perf: add session cache to improve tls efficiency (#332)

To improve efficiency in tls mode, session cache allows to reuse tls
session. The default session cache is an LRU version, capacity has been
defaulted to 64 (as implemented in official tls package).

Signed-off-by: Nicolas Sterchele <nicolas@sterchelen.net>

Author: sterchelen

vault/client.go

@@ -17,6 +17,7 @@ package vault
 import (
 	"context"
 	"crypto/sha256"
+	"crypto/tls"
 	"fmt"
 	"net/http"
 	"os"
@@ -35,7 +36,8 @@ import (
 )
 
 const (
-	defaultJWTFile = "/var/run/secrets/kubernetes.io/serviceaccount/token"
+	defaultJWTFile       = "/var/run/secrets/kubernetes.io/serviceaccount/token"
+	sessionCacheCapacity = 64
 )
 
 // NewData is a helper function for Vault KV Version two secret data creation
@@ -573,6 +575,7 @@ func NewInsecureRawClient() (*vaultapi.Client, error) {
 
 	config.HttpClient.Transport.(*http.Transport).TLSHandshakeTimeout = 5 * time.Second
 	config.HttpClient.Transport.(*http.Transport).TLSClientConfig.InsecureSkipVerify = true
+	config.HttpClient.Transport.(*http.Transport).TLSClientConfig.ClientSessionCache = tls.NewLRUClientSessionCache(sessionCacheCapacity)
 
 	return vaultapi.NewClient(config)
 }