feat: add new non TLS grpc server for healthcheck

goto · Dec 18, 2023 · 9184d0e · 9184d0e
1 parent 1e33ede
commit 9184d0e
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 19 deletions.
diff --git a/config/server.go b/config/server.go
@@ -32,6 +32,7 @@ type serverWs struct {
 
 type serverGRPC struct {
 	Port         string
+	TLSPort      string
 	TLSEnabled   bool
 	TLSCertPath  string
 	TLSPublicKey string
@@ -75,11 +76,13 @@ func serverWsConfigLoader() {
 
 func serverGRPCConfigLoader() {
 	viper.SetDefault("SERVER_GRPC_PORT", "8081")
+	viper.SetDefault("SERVER_GRPC_TLS_PORT", "8443")
 	viper.SetDefault("SERVER_GRPC_TLS_ENABLED", false)
 	viper.SetDefault("SERVER_GRPC_TLS_CERT_PATH", "cert/server.crt")
 	viper.SetDefault("SERVER_GRPC_TLS_PUBLIC_KEY", "cert/server.key")
 	ServerGRPC = serverGRPC{
 		Port:         util.MustGetString("SERVER_GRPC_PORT"),
+		TLSPort:      util.MustGetString("SERVER_GRPC_TLS_PORT"),
 		TLSEnabled:   util.MustGetBool("SERVER_GRPC_TLS_ENABLED"),
 		TLSCertPath:  util.MustGetString("SERVER_GRPC_TLS_CERT_PATH"),
 		TLSPublicKey: util.MustGetString("SERVER_GRPC_TLS_PUBLIC_KEY"),

diff --git a/services/grpc/service.go b/services/grpc/service.go
@@ -2,9 +2,7 @@ package grpc
 
 import (
 	"context"
-	"crypto/tls"
 	"fmt"
-	"google.golang.org/grpc/credentials"
 	"net"
 
 	pbgrpc "buf.build/gen/go/gotocompany/proton/grpc/go/gotocompany/raccoon/v1beta1/raccoonv1beta1grpc"
@@ -45,22 +43,5 @@ func (s *Service) Shutdown(context.Context) error {
 }
 
 func newGRPCServer() *grpc.Server {
-	if config.ServerGRPC.TLSEnabled {
-		return grpc.NewServer(grpc.Creds(loadTLSCredentials()))
-	}
 	return grpc.NewServer()
 }
-
-func loadTLSCredentials() credentials.TransportCredentials {
-	serverCert, err := tls.LoadX509KeyPair(config.ServerGRPC.TLSCertPath, config.ServerGRPC.TLSPublicKey)
-	if err != nil {
-		panic("failed to load TLS credentials to start grpc server with TLS")
-	}
-
-	config := &tls.Config{
-		Certificates: []tls.Certificate{serverCert},
-		ClientAuth:   tls.NoClientCert,
-	}
-
-	return credentials.NewTLS(config)
-}
diff --git a/services/grpc/serviceWithTLS.go b/services/grpc/serviceWithTLS.go
@@ -0,0 +1,62 @@
+package grpc
+
+import (
+	pbgrpc "buf.build/gen/go/gotocompany/proton/grpc/go/gotocompany/raccoon/v1beta1/raccoonv1beta1grpc"
+	"context"
+	"crypto/tls"
+	"fmt"
+	"github.com/goto/raccoon/collection"
+	"github.com/goto/raccoon/config"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+	"net"
+)
+
+type ServiceWithTLS struct {
+	Collector collection.Collector
+	s         *grpc.Server
+}
+
+func NewGRPCServiceWithTLS(c collection.Collector) *Service {
+	server := newGRPCServerWithTLS()
+	pbgrpc.RegisterEventServiceServer(server, &Handler{C: c})
+	return &Service{
+		s:         server,
+		Collector: c,
+	}
+}
+
+func (s *ServiceWithTLS) Init(context.Context) error {
+	lis, err := net.Listen("tcp", fmt.Sprintf(":%s", config.ServerGRPC.TLSPort))
+	if err != nil {
+		return err
+	}
+	return s.s.Serve(lis)
+}
+
+func (*ServiceWithTLS) Name() string {
+	return "GRPC WITH TLS"
+}
+
+func (s *ServiceWithTLS) Shutdown(context.Context) error {
+	s.s.GracefulStop()
+	return nil
+}
+
+func newGRPCServerWithTLS() *grpc.Server {
+	return grpc.NewServer(grpc.Creds(loadTLSCredentials()))
+}
+
+func loadTLSCredentials() credentials.TransportCredentials {
+	serverCert, err := tls.LoadX509KeyPair(config.ServerGRPC.TLSCertPath, config.ServerGRPC.TLSPublicKey)
+	if err != nil {
+		panic("failed to load TLS credentials to start grpc server with TLS")
+	}
+
+	config := &tls.Config{
+		Certificates: []tls.Certificate{serverCert},
+		ClientAuth:   tls.NoClientCert,
+	}
+
+	return credentials.NewTLS(config)
+}
diff --git a/services/services.go b/services/services.go
@@ -2,6 +2,7 @@ package services
 
 import (
 	"context"
+	"github.com/goto/raccoon/config"
 	"net/http"
 
 	"github.com/goto/raccoon/collection"
@@ -45,6 +46,17 @@ func (s *Services) Shutdown(ctx context.Context) {
 
 func Create(b chan collection.CollectRequest) Services {
 	c := collection.NewChannelCollector(b)
+	if config.ServerGRPC.TLSEnabled {
+		return Services{
+			b: []bootstrapper{
+				//running non TLS service to do health check on the probe
+				grpc.NewGRPCService(c),
+				grpc.NewGRPCServiceWithTLS(c),
+				pprof.NewPprofService(),
+				rest.NewRestService(c),
+			},
+		}
+	}
 	return Services{
 		b: []bootstrapper{
 			grpc.NewGRPCService(c),