testing deployments to our Development cluster using the cg-test-ns namespace and a sandbox db

Release notes

Check each box that your changes affect. If none of the boxes relate to your changes, release notes aren't required.

For each box you select, include information after the relevant heading that describes the impact of your changes that a user might notice and any actions they must take to implement updates.

• [ ] Protocol:
• [ ] Nodes (Validators and Full nodes):
• [ ] Indexer:
• [ ] JSON-RPC:
• [ ] GraphQL:
• [ ] CLI:
• [ ] Rust SDK:

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
sui-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 25, 2024 6:34pm

3 Ignored Deployments

Name	Status	Preview	Comments	Updated (UTC)
multisig-toolkit	⬜️ Ignored (Inspect)	Visit Preview		Jun 25, 2024 6:34pm
sui-kiosk	⬜️ Ignored (Inspect)	Visit Preview		Jun 25, 2024 6:34pm
sui-typescript-docs	⬜️ Ignored (Inspect)	Visit Preview		Jun 25, 2024 6:34pm

[semgrep-code-mystenlabs[bot]]

Semgrep found 1 ssc-5a557c33-4191-4714-a574-8efb44cf209b finding:

• pnpm-lock.yaml
  • L16885

Risk: Affected version of get-func-name is vulnerable to Uncontrolled Resource Consumption / Inefficient Regular Expression Complexity. The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks.

Fix: Upgrade this library to at least version 2.0.1 at sui/pnpm-lock.yaml:16885.

Reference(s): https://github.com/advisories/GHSA-4q6p-r6v2-jvc5, CVE-2023-43646

_{Ignore this finding from ssc-5a557c33-4191-4714-a574-8efb44cf209b.}

Semgrep found 3 ssc-efa14576-9601-4ae6-939c-3da58aa25013 findings:

• examples/trading/frontend/pnpm-lock.yaml
  • L4700
• pnpm-lock.yaml
  • L25738
  • L25775

Risk: Affected versions of vite are vulnerable to Improper Handling Of Case Sensitivity / Exposure Of Sensitive Information To An Unauthorized Actor / Improper Access Control. The vulnerability arises when the Vite development server's option, server.fs.deny, can be circumvented on case-insensitive file systems through the utilization of case-augmented versions of filenames, as the matcher derived from config.server.fs.deny fails to prevent access to sensitive files when raw filesystem paths are requested with augmented casing.

Manual Review Advice: A vulnerability from this advisory is reachable if you host vite's development server on Windows, and you rely on server.fs.deny to deny access to certain files

Fix: Upgrade this library to at least version 4.5.2 at sui/examples/trading/frontend/pnpm-lock.yaml:4700.

Reference(s): https://github.com/advisories/GHSA-c24v-8rfc-w8vw, CVE-2023-34092, CVE-2024-23331

_{Ignore this finding from ssc-efa14576-9601-4ae6-939c-3da58aa25013.}

Semgrep found 2 ssc-aff5e8de-c638-4356-8a93-120597e35ce9 findings:

• pnpm-lock.yaml
  • L3920
  • L3938

Risk: Affected versions of @babel/traverse are vulnerable to Incomplete List Of Disallowed Inputs. An attacker can exploit a vulnerability in the internal Babel methods path.evaluate() or path.evaluateTruthy() by compiling specially crafted code, potentially resulting in arbitrary code execution during compilation.

Manual Review Advice: A vulnerability from this advisory is reachable if you use a 3rd party plugin that relies on the path.evaluate()or path.evaluateTruthy() internal Babel methods, or one of the known affected plugins (@babel/plugin-transform-runtime, Any 'polyfill provider' plugin that depends on @babel/helper-define-polyfill-provider, or @babel/preset-env when using its useBuiltIns option)

Fix: Upgrade this library to at least version 7.23.2 at sui/pnpm-lock.yaml:3938.

Reference(s): https://github.com/advisories/GHSA-67hx-6x53-jw92, CVE-2023-45133

_{Ignore this finding from ssc-aff5e8de-c638-4356-8a93-120597e35ce9.}