Set up sitemaps (#2297)

Set up sitemaps generation on a cronjob to a bucket.

The bucket is served via the load balancer on paths prefixed by
`/sitemap_`

This PR contains:
- New bucket for prod and test
- New bucket backend for serving assets
- Load balancer config to redirect requests to the bucket backend when
appropriate
- Cron config for prod and test

Author: another-rex

deployment/clouddeploy/gke-workers/base/generate-sitemap.yaml

@@ -0,0 +1,24 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: generate-sitemap
+spec:
+  schedule: "30 8 * * *"
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: generate-sitemap-cron
+            image: cron
+            imagePullPolicy: Always
+            command: ["/usr/local/bin/generate_sitemap/generate_sitemap.py", "--base_url", "$BASE_URL"]
+            resources:
+              requests:
+                cpu: 1
+                memory: "4G"
+              limits:
+                cpu: 1
+                memory: "6G"
+          restartPolicy: OnFailure

deployment/clouddeploy/gke-workers/base/kustomization.yaml

@@ -15,3 +15,4 @@ resources:
 - alias-computation.yaml
 - nvd-mirror.yaml
 - backup.yaml
+- generate-sitemap.yaml

deployment/clouddeploy/gke-workers/environments/oss-vdb-test/generate-sitemap.yaml

@@ -0,0 +1,16 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: generate-sitemap
+spec:
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: generate-sitemap-cron
+            env:
+            - name: BASE_URL
+              value: "https://test.osv.dev"
+            - name: GOOGLE_CLOUD_PROJECT
+              value: oss-vdb-test

deployment/clouddeploy/gke-workers/environments/oss-vdb-test/kustomization.yaml

@@ -17,3 +17,4 @@ patches:
 - path: nvd-mirror.yaml
 - path: alias-computation.yaml
 - path: backup.yaml
+- path: generate-sitemap.yaml

deployment/clouddeploy/gke-workers/environments/oss-vdb/generate-sitemap.yaml

@@ -0,0 +1,16 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: generate-sitemap
+spec:
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: generate-sitemap-cron
+            env:
+            - name: BASE_URL
+              value: "https://osv.dev"
+            - name: GOOGLE_CLOUD_PROJECT
+              value: oss-vdb

deployment/clouddeploy/gke-workers/environments/oss-vdb/kustomization.yaml

@@ -18,3 +18,4 @@ patches:
 - path: nvd-mirror.yaml
 - path: alias-computation.yaml
 - path: backup.yaml
+- path: generate-sitemap.yaml

deployment/terraform/environments/oss-vdb-test/main.tf

@@ -8,6 +8,7 @@ module "osv_test" {
   logs_bucket                                    = "osv-test-logs"
   cve_osv_conversion_bucket                      = "osv-test-cve-osv-conversion"
   debian_osv_conversion_bucket                   = "osv-test-debian-osv"
+  osv_dev_sitemap_bucket                         = "test-osv-dev-sitemap"
   backups_bucket                                 = "osv-test-backup"
   backups_bucket_retention_days                  = 5
   affected_commits_backups_bucket                = "osv-test-affected-commits"

deployment/terraform/environments/oss-vdb/main.tf

@@ -8,6 +8,7 @@ module "osv" {
   cve_osv_conversion_bucket                      = "cve-osv-conversion"
   debian_osv_conversion_bucket                   = "debian-osv"
   logs_bucket                                    = "osv-logs"
+  osv_dev_sitemap_bucket                         = "osv-dev-sitemap"
   backups_bucket                                 = "osv-backup"
   backups_bucket_retention_days                  = 60
   affected_commits_backups_bucket                = "osv-affected-commits"

deployment/terraform/modules/osv/main.tf

@@ -174,6 +174,17 @@ resource "google_storage_bucket" "affected_commits_backups_bucket" {
   }
 }
 
+resource "google_storage_bucket" "osv_dev_sitemap_bucket" {
+  project                     = var.project_id
+  name                        = var.osv_dev_sitemap_bucket
+  location                    = "US"
+  storage_class               = "STANDARD"
+  uniform_bucket_level_access = true
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
 # Service account permissions
 resource "google_service_account" "deployment_service" {
   project      = var.project_id

deployment/terraform/modules/osv/variables.tf

@@ -48,6 +48,11 @@ variable "debian_osv_conversion_bucket" {
   description = "Name of bucket to store converted debian advisories in."
 }
 
+variable "osv_dev_sitemap_bucket" {
+  type        = string
+  description = "Name of bucket to store the osv.dev sitemap."
+}
+
 variable "api_url" {
   type        = string
   description = "URL to serve the OSV API on. Domain ownership and DNS settings has to be set up manually."
@@ -61,4 +66,4 @@ variable "esp_version" {
 variable "website_domain" {
   type        = string
   description = "Domain to serve the OSV website on. Domain ownership and DNS settings must be manually configured."
-}
+}