in cluster/tls_transport.go [72:133]
func NewTLSTransport(
ctx context.Context,
logger log.Logger,
reg prometheus.Registerer,
bindAddr string,
bindPort int,
cfg *TLSTransportConfig,
) (*TLSTransport, error) {
if cfg == nil {
return nil, errors.New("must specify TLSTransportConfig")
}
tlsServerCfg, err := web.ConfigToTLSConfig(cfg.TLSServerConfig)
if err != nil {
return nil, fmt.Errorf("invalid TLS server config: %w", err)
}
tlsClientCfg, err := common.NewTLSConfig(cfg.TLSClientConfig)
if err != nil {
return nil, fmt.Errorf("invalid TLS client config: %w", err)
}
ip := net.ParseIP(bindAddr)
if ip == nil {
return nil, fmt.Errorf("invalid bind address \"%s\"", bindAddr)
}
addr := &net.TCPAddr{IP: ip, Port: bindPort}
listener, err := tls.Listen(network, addr.String(), tlsServerCfg)
if err != nil {
return nil, fmt.Errorf("failed to start TLS listener on %q port %d: %w", bindAddr, bindPort, err)
}
connPool, err := newConnectionPool(tlsClientCfg)
if err != nil {
return nil, fmt.Errorf("failed to initialize tls transport connection pool: %w", err)
}
ctx, cancel := context.WithCancel(ctx)
t := &TLSTransport{
ctx: ctx,
cancel: cancel,
logger: logger,
bindAddr: bindAddr,
bindPort: bindPort,
done: make(chan struct{}),
listener: listener,
packetCh: make(chan *memberlist.Packet),
streamCh: make(chan net.Conn),
connPool: connPool,
tlsServerCfg: tlsServerCfg,
tlsClientCfg: tlsClientCfg,
}
t.registerMetrics(reg)
go func() {
t.listen()
close(t.done)
}()
return t, nil
}