Creating a backend group
To create a backend group:
-
In the management console
, select the folder where you want to create a backend group. -
From the list of services, select Application Load Balancer.
-
In the left-hand panel, select
Backend groups. -
Click Create backend group.
-
Specify the backend group name.
-
Select the backend group type:
HTTP
: For HTTP or HTTPS traffic.gRPC
: For HTTP or HTTPS traffic with gRPC .Stream
: For unencrypted TCP traffic or TCP traffic with TLS encryption support.
-
Optinally, enable session affinity.
HTTP
andgRPC
backend groups support the following session affinity modes:By IP address
.By HTTP header
.By cookie
.
Stream
backend groups support session affinity by client IP address.Note
Currently, session affinity only works for a single active backend in a group, containing at least one target group and using the
MAGLEV_HASH
load balancing mode. -
Under Backends, click Add. Specify the backend settings:
-
Backend Name.
-
Weight: Backend weight in traffic distribution. If this option is disabled, the backend weight will be 0 and its endpoints will not be receiving traffic.
-
Backend Type:
Target group
for Application Load Balancer target groups orBucket
for Object Storage buckets. This option works forHTTP
backend groups only.gRPC
and Stream group backends have theTarget group
backend type. For more information about backend types, see Backend types. -
The settings described below only work for Target group backends:
-
Under Load balancing settings:
- Balancing mode: Load balancing mode.
- Panic mode threshold: Healthy endpoint threshold triggering panic mode when the load balancer distributes requests across all endpoints, regardless of their health status.
- Locality aware routing: Share of incoming traffic the load balancer node will route to its availability zone backends. The remaining traffic will be evenly distributed across other availability zones. To learn more, see Locality aware routing.
- Strict locality: If this option is enabled, the load balancer will return
503 Service Unavailable
if no application backends are operational in the request’s originating availability zone.
-
Under Protocol settings:
-
For a
HTTP
backend group:-
HTTP/2: With this option enabled, the load balancer will use the HTTP/2 protocol when routing requests to
HTTP
group backends. By default, the load balancer uses the HTTP/1.1 protocol.gRPC
backend groups only support the HTTP/2 protocol. -
Protocol: Backend connection protocol, e.g.,
HTTP
without encryption orHTTPS
with TLS encryption. ForHTTPS
, specify:
-
-
For a
gRPC
backend group:- Protocol: Backend connection protocol, e.g.,
Plain-text
orEncrypted
. For the encrypted protocol, specify SNI and Trusted root certificate as shown above.
- Protocol: Backend connection protocol, e.g.,
-
For a
Stream
backend group:-
PROXY protocol: With this option enabled, the load balancer will send its client connection metadata, e.g. its IP address, to the backend via HAProxy
protocol. -
Protocol: Backend connection protocol, e.g.,
Plain-text
orEncrypted
. For the encrypted protocol, specify SNI and Trusted root certificate as shown above.
-
-
-
-
The following settings only work for Bucket backends in HTTP backend groups:
- Bucket ID format:
List
orID
. - Bucket: Select a bucket from the list or specify its ID.
- Bucket ID format:
-
Under HTTP health check, gRPC health check, or Stream health check specify:
-
Timeout, s: Response timeout. Maximum connection time.
-
Interval: Health check request interval.
-
Healthy threshold: Number of consecutive successful checks required before considering the endpoint healthy. The load balancer ignores this setting at start, conducting one health check to identify the endpoint as healthy.
-
Unhealthy threshold: Number of consecutive failed checks required before considering the endpoint unhealthy. The load balancer ignores this setting when receiving
503 Service Unavailable
from a backend, following which it is considered unhealthy right away. -
Port.
-
Type: Health check protocol, e.g.,
HTTP
,gRPC
, orStream
. The health check protocol does not need to match the backend group type. Depending on the selected protocol, specify:-
For the
HTTP
type:- Path: Endpoint request URI path.
- Authority: HTTP/1.1
Host
or HTTP/2:authority
header of the backend endpoint health check requests. - HTTP/2: Use HTTP v2 protocol.
- HTTP codes: HTTP status codes deemed valid during a backend health check.
-
For the
gRPC
type:- Service name: Name of the gRPC service you want to check. If no service is specified, the system will check the backend overall health.
-
For the
Stream
type:- Send: Data sent to the endpoint for a health check.
- Receive: Data the endpoint must return to pass the health check.
-
Alert
If all backends with health checks enabled in an availability zone fail those checks, traffic will no longer route to that zone, even if functional backends without health checks remain.
We recommend configuring health checks for all backends.
To add a health check, at the bottom of the backend section, click Add health check and specify the check settings.
To remove a health check, click
next to the HTTP health check, gRPC health check, or Stream health check title, and select Delete. -
-
-
Click Create.
If you do not have the Yandex Cloud CLI installed yet, install and initialize it.
By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID>
command. You can also set a different folder for any specific command using the --folder-name
or --folder-id
parameter.
Note
You can create a gRPC
backend group in the management console
-
See the description of the CLI command for creating a backend group:
yc alb backend-group create --help
-
Create a backend group by running this command:
yc alb backend-group create <backend_group_name>
Result:
id: a5dg2cv4ngne******** name: test-backend-group folder_id: aoerb349v3h4******** created_at: "2021-02-11T20:46:21.688940670Z"
-
Add a backend and a health check to the group.
Alert
If all backends with health checks enabled in an availability zone fail those checks, traffic will no longer route to that zone, even if functional backends without health checks remain.
We recommend configuring health checks for all backends.
All backends within a group must be of the same type:
HTTP
,gRPC
, orStream
.HTTP backend
Run this command:
yc alb backend-group add-http-backend \ --backend-group-name <backend_group_name> \ --name <name_of_backend_you_are_adding> \ --weight <backend_weight> \ --port <backend_port> \ --target-group-id=<target_group_ID> \ --panic-threshold 90 \ --http-healthcheck port=80,healthy-threshold=10,unhealthy-threshold=15,expected-statuses=211,\ timeout=10s,interval=2s,host=<host_address>,path=<path>
Where:
--name
: The name of the backend you want to add or update.--panic-threshold
: Panic mode threshold.--http-healthcheck
: Health check settings:port
: Port.healthy-threshold
: Healthy threshold.unhealthy-threshold
: Unhealthy threshold.expected-statuses
: HTTP status code deemed valid during a backend health check. You can add multiple values separated by a comma:expected-statuses=201,expected-statuses=205,expected-statuses=302
. You can use HTTP codes in the range between100
and599
. If this setting is not specified, the response code will be200
.timeout
: Maximum connection time.interval
: Interval.host
: Host address.path
: Path.
Result:
id: a5dqkr2mk3rr******** name: <backend_group_name> folder_id: aoe197919j8e******** http: backends: - name: <backend_name> backend_weight: "1" load_balancing_config: panic_threshold: "90" port: "80" target_groups: target_group_ids: - a5d2iap3nue9******** healthchecks: - timeout: 10s interval: 2s healthy_threshold: "10" unhealthy_threshold: "15" healthcheck_port: "80" http: host: <host_address> path: <path> created_at: "2021-02-11T20:46:21.688940670Z"
gRPC backend
Run this command:
yc alb backend-group add-grpc-backend \ --backend-group-name <backend_group_name> \ --name <name_of_backend_you_are_adding> \ --weight <backend_weight> \ --port <backend_port> \ --target-group-id=<target_group_ID> \ --panic-threshold 90 \ --grpc-healthcheck port=80,healthy-threshold=10,unhealthy-threshold=15,\ timeout=10s,interval=2s,service-name=<gRPC_service_name>
Where:
--panic-threshold
: Panic mode threshold.--grpc-healthcheck
: Resource health check settings:port
: Port.healthy-threshold
: Healthy threshold.unhealthy-threshold
: Unhealthy threshold.timeout
: Maximum connection time.interval
: Interval.service-name
: Name of the gRPC service you want to check. If no service is specified, the system will check the backend overall health.
Result:
id: a5dqkr2mk3rr******** name: <backend_group_name> folder_id: aoe197919j8e******** grpc: backends: - name: <backend_name> backend_weight: "12" load_balancing_config: panic_threshold: "90" port: "80" target_groups: target_group_ids: - a5d2iap3nue9******** healthchecks: - timeout: 10s interval: 2s healthy_threshold: "10" unhealthy_threshold: "15" healthcheck_port: "80" grpc: service_name: <gRPC_service_name> created_at: "2023-06-17T13:04:08.567141292Z"
Stream backend
Run this command:
yc alb backend-group add-stream-backend \ --backend-group-name <backend_group_name> \ --name <name_of_backend_you_are_adding> \ --weight <backend_weight> \ --port <backend_port> \ --target-group-id=<target_group_ID> \ --panic-threshold 90 \ --enable-proxy-protocol \ --keep-connections-on-host-health-failure \ --stream-healthcheck port=80,healthy-threshold=10,unhealthy-threshold=15,\ timeout=10s,interval=2s,send-text=<data_to_endpoint>,receive-text=<data_from_endpoint>
Where:
--panic-threshold
: Panic mode threshold.--enable-proxy-protocol
: With this option enabled, the load balancer will send its client connection metadata, e.g. its IP address, to the backend via HAProxy protocol. If you do not set specific values for this option, the load balancer will only send its IP address to the backend.--keep-connections-on-host-health-failure
: Keeps the connection alive even if the health check fails.--stream-healthcheck
: Health check settings:port
: Port.healthy-threshold
: Healthy threshold.unhealthy-threshold
: Unhealthy threshold.timeout
: Maximum connection time.interval
: Interval.send-text
: Data sent to the endpoint for a health check.receive-text
: Data the endpoint must return to pass the health check.
Result:
id: ds77tero4f5******** name: <backend_group_name> folder_id: b1gu6g9ielh6******** stream: backends: - name: <backend_name> backend_weight: "1" port: "80" target_groups: target_group_ids: - ds7eof3r2cte******** healthchecks: - timeout: 10s interval: 2s healthy_threshold: "10" unhealthy_threshold: "15" healthcheck_port: "80" stream: send: text: <data_to_endpoint> receive: text: <data_from_endpoint> enable_proxy_protocol: true created_at: "2022-04-06T09:17:57.104324513Z"
With Terraform
Terraform is distributed under the Business Source License
For more information about the provider resources, see the relevant documentation on the Terraform
If you do not have Terraform yet, install it and configure the Yandex Cloud provider.
-
In the Terraform configuration file, describe the resource you want to create:
resource "yandex_alb_backend_group" "test-backend-group" { name = "<backend_group_name>" session_affinity { connection { source_ip = <IP_address_session_affinity_mode> } } stream_backend { name = "<backend_name>" weight = 1 port = 80 target_group_ids = ["<target_group_ID>"] load_balancing_config { panic_threshold = 90 } enable_proxy_protocol = true healthcheck { timeout = "10s" interval = "2s" healthy_threshold = 10 unhealthy_threshold = 15 keep_connections_on_host_health_failure = <true_or_false> stream_healthcheck { send = "<data_to_endpoint>" receive = "<data_from_endpoint>" } http_healthcheck { path = "<path>" host = "<host>" expected_statuses = [<HTTP codes>] } } } }
Where:
yandex_alb_backend_group
: Backend group settings:-
name
: Backend group name. -
session_affinity
: Session affinity settings. This is an optional parameter.Note
Currently, session affinity only works for a single active backend in a group, containing at least one target group and using the
MAGLEV_HASH
load balancing mode.connection
: Session affinity by thesource_ip
IP address. It can be eithertrue
orfalse
. You can also usecookie
orheader
session affinity modes, but you can only specify one mode. If the backend group is of theStream
type, i.e., it consists of thestream_backend
resources, you can only use theconnection
mode for session affinity.
-
http_backend
,grpc_backend
, andstream_backend
: Backend type. All backends within a group must match the same type:HTTP
,gRPC
, orStream
.
-
Backend parameters:
-
name
: Backend name. -
port
: Backend port. -
weight
: Backend weight. -
target_group_ids
: Target group ID. To get a list of available target groups, run theyc alb target-group list
CLI command. -
load_balancing_config
: Balancing parameters:panic_threshold
: Panic mode threshold.
-
enable_proxy_protocol
: With this option enabled, the load balancer will send its client connection metadata, e.g. its IP address, to the backend via HAProxy protocol. If you do not set specific values for this option, the load balancer will only send its IP address to the backend. This option is only available forStream
type backends. -
healthcheck
: Health check settings:timeout
: Maximum connection request timeout.interval
: Interval.healthy_threshold
: Healthy threshold.unhealthy_threshold
: Unhealthy threshold.keep_connections_on_host_health_failure
: This option maintains connections open even if the target host status changes toUnhealthy
.http_healthcheck
:HTTP
health check settings:path
: Path, e.g.,/health
.host
: Host address, e.g.,example.com
.expected_statuses
: List of HTTP status codes corresponding to theHealthy
status, e.g.,[200, 201, 202]
.
grpc_healthcheck
:gRPC
health check settings:service_name
: Name of the gRPC service you want to check. If no service is specified, the system will check the backend overall health.
stream_healthcheck
:Stream
health check settings:send
: Data sent to the endpoint for a health check.receive
: Data the endpoint must return to pass the health check.
Alert
If all backends with health checks enabled in an availability zone fail those checks, traffic will no longer route to that zone, even if functional backends without health checks remain.
We recommend configuring health checks for all backends.
For more information about
yandex_alb_backend_group
properties, see the relevant Terraform article . -
Create the resources:
-
In the terminal, go to the directory where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
You will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.
-
Apply the changes:
terraform apply
-
Type
yes
and press Enter to confirm the changes.
Terraform will create all the required resources. You can check new resources in the management console
or using this CLI command:yc alb backend-group list
-
Use the create REST API method for the BackendGroup resource or the BackendGroupService/Create gRPC API call.