Enabling blue-green and canary deployment of web service versions
- Supported tools
- Prepare your cloud
- Add a certificate to Certificate Manager
- Create a cloud network and subnets
- Create buckets in Object Storage
- Upload the files of your service to the buckets
- Create a security group
- Create Application Load Balancer backend groups
- Create an HTTP router and virtual hosts
- Create an L7 load balancer
- Create a CDN resource
- Configure DNS for the service
- Run a health check and test the switching between versions
- How to delete the resources you created
Configure web service architecture to switch between versions using the commonly adopted deployment models: blue-green deployment
Both models use two backends: a blue and a green one. First you deploy a stable version generally available to users on one backend (e.g., the blue one). Then you use the other backend (the green one) to test the next version. When the testing is complete, the backends switch roles:
- With a blue-green deployment, all user traffic switches from one backend to the other right away.
- With a canary deployment, the traffic is switched over gradually, starting with some part of your user base.
After that, the green backend becomes the primary one, and you can use the blue backend to test your next version. As long as your previous version runs on the blue backend, you can roll the service back to it by switching the backends back.
In this tutorial, we use Yandex Object Storage buckets as backends with the Yandex Application Load Balancer L7 load balancer switching traffic between them. User requests are transmitted to the load balancer via the Yandex Cloud CDN content delivery network (CDN) that reduces the time of content delivery.
As examples, we are going to use these domain names: cdn.yandexcloud.example
and cdn-staging.yandexcloud.example
.
To perform steps, you can use various supported tools.
To build an architecture for the blue-green and canary deployment:
- Prepare your cloud.
- Add a certificate to Certificate Manager
- Create a cloud network and subnets.
- Create buckets in Object Storage.
- Upload the files of your service to the buckets.
- Create Application Load Balancer backend groups.
- Create an HTTP router and virtual hosts.
- Create an L7 load balancer.
- Create a CDN resource.
- Configure DNS for the service.
- Run a health check and test the switching between versions.
If you no longer need the resources you created, delete them.
Supported tools
You can complete most of the steps in the tutorial using any standard tool, such as the management console
Some steps do not support certain tools:
- Currently, you cannot use CLIs and Terraform to:
- Create a Application Load Balancer backend group with buckets as backends.
- Get the domain name of a CDN load balancer when configuring DNS for the service.
- Disable and enable caching of a CDN resource when running a health check and testing version switching.
- Currently, you cannot get the domain name of a CDN load balancer when configuring DNS for the service.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
We will use a folder named example-folder
as an example.
Required paid resources
The infrastructure support costs include:
- Fee for data storage in Object Storage, operations with data, and outgoing traffic (see Object Storage pricing).
- Fee for using computing resources of the L7 load balancer (see Application Load Balancer pricing).
- Fee for outgoing traffic from CDN servers (see Cloud CDN pricing).
- Fee for public DNS queries and DNS zones if using Yandex Cloud DNS (see Cloud DNS pricing).
Add a certificate to Certificate Manager
Certificates from Yandex Certificate Manager are supported. You can issue a new Let's Encrypt® certificate or upload one of your own.
The certificate must be located in the same folder as your CDN resource.
For a Let's Encrypt® certificate, have your rights checked for the domain specified in the certificate.
Create a cloud network and subnets
All resources belong to the same cloud network.
- In the management console
, select theexample-folder
folder. - In the list of services, select Virtual Private Cloud.
- At the top right, click Create network.
- In the Name field, specify
canary-network
. - In the Advanced field, select Create subnets.
- Click Create network.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
Create a network named
canary-network
:yc vpc network create canary-network
Result:
id: enptrcle5q3d******** folder_id: b1g9hv2loamq******** created_at: "2021-11-03T09:25:03Z" name: canary-network default_security_group_id: enpbsnnop4ak********
For more information about the
yc vpc network create
command, see the CLI reference. -
Create subnets in all availability zones:
-
ru-central1-a
:yc vpc subnet create canary-subnet-ru-central1-a \ --zone ru-central1-a \ --network-name canary-network \ --range 10.1.0.0/16
Result:
id: e9bnnssj8sc8******** folder_id: b1g9hv2loamq******** created_at: "2021-11-03T09:27:00Z" name: canary-subnet-ru-central1-a network_id: enptrcle5q3d******** zone_id: ru-central1-a v4_cidr_blocks: - 10.1.0.0/16
-
ru-central1-b
:yc vpc subnet create canary-subnet-ru-central1-b \ --zone ru-central1-b \ --network-name canary-network \ --range 10.2.0.0/16
Result:
id: e2lghukd9iqo******** folder_id: b1g9hv2loamq******** created_at: "2021-11-03T09:27:39Z" name: canary-subnet-ru-central1-b network_id: enptrcle5q3d******** zone_id: ru-central1-b v4_cidr_blocks: - 10.2.0.0/16
-
ru-central1-d
:yc vpc subnet create canary-subnet-ru-central1-d \ --zone ru-central1-d \ --network-name canary-network \ --range 10.3.0.0/16
Result:
id: b0c3pte4o2kn******** folder_id: b1g9hv2loamq******** created_at: "2021-11-03T09:28:08Z" name: canary-subnet-ru-central1-d network_id: enptrcle5q3d******** zone_id: ru-central1-d v4_cidr_blocks: - 10.3.0.0/16
For more information about the
yc vpc subnet create
command, see the CLI reference. -
If you don't have Terraform, install it and configure the Yandex Cloud provider.
-
In the configuration file, describe the network parameters for
canary-network
and itscanary-subnet-ru-central1-a
,canary-subnet-ru-central1-b
, andcanary-subnet-ru-central1-d
subnets:resource "yandex_vpc_network" "canary-network" { name = "canary-network" } resource "yandex_vpc_subnet" "canary-subnet-a" { name = "canary-subnet-ru-central1-a" zone = "ru-central1-a" network_id = "${yandex_vpc_network.canary-network.id}" v4_cidr_blocks = ["10.1.0.0/16"] } resource "yandex_vpc_subnet" "canary-subnet-b" { name = "canary-subnet-ru-central1-b" zone = "ru-central1-b" network_id = "${yandex_vpc_network.canary-network.id}" v4_cidr_blocks = ["10.2.0.0/16"] } resource "yandex_vpc_subnet" "canary-subnet-d" { name = "canary-subnet-ru-central1-d" zone = "ru-central1-d" network_id = "${yandex_vpc_network.canary-network.id}" v4_cidr_blocks = ["10.3.0.0/16"] }
For more information, see the descriptions of the yandex_vpc_network
and yandex_vpc_subnet resources in the Terraform provider documentation. -
Make sure the configuration files are correct.
-
In the command line, go to the folder where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm that you want to create the resources.
-
- Create the
canary-network
network using the NetworkService/Create gRPC API call or the create REST API method. - Create the
canary-subnet-ru-central1-a
,canary-subnet-ru-central1-b
, andcanary-subnet-ru-central1-d
subnets in the three availability zones using the SubnetService/Create gRPC API call or the create REST API method.
Create buckets in Object Storage
-
In the management console
, selectexample-folder
. -
In the list of services, select Object Storage.
-
Create a blue bucket for the backend stable version:
- At the top right, click Create bucket.
- In the ** Name** field, enter a name for the bucket.
- In the Object read access and Object listing access fields, select
Public
. - Click Create bucket.
-
Similarly, create a green bucket for the backend test version.
-
Create a blue bucket for the backend stable version:
aws --endpoint-url https://storage.yandexcloud.net \ s3 mb s3://<blue_bucket_name>
Result:
make_bucket: s3://<blue_bucket_name>
-
Enable public access to reading objects and their list:
aws --endpoint-url https://storage.yandexcloud.net \ s3api put-bucket-acl \ --bucket <blue_bucket_name> \ --acl public-read
-
Similarly, create a green bucket for the backend test version and enable public access to it.
Note
Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin
, for the folder where you are going to create resources.
-
Describe the parameters for creating a service account and access key in the configuration file:
... // Creating a service account resource "yandex_iam_service_account" "sa" { name = "<service_account_name>" } // Assigning a role to a service account resource "yandex_resourcemanager_folder_iam_member" "sa-admin" { folder_id = "<folder_ID>" role = "storage.admin" member = "serviceAccount:${yandex_iam_service_account.sa.id}" } // Creating a static access key resource "yandex_iam_service_account_static_access_key" "sa-static-key" { service_account_id = yandex_iam_service_account.sa.id description = "static access key for object storage" }
-
Add the parameters of the blue (backend stable version) and green (backend test version) buckets to the configuration file:
... resource "yandex_storage_bucket" "canary-bucket-blue" { access_key = yandex_iam_service_account_static_access_key.sa-static-key.access_key secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key bucket = "<blue_bucket_name>" acl = "public-read" } resource "yandex_storage_bucket" "canary-bucket-green" { access_key = yandex_iam_service_account_static_access_key.sa-static-key.access_key secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key bucket = "<green_bucket_name>" acl = "public-read" }
For more information about the
yandex_storage_bucket
resource, see the Terraform provider documentation . -
Make sure the configuration files are correct.
-
In the command line, go to the folder where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm that you want to create the resources.
-
Use the create REST API method.
Upload the files of your service to the buckets
-
Create two files, both named
index.html
. They will represent two service versions: version 1 and version 2.Example of the index.html file version 1
<!DOCTYPE html> <html> <head> <title>Version 1</title> </head> <body> <p>Version 1 is working</p> </body> </html>
Example of the index.html file version 2
<!DOCTYPE html> <html> <head> <title>Version 2</title> </head> <body> <p>Version 2 is working</p> </body> </html>
-
Upload files to buckets:
Management consoleAWS CLITerraformAPI- In the management console
, selectexample-folder
. - In the list of services, select Object Storage.
- Select the blue bucket.
- Click Upload and select
index.html
version 1 for uploading. - Similarly, upload
index.html
version 2 to the green bucket.
-
Upload
index.html
version 1 to the blue bucket:aws --endpoint-url https://storage.yandexcloud.net \ s3 cp v1/index.html s3://<blue_bucket_name>/index.html
Result:
upload: v1/index.html to s3://<blue_bucket_name>/index.html
-
Upload
index.html
version 2 to the green bucket:aws --endpoint-url https://storage.yandexcloud.net \ s3 cp v2/index.html s3://<green_bucket_name>/index.html
Result:
upload: v2/index.html to s3://<green_bucket_name>/index.html
-
To the configuration file, add the parameters of the
v1/index.html
andv2/index.html
files uploaded to the blue and green buckets, respectively:... resource "yandex_storage_object" "canary-bucket-blue-index" { bucket = "<blue_bucket_name>" key = "index.html" source = "v1/index.html" } resource "yandex_storage_bucket" "canary-bucket-green-index" { bucket = "<green_bucket_name>" key = "index.html" source = "v2/index.html" }
For more information about the
yandex_storage_object
resource, see the Terraform provider documentation . -
Make sure the configuration files are correct.
-
In the command line, go to the folder where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm that you want to create the resources.
-
Use the upload REST API method.
- In the management console
Create a security group
Security groups contain rules that allow the L7 load balancer to receive incoming traffic and send it to backend buckets.
To create security groups:
-
In the management console
, select Virtual Private Cloud. -
In the left-hand panel, select
Security groups. -
At the top right, click Create security group.
-
In the Name field, specify
canary-sg
. -
In the Network field, select
canary-network
. -
Under Rules, create the following rules using the instructions below the table:
Traffic
directionDescription Port range Protocol Source /
targetCIDR blocks Outgoing
any
All
Any
CIDR
0.0.0.0/0
Incoming
ext-http
80
TCP
CIDR
0.0.0.0/0
Incoming
ext-https
443
TCP
CIDR
0.0.0.0/0
Incoming
healthchecks
30080
TCP
Load balancer healthchecks
— -
Go to the Egress or Ingress tab.
-
Click Add rule.
-
In the Port range field of the window that opens, specify a single port or a range of ports that traffic will come to or from.
-
In the Protocol field, specify the required protocol or leave
Any
. -
In the Destination name or Source field, select the purpose of the rule:
CIDR
: Rule will apply to the range of IP addresses. In the CIDR blocks field, specify the CIDR and masks of subnets that traffic will come to or from. To add multiple CIDRs, click Add CIDR.Load balancer healthchecks
: Rule allowing a load balancer to health check VMs.
-
Click Save. Repeat the steps to create all the rules from the table.
-
-
Click Save.
Run the following command:
yc vpc security-group create canary-sg \
--network-name canary-network \
--rule direction=egress,port=any,protocol=any,v4-cidrs=[0.0.0.0/0] \
--rule direction=ingress,port=80,protocol=tcp,v4-cidrs=[0.0.0.0/0] \
--rule direction=ingress,port=443,protocol=tcp,v4-cidrs=[0.0.0.0/0] \
--rule direction=ingress,port=30080,protocol=tcp,predefined=loadbalancer_healthchecks
Result:
id: enpd133ngcnr********
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T10:26:16Z"
name: canary-sg
network_id: enptrcle5q3d********
status: ACTIVE
rules:
- id: enpkgrpi2gsi********
direction: EGRESS
protocol_name: ANY
protocol_number: "-1"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
- id: enpgssij0i16********
direction: INGRESS
ports:
from_port: "80"
to_port: "80"
protocol_name: TCP
protocol_number: "6"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
- id: enp0bft67j9l********
direction: INGRESS
ports:
from_port: "443"
to_port: "443"
protocol_name: TCP
protocol_number: "6"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
- id: enpmorcimu65********
direction: INGRESS
ports:
from_port: "30080"
to_port: "30080"
protocol_name: TCP
protocol_number: "6"
predefined_target: loadbalancer_healthchecks
For more information about the yc vpc security-group create
command, see the CLI reference.
-
Add the
canary-sg
security group parameters to the configuration file:resource "yandex_vpc_security_group" "canary-sg" { name = "canary-sg" network_id = yandex_vpc_network.canary-network.id egress { protocol = "ANY" port = "ANY" v4_cidr_blocks = ["0.0.0.0/0"] } ingress { protocol = "TCP" port = 80 v4_cidr_blocks = ["0.0.0.0/0"] } ingress { protocol = "TCP" port = 443 v4_cidr_blocks = ["0.0.0.0/0"] } ingress { protocol = "TCP" port = 30080 predefined_target = "loadbalancer_healthchecks" } }
For more information about resource parameters in Terraform, see the provider documentation
. -
Make sure the configuration files are correct.
-
In the command line, go to the folder where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm that you want to create the resources.
-
Use the SecurityGroupService/Create gRPC API call or the create REST API method.
To add a rule for load balancer health checks, use the loadbalancer_healthchecks
parameter in the SecurityGroupRuleSpec.target.predefined_target field for the gRPC API or the predefinedTarget field for the REST API.
Create Application Load Balancer backend groups
-
Create a backend group named
canary-bg-production
with thecanary-backend-blue
andcanary-backend-green
backends:- In the management console
, selectexample-folder
. - In the list of services, select Application Load Balancer.
- In the left-hand panel, select
Backend groups. - At the top right, click Create backend group.
- In the Name field, specify
canary-bg-production
. - Create a backend named
canary-backend-blue
:- Under Backends, click Add.
- In the Name field, specify
canary-backend-blue
. - In the Weight field, specify
100
. - In the Type field, select
Bucket
. - Select the blue bucket in the Bucket field.
- Create a backend named
canary-backend-green
:- Under Backends, click Add.
- In the Name field, specify
canary-backend-green
. - In the Weight field, specify
0
. - In the Type field, select
Bucket
. - Select the green bucket in the Bucket field.
- Click Create.
- In the management console
-
In a similar way, create a backend group named
canary-bg-staging
. Set thecanary-backend-blue
backend weight to0
and thecanary-backend-green
backend weight to100
.
If you are going to complete the next steps in Terraform, copy the IDs of the canary-bg-production
and canary-bg-staging
backend groups from the
Use the BackendGroupService/Create gRPC API call or the create REST API method.
Create an HTTP router and virtual hosts
-
In the management console
, selectexample-folder
. -
In the list of services, select Application Load Balancer.
-
In the left-hand panel, select
HTTP routers. -
At the top right, click Create HTTP router.
-
In the Name field, specify
canary-router
. -
Create a virtual host named
canary-vh-production
:- Under Virtual hosts, click Add virtual host.
- In the Name field, specify
canary-vh-production
. - In the Authority field, specify
cdn.yandexcloud.example
. - Click Add route.
- In the Name field, specify
canary-route-production
. - In the Path field, select
Starts with
and specify the/
path. - In the HTTP methods list, select
GET
. - In the Action field, keep
Routing
. - In the Backend group list, select
canary-bg-production
.
-
Create a virtual host named
canary-vh-staging
:- Name:
canary-vh-production
- Authority:
cdn-staging.yandexcloud.example
- Route Name:
canary-route-staging
. - Backend group:
canary-bg-staging
- Other parameters are the same as for
canary-vh-production
.
- Name:
-
Click Create.
-
Create an HTTP router named
canary-router
:yc alb http-router create canary-router
Result:
id: ds7qd0vj01dj******** name: canary-router folder_id: b1g9hv2loamq******** created_at: "2021-11-03T10:31:41.027649223Z"
For more information about the
yc alb http-router create
command, see the CLI reference. -
Create a virtual host named
canary-vh-production
:yc alb virtual-host create canary-vh-production \ --http-router-name canary-router \ --authority cdn.yandexcloud.example
Result:
done (1s) name: canary-vh-production authority: - cdn.yandexcloud.example
For more information about the
yc alb virtual-host create
command, see the CLI reference. -
Create a route named
canary-route-production
in thecanary-vh-production
virtual host:yc alb virtual-host append-http-route canary-route-production \ --http-router-name canary-router \ --virtual-host-name canary-vh-production \ --prefix-path-match "/" \ --backend-group-name canary-bg-production
Result:
done (1s) name: canary-vh-production authority: - cdn.yandexcloud.example routes: - name: canary-route-production http: match: path: prefix_match: / route: backend_group_id: ds7pbm5fj2v0********
For more information about the
yc alb virtual-host append-http-route
command, see the CLI reference. -
Create a virtual host named
canary-vh-staging
:yc alb virtual-host create canary-vh-staging \ --http-router-name canary-router \ --authority cdn-staging.yandexcloud.example
Result:
done (1s) name: canary-vh-staging authority: - cdn-staging.yandexcloud.example
-
Create a route named
canary-route-staging
in thecanary-vh-staging
virtual host:yc alb virtual-host append-http-route canary-route-staging \ --http-router-name canary-router \ --virtual-host-name canary-vh-staging \ --prefix-path-match "/" \ --backend-group-name canary-bg-staging
Result:
done (1s) name: canary-vh-staging authority: - cdn-staging.yandexcloud.example routes: - name: canary-route-staging http: match: path: prefix_match: / route: backend_group_id: ds765atleota********
-
Add parameters of the
canary-router
HTTP router, its virtual hosts, and routes to the configuration file:... resource "yandex_alb_http_router" "canary-router" { name = "canary-router" } resource "yandex_alb_virtual_host" "canary-vh-production" { name = "canary-vh-production" http_router_id = ${yandex_alb_http_router.canary-router.id} authority = "cdn.yandexcloud.example" route { name = "canary-route-production" http_route { http_route_action { backend_group_id = "<canary-bg-production_backend_group_ID>" } } } } resource "yandex_alb_virtual_host" "canary-vh-staging" { name = "canary-vh-staging" http_router_id = ${yandex_alb_http_router.canary-router.id} authority = "cdn-staging.yandexcloud.example" route { name = "canary-route-staging" http_route { http_route_action { backend_group_id = "<canary-bg-staging_backend_group_ID>" } } } }
For more information, see the description of the yandex_alb_http_router
and yandex_alb_virtual_host resources in the Terraform provider documentation. -
Make sure the configuration files are correct.
-
In the command line, go to the folder where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm that you want to create the resources.
-
- Create the
canary-router
HTTP router using the HttpRouterService/Create gRPC API call or the create REST API method. - Create the
canary-vh-production
andcanary-vh-staging
virtual hosts linked to the router, then create their routes using the VirtualHostService/Create gRPC API call or the create REST API method.
Create an L7 load balancer
-
In the management console
, selectexample-folder
. -
In the list of services, select Application Load Balancer.
-
At the top right, click Create L7 load balancer.
-
In the Name field, specify
canary-balancer
. -
Under Network settings:
- In the Network field, select
canary-network
. - In the Security groups field, select
canary-sg
. If you leave this field blank, any incoming and outgoing traffic will be allowed for the load balancer.
- In the Network field, select
-
Under Allocation, select the three subnets for the load balancer nodes (
canary-subnet-ru-central1-a
,canary-subnet-ru-central1-b
, andcanary-subnet-ru-central1-d
) and enable traffic to these subnets. -
Under Listeners, click Add listener and set up the listener:
-
In the Name field, specify
canary-listener
. -
Under Public IP address:
- In the Port field, specify
80
. - In the Type field, select
Automatically
.
- In the Port field, specify
-
In the HTTP router field, select
canary-router
.
-
-
Click Create.
-
Get the IDs of subnets for
canary-network
:yc vpc network list-subnets canary-network
Result:
+----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+ | ID | NAME | FOLDER ID | NETWORK ID | ROUTE TABLE ID | ZONE | RANGE | +----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+ | e9bnnssj8sc8******** | canary-subnet-ru-central1-d | b1g9hv2loamq******** | enptrcle5q3d******** | | ru-central1-d | [10.1.0.0/16] | | e2lghukd9iqo******** | canary-subnet-ru-central1-b | b1g9hv2loamq******** | enptrcle5q3d******** | | ru-central1-b | [10.2.0.0/16] | | b0c3pte4o2kn******** | canary-subnet-ru-central1-a | b1g9hv2loamq******** | enptrcle5q3d******** | | ru-central1-a | [10.3.0.0/16] | +----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+
For more information about the
yc vpc network list-subnets
command, see the CLI reference. -
Get the
canary-sg
security group ID:yc vpc security-group get canary-sg | grep "^id"
Result:
id: enpd133ngcnr********
For more information about the
yc vpc security-group get
command, see the CLI reference. -
Create a load balancer named
canary-balancer
:yc alb load-balancer create canary-balancer \ --network-name canary-network \ --security-group-id <canary-sg_security_group_ID> \ --location zone=ru-central1-a,subnet-id=<canary-subnet-ru-central1-a_subnet_ID> \ --location zone=ru-central1-b,subnet-id=<canary-subnet-ru-central1-b_subnet_ID> \ --location zone=ru-central1-d,subnet-id=<canary-subnet-ru-central1-d_subnet_ID>
Result:
done (3m0s) id: ds77q7v39b4u******** name: canary-balancer folder_id: b1g9hv2loamq******** status: ACTIVE region_id: ru-central1 network_id: enptrcle5q3d******** allocation_policy: locations: - zone_id: ru-central1-d subnet_id: b0c3pte4o2kn******** - zone_id: ru-central1-b subnet_id: e2lghukd9iqo******** - zone_id: ru-central1-a subnet_id: e9bnnssj8sc8******** log_group_id: ckg23vr4dlks******** security_group_ids: - enpd133ngcnr******** created_at: "2021-11-03T10:55:49.134935148Z"
For more information about the
yc alb load-balancer create
command, see the CLI reference. -
Add a listener to the load balancer:
yc alb load-balancer add-listener \ --name canary-balancer \ --listener-name canary-listener \ --external-ipv4-endpoint port=80 \ --http-router-name canary-router
Result:
done (43s) id: ds77q7v39b4u******** name: canary-balancer folder_id: b1g9hv2loamq******** status: ACTIVE region_id: ru-central1 network_id: enptrcle5q3d******** listeners: - name: canary-listener endpoints: - addresses: - external_ipv4_address: address: 84.252.133.149 ports: - "80" http: handler: http_router_id: ds7qd0vj01dj******** allocation_policy: locations: - zone_id: ru-central1-d subnet_id: b0c3pte4o2kn******** - zone_id: ru-central1-b subnet_id: e2lghukd9iqo******** - zone_id: ru-central1-a subnet_id: e9bnnssj8sc8******** log_group_id: ckg23vr4dlks******** security_group_ids: - enpd133ngcnr******** created_at: "2021-11-03T10:55:49.134935148Z"
For more information about the
yc alb load-balancer add-listener
command, see the CLI reference.
-
Add the parameters of the
canary-balancer
L7 load balancer to the configuration file:... resource "yandex_alb_load_balancer" "canary-balancer" { name = "canary-balancer" network_id = ${yandex_vpc_network.canary-network.id} security_group_ids = [ ${yandex_vpc_security_group.canary-sg.id} ] allocation_policy { location { zone_id = "ru-central1-a" subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-a.id} } location { zone_id = "ru-central1-b" subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-b.id} } location { zone_id = "ru-central1-d" subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-d.id} } } listener { name = "canary-listener" endpoint { address { external_ipv4_address { } } ports = [80] } http { handler { http_router_id = ${yandex_alb_http_router.canary-router.id} } } } }
For more information about the
yandex_alb_load_balancer
resource, see the Terraform provider documentation . -
Make sure the configuration files are correct.
-
In the command line, go to the folder where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm that you want to create the resources.
-
Use the LoadBalancerService/Create gRPC API call or the create REST API method.
Create a CDN resource
-
In the management console
, selectexample-folder
. -
In the list of services, select Cloud CDN.
-
If the CDN provider is not activated yet, click Activate provider. A connection will be established automatically.
If you do not see the Activate provider button and you can create resources and origin groups, it means that the provider is already activated. Proceed to the next step.
-
Create a CDN resource:
-
At the top right, click Create resource.
-
Set the main parameters of the CDN resource:
-
Content query:
From one origin
-
Origin type:
L7 load balancer
-
L7 load balancer:
canary-balancer
-
IP address: IP address assigned to the load balancer (the only one in the list).
-
Under Domain names for content distribution:
- In the Domain name field, specify
cdn.yandexcloud.example
. - Click Add domain name and specify
cdn-staging.yandexcloud.example
.
Alert
The first domain name,
cdn.yandexcloud.example
, will become the primary one, and you will not be able to edit it after you create a CDN resource. - In the Domain name field, specify
-
Under Additional:
- In the Origin request protocol field, select
HTTP
. - In the Redirect clients field, select
Don't use
. - Select End-user access to content.
- In the Certificate type field, specify
Certificate from Certificate Manager
and select a certificate for thecdn.yandexcloud.example
andcdn-staging.yandexcloud.example
domain names. - In the Host header field, select
Match client
.
- In the Origin request protocol field, select
-
-
Click Create.
-
-
Enable a client redirect from HTTP to HTTPS:
- Select the previously created resource.
- Make sure the certificate status under Additional changes to
Issued
. - At the top right, click
Edit. - Under Additional, select
HTTP to HTTPS
in the Redirect clients field. - Click Save.
-
Enable caching on CDN servers for the resource:
- Select the previously created resource.
- Go to Caching.
- At the top right, click
Edit. - Enable CDN caching.
- Click Save.
-
If the CDN provider is not activated yet, run this command:
yc cdn provider activate --folder-id <folder_ID> --type gcore
-
Create an origin group named
canary-origin-group
by indicating the IP address of the load balancer:yc cdn origin-group create --name "canary-origin-group" \ --origin source=<load_balancer_IP_address>:80,enabled=true
Result:
id: "90748" folder_id: b1geoelk7fld******** name: canary-origin-group use_next: true origins: - id: "562449" origin_group_id: "90748" source: 51.250.10.216:80 enabled: true
For more information about the
yc cdn origin-group create
command, see the CLI reference. -
Copy
origin_group_id
from the previous step and create a CDN resource by running this command:yc cdn resource create \ --cname cdn.yandexcloud.example \ --origin-group-id <origin_group_ID> \ --secondary-hostnames cdn-staging.yandexcloud.example \ --origin-protocol http \ --cert-manager-ssl-cert-id <certificate_ID> \ --forward-host-header
Result:
id: bc843k2yinvq******** folder_id: b1ge1elk72ld******** cname: cdn.yandexcloud.example ... active: true ... ... secondary_hostnames: - cdn-staging.yandexcloud.example ...
For more information about the
yc cdn resource create
command, see the CLI reference. -
Enable a client redirect for a resource:
yc cdn resource update <resource_ID> --redirect-http-to-https
-
Add parameters of the CDN resources to the configuration file:
... resource "yandex_cdn_origin_group" "my_group" { name = "canary-origin-group" use_next = true origin { source = "<load_balancer_IP_address>:80" backup = false } } resource "yandex_cdn_resource" "my_resource" { cname = "cdn.yandexcloud.example" active = true origin_protocol = "http" secondary_hostnames = ["cdn-staging.yandexcloud.example"] origin_group_id = yandex_cdn_origin_group.my_group.id ssl_certificate { type = "certificate_manager" certificate_manager_id = "<certificate_ID>" } options { edge_cache_settings = "345600" browser_cache_settings = "1800" ignore_cookie = true ignore_query_params = false } }
For more information, see the description of the yandex_cdn_origin_group
and yandex_cdn_resource resources in the Terraform provider documentation. -
Make sure the configuration files are correct.
-
In the command line, go to the folder where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm creating the resources: type
yes
in the terminal and press Enter.
All the resources you need will then be created in the specified folder. You can check the new resources and their configuration using the management console
. -
-
Enable client redirect for a resource. In CDN resource parameters, add this field at the top of the
options
section:... options { redirect_https_to_http = true ...
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of updated resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
If there are no errors, run this command:
terraform apply
-
Confirm the resource update: type
yes
in the terminal and press Enter.
This enables redirect for the resource.
Use the ResourceService/Create gRPC API call or the create REST API method.
Configure DNS for the service
The cdn.yandexcloud.example
and cdn-staging.yandexcloud.example
domain names must be linked to the CDN resource using DNS records.
To configure DNS:
-
Get the domain name of the CDN load balancer:
Management console- In the management console
, selectexample-folder
. - In the list of services, select Cloud CDN.
- In the list of CDN resources, select the resource with
cdn.yandexcloud.example
as its primary domain name. - From DNS settings at the bottom of the page, copy the domain name in
cl-********.edgecdn.ru
format.
- In the management console
-
On the site of your DNS hosting provider, go to the DNS settings.
-
Create or edit CNAME records for
cdn.yandexcloud.example
andcdn-staging.yandexcloud.example
to link them to the copied domain name:cdn CNAME cl-********.edgecdn.ru cdn-staging CNAME cl-********.edgecdn.ru
Note
Do not use an ANAME resource record with domain names for content distribution; otherwise, the end user will get a response from a CDN server not linked to the user's geolocation. The response will always be the same for all users.
If you use Cloud DNS, follow this guide to configure the record:
Configuring DNS records for Cloud DNS
Management consoleYandex Cloud CLITerraformAPI-
In the management console
, select Cloud DNS. -
If you do not have a public DNS zone, create one:
- Click Create zone.
- In the Zone field, enter the website's domain name with a trailing dot:
yandexcloud.example.
. - In the Type field, select
Public
. - In the Name field, specify
canary-dns-zone
. - Click Create.
-
Create a CNAME record for
cdn.yandexcloud.example
in the zone:- Select
canary-dns-zone
. - Click Create record.
- In the Name field, specify
cdn
. - In the Type field, specify
CNAME
. - In the Data field, paste the copied value in
cl-********.edgecdn.ru
format. - Click Create.
- Select
-
In a similar way, create a CNAME record for
cdn-staging.yandexcloud.example
in the same zone. In the Name field, specifycdn-staging
.
-
If you do not have a public DNS zone, create one:
yc dns zone create \ --name canary-dns-zone \ --zone yandexcloud.example. \ --public-visibility
Result:
id: dns4rq4taddd******** folder_id: b1g9hv2loamq******** created_at: "2021-11-03T11:03:28.847Z" name: canary-dns-zone zone: yandexcloud.example. public_visibility: {}
For more information about the
yc dns zone create
command, see the CLI reference. -
In the zone, create a CNAME record for
cdn.yandexcloud.example
andcdn-staging.yandexcloud.example
with a copied value incl-********.edgecdn.ru
format:yc dns zone add-records \ --name canary-dns-zone \ --record "cdn CNAME cl-********.edgecdn.ru" \ --record "cdn-staging CNAME cl-********.edgecdn.ru"
For more information about the
yc dns zone add-records
command, see the CLI reference.
-
Add the parameters of the
canary-dns-zone
DNS zone and its CNAME records to the configuration file:... resource "yandex_dns_zone" "canary-dns-zone" { zone = "yandexcloud.example." name = "canary-dns-zone" public = true } resource "yandex_dns_recordset" "canary-recordset-production" { zone_id = ${yandex_dns_zone.canary-dns-zone.id} name = "cdn" type = "CNAME" data = ["<copied_value_in_cl-********.edgecdn.ru_format>"] } resource "yandex_dns_recordset" "canary-recordset-staging" { zone_id = ${yandex_dns_zone.canary-dns-zone.id} name = "cdn-staging" type = "CNAME" data = ["<copied_value_in_cl-********.edgecdn.ru_format>"] }
For more information, see the descriptions of the yandex_dns_zone
and yandex_dns_recordset resources in the Terraform provider documentation. -
Make sure the configuration files are correct.
-
In the command line, go to the folder where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm that you want to create the resources.
-
- Create the
canary-dns-zone
DNS zone using the DnsZoneService/Create gRPC API call or the create REST API method. - Add the
cdn
andcdn-staging
CNAME records to the zone with the copied value incl-********.edgecdn.ru
format using the DnsZoneService/UpdateRecordSets gRPC API call or the updateRecordSets REST API method.
-
A few hours might be needed to update DNS records on DNS servers. After that, you can check the health of the service.
Run a health check and test the switching between versions
Check one
Check that cdn.yandexcloud.example
is mapped to version 1 and cdn-staging.yandexcloud.example
, to version 2:
-
Open
https://cdn.yandexcloud.example/index.html
in your browser. You should see a page indicating version 1. -
Delete the
index.html
file from the CDN resource cache:Management consoleYandex Cloud CLIAPI- In the management console
, selectexample-folder
. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Content tab.
- Click Purge cache.
- In the Purge type field, select
Selective
. - Enter the path to the uploaded file:
/index.html
. - Click Purge cache.
-
Get the ID of the CDN resource that you created:
yc cdn resource list
Result:
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+ | ID | CNAME | CREATED AT | UPDATED AT | ACTIVE | OPTIONS | +----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+ | bc837xptmpkh******** | cdn.yandexcloud.example | seconds:1637235693 | seconds:1637235693 | true | edge_cache_settings:{enabled:true | | | | nanos:434085000 | nanos:434115000 | | default_value:345600} | | | | | | | cache_http_headers:{value:"accept-ranges" | | | | | | | value:"cache-control" value:"connection" | | | | | | | value:"content-encoding" | | | | | | | value:"content-length" | | | | | | | value:"content-type" | | | | | | | value:"date" value:"etag" | | | | | | | value:"expires" value:"keep-alive" | | | | | | | value:"last-modified" value:"server" | | | | | | | value:"vary"} stale:{enabled:true | | | | | | | value:"error" value:"updating"} | | | | | | | allowed_http_methods:{value:"GET" | | | | | | | value:"POST" value:"HEAD" | | | | | | | value:"OPTIONS"} | +----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
For more information about the
yc cdn resource list
command, see the CLI reference. -
Delete the file from the cache:
yc cdn cache purge \ --resource-id <CDN_resource_ID> \ --path "/index.html"
For more information about the
yc cdn cache purge
command, see the CLI reference.
- Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
- Delete
index.html
from the cache using the CacheService/Purge gRPC API call or the purge method.
- In the management console
-
Open
https://cdn-staging.yandexcloud.example/index.html
in your browser. You should see a page indicating version 2.
Canary deployment of version 2
-
Disable caching of the CDN resource and delete
index.html
from the cache:Management consoleAPI- In the management console
, selectexample-folder
. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Caching tab.
- Click Edit.
- Disable the CDN caching option.
- Click Save.
- Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
- Disable caching using the ResourceService/Update gRPC API call or the list REST API method.
- In the management console
-
Delete
index.html
from the cache:Management consoleYandex Cloud CLIAPI- In the management console
, selectexample-folder
. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Content tab.
- Click Purge cache.
- In the Purge type field, select
Selective
. - Enter the path to the uploaded file:
/index.html
. - Click Purge cache.
-
Get the ID of the CDN resource that you created:
yc cdn resource list
Result:
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+ | ID | CNAME | CREATED AT | UPDATED AT | ACTIVE | OPTIONS | +----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+ | bc837xptmpkh******** | cdn.yandexcloud.example | seconds:1637235693 | seconds:1637235693 | true | edge_cache_settings:{enabled:true | | | | nanos:434085000 | nanos:434115000 | | default_value:345600} | | | | | | | cache_http_headers:{value:"accept-ranges" | | | | | | | value:"cache-control" value:"connection" | | | | | | | value:"content-encoding" | | | | | | | value:"content-length" | | | | | | | value:"content-type" | | | | | | | value:"date" value:"etag" | | | | | | | value:"expires" value:"keep-alive" | | | | | | | value:"last-modified" value:"server" | | | | | | | value:"vary"} stale:{enabled:true | | | | | | | value:"error" value:"updating"} | | | | | | | allowed_http_methods:{value:"GET" | | | | | | | value:"POST" value:"HEAD" | | | | | | | value:"OPTIONS"} | +----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
-
Delete the file from the cache:
yc cdn cache purge \ --resource-id <CDN_resource_ID> \ --path "/index.html"
- Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
- Delete
index.html
from the cache using the CacheService/Purge gRPC API call or the purge method.
- In the management console
-
Configure the
canary-bg-production
backend group so that 20% of the traffic coming tocdn.yandexcloud.example
is processed by thecanary-backend-green
backend that runs version 2:Management consoleYandex Cloud CLIAPI-
In the management console
, selectexample-folder
. -
In the list of services, select Application Load Balancer.
-
In the left-hand panel, select
Backend groups. -
Select
canary-bg-production
. -
Set the
canary-backend-blue
backend weight to 80 instead of 100:- Under Backends, find
canary-backend-blue
, click and select Edit. - In the Weight field, specify
80
. - Click Save.
- Under Backends, find
-
Similarly, set the
canary-backend-green
backend weight to 20 instead of 0. -
Click Save.
-
Set the
canary-backend-blue
backend weight to 80 instead of 100:yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-blue \ --weight 80
Result:
done (1s) id: ds7l9puc18c9******** name: canary-bg-production folder_id: b1g9hv2loamq******** http: backends: - name: canary-backend-blue backend_weight: "80" storage_bucket: bucket: <blue_bucket_name> created_at: "2021-11-03T10:28:47.680825561Z"
For more information about the
yc alb backend-group update-http-backend
command, see the CLI reference. -
Set the
canary-backend-green
backend weight to 20 instead of 0:yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-green \ --weight 20
Result:
done (1s) id: ds7l9puc18c9******** name: canary-bg-production folder_id: b1g9hv2loamq******** http: backends: - name: canary-backend-green backend_weight: "20" storage_bucket: bucket: <green_bucket_name> created_at: "2021-11-03T10:28:47.680825561Z"
Use the BackendGroupService/UpdateBackend gRPC API call or the updateBackend REST API method.
-
-
Open
https://cdn.yandexcloud.example/index.html
in your browser several times. In about 20% of cases, you should see a page indicating version 2, in the other cases, version 1. -
Similarly to steps 1–2, configure and check the following traffic allocations between the backends:
- In the
canary-bg-production
backend group: 50% of traffic to each one of the two backends. - In the
canary-bg-production
backend group: All traffic goes tocanary-backend-green
. - In the
canary-bg-staging
backend group (cdn-staging.yandexcloud.example
domain name): All traffic goes tocanary-backend-blue
.
- In the
-
Re-enable caching:
Management consoleAPI- In the management console
, selectexample-folder
. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Caching tab.
- Click Edit.
- Enable CDN caching.
- Click Save.
- Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
- Enable caching using the ResourceService/Update gRPC API call or the list REST API method.
- In the management console
Blue-green deployment for rolling back to version 1
-
Disable caching of the CDN resource and delete
index.html
from the cache:Management consoleAPI- In the management console
, selectexample-folder
. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Caching tab.
- Click Edit.
- Disable the CDN caching option.
- Click Save.
- Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
- Disable caching using the ResourceService/Update gRPC API call or the list REST API method.
- In the management console
-
Delete
index.html
from the cache:Management consoleYandex Cloud CLIAPI- In the management console
, selectexample-folder
. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Content tab.
- Click Purge cache.
- In the Purge type field, select
Selective
. - Enter the path to the uploaded file:
/index.html
. - Click Purge cache.
-
Get the ID of the CDN resource that you created:
yc cdn resource list
Result:
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+ | ID | CNAME | CREATED AT | UPDATED AT | ACTIVE | OPTIONS | +----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+ | bc837xptmpkh******** | cdn.yandexcloud.example | seconds:1637235693 | seconds:1637235693 | true | edge_cache_settings:{enabled:true | | | | nanos:434085000 | nanos:434115000 | | default_value:345600} | | | | | | | cache_http_headers:{value:"accept-ranges" | | | | | | | value:"cache-control" value:"connection" | | | | | | | value:"content-encoding" | | | | | | | value:"content-length" | | | | | | | value:"content-type" | | | | | | | value:"date" value:"etag" | | | | | | | value:"expires" value:"keep-alive" | | | | | | | value:"last-modified" value:"server" | | | | | | | value:"vary"} stale:{enabled:true | | | | | | | value:"error" value:"updating"} | | | | | | | allowed_http_methods:{value:"GET" | | | | | | | value:"POST" value:"HEAD" | | | | | | | value:"OPTIONS"} | +----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
-
Delete the file from the cache:
yc cdn cache purge \ --resource-id <CDN_resource_ID> \ --path "/index.html"
- Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
- Delete
index.html
from the cache using the CacheService/Purge gRPC API call or the purge method.
- In the management console
-
Reroute all traffic from the
cdn.yandexcloud.example
domain name back to thecanary-backend-blue
backend running version 1:Management consoleYandex Cloud CLIAPI-
In the management console
, selectexample-folder
. -
In the list of services, select Application Load Balancer.
-
In the left-hand panel, select
Backend groups. -
Select
canary-bg-production
. -
Set the
canary-backend-blue
backend weight to 100 instead of 0:- Under Backends, find
canary-backend-blue
, click and select Edit. - In the Weight field, specify
100
. - Click Save.
- Under Backends, find
-
Similarly, set the
canary-backend-green
backend weight to 0 instead of 100. -
Click Save.
-
Set the
canary-backend-blue
backend weight to 100 instead of 0:yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-blue \ --weight 100
Result:
done (1s) id: ds7l9puc18c9******** name: canary-bg-production folder_id: b1g9hv2loamq******** http: backends: - name: canary-backend-blue backend_weight: "100" storage_bucket: bucket: <blue_bucket_name> created_at: "2021-11-03T10:28:47.680825561Z"
-
Set the
canary-backend-green
backend weight to 0 instead of 100:yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-green \ --weight 0
Result:
done (1s) id: ds7l9puc18c9******** name: canary-bg-production folder_id: b1g9hv2loamq******** http: backends: - name: canary-backend-green backend_weight: "0" storage_bucket: bucket: <green_bucket_name> created_at: "2021-11-03T10:28:47.680825561Z"
Use the BackendGroupService/UpdateBackend gRPC API call or the updateBackend REST API method.
-
-
Open
https://cdn.yandexcloud.example/index.html
in your browser several times. In all other cases, you should see a page indicating version 1. -
Same as in steps 1–2, switch all traffic from
cdn-staging.yandexcloud.example
to thecanary-backend-green
backend running version 2 and check the switchover in your browser. -
Re-enable caching:
Management consoleAPI- In the management console
, selectexample-folder
. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Caching tab.
- Click Edit.
- Enable CDN caching.
- Click Save.
- Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
- Enable caching using the ResourceService/Update gRPC API call or the list REST API method.
- In the management console
How to delete the resources you created
To shut down the infrastructure and stop paying for the resources you created:
- If you had set up CNAME records in Cloud DNS, delete
canary-dns-zone
. - Delete the CDN resource with
cdn.yandexcloud.example
as the primary domain name. - Delete the
canary-balancer
L7 load balancer. - Delete all objects from the blue and green buckets.
- Delete the blue and green buckets.
- Delete the
canary-subnet-ru-central1-a
,canary-subnet-ru-central1-b
, andcanary-subnet-ru-central1-d
subnets. - Delete
canary-network
.