From 240dfd072cb3430825255aea7d99223f3b6d1103 Mon Sep 17 00:00:00 2001
From: Carlos Amedee <carlos@golang.org>
Date: Tue, 7 Jan 2025 12:51:05 -0500
Subject: [PATCH] cmd/gomoteserver: add configuration for GTS certificates

This change configures the gomoteserver to generate certificates using
GCP GTS. This only applies to gomotessh.golang.org. The
gomote.golang.org domain certificate is managed by the Kubernetes
cluster.

Change-Id: If8b1b358aa085657d87e1988cabaa67a211af983
Reviewed-on: https://go-review.googlesource.com/c/build/+/641077
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
---
 cmd/gomoteserver/deployment-prod.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cmd/gomoteserver/deployment-prod.yaml b/cmd/gomoteserver/deployment-prod.yaml
index 2a9e1018b3..993df5711b 100644
--- a/cmd/gomoteserver/deployment-prod.yaml
+++ b/cmd/gomoteserver/deployment-prod.yaml
@@ -29,6 +29,9 @@ spec:
           - "-listen-https-selfsigned=:444"
           - "-private-host-key=secret:symbolic-datum-552/gomoteserver-private-host-key"
           - "-public-host-key=secret:symbolic-datum-552/gomoteserver-public-host-key"
+          - "-autocert-directory=https://dv.acme-v02.api.pki.goog/directory"
+          - "-autocert-email=go-builders@google.com"
+          - "-autocert-eab=secret:symbolic-datum-552/gomoteserver-certificates-eab"
         ports:
         - containerPort: 80
         - containerPort: 443