in client/internal/bootstrap/grpc.go [24:52]
func getServiceClient(logger *zap.Logger, token string, cfg *Config) (akssecuretlsbootstrapv1.SecureTLSBootstrapServiceClient, func() error, error) {
clusterCAData, err := os.ReadFile(cfg.ClusterCAFilePath)
if err != nil {
return nil, nil, fmt.Errorf("reading cluster CA data from %s: %w", cfg.ClusterCAFilePath, err)
}
logger.Info("read cluster CA data", zap.String("path", cfg.ClusterCAFilePath))
tlsConfig, err := getTLSConfig(clusterCAData, cfg.NextProto, cfg.InsecureSkipTLSVerify)
if err != nil {
return nil, nil, fmt.Errorf("failed to get TLS config: %w", err)
}
conn, err := grpc.NewClient(
fmt.Sprintf("%s:443", cfg.APIServerFQDN),
grpc.WithUserAgent(internalhttp.GetUserAgentValue()),
grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)),
grpc.WithPerRPCCredentials(oauth.TokenSource{
TokenSource: oauth2.StaticTokenSource(&oauth2.Token{
AccessToken: token,
}),
}),
)
if err != nil {
return nil, nil, fmt.Errorf("failed to dial client connection with context: %w", err)
}
logger.Info("dialed TLS bootstrap server and created GRPC connection")
return akssecuretlsbootstrapv1.NewSecureTLSBootstrapServiceClient(conn), conn.Close, nil
}