Creating an HTTP router for gRPC traffic
To create an HTTP router and add a route to it:
-
In the left-hand menu, select HTTP routers.
-
Click Create HTTP router.
-
Specify your HTTP router name.
-
Under Virtual hosts, click Add virtual host.
-
Specify Name.
-
In the Authority field, specify your load balancer IP address or enter
*
. -
Optionally, in the Security profile field, select the Yandex Smart Web Security security profile. A security profile allows you to enable WAF and filter incoming requests, limiting their number for protection against malicious attacks. For more information, see Security profiles.
-
Click Add route and select Type:
gRPC
.-
Specify Name.
-
In the FQMN field, select one of the options:
Starts with
: Route all requests starting with a specific FQMN. In the input field, specify/<first_word_in_service_name>
, e.g.,/helloworld
.Matches
: Route all requests matching the specified FQMN.Regular expression
: Route all requests matching the RE2 regular expression .
Warning
The FQMN must start with a slash "
/
" and contain a part of the service name where your procedure call is redirected. -
In the Action field, select one of the options:
Routing
orResponse
. Depending on the selected option:Routing
:- In the Backend group list, select a backend group from your HTTP router folder.
- Optionally, in the Host header rewrite field, select one of these options:
none
: No rewriting.rewrite
: Rewrite to the specified value.auto
: Rewrite to the target VM address.
- Optionally, in the Maximum timeout, sec. field, specify the maximum connection time. You can specify a shorter timeout in the
grpc-timeout
request HTTP header. - Optionally, in the Idle timeout, seconds field, specify the connection inactivity timeout.
Response
:- In the gRPC status code field, select the gRPC response code.
-
-
Click Create.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
settings.
-
See the description of the CLI command for creating an HTTP router:
yc alb http-router create --help
-
Run this command:
yc alb http-router create <HTTP_router_name>
Result:
id: a5dcsselagj4******** name: <HTTP_router_name> folder_id: aoerb349v3h4******** created_at: "2022-06-16T21:04:59.438292069Z"
-
See the description of the CLI command for creating a virtual host:
yc alb virtual-host create --help
-
To create a virtual host, run this command with your HTTP router name and virtual host settings specified:
yc alb virtual-host create <virtual_host_name> \ --http-router-name <HTTP_router_name> \ --authority * \ --rate-limit rps=100,all-requests \ --security-profile-id <security_profile_ID>
Where:
--http-router-name
: HTTP router name.--authority
::authority
header domains associated with this virtual host. You can use wildcards, e.g.,*.foo.com
or*-bar.foo.com
.--rate-limit
: Request rate limit. This is an optional setting.rps
orrpm
: Number of allowed incoming requests per second or minute.all-requests
: Limits all incoming requests.requests-per-ip
: Limits the total number of requests per IP address. That is, for each IP address, only the specified number of requests is allowed per unit of time.
--security-profile-id
: Yandex Smart Web Security security profile ID. This is an optional argument. A security profile allows you to enable WAF and filter incoming requests, limiting their number for protection against malicious attacks. For more information, see Security profiles.
Result:
done (1s) name: <virtual_host_name> authority: - * rate_limit: all_requests: per_second: "100"
-
See the description of the CLI command for adding a host:
yc alb virtual-host append-grpc-route --help
-
To add a route, run this command with the HTTP router ID / name and routing settings specified:
yc alb virtual-host append-grpc-route <route_name> \ --virtual-host-name <virtual_host_name> \ --http-router-name <HTTP_router_name> \ --prefix-fqmn-match / \ --backend-group-name <backend_group_name> \ --request-max-timeout 60s \ --rate-limit rps=50,requests-per-ip
Where:
-
--virtual-host-name
: Virtual host name. -
--http-router-name
: HTTP router name. -
--prefix-fqmn-match
: Route all requests with a specific prefix. AddFQMN
/
after this option.You can also use these options for specifying routing conditions:
--exact-fqmn-match
: Route all requests matching the specified FQMN. Add/<FQMN>/
after this option.--regex-fqmn-match
: Route all requests matching the RE2 regular expression . Add/<regular_expression>
after this option.
-
--backend-group-name
: Backend group name. -
--rate-limit
: Request rate limit. -
--request-max-timeout
: Maximum request timeout in seconds. You can specify a shorter timeout in thegrpc-timeout
request HTTP header.
For more information about the
yc alb virtual-host append-grpc-route
command options, see the CLI reference.Result:
done (1s) name: <virtual_host_name> authority: - * routes: - name: <route_name> grpc: match: fqmn: prefix_match: /helloworld route: backend_group_id: ds7snban2dvn******** max_timeout: 60s
-
With Terraform
Terraform is distributed under the Business Source License
For more information about the provider resources, see the documentation on the Terraform
If you do not have Terraform yet, install it and configure its Yandex Cloud provider.
-
In the configuration file, specify your HTTP router and virtual host settings:
resource "yandex_alb_http_router" "tf-router" { name = "<HTTP_router_name>" labels = { tf-label = "tf-label-value" empty-label = "" } } resource "yandex_alb_virtual_host" "my-virtual-host" { name = "<virtual_host_name>" http_router_id = yandex_alb_http_router.tf-router.id route { name = "<route_name>" grpc_route { grpc_route_action { backend_group_id = "<backend_group_ID>" max_timeout = "60s" } } } route_options { security_profile_id = "<security_profile_ID>" } }
Where:
yandex_alb_http_router
: HTTP router description.-
name
: HTTP router name. Follow these naming requirements:- It must be from 2 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- It must start with a letter and cannot end with a hyphen.
-
labels
: HTTP router labels. List the labels in key-value format.
-
yandex_alb_virtual_host
: Virtual host description:-
name
: Virtual host name. Follow these naming requirements:- It must be from 2 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- It must start with a letter and cannot end with a hyphen.
-
http_router_id
: HTTP router ID. -
route
: Route description:name
: Route name.grpc_route
: Route description for gRPC traffic:grpc_route_action
: Action applied to gRPC traffic.backend_group_id
: Backend group ID.max_timeout
: Maximum request timeout in seconds. You can specify a shorter timeout in thegrpc-timeout
request HTTP header.
-
route_options
: Optional virtual host settings:security_profile_id
: Yandex Smart Web Security security profile ID. A security profile allows you to enable WAF and filter incoming requests, limiting their number for protection against malicious attacks. For more information, see Security profiles.
-
Learn more about the properties of Terraform resources in the relevant Terraform guides:
- yandex_alb_http_router
resource - yandex_alb_virtual_host
resource
-
Create the resources
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
Terraform will create all the required resources. You can check your new resources and their settings in the management console
or using this CLI command:yc alb http-router get <HTTP_router_name>
-
Use the create REST API method for the HttpRouter resource or the HttpRouterService/Create gRPC API call.