Accessing Kuberentes API using x509 certificate

I have created private key and certificate signed by the CA of the Kubernetes API server. I have configured the user, cluster and context in the ~/.kube/config file. Using this context where the user has client certificate and key, what is the process to make API call to the Kubernetes API server using the client-go libraries.

In this documentation one can find the following excerpt:

k8s.io/client-go and tools using it such as kubectl and kubelet are able to execute an external command to receive user credentials. (...)

To authenticate against the API:

• The user issues a kubectl command.
• Credential plugin prompts the user for LDAP credentials, exchanges credentials with external service for a token.
• Credential plugin returns token to client-go, which uses it as a bearer token against the API server.
• API server uses the webhook token authenticator to submit a TokenReview to the external service.
• External service verifies the signature on the token and returns the user's username and groups.

See also:

• Documentation (client go)
• Github documentation
• Github documentation (auth)