Improve healthcheck (#33)

* feat(healthcheck): perform a check on vault and kubernetes connectivity

* test(healthcheck): improve healthcheck test with new method

Author: SoulKyu

Diff for: go.mod

@@ -255,6 +255,7 @@ require (
 	github.com/tklauser/go-sysconf v0.3.10 // indirect
 	github.com/tklauser/numcpus v0.4.0 // indirect
 	github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c // indirect
+	github.com/undefinedlabs/go-mpatch v1.0.7 // indirect
 	github.com/vmware/govmomi v0.18.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect

Diff for: go.sum

@@ -1213,6 +1213,8 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK
 github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
+github.com/undefinedlabs/go-mpatch v1.0.7 h1:943FMskd9oqfbZV0qRVKOUsXQhTLXL0bQTVbQSpzmBs=
+github.com/undefinedlabs/go-mpatch v1.0.7/go.mod h1:TyJZDQ/5AgyN7FSLiBJ8RO9u2c6wbtRvK827b6AVqY4=
 github.com/vmware/govmomi v0.18.0 h1:f7QxSmP7meCtoAmiKZogvVbLInT+CZx6Px6K5rYsJZo=
 github.com/vmware/govmomi v0.18.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=

Diff for: pkg/controller/controller.go

@@ -40,7 +40,7 @@ func NewController(cfg *config.Config, Clientset *kubernetes.Clientset, sentrySv
 func (c *Controller) RunInjector(ctx context.Context, errChan chan<- error, runSuccess chan<- bool) {
 	c.log.Info("Starting server in mode injector")
 	is := injector.NewWebhookStartor(c.Cfg, errChan, runSuccess, c.sentry)
-	hcService := healthcheck.NewService()
+	hcService := healthcheck.NewService(c.Cfg)
 	hcService.RegisterHandlers()
 	go hcService.Start(ctx, stopChan)
 	go is.StartWebhook(ctx, stopChan)
@@ -54,7 +54,7 @@ func (c *Controller) RunRenewer(ctx context.Context, metricsSuccess chan<- bool)
 	go le.RunLeaderElection(ctx, stopChan)
 	metricsService := prometheus.NewService(metricsSuccess)
 	go metricsService.RunMetrics()
-	hcService := healthcheck.NewService()
+	hcService := healthcheck.NewService(c.Cfg)
 	hcService.RegisterHandlers()
 	go hcService.Start(ctx, stopChan)
 }
@@ -67,7 +67,7 @@ func (c *Controller) RunRevoker(ctx context.Context, metricsSuccess chan<- bool)
 	go le.RunLeaderElection(ctx, stopChan)
 	metricsService := prometheus.NewService(metricsSuccess)
 	go metricsService.RunMetrics()
-	hcService := healthcheck.NewService()
+	hcService := healthcheck.NewService(c.Cfg)
 	hcService.RegisterHandlers()
 	go hcService.Start(ctx, stopChan)
 }

Diff for: pkg/healthcheck/healthcheck.go

@@ -2,28 +2,45 @@ package healthcheck
 
 import (
 	"context"
+	"encoding/json"
 	"net/http"
 	"sync/atomic"
 	"time"
 
-	"github.com/numberly/vault-db-injector/pkg/leadership"
+	"github.com/numberly/vault-db-injector/pkg/config"
+	"github.com/numberly/vault-db-injector/pkg/k8s"
 	"github.com/numberly/vault-db-injector/pkg/logger"
+	"github.com/numberly/vault-db-injector/pkg/vault"
 )
 
+type HealthStatus struct {
+	Status     string         `json:"status"`
+	Kubernetes *ServiceHealth `json:"kubernetes,omitempty"`
+	Vault      *ServiceHealth `json:"vault,omitempty"`
+	Timestamp  string         `json:"timestamp"`
+}
+
+type ServiceHealth struct {
+	Status  string `json:"status"`
+	Message string `json:"message,omitempty"`
+}
+
 type HealthChecker interface {
 	RegisterHandlers()
-	Start() error
+	Start(context.Context, chan struct{}) error
 }
 
 type Service struct {
-	isReady *atomic.Value
-	server  *http.Server
-	log     logger.Logger
+	isReady   *atomic.Value
+	server    *http.Server
+	log       logger.Logger
+	cfg       *config.Config
+	k8sClient k8s.ClientInterface
 }
 
-func NewService() *Service {
+func NewService(cfg *config.Config) *Service {
 	isReady := &atomic.Value{}
-	isReady.Store(true) // Initialize as ready
+	isReady.Store(true)
 
 	return &Service{
 		isReady: isReady,
@@ -32,62 +49,139 @@ func NewService() *Service {
 			ReadTimeout:  10 * time.Second,
 			WriteTimeout: 10 * time.Second,
 		},
-		log: logger.GetLogger(),
+		log:       logger.GetLogger(),
+		cfg:       cfg,
+		k8sClient: k8s.NewClient(),
 	}
 }
 
-// RegisterHandlers sets up the HTTP endpoints for the health check service.
 func (s *Service) RegisterHandlers() {
-	http.HandleFunc("/healthz", s.healthzHandler)
+	http.HandleFunc("/healthz", s.healthHandler)
 	http.HandleFunc("/readyz", s.readyzHandler())
-	hcle := leadership.NewHealthChecker()
-	hcle.SetupLivenessEndpoint()
 }
 
-// Start begins listening for health check requests.
+func (s *Service) checkKubernetesHealth() *ServiceHealth {
+	_, err := s.k8sClient.GetKubernetesClient()
+	if err != nil {
+		return &ServiceHealth{
+			Status:  "unhealthy",
+			Message: "Failed to connect to Kubernetes: " + err.Error(),
+		}
+	}
+	return &ServiceHealth{
+		Status: "healthy",
+	}
+}
+
+func (s *Service) checkVaultHealth(ctx context.Context) *ServiceHealth {
+	k8sClient := k8s.NewClient()
+	tok, err := k8sClient.GetServiceAccountToken()
+	if err != nil {
+		return &ServiceHealth{
+			Status:  "unhealthy",
+			Message: "Failed to get ServiceAccount token: " + err.Error(),
+		}
+	}
+
+	vaultConn := vault.NewConnector(s.cfg.VaultAddress, s.cfg.VaultAuthPath, s.cfg.KubeRole, "random", "random", tok, s.cfg.VaultRateLimit)
+
+	if err := vaultConn.CheckHealth(ctx); err != nil {
+		return &ServiceHealth{
+			Status:  "unhealthy",
+			Message: err.Error(),
+		}
+	}
+
+	return &ServiceHealth{
+		Status: "healthy",
+	}
+}
+
+func (s *Service) healthHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	health := HealthStatus{
+		Timestamp: time.Now().UTC().Format(time.RFC3339),
+	}
+
+	// Check both services
+	k8sHealth := s.checkKubernetesHealth()
+	vaultHealth := s.checkVaultHealth(ctx)
+
+	health.Kubernetes = k8sHealth
+	health.Vault = vaultHealth
+
+	w.Header().Set("Content-Type", "application/json")
+
+	if k8sHealth.Status == "healthy" && vaultHealth.Status == "healthy" {
+		health.Status = "healthy"
+		w.WriteHeader(http.StatusOK)
+	} else {
+		health.Status = "unhealthy"
+		var statusCode int
+
+		switch {
+		case k8sHealth.Status != "healthy" && vaultHealth.Status != "healthy":
+			statusCode = http.StatusServiceUnavailable
+		case k8sHealth.Status != "healthy":
+			statusCode = http.StatusBadGateway
+		case vaultHealth.Status != "healthy":
+			statusCode = http.StatusFailedDependency
+		}
+
+		w.WriteHeader(statusCode)
+	}
+
+	if err := json.NewEncoder(w).Encode(health); err != nil {
+		s.log.Errorf("Failed to encode health status: %v", err)
+	}
+}
+
+func (s *Service) readyzHandler() http.HandlerFunc {
+	return func(w http.ResponseWriter, _ *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+
+		response := HealthStatus{
+			Timestamp: time.Now().UTC().Format(time.RFC3339),
+		}
+
+		if s.isReady == nil || !s.isReady.Load().(bool) {
+			response.Status = "not ready"
+			w.WriteHeader(http.StatusServiceUnavailable)
+			json.NewEncoder(w).Encode(response)
+			return
+		}
+
+		response.Status = "ready"
+		w.WriteHeader(http.StatusOK)
+		json.NewEncoder(w).Encode(response)
+	}
+}
+
 func (s *Service) Start(ctx context.Context, doneCh chan struct{}) error {
-	// Start the server in a separate goroutine.
 	go func() {
 		s.log.Info("Listening for health checks on :8888")
 		if err := s.server.ListenAndServe(); err != http.ErrServerClosed {
-			// Log the error if it's not ErrServerClosed, as we expect this error on shutdown.
 			s.log.Errorf("Error serving health check: %v", err)
 		}
-		close(doneCh) // Signal that the server has stopped.
+		close(doneCh)
 	}()
 
-	// Wait for context cancellation or server stop signal.
 	select {
 	case <-ctx.Done():
-		// Context was canceled, shut down the server.
 		shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 		defer cancel()
 
 		s.log.Info("Context canceled, shutting down health check server")
 		if err := s.server.Shutdown(shutdownCtx); err != nil {
 			s.log.Errorf("Error shutting down health check server: %v", err)
-			return err // Return error if shutdown fails.
+			return err
 		}
 	case <-doneCh:
 		if err := s.server.Shutdown(ctx); err != nil {
 			s.log.Errorf("Error shutting down health check server: %v", err)
-			return err // Return error if shutdown fails.
+			return err
 		}
 		s.log.Info("Health check server has stopped")
 	}
-	return nil // Return nil as the service stopped cleanly or was shutdown on context cancel.
-}
-
-func (s *Service) healthzHandler(w http.ResponseWriter, _ *http.Request) {
-	w.WriteHeader(http.StatusNoContent)
-}
-
-func (s *Service) readyzHandler() http.HandlerFunc {
-	return func(w http.ResponseWriter, _ *http.Request) {
-		if s.isReady == nil || !s.isReady.Load().(bool) {
-			http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable)
-			return
-		}
-		w.WriteHeader(http.StatusNoContent)
-	}
+	return nil
 }