Creating a backend group
To create a backend group:
-
In the management console
, select the folder you want to create a backend group in. -
In the list of services, select Application Load Balancer.
-
In the left-hand panel, select
Backend groups. -
Click Create backend group.
-
Enter a name for the backend group.
-
Select the backend group type:
HTTP
: For HTTP or HTTPS traffic.gRPC
: For HTTP or HTTPS traffic with gRPC procedure calls.Stream
: For unencrypted TCP traffic or TCP traffic with TLS encryption support.
-
(Optional) Enable session affinity.
HTTP
andgRPC
backend groups support the following session affinity modes:By IP address
.By HTTP header
.By cookie
.
Stream
backend groups support session affinity by client IP address.Note
Currently, session affinity only works if a single backend is active (has a positive weight) in a group of backends, includes one or more target groups, and the
MAGLEV_HASH
load balancing mode is selected for it. -
Under Backends, click Add. Specify the backend settings:
-
Backend Name.
-
Weight: Backend relative weight when distributing traffic. If the option is disabled in the field, the backend endpoints will not receive any traffic (weight will be equal to 0).
-
Backend Type (for an
HTTP
backend group):Target group
(Application Load Balancer target groups) orBucket
(Object Storage bucket). For agRPC
or Stream backend group, the type of any backend isTarget group
. For more information about backend types, see Backend types. -
The settings described below are only applicable to backends of the Target group type:
-
Under Load balancing settings:
- Balancing mode: Mode for distributing traffic across backend endpoints.
- Panic mode threshold: Percentage of healthy endpoints for enabling panic mode: the load balancer will distribute requests across all endpoints, regardless of health check results.
- Locality aware routing: Percentage of incoming traffic that a load balancer node routes to the backends from its availability zone. The remaining traffic is evenly distributed between other availability zones. For more information, see Locality aware routing.
- Strict locality: If this option is enabled, the load balancer will respond with an error (
503 Service Unavailable
) if no application backends are running in the availability zone that accepted the request.
-
Under Protocol settings:
-
For a
HTTP
backend group:-
HTTP/2: Option to use HTTP/2 when routing requests to the backend of an
HTTP
backend group. By default, the protocol version is 1.1. Backend groups of thegRPC
type only support HTTP/2 connections. -
Protocol: Backend connection protocol:
HTTP
(without encryption) orHTTPS
(with TLS encryption). ForHTTPS
, specify:
-
-
For a
gRPC
backend group:- Protocol: Backend connection protocol:
Plain-text
orEncrypted
. For the encrypted protocol, set SNI and Trusted root certificate (see above).
- Protocol: Backend connection protocol:
-
For a
Stream
backend group:-
PROXY protocol: If this option is enabled, the load balancer will send metadata about its connection to the client, including its IP, to the backend over the PROXY protocol from HAProxy
. -
Protocol: Backend connection protocol:
Plain-text
orEncrypted
. For the encrypted protocol, set SNI and Trusted root certificate (see above).
-
-
-
-
The settings described below are only applicable to backends of the Bucket type in backend groups of the HTTP type:
- Bucket ID format: Select
List
orID
. - Bucket: Select a bucket from the list or specify its ID.
- Bucket ID format: Select
-
Under HTTP health check, gRPC health check, or Stream health check:
-
Timeout, s: Response timeout.
-
Interval: Interval for sending check requests.
-
Healthy threshold: Number of consecutive successful checks at which the endpoint is considered healthy. It is ignored when the load balancer has just started: one health check is enough.
-
Unhealthy threshold: Number of consecutive failed checks after which the endpoint is considered unhealthy. It is ignored if the backend has responded with the
503 Service Unavailable
HTTP status code once: it is immediately considered unhealthy. -
Port.
-
Type: Protocol to use for health checks:
HTTP
,gRPC
, orStream
. The check type may be the same as the backend group type. Also specify:-
For the
HTTP
type:- Path: Path in the URI of a request to the endpoint.
- Authority: Value of the
Host
header for HTTP/1.1 or the:authority
pseudo-header for HTTP/2 to be sent to the backend endpoints during health checks. - HTTP/2: Option to use HTTP v.2.
-
For the
gRPC
type:- Service name: Name of the gRPC service to be checked. If no service is specified, the backend general health is checked.
-
For the
Stream
type:- Send: Data to be sent to the endpoint for a health check.
- Receive: Data to be received from the endpoint for it to pass the health check.
-
Alert
If all backends in an availability zone with health checks enabled fail the checks, traffic will stop routing to the zone, even if there are working backends without health checks in the zone.
We recommend configuring health checks for all backends.
To add a health check, click Add health check at the bottom of the backend section and specify the check settings.
To remove a health check, click
next to the HTTP health check, gRPC health check, or Stream health check title, and select Delete. -
-
-
Click Create.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
Note
You can create a gRPC
backend group in the management console
-
View the description of the CLI command to create a backend group:
yc alb backend-group create --help
-
Create a backend group by running the command:
yc alb backend-group create <backend_group_name>
Result:
id: a5dg2cv4ngne******** name: test-backend-group folder_id: aoerb349v3h4******** created_at: "2021-02-11T20:46:21.688940670Z"
-
Add a backend and health check to the group.
Alert
If all backends in an availability zone with health checks enabled fail the checks, traffic will stop routing to the zone, even if there are working backends without health checks in the zone.
We recommend configuring health checks for all backends.
All backends within the group must be of the same type:
HTTP
,gRPC
, orStream
.HTTP backend
Run this command:
yc alb backend-group add-http-backend \ --backend-group-name <backend_group_name> \ --name <name_of_backend_being_added> \ --weight <backend_weight> \ --port <backend_port> \ --target-group-id=<target_group_ID> \ --panic-threshold 90 \ --http-healthcheck port=80,healthy-threshold=10,unhealthy-threshold=15,\ timeout=10s,interval=2s,host=<host_address>,path=<path>
Where:
--panic-threshold
: Panic mode threshold--http-healthcheck
: Resource health check parameters:port
: Porthealthy-threshold
: Healthy thresholdunhealthy-threshold
: Unhealthy thresholdtimeout
: Timeoutinterval
: Intervalhost
: Host addresspath
: Path
Result:
id: a5dqkr2mk3rr******** name: <backend_group_name> folder_id: aoe197919j8e******** http: backends: - name: <backend_name> backend_weight: "1" load_balancing_config: panic_threshold: "90" port: "80" target_groups: target_group_ids: - a5d2iap3nue9******** healthchecks: - timeout: 10s interval: 2s healthy_threshold: "10" unhealthy_threshold: "15" healthcheck_port: "80" http: host: <host_address> path: <path> created_at: "2021-02-11T20:46:21.688940670Z"
gRPC backend
Run this command:
yc alb backend-group add-grpc-backend \ --backend-group-name <backend_group_name> \ --name <name_of_backend_being_added> \ --weight <backend_weight> \ --port <backend_port> \ --target-group-id=<target_group_ID> \ --panic-threshold 90 \ --grpc-healthcheck port=80,healthy-threshold=10,unhealthy-threshold=15,\ timeout=10s,interval=2s,service-name=<gRPC_service_name>
Where:
--panic-threshold
: Panic mode threshold.--grpc-healthcheck
: Resource health check parameters:port
: Port.healthy-threshold
: Healthy threshold.unhealthy-threshold
: Unhealthy threshold.timeout
: Timeout.interval
: Interval.service-name
: Name of the gRPC service to check. If no service is specified, the backend general health is checked.
Result:
id: a5dqkr2mk3rr******** name: <backend_group_name> folder_id: aoe197919j8e******** grpc: backends: - name: <backend_name> backend_weight: "12" load_balancing_config: panic_threshold: "90" port: "80" target_groups: target_group_ids: - a5d2iap3nue9******** healthchecks: - timeout: 10s interval: 2s healthy_threshold: "10" unhealthy_threshold: "15" healthcheck_port: "80" grpc: service_name: <gRPC_service_name> created_at: "2023-06-17T13:04:08.567141292Z"
Stream backend
Run this command:
yc alb backend-group add-stream-backend \ --backend-group-name <backend_group_name> \ --name <name_of_backend_to_add> \ --weight <backend_weight> \ --port <backend_port> \ --target-group-id=<target_group_ID> \ --panic-threshold 90 \ --enable-proxy-protocol \ --stream-healthcheck port=80,healthy-threshold=10,unhealthy-threshold=15,\ timeout=10s,interval=2s,send-text=<data_to_endpoint>,receive-text=<data_from_endpoint>
Where:
--panic-threshold
: Panic mode threshold.--enable-proxy-protocol
: If this option is enabled, the load balancer will send metadata about its connection to the client, including its IP, to the backend over the PROXY protocol from HAProxy . If this option is not specified, only the load balancer's IP address will be provided to the backend.--stream-healthcheck
: Resource health check parameters:port
: Port.healthy-threshold
: Healthy threshold.unhealthy-threshold
: Unhealthy threshold.timeout
: Timeout.interval
: Interval.send-text
: Data to send to the endpoint for a health check.receive-text
: Data to receive from the endpoint for it to pass the health check.
Result:
id: ds77tero4f5******** name: <backend_group_name> folder_id: b1gu6g9ielh6******** stream: backends: - name: <backend_name> backend_weight: "1" port: "80" target_groups: target_group_ids: - ds7eof3r2cte******** healthchecks: - timeout: 10s interval: 2s healthy_threshold: "10" unhealthy_threshold: "15" healthcheck_port: "80" stream: send: text: <data_to_endpoint> receive: text: <data_from_endpoint> enable_proxy_protocol: true created_at: "2022-04-06T09:17:57.104324513Z"
With Terraform
Terraform is distributed under the Business Source License
For more information about the provider resources, see the documentation on the Terraform
If you don't have Terraform, install it and configure the Yandex Cloud provider.
-
In the Terraform configuration file, describe the parameters of the resource to create:
resource "yandex_alb_backend_group" "test-backend-group" { name = "<backend_group_name>" session_affinity { connection { source_ip = <IP_address_session_affinity_mode> } } stream_backend { name = "<backend_name>" weight = 1 port = 80 target_group_ids = ["<target_group_ID>"] load_balancing_config { panic_threshold = 90 } enable_proxy_protocol = true healthcheck { timeout = "10s" interval = "2s" healthy_threshold = 10 unhealthy_threshold = 15 stream_healthcheck { send = "<data_to_endpoint>" receive = "<data_from_endpoint>" } } } }
Where:
yandex_alb_backend_group
: Backend group parameters:-
name
: Backend group name. -
session_affinity
: Session affinity settings. This is an optional parameter.Note
Currently, session affinity only works if a single backend is active (has a positive weight) in a group of backends, includes one or more target groups, and the
MAGLEV_HASH
load balancing mode is selected for it.connection
: Mode of session affinity by IP address (source_ip
). It can either betrue
orfalse
. Thecookie
andheader
modes are also available. Only one of the modes should be specified. If the backend group is of theStream
type (consists of thestream_backend
resources), you can only use theconnection
mode for session affinity.
-
http_backend
,grpc_backend
, andstream_backend
: Backend type. All backends within the group must be of the same type:HTTP
,gRPC
, orStream
.
-
Backend parameters:
-
name
: Backend name. -
port
: Backend port. -
weight
: Backend weight. -
target_group_ids
: Target group ID. To get a list of available target groups, run the following CLI command:yc alb target-group list
. -
load_balancing_config
: Balancing parameters:panic_threshold
: Panic mode threshold.
-
enable_proxy_protocol
: With this option enabled, the load balancer will send metadata about its connection to the client, including its IP, to the backend over the PROXY protocol from HAProxy . If the option is not specified, only the load balancer's IP address will be provided to the backend. This parameter is only available forStream
type backends. -
healthcheck
: Health check parameters:timeout
: Timeout.interval
: Interval.healthy_threshold
: Healthy threshold.unhealthy_threshold
: Unhealthy threshold.http_healthcheck
:HTTP
health check parameters:path
: Path.host
: Host address.
grpc_healthcheck
:gRPC
health check parameters:service_name
: Name of the gRPC service to be checked. If no service is specified, the backend general health is checked.
stream_healthcheck
:Stream
health check parameters:send
: Data to send to the endpoint for a health check.receive
: Data to receive from the endpoint for it to pass the health check.
Alert
If all backends in an availability zone with health checks enabled fail the checks, traffic will stop routing to the zone, even if there are working backends without health checks in the zone.
We recommend configuring health checks for all backends.
For more information about the
yandex_alb_backend_group
resource properties, see the Terraform provider documentation . -
Create resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
Terraform will create all the required resources. You can check the new resources using the management console
or this CLI command:yc alb backend-group list
-
Use the create REST API method for the BackendGroup resource or the BackendGroupService/Create gRPC API call.