/grpc-ziti-starter

Use this template to start your next gRPC project with secure, zero-trust networking using https://github.com/openziti/ziti

Primary LanguageGoApache License 2.0Apache-2.0

OpenZiti gRPC Project Template

Use this project to quickly start your next gRPC project that uses open-source, secure, zero-trust OpenZiti Network.

This project shows how to use your own net.Conn and net.Listener implementations to override networking layer in golang gRPC communications.

Start

Create your project's repo using this one as a template.

Try it

  • Get yourself an OpenZiti network:
  • Create a Ziti service to use for gRPC.
  • Create, and enroll you server and client identities
  • Run it! See below:
    • 'grpc-service' - name of the service
    • 'client.json' - name of client identity file
    • 'server.json' - name of server identity file

Run server:

$ go run ./server -identity server.json -service grpc-service
2022/09/14 14:27:17 server listening at grpc-service
...

Note: the server is powered by OpenZiti network and does not have any inbound ports open

Run client:

$ go run ./client -identity client.json -service grpc-service -what-is foo
2022/09/14 14:29:32 Answer: I don't know what foo is :(

$ go run ./client -identity client.json -service grpc-service -what-is ziti
2022/09/14 14:29:56 Answer: ziti is a type of pasta

Next Steps

  • design and implement your gRPC API
    • modify protocol/starter.proto to fit your needs
    • generate Golang code for the protocol: $ protoc --go_out=plugins=grpc:. ./protocol/starter.proto
    • make changes in server/ package to implement your API
    • make changes in client/ package to use your new API
  • deploy your server on your production OpenZiti network
  • profit!!

How it's done

In this project we use google.golang.com/grpc.

Server

We start gRPC server with Ziti listener.

This is all is needed to zitify gRPC server (error handling is stripped for brevity):

// bootstrap Ziti
ztx := ziti.NewContextWithConfig(cfg)
_ = ztx.Authenticate()
lis, _ := ztx.Listen(*service)

// standard gRCP init
s := grpc.NewServer()
protocol.RegisterAnswerServiceServer(s, &server{})

// serve using Ziti server connection
_ = s.Serve(lis)

Client

We create gRPC client with Ziti connection, like this

// bootstrap Ziti
ztx := ziti.NewContextWithConfig(cfg)
_ = ztx.Authenticate()

// Provide Ziti Dialer to connect to ziti service
conn, err := grpc.Dial(*service,
     grpc.WithTransportCredentials(insecure.NewCredentials()),
     grpc.WithContextDialer(func(ctx context.Context, s string) (net.Conn, error) {
              return ztx.Dial(s)
     }),
)

// create client
c := protocol.NewAnswerServiceClient(conn)

Have questions?