Editing an L7 load balancer
To update the parameters of an L7 load balancer:
-
In the management console
, select the folder where the load balancer was created. -
Select Application Load Balancer.
-
Click the name of the load balancer you need.
-
Click
and select Edit. -
Edit the required load balancer settings:
-
Under Network settings, update the security groups:
Without groups
: Allows any incoming and outgoing traffic for the load balancer. This is the least secure option.Auto
: When creating a load balancer, a security group will be automatically created that allows any incoming traffic on port80
and TCP traffic for the load balancer's node status checks on port30080
. Any outgoing traffic will be allowed for the load balancer.From list
: For more traffic management flexibility, create your own security groups. You can select up to five security groups and link them to your load balancer.
-
Under Autoscaling settings, set a limit on the number of resource units.
-
Under Log settings:
-
Change the Cloud Logging log group to write the load balancer logs to.
-
Edit the rules for discarding logs:
- HTTP codes: Update the HTTP status codes.
- HTTP code classes: Update the classes of HTTP status codes.
- gRPC codes: Update the gRPC codes.
- Share of discarded logs: Update the percentage of logs to discard.
To add another rule, click Add discard rule.
-
-
Under Listeners, change the parameters of the appropriate listeners.
-
-
At the bottom of the page, click Save.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View the description of the CLI command for updating the load balancer parameters:
yc alb load-balancer update --help
-
Run the command, indicating the new load balancer parameters. For example, link security groups to the load balancer:
yc alb load-balancer update <load_balancer_name> \ --security-group-id <list_of_security_group_IDs>
Where
--security-group-id
is a new list of one to five comma-separated security group IDs. If you omit this parameter, any traffic will be allowed for the load balancer.Result:
id: a5d88ep483cm******** name: test-balancer2-updated folder_id: aoe197919j8e******** status: ACTIVE region_id: ru-central1 network_id: c64l1c06d151******** listeners: - name: test-listener endpoints: - addresses: - external_ipv4_address: address: 130.193.32.206 ports: - "80" http: handler: http_router_id: a5dv7tjdo9gt******** allocation_policy: locations: - zone_id: ru-central1-a subnet_id: buc4gsmpj8hv******** log_group_id: eolul9ap0bv0******** security_group_ids: - enpulh2tbrep******** - enpg05a3ck35******** created_at: "2021-04-26T12:12:13.624832586Z"
-
(Optional) Update the parameters for writing logs to Yandex Cloud Logging:
-
View the description of the CLI command to manage load balancer logging:
yc alb load-balancer logging --help
-
Add a new rule for discarding logs:
yc alb load-balancer logging <load_balancer_name> \ --log-group-id <log_group_ID> \ --enable \ --discard codes=[200,3XX,GRPC_OK],percent=90
Where:
--log-group-id
: ID of the log group.--discard
: Log discard rule. Rule parameters:codes
: HTTP codes, classes of HTTP codes, or gRPC codes.percent
: Discarded logs percentage.
Result:
done (42s) id: ds76g2zpgp3f******** name: test-load-balancer folder_id: b1gug7dbelh******** ... log_options: log_group_id: e23p9bcvh6gr******** discard_rules: - http_codes: - "200" http_code_intervals: - HTTP_3XX grpc_codes: - OK discard_percent: "90"
-
-
Set new parameters for the listener:
-
HTTP listener:
-
View the description of the CLI command for updating the parameters of an HTTP listener for an L7 load balancer:
yc alb load-balancer update-listener --help
-
Run the command, indicating the new listener parameters:
yc alb load-balancer update-listener <load_balancer_name> \ --listener-name <listener_name> \ --http-router-id <HTTP_router_ID> \ --external-ipv4-endpoint port=<listener_port>
-
-
Stream listener:
-
View the description of the CLI command for updating the parameters of a Stream listener for an L7 load balancer:
yc alb load-balancer update-stream-listener --help
-
Run the command, indicating the new listener parameters:
yc alb load-balancer update-stream-listener <load_balancer_name> \ --listener-name=<listener_name> \ --backend-group-id=<backend_group_ID> \ --external-ipv4-endpoint port=<listener_port>
-
The result of updating two listeners is:
done (42s) id: ds76g8b2op3f******** name: test-load-balancer folder_id: b1gu6g9ielh6******** status: ACTIVE network_id: enp0uulja5s3******** listeners: - name: tslistener endpoints: - addresses: - external_ipv4_address: address: 51.250.64.197 ports: - "80" http: handler: http_router_id: ds7d7b14b3fs******** - name: teststreamlistener endpoints: - addresses: - external_ipv4_address: address: 51.250.64.197 ports: - "443" stream: handler: backend_group_id: ds77tero4f5h******** allocation_policy: locations: - zone_id: ru-central1-a subnet_id: e9bs1hp7lgdl******** log_group_id: ckgs4u5km3u8******** security_group_ids: - enp49ot04g63******** created_at: "2022-04-04T02:12:40.160629110Z" log_options: log_group_id: e23p9bfjvsgr******** discard_rules: - http_codes: - "200" http_code_intervals: - HTTP_3XX grpc_codes: - OK discard_percent: "90"
-
-
(Optional) Set new limits on the number of resource units:
-
View the description of the CLI command to set up limits:
yc alb load-balancer autoscale --help
-
Set limits by running the command below:
yc alb load-balancer autoscale <load_balancer_name_or_ID> \ --min-zone-size <minimum_number_of_resource_units_per_zone> \ --max-size <maximum_total_number_of_resource_units>
Where:
--min-zone-size
: Minimum number of resource units in each availability zone. The default minimum is 2. You cannot set a minimum value below 2.--max-size
: Maximum total number of resource units. By default, this number is unlimited. Make sure the value is not less than the number of load balancer availability zones multiplied by the minimum number of resource units per zone.
You can set one or both parameters in the command.
For example:
yc alb load-balancer autoscale test-balancer2 \ --min-zone-size 3 \ --max-size 10
Result:
id: a5d88ep483cm******** name: test-balancer2 folder_id: aoe197919j8e******** status: ACTIVE region_id: ru-central1 network_id: c64l1c06d151******** allocation_policy: locations: - zone_id: ru-central1-a subnet_id: buc4gsmpj8hv******** created_at: "2022-06-02T12:12:13.624832586Z" auto_scale_policy: min_zone_size: 3 max_size: 10
-
If you don't have Terraform, install it and configure the Yandex Cloud provider.
-
Open the Terraform configuration file and edit the fragment with the L7 load balancer description:
... resource "yandex_alb_load_balancer" "test-balancer" { name = "my-load-balancer" network_id = yandex_vpc_network.test-network.id allocation_policy { location { zone_id = "ru-central1-a" subnet_id = yandex_vpc_subnet.test-subnet.id security_group_ids = ["<list_of_security_group_IDs>"] } } listener { name = "my-listener" endpoint { address { external_ipv4_address { } } ports = [ 9000 ] } http { handler { http_router_id = yandex_alb_http_router.test-router.id } } } log_options { log_group_id = "<log_group_ID>" discard_rule { http_codes = ["200"] http_code_intervals = ["HTTP_2XX"] grpc_codes = ["GRPC_OK"] discard_percent = 15 } } } ...
For more information about the
yandex_alb_load_balancer
resource parameters in Terraform, see the provider documentation . -
Check the configuration using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
into the terminal and press Enter.You can check the L7 load balancer update using the management console
or this CLI command:yc alb load-balancer get <load_balancer_name>
Use the update REST API method for the LoadBalancer resource or the LoadBalancerService/Update gRPC API call.
Deleting a listener
To delete a listener for your L7 load balancer:
- In the management console
, select the folder where the load balancer was created. - Select Application Load Balancer.
- Next to the load balancer name you need, click
and select Edit. - Under Listeners, next to the appropriate listener name, click
and select Delete. - Click Save.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View the description of the CLI command for deleting a listener:
yc alb load-balancer remove-listener --help
-
Run this command:
yc alb load-balancer remove-listener <load_balancer_name_or_ID> \ --listener-name=<listener_name>
Result:
done (50s)
If you don't have Terraform, install it and configure the Yandex Cloud provider.
-
Open the Terraform configuration file and delete the
listener
section from the L7 load balancer description.... resource "yandex_alb_load_balancer" "test-balancer" { name = "my-load-balancer" network_id = yandex_vpc_network.test-network.id allocation_policy { location { zone_id = "ru-central1-a" subnet_id = yandex_vpc_subnet.test-subnet.id } } listener { name = "my-listener" endpoint { address { external_ipv4_address { } } ports = [ 9000 ] } http { handler { http_router_id = yandex_alb_http_router.test-router.id } } } } ...
For more information about the
yandex_alb_load_balancer
resource parameters in Terraform, see the provider documentation . -
Check the configuration using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
into the terminal and press Enter.You can check the L7 load balancer update using the management console
or this CLI command:yc alb load-balancer get <L7_load_balancer_name>
Use the removeListener REST API method for the LoadBalancer resource or the LoadBalancerService/RemoveListener gRPC API call.