Contact UsGet started

Creating an L7 load balancer

Written by
Updated at October 17, 2024

To create an L7 load balancer:

  1. In the management console, select the folder where you want to create a load balancer.

  2. In the list of services, select Application Load Balancer.

  3. Click Create L7 load balancer and select Manual.

  4. Enter the load balancer name.

  5. Under Network settings, select:

    1. Network whose subnets will host the load balancer nodes.

    2. Suitable security groups:

      • Without groups: Allows any incoming and outgoing traffic for the load balancer. This is the least secure option.
      • Auto: When creating a load balancer, a security group will be automatically created that allows any incoming traffic on port 80 and TCP traffic for the load balancer's node status checks on port 30080. Any outgoing traffic will be allowed for the load balancer.
      • From list: For more traffic management flexibility, create your own security groups. You can select up to five security groups and link them to your load balancer.

  6. Under Allocation, select the subnets in different availability zones for the load balancer's nodes and enable traffic in these subnets.

    To avoid creating a load balancer node in a particular availability zone, click in the corresponding row.

  7. (Optional) Under Autoscaling settings, set a limit on the number of resource units.

    The number of units will change automatically depending on the actual load on the load balancer and the limits you specified. The number of units affects the load balancer pricing.

  8. (Optional) Under Log settings:

    1. Enable Write logs.

    2. Select the Yandex Cloud Logging log group to write the load balancer logs to.

    3. Click Add discard rule and set up its parameters:

      • HTTP codes: Add HTTP status codes.
      • HTTP code classes: Add classes of HTTP status codes.
      • gRPC codes: Add gRPC codes.
      • Share of discarded logs: Set the percentage of logs to discard.

      You can set multiple rules.

  9. Under Listeners, click Add listener. Set the listener settings:

    1. Enter the listener name.

    2. (Optional) Enable Public IP address. Set the Port to 80 and the Type to:

      • Automatically.
      • List: Select an address from the drop-down list of the field that appears on the right.

    3. (Optional) Enable Internal IP address. Specify Port and select Subnet from the drop-down list.

    4. Under Receiving and processing traffic, select the listener type: HTTP or Stream.

      For HTTP, select:

      • Protocol: HTTP, HTTPS, or Redirect to HTTPS.
      • HTTP router from the drop-down list.

      For Stream, select a protocol:

      • Plain-text: Select Backend groups from the drop-down list.
      • Encrypted: Under Main listener, select Certificates and Backend groups from the drop-down lists.

  10. Add more listeners if needed.

  11. Click Create.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. View the description of the CLI command to create an L7 load balancer:

    yc alb load-balancer create --help

  2. Run this command:

    yc alb load-balancer create <load_balancer_name> \
  --network-name <network_name> \
  --security-group-id <list_of_security_group_IDs> \
  --location subnet-name=<subnet_name>,zone=<availability_zone>

    Where:

    • load_balancer_name: Name of the new load balancer.
    • --network-name: Name of the network in which the load balancer is created.
    • --security-group-id (optional): List of one to five security group IDs separated by commas. If you omit this parameter, any traffic will be allowed for the load balancer.
    • --location: Subnet and availability zone. You can repeat the option multiple times to specify different availability zones and subnets.

    Result:

    done (1m40s)
id: a5d88ep483cm********
name: test-balancer2
folder_id: aoe197919j8e********
status: ACTIVE
region_id: ru-central1
network_id: c64l1c06d151********
allocation_policy:
  locations:
  - zone_id: ru-central1-a
    subnet_id: buc4gsmpj8hv********
log_group_id: eolul9ap0bv0********
security_group_ids:
  - enpulh2tbrep********
  - enpg05a3ck35********
created_at: "2021-04-26T12:12:13.624832586Z"

  3. (Optional) Set a limit on the number of resource units:

    1. View the description of the CLI command to set up limits:

      yc alb load-balancer autoscale --help

    2. Set limits by running the command below:

      yc alb load-balancer autoscale <load_balancer_name_or_ID> \
  --min-zone-size <minimum_number_of_resource_units_per_zone> \
  --max-size <maximum_total_number_of_resource_units>

      Where:

      • --min-zone-size: Minimum number of resource units in each availability zone. The default minimum is 2. You cannot set a minimum value below 2.
      • --max-size: Maximum total number of resource units. By default, this number is unlimited. Make sure the value is not less than the number of load balancer availability zones multiplied by the minimum number of resource units per zone.

      You can set one or both parameters in the command.

      For example:

      yc alb load-balancer autoscale test-balancer2 \
  --min-zone-size 3 \
  --max-size 10

      Result:

      id: a5d88ep483cm********
name: test-balancer2
folder_id: aoe197919j8e********
status: ACTIVE
region_id: ru-central1
network_id: c64l1c06d151********
allocation_policy:
  locations:
    - zone_id: ru-central1-a
      subnet_id: buc4gsmpj8hv********
created_at: "2022-06-02T12:12:13.624832586Z"
auto_scale_policy:
  min_zone_size: 3
  max_size: 10

  4. (Optional) Set parameters for writing logs to Yandex Cloud Logging:

    1. View a description of the CLI command for enabling load balancer logging:

      yc alb load-balancer logging --help

    2. Link a log group to the load balancer and set up a rule for discarding logs:

      yc alb load-balancer logging <load_balancer_name> \
  --log-group-id <log_group_ID> \
  --enable \
  --discard codes=[<HTTP_code>,<HTTP_code_class>,<gRPC_code>],percent=<percentage_of_logs_to_discard>

      Where:

      • --log-group-id: ID of the log group.
      • --discard: Rule for discarding logs. Rule parameters:
        • codes: HTTP status codes, classes of HTTP status codes, or gRPC codes.
        • percent: Percentage of logs to discard.

      You can set multiple rules.

      Result:

      done (42s)
id: ds76g83js9gf********
name: test-load-balancer
...
log_options:
  log_group_id: e23p9bfjvsgr********
  discard_rules:
    - http_codes:
        - "200"
      http_code_intervals:
        - HTTP_3XX
      grpc_codes:
        - OK
      discard_percent: "90"

  5. Add a listener for an L7 load balancer:

    • HTTP listener:

      1. View a description of the CLI command for adding an HTTP listener for an L7 load balancer:

        yc alb load-balancer add-listener --help

      2. Add a listener by running the command:

        yc alb load-balancer add-listener <load_balancer_name> \
  --listener-name <listener_name> \
  --http-router-id <HTTP_router_ID> \
  --external-ipv4-endpoint port=<listener_port>

    • Stream listener:

      1. View a description of the CLI command for adding a Stream listener for an L7 load balancer:

        yc alb load-balancer add-stream-listener --help

      2. Add a listener by running the command:

        yc alb load-balancer add-stream-listener <load_balancer_name> \
  --listener-name=<listener_name> \
  --backend-group-id=<backend_group_ID> \
  --external-ipv4-endpoint port=<listener_port>

    The result of adding two listeners is:

    done (42s)
id: ds76g8b2op3f********
name: test-load-balancer
folder_id: b1gu6g9ielh6********
status: ACTIVE
network_id: enp0uulja5s3********
listeners:
- name: tslistener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 51.250.64.197
    ports:
    - "80"
  http:
    handler:
      http_router_id: ds7d7b14b3fs********
- name: teststreamlistener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 51.250.64.197
    ports:
    - "443"
  stream:
    handler:
      backend_group_id: ds77tero4f5h********
allocation_policy:
  locations:
  - zone_id: ru-central1-a
    subnet_id: e9bs1hp7lgdl********
log_group_id: ckgs4u5km3u8********
security_group_ids:
- enp49ot04g63********
created_at: "2022-04-04T02:12:40.160629110Z"
log_options:
  log_group_id: e23p9bfjvsgr********
  discard_rules:
    - http_codes:
        - "200"
      http_code_intervals:
        - HTTP_3XX
      grpc_codes:
        - OK
      discard_percent: "90"

Terraform allows you to quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. Configuration files store the infrastructure description in the HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Business Source License.

For more information about the provider resources, see the documentation on the Terraform website or the mirror.

If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

  1. In the configuration file, describe the parameters of the resources you want to create:

    resource "yandex_alb_load_balancer" "test-balancer" {
  name        = "<name_of_L7_load_balancer>"
  network_id  = "<network_ID>"
  security_group_ids = ["<list_of_security_group_IDs>"]

  allocation_policy {
    location {
      zone_id   = "<availability_zone>"
      subnet_id = "<subnet_ID>"
    }
  }

  listener {
    name = "<listener_name>"
    endpoint {
      address {
        external_ipv4_address {
        }
      }
      ports = [ 9000 ]
    }
    http {
      handler {
        http_router_id = "<HTTP_router_ID>"
      }
    }
  }

  log_options {
    log_group_id = "<log_group_ID>"
    discard_rule {
      http_codes          = ["<HTTP_code>"]
      http_code_intervals = ["<HTTP_code_class>"]
      grpc_codes          = ["<gRPC_code>"]
      discard_percent     = <percentage_of_logs_to_discard>
    }
  }
}

    Where:

    • name: Name of the L7 load balancer. The name format is as follows:

      • The name must be from 3 to 63 characters long.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • The first character must be a letter and the last character cannot be a hyphen.

    • network_id: ID of the network in which the load balancer is created.

    • security_group_ids (optional): List of one to five security group IDs separated by commas.
      If you omit this parameter, any traffic will be allowed for the load balancer.

    • allocation_policy: Description of the L7 load balancer's node location. Specify the availability zone and subnet IDs.

    • listener: Description of the L7 load balancer's listener parameters:

      • name: Listener name. The name format is as follows:

        • The name must be from 3 to 63 characters long.
        • It may contain lowercase Latin letters, numbers, and hyphens.
        • The first character must be a letter and the last character cannot be a hyphen.

      • endpoint: Description of the listener's addresses and ports. Set the external IPv4 address and port for receiving traffic. If the external_ipv4_address parameter is not set, a public IP address is assigned automatically.

      • http: Description of the listener's HTTP endpoint. Specify the HTTP router ID.

      • log_options: (Optional) Parameters for writing logs to Yandex Cloud Logging:

        • log_group_id: ID of the log group.

        • discard_rule: Rule for discarding logs:

          • http_codes: HTTP status codes.
          • http_code_intervals: Classes of HTTP status codes.
          • grpc_codes: gRPC codes.
          • discard_percent: Percentage of logs to discard.

          You can set multiple rules.

    For more information about the yandex_alb_load_balancer resource in Terraform, see the provider documentation.

  2. Make sure the configuration files are correct.

    1. In the command line, go to the directory where you created the configuration file.

    2. Run a check using this command:

      terraform plan

    If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.

  3. Deploy cloud resources.

    1. If the configuration does not contain any errors, run this command:

      terraform apply

    2. Confirm creating the resources: type yes in the terminal and press Enter.

      All the resources you need will then be created in the specified folder. You can check the new resources and their configuration using the management console or this CLI command:

      yc alb load-balancer list

Use the create REST API method for the LoadBalancer resource or the LoadBalancer/Create gRPC API call.

Previous
Deleting an HTTP router
Next
Editing an L7 load balancer