Contact UsGet started
© 2024 Iron Hive LLC Belgrade

Editing an L7 load balancer

Written by
Updated at October 17, 2024

To update the parameters of an L7 load balancer:

  1. In the management console, select the folder where the load balancer was created.

  2. Select Application Load Balancer.

  3. Click the name of the load balancer you need.

  4. Click and select Edit.

  5. Edit the required load balancer settings:

    1. Under Network settings, update the security groups:

      • Without groups: Allows any incoming and outgoing traffic for the load balancer. This is the least secure option.
      • Auto: When creating a load balancer, a security group will be automatically created that allows any incoming traffic on port 80 and TCP traffic for the load balancer's node status checks on port 30080. Any outgoing traffic will be allowed for the load balancer.
      • From list: For more traffic management flexibility, create your own security groups. You can select up to five security groups and link them to your load balancer.

    2. Under Autoscaling settings, set a limit on the number of resource units.

    3. Under Log settings:

      1. Change the Cloud Logging log group to write the load balancer logs to.

      2. Edit the rules for discarding logs:

        • HTTP codes: Update the HTTP status codes.
        • HTTP code classes: Update the classes of HTTP status codes.
        • gRPC codes: Update the gRPC codes.
        • Share of discarded logs: Update the percentage of logs to discard.

        To add another rule, click Add discard rule.

    4. Under Listeners, change the parameters of the appropriate listeners.

  6. At the bottom of the page, click Save.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. View the description of the CLI command for updating the load balancer parameters:

    yc alb load-balancer update --help

  2. Run the command, indicating the new load balancer parameters. For example, link security groups to the load balancer:

    yc alb load-balancer update <load_balancer_name> \
  --security-group-id <list_of_security_group_IDs>

    Where --security-group-id is a new list of one to five comma-separated security group IDs. If you omit this parameter, any traffic will be allowed for the load balancer.

    Result:

    id: a5d88ep483cm********
name: test-balancer2-updated
folder_id: aoe197919j8e********
status: ACTIVE
region_id: ru-central1
network_id: c64l1c06d151********
listeners:
- name: test-listener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 130.193.32.206
    ports:
    - "80"
  http:
    handler:
      http_router_id: a5dv7tjdo9gt********
allocation_policy:
  locations:
  - zone_id: ru-central1-a
    subnet_id: buc4gsmpj8hv********
log_group_id: eolul9ap0bv0********
security_group_ids:
  - enpulh2tbrep********
  - enpg05a3ck35********
created_at: "2021-04-26T12:12:13.624832586Z"

  3. (Optional) Update the parameters for writing logs to Yandex Cloud Logging:

    1. View the description of the CLI command to manage load balancer logging:

      yc alb load-balancer logging --help

    2. Add a new rule for discarding logs:

      yc alb load-balancer logging <load_balancer_name> \
  --log-group-id <log_group_ID> \
  --enable \
  --discard codes=[200,3XX,GRPC_OK],percent=90

      Where:

      • --log-group-id: ID of the log group.
      • --discard: Log discard rule. Rule parameters:
        • codes: HTTP codes, classes of HTTP codes, or gRPC codes.
        • percent: Discarded logs percentage.

      Result:

      done (42s)
id: ds76g2zpgp3f********
name: test-load-balancer
folder_id: b1gug7dbelh********
...
log_options:
  log_group_id: e23p9bcvh6gr********
  discard_rules:
    - http_codes:
        - "200"
      http_code_intervals:
        - HTTP_3XX
      grpc_codes:
        - OK
      discard_percent: "90"

  4. Set new parameters for the listener:

    • HTTP listener:

      1. View the description of the CLI command for updating the parameters of an HTTP listener for an L7 load balancer:

        yc alb load-balancer update-listener --help

      2. Run the command, indicating the new listener parameters:

        yc alb load-balancer update-listener <load_balancer_name> \
  --listener-name <listener_name> \
  --http-router-id <HTTP_router_ID> \
  --external-ipv4-endpoint port=<listener_port>

    • Stream listener:

      1. View the description of the CLI command for updating the parameters of a Stream listener for an L7 load balancer:

        yc alb load-balancer update-stream-listener --help

      2. Run the command, indicating the new listener parameters:

        yc alb load-balancer update-stream-listener <load_balancer_name> \
  --listener-name=<listener_name> \
  --backend-group-id=<backend_group_ID> \
  --external-ipv4-endpoint port=<listener_port>

    The result of updating two listeners is:

    done (42s)
id: ds76g8b2op3f********
name: test-load-balancer
folder_id: b1gu6g9ielh6********
status: ACTIVE
network_id: enp0uulja5s3********
listeners:
- name: tslistener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 51.250.64.197
    ports:
    - "80"
  http:
    handler:
      http_router_id: ds7d7b14b3fs********
- name: teststreamlistener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 51.250.64.197
    ports:
    - "443"
  stream:
    handler:
      backend_group_id: ds77tero4f5h********
allocation_policy:
  locations:
  - zone_id: ru-central1-a
    subnet_id: e9bs1hp7lgdl********
log_group_id: ckgs4u5km3u8********
security_group_ids:
- enp49ot04g63********
created_at: "2022-04-04T02:12:40.160629110Z"
log_options:
  log_group_id: e23p9bfjvsgr********
  discard_rules:
    - http_codes:
        - "200"
      http_code_intervals:
        - HTTP_3XX
      grpc_codes:
        - OK
      discard_percent: "90"

  5. (Optional) Set new limits on the number of resource units:

    1. View the description of the CLI command to set up limits:

      yc alb load-balancer autoscale --help

    2. Set limits by running the command below:

      yc alb load-balancer autoscale <load_balancer_name_or_ID> \
  --min-zone-size <minimum_number_of_resource_units_per_zone> \
  --max-size <maximum_total_number_of_resource_units>

      Where:

      • --min-zone-size: Minimum number of resource units in each availability zone. The default minimum is 2. You cannot set a minimum value below 2.
      • --max-size: Maximum total number of resource units. By default, this number is unlimited. Make sure the value is not less than the number of load balancer availability zones multiplied by the minimum number of resource units per zone.

      You can set one or both parameters in the command.

      For example:

      yc alb load-balancer autoscale test-balancer2 \
  --min-zone-size 3 \
  --max-size 10

      Result:

      id: a5d88ep483cm********
name: test-balancer2
folder_id: aoe197919j8e********
status: ACTIVE
region_id: ru-central1
network_id: c64l1c06d151********
allocation_policy:
  locations:
    - zone_id: ru-central1-a
      subnet_id: buc4gsmpj8hv********
created_at: "2022-06-02T12:12:13.624832586Z"
auto_scale_policy:
  min_zone_size: 3
  max_size: 10

If you don't have Terraform, install it and configure the Yandex Cloud provider.

  1. Open the Terraform configuration file and edit the fragment with the L7 load balancer description:

    ...
resource "yandex_alb_load_balancer" "test-balancer" {
  name        = "my-load-balancer"
  network_id  = yandex_vpc_network.test-network.id

  allocation_policy {
    location {
      zone_id   = "ru-central1-a"
      subnet_id = yandex_vpc_subnet.test-subnet.id
      security_group_ids = ["<list_of_security_group_IDs>"]
    }
  }

  listener {
    name = "my-listener"
    endpoint {
      address {
        external_ipv4_address {
        }
      }
      ports = [ 9000 ]
    }
    http {
      handler {
        http_router_id = yandex_alb_http_router.test-router.id
      }
    }
  }

  log_options {
    log_group_id = "<log_group_ID>"
    discard_rule {
      http_codes          = ["200"]
      http_code_intervals = ["HTTP_2XX"]
      grpc_codes          = ["GRPC_OK"]
      discard_percent     = 15
    }
  }
}
...

    For more information about the yandex_alb_load_balancer resource parameters in Terraform, see the provider documentation.

  2. Check the configuration using this command:

    terraform validate

    If the configuration is correct, you will get this message:

    Success! The configuration is valid.

  3. Run this command:

    terraform plan

    The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.

  4. Apply the configuration changes:

    terraform apply

  5. Confirm the changes: type yes into the terminal and press Enter.

    You can check the L7 load balancer update using the management console or this CLI command:

    yc alb load-balancer get <load_balancer_name>

Use the update REST API method for the LoadBalancer resource or the LoadBalancerService/Update gRPC API call.

Deleting a listener

To delete a listener for your L7 load balancer:

  1. In the management console, select the folder where the load balancer was created.
  2. Select Application Load Balancer.
  3. Next to the load balancer name you need, click and select Edit.
  4. Under Listeners, next to the appropriate listener name, click and select Delete.
  5. Click Save.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. View the description of the CLI command for deleting a listener:

    yc alb load-balancer remove-listener --help

  2. Run this command:

    yc alb load-balancer remove-listener <load_balancer_name_or_ID> \
  --listener-name=<listener_name>

    Result:

    done (50s)

If you don't have Terraform, install it and configure the Yandex Cloud provider.

  1. Open the Terraform configuration file and delete the listener section from the L7 load balancer description.

    ...
resource "yandex_alb_load_balancer" "test-balancer" {
  name        = "my-load-balancer"
  network_id  = yandex_vpc_network.test-network.id

  allocation_policy {
    location {
      zone_id   = "ru-central1-a"
      subnet_id = yandex_vpc_subnet.test-subnet.id
    }
  }

  listener {
    name = "my-listener"
    endpoint {
      address {
        external_ipv4_address {
        }
      }
      ports = [ 9000 ]
    }
    http {
      handler {
        http_router_id = yandex_alb_http_router.test-router.id
      }
    }
  }
}
...

    For more information about the yandex_alb_load_balancer resource parameters in Terraform, see the provider documentation.

  2. Check the configuration using this command:

    terraform validate

    If the configuration is correct, you will get this message:

    Success! The configuration is valid.

  3. Run this command:

    terraform plan

    The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.

  4. Apply the configuration changes:

    terraform apply

  5. Confirm the changes: type yes into the terminal and press Enter.

    You can check the L7 load balancer update using the management console or this CLI command:

    yc alb load-balancer get <L7_load_balancer_name>

Use the removeListener REST API method for the LoadBalancer resource or the LoadBalancerService/RemoveListener gRPC API call.

Previous
Creating an L7 load balancer
Next
Getting information about an L7 load balancer