Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

HttpBackendGroup resource fields

Written by
Improved by
Updated at November 11, 2025

HttpBackendGroup enables you to group backends, i.e., Kubernetes services processing traffic. The Application Load Balancer Ingress controller uses these resources to create backend groups.

Tip

We recommend using the new Yandex Cloud Gwin controller instead of an Application Load Balancer Ingress controller.

You need to add a reference to HttpBackendGroup to the Ingress resource.

Using HttpBackendGroup enables extended Application Load Balancer functionality. A backend group can route traffic to either Kubernetes services or Yandex Object Storage buckets. HttpBackendGroup allows you to distribute traffic across backends proportionally using relative weights.

HttpBackendGroup is a custom resource from the alb.yc.io API group provided by an Ingress controller.

HttpBackendGroup

apiVersion: alb.yc.io/v1alpha1
kind: HttpBackendGroup
metadata:
  name: <string>
spec:
  backends:
    - name: <string>
      weight: <int64>
      useHttp2: <bool>
      service:
         name: <int64>
         port:
           name: <string>
           number: <int32>
      storageBucket:
        name: <string>
      tls:
        sni: <string>
        trustedCa: <string>
      healthChecks:
        - http:
            path: <string>
          port: <int32>
          healthyThreshold: <int32>
          unhealthyThreshold: <int32>
          timeout: <string>
          interval: <string>
      loadBalancingConfig:
        balancerMode: <string>
        panicThreshold: <int64>
        localityAwareRouting: <int64>
    - ...

Where:

  • apiVersion: alb.yc.io/v1alpha1

  • kind: HttpBackendGroup

  • metadata (ObjectMeta; this is a required field)

    Resource metadata.

    • name (string; this is a required field)

      Resource name. For more information about the format, see this Kubernetes guide.

      You must specify this name in the spec.rules.http.paths.backend.resource.name field of the Ingress resource (see this configuration).

      Do not mistake this name for the Application Load Balancer backend group name.

  • spec (HttpBackendGroupSpec)

    Resource specification.

    • backends ([]HttpBackend)

      List of backends in the group.

      • name (string; this is a required field)

        Backend name.

      • weight (int64)

        Backend weight. Backends in a group receive traffic in proportion to their weights.

        You should either specify weights for all backends in a group, or not specify them at all. If weights are not specified, traffic will be equally distributed across backends.

        A backend with zero or negative weight will not be receiving traffic.

      • useHttp2 (bool)

        Enables HTTP/2 connections between load balancer nodes and backend endpoints.

        The default value is false, which means only HTTP/1.1 connections are allowed.

      • service (ServiceBackend)

        Reference to the Kubernetes service to process requests as a backend.

        The referred Service resource must be described per the standard configuration.

        You must specify a service or an Object Storage bucket, i.e.,storageBucket, for the backend. You cannot specify both at the same time.

        • name (string, required):

          Kubernetes service name.

        • port (ServiceBackendPort, required):

          Service port to which Ingress will direct traffic.

          The field is designed for ingress controller operation and has no equivalents in Application Load Balancer.

          • name (string):

            Service port name.

            This name must match one of the Service resource spec.ports.name values. For more information, see the resource specification.

            You must specify either the service port name or its number, but not both.

          • number (int32):

            Service port number.

            This number must match one of the Service resource spec.ports.port values. For more information, see the resource specification.

            You must specify either the service port name or its number, but not both.

      • storageBucket (StorageBucketBackend)

        Yandex Object Storage bucket backend for processing requests. To learn more about using a bucket as a backend, see Backend types.

        Warning

        To use a bucket as a backend, grant public access for reading its objects.

        You must specify a bucket or Kubernetes service for the backend. You cannot specify both at the same time.

        • name (string; this is a required field)

          Bucket name.

      • tls (BackendTLS)

        TLS connection settings for the load balancer nodes and backend endpoints.

        If this field is specified, the load balancer will establish TLS connections to the backend, comparing received certificates with the one specified in the trustedCa field. Otherwise, the load balancer will use unencrypted connections to the backend.

        • sni (string)

          SNI domain name for TLS connections.

        • trustedCa (string)

          Contents of the X.509 certificate issued by a certificate authority in PEM format.

      • healthChecks ([]HealthChecks)

        Custom health checks settings for Managed Service for Kubernetes cluster applications.

        By default, the Application Load Balancer Ingress controller receives L7 load balancer health check requests on TCP port 10501. Then it checks kube-proxy pods on each cluster node. Given that kube-proxy is healthy, the process is as follows: if an application does not respond in a particular pod, Kubernetes redirects traffic to a different pod or node.

        You can use healthChecks settings to customize application health checks.

        • http (HttpBackend)

          Specifies HTTP as the health check protocol.

          • path (string)

            Application endpoint URI path for health check requests, e.g. /health.

        • port (int32)

          Cluster node port for checking application availability. This port should match the spec.ports.nodePort value of the NodePort Service resource.

          The application will be available for health checks at http://<node_IP_address>:<port>/<path>.

        • healthyThreshold (int32)

          Number of consecutive successful checks required to consider the application endpoint healthy.

        • unhealthyThreshold (int32)

          Number of consecutive failed checks required to consider the application endpoint unhealthy.

        • timeout (string)

          Response timeout in seconds. You can specify values between 1s and 60s.

        • interval (string)

          Health check request interval in seconds.

          You can specify values between 1s and 60s. interval must exceed timeout by at least one second.

        Note

        You can also configure application health checks using the ingress.alb.yc.io/health-checks annotation of the Service resource.

      • loadBalancingConfig (LoadBalancingConfig)

        Load balancing settings.

        • balancerMode (string)

          Traffic distribution mode. It is an algorithm according to which the load balancer distributes traffic across backend endpoints. Possible values: ROUND_ROBIN, RANDOM, LEAST_REQUEST, and MAGLEV_HASH. Learn more about each mode here.

        • panicThreshold (int64)

          Percentage of healthy endpoints. If the percentage of healthy endpoints falls below the specified value, it will trigger the panic mode.

          The default value is 0, which means the panic mode will never be activated.

        • localityAwareRouting (int64)

          Share of incoming traffic the load balancer will forward to its availability zone backends. The remaining traffic will be evenly distributed across other availability zones. More on locality-aware routing.

          The default value is 0.

Previous
Ingress
Next
GrpcBackendGroup