Enabling blue-green and canary deployment of web service versions

Written by

Updated at May 7, 2025

Supported tools
Get your cloud ready
- Required paid resources
Add a certificate to Certificate Manager
Create a cloud network and subnets
Create buckets in Object Storage
Upload the files of your service to the buckets
Create a security group
Create Application Load Balancer backend groups
Create an HTTP router and virtual hosts
Create an L7 load balancer
Create a CDN resource
Configure DNS for the service
Test the service and version switching
How to delete the resources you created

Configure your web service architecture to switch between versions using the commonly adopted deployment models: blue-green deployment and canary deployment.

Both models use two backends: a blue and a green one. First, you deploy a stable version generally available to users on one backend, e.g., the blue one. Then you use the other backend, the green one, to test the next version. When the testing is complete, the backends will switch roles:

With a blue-green deployment, all user traffic switches from one backend to the other right away.
In a canary deployment, the traffic switches gradually, starting with some of the users.

After that, the green backend becomes the primary one, and you can use the blue backend to test your next version. As long as your previous version runs on the blue backend, you can roll the service back to it by switching the backends back.

In this tutorial, we will use Yandex Object Storage buckets as backends with a Yandex Application Load Balancer-enabled L7 load balancer switching traffic between them. User requests are transmitted to the load balancer via the Yandex Cloud CDN content delivery network that reduces content delivery time.

As examples, we are going to use these domain names: cdn.yandexcloud.example and cdn-staging.yandexcloud.example.

You can use various supported tools to perform these steps.

To build an architecture for a blue-green and canary deployment:

If you no longer need the resources you created, delete them.

Supported tools

You can complete most of the steps in the tutorial using any standard tool, such as the management console, Yandex Cloud and AWS CLIs, Terraform, and the Yandex Cloud API. Each step lists its respective supported tools.

Some steps do not support certain tools:

Currently, you cannot use CLIs and Terraform to:
- Create an Application Load Balancer backend group with buckets as backends.
- Get the domain name of a CDN load balancer when configuring DNS for the service.
- Disable and enable caching of a CDN resource when running a health check and testing version switching.
Currently, you cannot get the domain name of a CDN load balancer through the API when configuring DNS for the service.

Get your cloud ready

Navigate to the management console and log in to Yandex Cloud or register a new account.
On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

We will use a folder named example-folder as an example.

Required paid resources

The infrastructure support costs include:

Fee for data storage in Object Storage, data operations, and outgoing traffic (see Object Storage pricing).
Fee for using computing resources of the L7 load balancer (see Application Load Balancer pricing).
Fee for outgoing traffic from CDN servers (see Cloud CDN pricing).
Fee for public DNS queries and DNS zones if using Yandex Cloud DNS (see Cloud DNS pricing).

Add a certificate to Certificate Manager

Certificates from Yandex Certificate Manager are supported. You can issue a new Let's Encrypt® certificate or upload one of your own.

The certificate must be located in the same folder as your CDN resource.

For a Let's Encrypt® certificate, have your rights checked for the domain specified in the certificate.

Create a cloud network and subnets

All resources belong to the same cloud network.

Management console

Yandex Cloud CLI

Terraform

API

In the management console, select example-folder.
From the list of services, select Virtual Private Cloud.
At the top right, click Create network.
In the Name field, specify canary-network.
In the Advanced field, select Create subnets.
Click Create network.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

Create a network named canary-network:

yc vpc network create canary-network

Result:

id: enptrcle5q3d********
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T09:25:03Z"
name: canary-network
default_security_group_id: enpbsnnop4ak********

For more information about the yc vpc network create command, see the CLI reference.

Create subnets in all availability zones:

ru-central1-a:

yc vpc subnet create canary-subnet-ru-central1-a \
  --zone ru-central1-a \
  --network-name canary-network \
  --range 10.1.0.0/16

Result:

id: e9bnnssj8sc8********
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T09:27:00Z"
name: canary-subnet-ru-central1-a
network_id: enptrcle5q3d********
zone_id: ru-central1-a
v4_cidr_blocks:
- 10.1.0.0/16

ru-central1-b:

yc vpc subnet create canary-subnet-ru-central1-b \
  --zone ru-central1-b \
  --network-name canary-network \
  --range 10.2.0.0/16

Result:

id: e2lghukd9iqo********
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T09:27:39Z"
name: canary-subnet-ru-central1-b
network_id: enptrcle5q3d********
zone_id: ru-central1-b
v4_cidr_blocks:
- 10.2.0.0/16

ru-central1-d:

yc vpc subnet create canary-subnet-ru-central1-d \
  --zone ru-central1-d \
  --network-name canary-network \
  --range 10.3.0.0/16

Result:

id: b0c3pte4o2kn********
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T09:28:08Z"
name: canary-subnet-ru-central1-d
network_id: enptrcle5q3d********
zone_id: ru-central1-d
v4_cidr_blocks:
- 10.3.0.0/16

For more information about the yc vpc subnet create command, see the CLI reference.

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

In the configuration file, describe the network parameters for canary-network and its canary-subnet-ru-central1-a, canary-subnet-ru-central1-b, and canary-subnet-ru-central1-d subnets:

resource "yandex_vpc_network" "canary-network" {
  name = "canary-network"
}

resource "yandex_vpc_subnet" "canary-subnet-a" {
  name           = "canary-subnet-ru-central1-a"
  zone           = "ru-central1-a"
  network_id     = "${yandex_vpc_network.canary-network.id}"
  v4_cidr_blocks = ["10.1.0.0/16"]
}

resource "yandex_vpc_subnet" "canary-subnet-b" {
  name           = "canary-subnet-ru-central1-b"
  zone           = "ru-central1-b"
  network_id     = "${yandex_vpc_network.canary-network.id}"
  v4_cidr_blocks = ["10.2.0.0/16"]
}

resource "yandex_vpc_subnet" "canary-subnet-d" {
  name           = "canary-subnet-ru-central1-d"
  zone           = "ru-central1-d"
  network_id     = "${yandex_vpc_network.canary-network.id}"
  v4_cidr_blocks = ["10.3.0.0/16"]
}

For more information, see the descriptions of the yandex_vpc_network and yandex_vpc_subnet resources in the Terraform documentation.

Make sure the configuration files are correct.
1. In the command line, navigate to the directory where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If you described the configuration correctly, the terminal will display a list of the resources being created and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy the cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources.

Create canary-network using the NetworkService/Create gRPC API call or the create REST API method.
Create canary-subnet-ru-central1-a, canary-subnet-ru-central1-b, and canary-subnet-ru-central1-d in the three availability zones using the SubnetService/Create gRPC API call or the REST API create method.

Create buckets in Object Storage

Management console

AWS CLI

Terraform

API

In the management console, select example-folder.
From the list of services, select Object Storage.
Create a blue bucket for the backend’s stable version:
1. At the top right, click Create bucket.
2. In the ** Name** field, enter a name for the bucket.
3. In the Object read access and Object listing access fields, select Public.
4. Click Create bucket.
Similarly, create a green bucket for the backend test version.

Create a blue bucket for the backend’s stable version:

aws --endpoint-url https://storage.yandexcloud.net \
  s3 mb s3://<blue_bucket_name>

Result:

make_bucket: s3://<blue_bucket_name>

Enable public access to reading objects and their list:

aws --endpoint-url https://storage.yandexcloud.net \
  s3api put-bucket-acl \
  --bucket <blue_bucket_name> \
  --acl public-read

Similarly, create a green bucket for the backend test version and enable public access to it.

Note

Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin, for the folder where you are going to create resources.

Describe the parameters for creating a service account and access key in the configuration file:

...
// Creating a service account
resource "yandex_iam_service_account" "sa" {
  name = "<service_account_name>"
}

// Assigning a role to a service account
resource "yandex_resourcemanager_folder_iam_member" "sa-admin" {
  folder_id = "<folder_ID>"
  role      = "storage.admin"
  member    = "serviceAccount:${yandex_iam_service_account.sa.id}"
}

// Creating a static access key
resource "yandex_iam_service_account_static_access_key" "sa-static-key" {
  service_account_id = yandex_iam_service_account.sa.id
  description        = "static access key for object storage"
}

Add the parameters of the blue (backend’s stable version) and green (backend’s test version) buckets to the configuration file:

...

resource "yandex_storage_bucket" "canary-bucket-blue" {
  access_key = yandex_iam_service_account_static_access_key.sa-static-key.access_key
  secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key
  bucket     = "<blue_bucket_name>"
  acl        = "public-read"
}

resource "yandex_storage_bucket" "canary-bucket-green" {
  access_key = yandex_iam_service_account_static_access_key.sa-static-key.access_key
  secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key
  bucket     = "<green_bucket_name>"
  acl        = "public-read"
}

For more information about the yandex_storage_bucket resource, see the Terraform documentation.

Make sure the configuration files are correct.
1. In the command line, navigate to the directory where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If you described the configuration correctly, the terminal will display a list of the resources being created and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy the cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources.

Use the create REST API method.

Upload the files of your service to the buckets

Create two files, both named index.html. They will represent two service versions: version 1 and version 2.

Example of the index.html file, version 1

<!DOCTYPE html>
<html>
  <head>
    <title>Version 1</title>
  </head>
  <body>
    <p>Version 1 is working</p>
  </body>
</html>

Example of the index.html file, version 2

<!DOCTYPE html>
<html>
  <head>
    <title>Version 2</title>
  </head>
  <body>
    <p>Version 2 is working</p>
  </body>
</html>

Upload the files to the buckets:
Management console

AWS CLI

Terraform

API
1. In the management console, select example-folder.
2. From the list of services, select Object Storage.
3. Select the blue bucket.
4. Click Upload and select index.html version 1 for uploading.
5. Similarly, upload index.html version 2 to the green bucket.
1. Upload index.html version 1 to the blue bucket:
  aws --endpoint-url https://storage.yandexcloud.net \ s3 cp v1/index.html s3://<blue_bucket_name>/index.html
  Result:
  upload: v1/index.html to s3://<blue_bucket_name>/index.html
2. Upload index.html version 2 to the green bucket:
  aws --endpoint-url https://storage.yandexcloud.net \ s3 cp v2/index.html s3://<green_bucket_name>/index.html
  Result:
  upload: v2/index.html to s3://<green_bucket_name>/index.html
1. Add to the configuration file the parameters of the v1/index.html and v2/index.html files uploaded to the blue and green buckets, respectively:
  ... resource "yandex_storage_object" "canary-bucket-blue-index" { bucket = "<blue_bucket_name>" key = "index.html" source = "v1/index.html" } resource "yandex_storage_bucket" "canary-bucket-green-index" { bucket = "<green_bucket_name>" key = "index.html" source = "v2/index.html" }
  For more information about the yandex_storage_object resource, see the Terraform documentation.
2. Make sure the configuration files are correct.
  1. In the command line, navigate to the directory where you created the configuration file.
  2. Run a check using this command:
    
    terraform plan
  If you described the configuration correctly, the terminal will display a list of the resources being created and their parameters. If the configuration contains any errors, Terraform will point them out.
3. Deploy the cloud resources.
  1. If the configuration does not contain any errors, run this command:
    
    terraform apply
  2. Confirm creating the resources.
Use the upload REST API method.

Create a security group

Security groups contain rules that allow the L7 load balancer to receive ingoing traffic and send it to backend buckets.

To create security groups:

Management console

Yandex Cloud CLI

Terraform

API

In the management console, select Virtual Private Cloud.
In the left-hand panel, select Security groups.
At the top right, click Create security group.
In the Name field, specify canary-sg.
In the Network field, select canary-network.

Under Rules, create the following rules using the instructions below the table:

Traffic direction	Description	Port range	Protocol	Source / target	CIDR blocks
`Outgoing`	`any`	`All`	`Any`	`CIDR`	`0.0.0.0/0`
`Incoming`	`ext-http`	`80`	`TCP`	`CIDR`	`0.0.0.0/0`
`Incoming`	`ext-https`	`443`	`TCP`	`CIDR`	`0.0.0.0/0`
`Incoming`	`healthchecks`	`30080`	`TCP`	`Load balancer healthchecks`	—

Navigate to the Egress or Ingress tab.
Click Add.
In the Port range field of the window that opens, specify a single port or a port range for traffic to come to or from.
In the Protocol field, specify the required protocol or leave Any.
In the Destination name or Source field, select the rule purpose:
- CIDR: Rule will apply to the range of IP addresses. In the CIDR blocks field, specify the CIDR and subnet masks that traffic will come to or from. To add multiple CIDRs, click Add.
- Load balancer healthchecks: Rule allowing a load balancer to health-check VMs.
Click Save. Repeat these steps to create all rules from the table.

Click Save.

Run the following command:

yc vpc security-group create canary-sg \
  --network-name canary-network \
  --rule direction=egress,port=any,protocol=any,v4-cidrs=[0.0.0.0/0] \
  --rule direction=ingress,port=80,protocol=tcp,v4-cidrs=[0.0.0.0/0] \
  --rule direction=ingress,port=443,protocol=tcp,v4-cidrs=[0.0.0.0/0] \
  --rule direction=ingress,port=30080,protocol=tcp,predefined=loadbalancer_healthchecks

Result:

id: enpd133ngcnr********
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T10:26:16Z"
name: canary-sg
network_id: enptrcle5q3d********
status: ACTIVE
rules:
- id: enpkgrpi2gsi********
  direction: EGRESS
  protocol_name: ANY
  protocol_number: "-1"
  cidr_blocks:
    v4_cidr_blocks:
    - 0.0.0.0/0
- id: enpgssij0i16********
  direction: INGRESS
  ports:
    from_port: "80"
    to_port: "80"
  protocol_name: TCP
  protocol_number: "6"
  cidr_blocks:
    v4_cidr_blocks:
    - 0.0.0.0/0
- id: enp0bft67j9l********
  direction: INGRESS
  ports:
    from_port: "443"
    to_port: "443"
  protocol_name: TCP
  protocol_number: "6"
  cidr_blocks:
    v4_cidr_blocks:
    - 0.0.0.0/0
- id: enpmorcimu65********
  direction: INGRESS
  ports:
    from_port: "30080"
    to_port: "30080"
  protocol_name: TCP
  protocol_number: "6"
  predefined_target: loadbalancer_healthchecks

For more information about the yc vpc security-group create command, see the CLI reference.

Add the canary-sg security group parameters to the configuration file:

resource "yandex_vpc_security_group" "canary-sg" {
  name       = "canary-sg"
  network_id = yandex_vpc_network.canary-network.id

  egress {
    protocol       = "ANY"
    port           = "ANY"
    v4_cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol       = "TCP"
    port           = 80
    v4_cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol       = "TCP"
    port           = 443
    v4_cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol          = "TCP"
    port              = 30080
    predefined_target = "loadbalancer_healthchecks"
  }
}

For more information about resource parameters in Terraform, see the appropriate documentation.

Make sure the configuration files are correct.
1. In the command line, navigate to the directory where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If you described the configuration correctly, the terminal will display a list of the resources being created and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy the cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources.

Use the SecurityGroupService/Create gRPC API call or the create REST API method.

To add a rule for load balancer health checks, use the loadbalancer_healthchecks parameter in the SecurityGroupRuleSpec.target.predefined_target field for the gRPC API or the predefinedTarget field for the REST API.

Create Application Load Balancer backend groups

Management console

API

Create a backend group named canary-bg-production with canary-backend-blue and canary-backend-green:
1. In the management console, select example-folder.
2. From the list of services, select Application Load Balancer.
3. In the left-hand panel, select Backend groups.
4. At the top right, click Create backend group.
5. In the Name field, specify canary-bg-production.
6. Create a backend named canary-backend-blue:
  1. Under Backends, click Add.
  2. In the Name field, specify canary-backend-blue.
  3. In the Weight field, specify 100.
  4. In the Type field, select Bucket.
  5. Select the blue bucket in the Bucket field.
7. Create a backend named canary-backend-green:
  1. Under Backends, click Add.
  2. In the Name field, specify canary-backend-green.
  3. In the Weight field, specify 0.
  4. In the Type field, select Bucket.
  5. In the Bucket field, select the green bucket .
8. Click Create.
Similarly, create a backend group named canary-bg-staging. Set the canary-backend-blue weight to 0 and the canary-backend-green weight to 100.

If you are going to complete the next steps in Terraform, copy the IDs of the canary-bg-production and canary-bg-staging backend groups from the Backend groups tab.

Use the BackendGroupService/Create gRPC API call or the create REST API method.

Create an HTTP router and virtual hosts

Management console

Yandex Cloud CLI

Terraform

API

In the management console, select example-folder.
From the list of services, select Application Load Balancer.
In the left-hand panel, select HTTP routers.
At the top right, click Create HTTP router.
In the Name field, specify canary-router.
Create a virtual host named canary-vh-production:
1. Under Virtual hosts, click Add virtual host.
2. In the Name field, specify canary-vh-production.
3. In the Authority field, specify cdn.yandexcloud.example.
4. Click Add route.
5. In the Name field, specify canary-route-production.
6. In the Path field, select Starts with and specify the / path.
7. From the HTTP methods list, select GET.
8. In the Action field, keep Routing.
9. From the Backend group list, select canary-bg-production.
Create a virtual host named canary-vh-staging:
- Name: canary-vh-production
- Authority: cdn-staging.yandexcloud.example
- Route Name: canary-route-staging
- Backend group: canary-bg-staging
- The other parameters are the same as for canary-vh-production
Click Create.

Create an HTTP router named canary-router:

yc alb http-router create canary-router

Result:

id: ds7qd0vj01dj********
name: canary-router
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T10:31:41.027649223Z"

For more information about the yc alb http-router create command, see the CLI reference.

Create a canary-vh-production virtual host:

yc alb virtual-host create canary-vh-production \
  --http-router-name canary-router \
  --authority cdn.yandexcloud.example

Result:

done (1s)
name: canary-vh-production
authority:
- cdn.yandexcloud.example

For more information about the yc alb virtual-host create command, see the CLI reference.

Create a canary-route-production route in the canary-vh-production virtual host:

yc alb virtual-host append-http-route canary-route-production \
  --http-router-name canary-router \
  --virtual-host-name canary-vh-production \
  --prefix-path-match "/" \
  --backend-group-name canary-bg-production

Result:

done (1s)
name: canary-vh-production
authority:
- cdn.yandexcloud.example
routes:
- name: canary-route-production
  http:
    match:
      path:
        prefix_match: /
    route:
      backend_group_id: ds7pbm5fj2v0********

For more information about the yc alb virtual-host append-http-route command, see the CLI reference.

Create a canary-vh-staging virtual host:

yc alb virtual-host create canary-vh-staging \
  --http-router-name canary-router \
  --authority cdn-staging.yandexcloud.example

Result:

done (1s)
name: canary-vh-staging
authority:
- cdn-staging.yandexcloud.example

Create a route named canary-route-staging in the canary-vh-staging virtual host:

yc alb virtual-host append-http-route canary-route-staging \
  --http-router-name canary-router \
  --virtual-host-name canary-vh-staging \
  --prefix-path-match "/" \
  --backend-group-name canary-bg-staging

Result:

done (1s)
name: canary-vh-staging
authority:
- cdn-staging.yandexcloud.example
routes:
- name: canary-route-staging
  http:
    match:
      path:
        prefix_match: /
    route:
      backend_group_id: ds765atleota********

Add to the configuration file the parameters of the canary-router HTTP router, its virtual hosts, and routes:

...

resource "yandex_alb_http_router" "canary-router" {
  name = "canary-router"
}

resource "yandex_alb_virtual_host" "canary-vh-production" {
  name           = "canary-vh-production"
  http_router_id = ${yandex_alb_http_router.canary-router.id}
  authority      = "cdn.yandexcloud.example"

  route {
    name = "canary-route-production"
    http_route {
      http_route_action {
        backend_group_id = "<canary-bg-production_backend_group_ID>"
      }
    }
  }  
}

resource "yandex_alb_virtual_host" "canary-vh-staging" {
  name           = "canary-vh-staging"
  http_router_id = ${yandex_alb_http_router.canary-router.id}
  authority      = "cdn-staging.yandexcloud.example"

  route {
    name = "canary-route-staging"
    http_route {
      http_route_action {
        backend_group_id = "<canary-bg-staging_backend_group_ID>"
      }
    }
  }  
}

For more information, see the description of the yandex_alb_http_router and yandex_alb_virtual_host resources in the Terraform documentation.

Make sure the configuration files are correct.
1. In the command line, navigate to the directory where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If you described the configuration correctly, the terminal will display a list of the resources being created and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy the cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources.

Create an HTTP router named canary-router using the HttpRouterService/Create gRPC API call or the create REST API method.
Create the canary-vh-production and canary-vh-staging virtual hosts linked to the router and their routes using the VirtualHostService/Create gRPC API call or the create REST API method.

Create an L7 load balancer

Management console

Yandex Cloud CLI

Terraform

API

In the management console, select example-folder.
From the list of services, select Application Load Balancer.
At the top right, click Create L7 load balancer.
In the Name field, specify canary-balancer.
Under Network settings:
1. In the Network field, select canary-network.
2. In the Security groups field, select canary-sg. If you leave this field blank, any incoming and outgoing traffic will be allowed for the load balancer.
Under Allocation, select the three subnets for the load balancer nodes (canary-subnet-ru-central1-a, canary-subnet-ru-central1-b, and canary-subnet-ru-central1-d) and enable traffic to these subnets.
Under Listeners, click Add listener and set up the listener:
1. In the Name field, specify canary-listener.
2. Under Public IP address:
  - In the Port field, specify 80.
  - In the Type field, select Automatically.
3. In the HTTP router field, select canary-router.
Click Create.

Get the subnet IDs for canary-network:

yc vpc network list-subnets canary-network

Result:

+----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+
|          ID          |            NAME             |      FOLDER ID       |      NETWORK ID      | ROUTE TABLE ID |     ZONE      |     RANGE     |
+----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+
| e9bnnssj8sc8******** | canary-subnet-ru-central1-d | b1g9hv2loamq******** | enptrcle5q3d******** |                | ru-central1-d | [10.1.0.0/16] |
| e2lghukd9iqo******** | canary-subnet-ru-central1-b | b1g9hv2loamq******** | enptrcle5q3d******** |                | ru-central1-b | [10.2.0.0/16] |
| b0c3pte4o2kn******** | canary-subnet-ru-central1-a | b1g9hv2loamq******** | enptrcle5q3d******** |                | ru-central1-a | [10.3.0.0/16] |
+----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+

For more information about the yc vpc network list-subnets command, see the CLI reference.

Get the canary-sg security group ID:
```
yc vpc security-group get canary-sg | grep "^id"
```
Result:
```
id: enpd133ngcnr********
```
For more information about the yc vpc security-group get command, see the CLI reference.

Create a load balancer named canary-balancer:

yc alb load-balancer create canary-balancer \
  --network-name canary-network \
  --security-group-id <canary-sg_security_group_ID> \
  --location zone=ru-central1-a,subnet-id=<canary-subnet-ru-central1-a_subnet_ID> \
  --location zone=ru-central1-b,subnet-id=<canary-subnet-ru-central1-b_subnet_ID> \
  --location zone=ru-central1-d,subnet-id=<canary-subnet-ru-central1-d_subnet_ID>

Result:

done (3m0s)
id: ds77q7v39b4u********
name: canary-balancer
folder_id: b1g9hv2loamq********
status: ACTIVE
region_id: ru-central1
network_id: enptrcle5q3d********
allocation_policy:
  locations:
  - zone_id: ru-central1-d
    subnet_id: b0c3pte4o2kn********
  - zone_id: ru-central1-b
    subnet_id: e2lghukd9iqo********
  - zone_id: ru-central1-a
    subnet_id: e9bnnssj8sc8********
log_group_id: ckg23vr4dlks********
security_group_ids:
- enpd133ngcnr********
created_at: "2021-11-03T10:55:49.134935148Z"

For more information about the yc alb load-balancer create command, see the CLI reference.

Add a listener to the load balancer:

yc alb load-balancer add-listener \
  --name canary-balancer \
  --listener-name canary-listener \
  --external-ipv4-endpoint port=80 \
  --http-router-name canary-router

Result:

done (43s)
id: ds77q7v39b4u********
name: canary-balancer
folder_id: b1g9hv2loamq********
status: ACTIVE
region_id: ru-central1
network_id: enptrcle5q3d********
listeners:
- name: canary-listener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 84.252.133.149
    ports:
    - "80"
  http:
    handler:
      http_router_id: ds7qd0vj01dj********
allocation_policy:
  locations:
  - zone_id: ru-central1-d
    subnet_id: b0c3pte4o2kn********
  - zone_id: ru-central1-b
    subnet_id: e2lghukd9iqo********
  - zone_id: ru-central1-a
    subnet_id: e9bnnssj8sc8********
log_group_id: ckg23vr4dlks********
security_group_ids:
- enpd133ngcnr********
created_at: "2021-11-03T10:55:49.134935148Z"

For more information about the yc alb load-balancer add-listener command, see the CLI reference.

Add the parameters of the canary-balancer L7 load balancer to the configuration file:

...

resource "yandex_alb_load_balancer" "canary-balancer" {
  name               = "canary-balancer"
  network_id         = ${yandex_vpc_network.canary-network.id}
  security_group_ids = [ ${yandex_vpc_security_group.canary-sg.id} ]

  allocation_policy {
    location {
      zone_id   = "ru-central1-a"
      subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-a.id}
    }

    location {
      zone_id   = "ru-central1-b"
      subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-b.id}
    }

    location {
      zone_id   = "ru-central1-d"
      subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-d.id}
    }
  }

  listener {
    name = "canary-listener"
    endpoint {
      address {
        external_ipv4_address {
        }
      }
      ports = [80]
    }
    http {
      handler {
        http_router_id = ${yandex_alb_http_router.canary-router.id}
      }
    }
  }
}

For more information about the yandex_alb_load_balancer resource, see the Terraform documentation.

Make sure the configuration files are correct.
1. In the command line, navigate to the directory where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If you described the configuration correctly, the terminal will display a list of the resources being created and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy the cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources.

Use the LoadBalancerService/Create gRPC API call or the create REST API method.

Create a CDN resource

Management console

Yandex Cloud CLI

Terraform

API

In the management console, select example-folder.
From the list of services, select Cloud CDN.
If the CDN provider is not activated yet, click Activate provider. A connection will be established automatically.

If you do not see the Activate provider button and you can create resources and origin groups, it means that the provider is already activated. Proceed to the next step.
Create a CDN resource:
1. At the top right, click Create resource.
2. Configure the basic settings of the CDN resource:
  - Content query: From one origin.
  - Origin type: L7 load balancer.
  - L7 load balancer: canary-balancer.
  - IP address: IP address assigned to the load balancer (the only one in the list).
  - Under Domain names for content distribution:
    - In the Domain name field, specify cdn.yandexcloud.example.
    - Click Add domain name and specify cdn-staging.yandexcloud.example.
    Alert
    
    The first domain name, cdn.yandexcloud.example, will become the primary one, and you will not be able to edit it after you create a CDN resource.
  - Under Additional settings:
    - In the Origin request protocol field, select HTTP.
    - In the Redirect clients field, select Don't use.
    - Select End-user access to content.
    - In the Certificate type field, specify Use from Certificate Manager and select a certificate for the cdn.yandexcloud.example and cdn-staging.yandexcloud.example domain names.
    - In the Host header field, select Match client.
3. Click Create.
Enable a client redirect from HTTP to HTTPS:
1. Select the resource you created earlier.
2. Make sure the certificate status under Additional settings switches to Issued.
3. At the top right, click Edit.
4. Under Additional settings, select HTTP to HTTPS in the Redirect clients field.
5. Click Save.
Enable caching on CDN servers for the resource:
1. Select the resource you created earlier.
2. Navigate to Caching.
3. At the top right, click Edit.
4. Enable CDN caching.
5. Click Save.

If the CDN provider has not been activated yet, run this command:
```
yc cdn provider activate --folder-id <folder_ID> --type gcore
```

Create an origin group named canary-origin-group by indicating the IP address of the load balancer:

yc cdn origin-group create --name "canary-origin-group" \
  --origin source=<load_balancer_IP_address>:80,enabled=true

Result:

id: "90748"
folder_id: b1geoelk7fld********
name: canary-origin-group
use_next: true
origins:
- id: "562449"
  origin_group_id: "90748"
  source: 51.250.10.216:80
  enabled: true

For more information about the yc cdn origin-group create command, see the CLI reference.

Copy origin_group_id from the previous step and create a CDN resource by running this command:

yc cdn resource create \
  --cname cdn.yandexcloud.example \
  --origin-group-id <origin_group_ID> \
  --secondary-hostnames cdn-staging.yandexcloud.example \
  --origin-protocol http \
  --cert-manager-ssl-cert-id <certificate_ID> \
  --forward-host-header

Result:

id: bc843k2yinvq********
folder_id: b1ge1elk72ld********
cname: cdn.yandexcloud.example
...
active: true
...
...
secondary_hostnames:
- cdn-staging.yandexcloud.example
...

For more information about the yc cdn resource create command, see the CLI reference.

Enable a client redirect for a resource:

yc cdn resource update <resource_ID> --redirect-http-to-https

Add the parameters of the CDN resources to the configuration file:

...

resource "yandex_cdn_origin_group" "my_group" {
  name     = "canary-origin-group"
  use_next = true
  origin {
   source = "<load_balancer_IP_address>:80"
   backup = false
  }
}

resource "yandex_cdn_resource" "my_resource" {

    cname               = "cdn.yandexcloud.example"
    active              = true
    origin_protocol     = "http"
    secondary_hostnames = ["cdn-staging.yandexcloud.example"]
    origin_group_id     = yandex_cdn_origin_group.my_group.id
    ssl_certificate {
      type                   = "certificate_manager"
      certificate_manager_id = "<certificate_ID>"
    }
    options {
        edge_cache_settings    = "345600"
        browser_cache_settings = "1800"
        ignore_cookie          = true
        ignore_query_params    = false
    }

}

For more information, see the description of the yandex_cdn_origin_group and yandex_cdn_resource resources in the Terraform documentation.

Make sure the configuration files are correct.
1. In the command line, navigate to the directory where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If you described the configuration correctly, the terminal will display a list of the resources being created and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy the cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources by typing yes in the terminal and pressing Enter.
This will create all the resources you need in the specified folder. You can check the new resources and their settings using the management console.
Enable a client redirect for a resource. In the CDN resource parameters, add this field at the top of the options section:
```
...
options {
  redirect_https_to_http = true
...
```
Run a check using this command:
```
terraform plan
```
If the configuration is described correctly, the terminal will display a list of updated resources and their parameters. If the configuration contains any errors, Terraform will point them out.
If there are no errors, run this command:
```
terraform apply
```
Confirm the resource update by typing yes in the terminal and pressing Enter.

This enables a redirect for the resource.

Use the ResourceService/Create gRPC API call or the create REST API method.

Configure DNS for the service

The cdn.yandexcloud.example and cdn-staging.yandexcloud.example domain names must be linked to the CDN resource using DNS records.

To configure DNS:

Get the domain name of the CDN load balancer:
Management console
1. In the management console, select example-folder.
2. From the list of services, select Cloud CDN.
3. From the list of CDN resources, select the resource with cdn.yandexcloud.example as its primary domain name.
4. From DNS settings at the bottom of the page, copy the domain name in cl-********.edgecdn.ru format.
On your DNS hosting provider’s website, navigate to the DNS settings.
Create or edit CNAME records for cdn.yandexcloud.example and cdn-staging.yandexcloud.example so they are pointing at the copied domain name:
```
cdn CNAME cl-********.edgecdn.ru
cdn-staging CNAME cl-********.edgecdn.ru 
```
Note

Do not use an ANAME resource record with domain names for content distribution; otherwise, the end user will get a response from a CDN server not linked to the user's geolocation. The response will always be the same for all users.

If you use Cloud DNS, follow this tutorial to configure the record:
Configuring DNS records for Cloud DNS
Management console

Yandex Cloud CLI

Terraform

API
In the management console, select Cloud DNS.

If you do not have a public DNS zone, create one:

Click Create zone.

In the Zone field, enter the website's domain name with a trailing dot: yandexcloud.example..

In the Type field, select Public.

In the Name field, specify canary-dns-zone.

Click Create.

Create a CNAME record for cdn.yandexcloud.example in the zone:

Select canary-dns-zone.

Click Create record.

In the Name field, specify cdn.

In the Type field, specify CNAME.

In the Data field, paste the copied value in cl-********.edgecdn.ru format.

Click Create.

Similarly, create a CNAME record for cdn-staging.yandexcloud.example in the same zone. In the Name field, specify cdn-staging.
If you do not have a public DNS zone, create one:

yc dns zone create \ --name canary-dns-zone \ --zone yandexcloud.example. \ --public-visibility

Result:

id: dns4rq4taddd******** folder_id: b1g9hv2loamq******** created_at: "2021-11-03T11:03:28.847Z" name: canary-dns-zone zone: yandexcloud.example. public_visibility: {}

For more information about the yc dns zone create command, see the CLI reference.

In the zone, create a CNAME record for cdn.yandexcloud.example and cdn-staging.yandexcloud.example with the copied value in cl-********.edgecdn.ru format:

yc dns zone add-records \ --name canary-dns-zone \ --record "cdn CNAME cl-********.edgecdn.ru" \ --record "cdn-staging CNAME cl-********.edgecdn.ru"

For more information about the yc dns zone add-records command, see the CLI reference.
Add the canary-dns-zone parameters and CNAME records to the configuration file:

... resource "yandex_dns_zone" "canary-dns-zone" { zone = "yandexcloud.example." name = "canary-dns-zone" public = true } resource "yandex_dns_recordset" "canary-recordset-production" { zone_id = ${yandex_dns_zone.canary-dns-zone.id} name = "cdn" type = "CNAME" data = ["<copied_value_in_cl-********.edgecdn.ru_format>"] } resource "yandex_dns_recordset" "canary-recordset-staging" { zone_id = ${yandex_dns_zone.canary-dns-zone.id} name = "cdn-staging" type = "CNAME" data = ["<copied_value_in_cl-********.edgecdn.ru_format>"] }

For more information, see the descriptions of the yandex_dns_zone and yandex_dns_recordset resources in the Terraform documentation.

Make sure the configuration files are correct.

In the command line, navigate to the directory where you created the configuration file.

Run a check using this command:

terraform plan

If you described the configuration correctly, the terminal will display a list of the resources being created and their parameters. If the configuration contains any errors, Terraform will point them out.

Deploy the cloud resources.

If the configuration does not contain any errors, run this command:

terraform apply

Confirm creating the resources.
Create a DNS zone named canary-dns-zone using the DnsZoneService/Create gRPC API call or the create REST API method.

Add the cdn and cdn-staging CNAME records to the zone with the copied value in cl-********.edgecdn.ru format using the DnsZoneService/UpdateRecordSets gRPC API call or the updateRecordSets REST API method.

A few hours might be needed to update DNS records on DNS servers. After that, you can check the health of the service.

Test the service and version switching

Check one

Check that cdn.yandexcloud.example is mapped to version 1 and cdn-staging.yandexcloud.example, to version 2:

Open https://cdn.yandexcloud.example/index.html in your browser. You should see a page indicating version 1.

Delete the index.html file from the CDN resource cache:

Management console

Yandex Cloud CLI

API

In the management console, select example-folder.
From the list of services, select Cloud CDN.
Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
Navigate to the Content tab.
Click Purge cache.
In the Purge type field, select Selective.
Enter the path to the uploaded file: /index.html.
Click Purge cache.

Get the ID of the CDN resource you created:

yc cdn resource list

Result:

+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
|          ID          |          CNAME           |           CREATED AT           |           UPDATED AT           | ACTIVE |                  OPTIONS                  |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
| bc837xptmpkh******** | cdn.yandexcloud.example  | seconds:1637235693             | seconds:1637235693             | true   | edge_cache_settings:{enabled:true         |
|                      |                          | nanos:434085000                | nanos:434115000                |        | default_value:345600}                     |
|                      |                          |                                |                                |        | cache_http_headers:{value:"accept-ranges" |
|                      |                          |                                |                                |        | value:"cache-control" value:"connection"  |
|                      |                          |                                |                                |        | value:"content-encoding"                  |
|                      |                          |                                |                                |        | value:"content-length"                    |
|                      |                          |                                |                                |        | value:"content-type"                      |
|                      |                          |                                |                                |        | value:"date" value:"etag"                 |
|                      |                          |                                |                                |        | value:"expires" value:"keep-alive"        |
|                      |                          |                                |                                |        | value:"last-modified" value:"server"      |
|                      |                          |                                |                                |        | value:"vary"} stale:{enabled:true         |
|                      |                          |                                |                                |        | value:"error" value:"updating"}           |
|                      |                          |                                |                                |        | allowed_http_methods:{value:"GET"         |
|                      |                          |                                |                                |        | value:"POST" value:"HEAD"                 |
|                      |                          |                                |                                |        | value:"OPTIONS"}                          |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+

For more information about the yc cdn resource list command, see the CLI reference.

Delete the file from the cache:
```
yc cdn cache purge \
  --resource-id <CDN_resource_ID> \
  --path "/index.html"
```
For more information about the yc cdn cache purge command, see the CLI reference.

Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
Delete index.html from the cache using the CacheService/Purge gRPC API call or the purge method.

Open https://cdn-staging.yandexcloud.example/index.html in your browser. You should see a page indicating version 2.

Canary deployment of version 2

Disable caching of the CDN resource and delete index.html from the cache:
Management console

API
1. In the management console, select example-folder.
2. From the list of services, select Cloud CDN.
3. Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
4. Navigate to the Caching tab.
5. Click Edit.
6. Disable the CDN caching option.
7. Click Save.
1. Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
2. Disable caching using the ResourceService/Update gRPC API call or the list REST API method.

Delete index.html from the cache:

Management console

Yandex Cloud CLI

API

In the management console, select example-folder.
From the list of services, select Cloud CDN.
Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
Navigate to the Content tab.
Click Purge cache.
In the Purge type field, select Selective.
Enter the path to the uploaded file: /index.html.
Click Purge cache.

Get the ID of the CDN resource you created:

yc cdn resource list

Result:

+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
|          ID          |          CNAME           |           CREATED AT           |           UPDATED AT           | ACTIVE |                  OPTIONS                  |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
| bc837xptmpkh******** | cdn.yandexcloud.example  | seconds:1637235693             | seconds:1637235693             | true   | edge_cache_settings:{enabled:true         |
|                      |                          | nanos:434085000                | nanos:434115000                |        | default_value:345600}                     |
|                      |                          |                                |                                |        | cache_http_headers:{value:"accept-ranges" |
|                      |                          |                                |                                |        | value:"cache-control" value:"connection"  |
|                      |                          |                                |                                |        | value:"content-encoding"                  |
|                      |                          |                                |                                |        | value:"content-length"                    |
|                      |                          |                                |                                |        | value:"content-type"                      |
|                      |                          |                                |                                |        | value:"date" value:"etag"                 |
|                      |                          |                                |                                |        | value:"expires" value:"keep-alive"        |
|                      |                          |                                |                                |        | value:"last-modified" value:"server"      |
|                      |                          |                                |                                |        | value:"vary"} stale:{enabled:true         |
|                      |                          |                                |                                |        | value:"error" value:"updating"}           |
|                      |                          |                                |                                |        | allowed_http_methods:{value:"GET"         |
|                      |                          |                                |                                |        | value:"POST" value:"HEAD"                 |
|                      |                          |                                |                                |        | value:"OPTIONS"}                          |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+

Delete the file from the cache:

yc cdn cache purge \
  --resource-id <CDN_resource_ID> \
  --path "/index.html"

Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
Delete index.html from the cache using the CacheService/Purge gRPC API call or the purge method.

Configure the canary-bg-production backend group so that canary-backend-green running version 2 processes 20% of the traffic coming to cdn.yandexcloud.example:
Management console

Yandex Cloud CLI

API
1. In the management console, select example-folder.
2. From the list of services, select Application Load Balancer.
3. In the left-hand panel, select Backend groups.
4. Select canary-bg-production.
5. Set the canary-backend-blue weight to 80 instead of 100:
  1. Under Backends, find canary-backend-blue, click , and select Edit.
  2. In the Weight field, specify 80.
  3. Click Save.
6. Similarly, set the canary-backend-green weight to 20 instead of 0.
7. Click Save.
1. Set the canary-backend-blue weight to 80 instead of 100:
  yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-blue \ --weight 80
  Result:
  done (1s) id: ds7l9puc18c9******** name: canary-bg-production folder_id: b1g9hv2loamq******** http: backends: - name: canary-backend-blue backend_weight: "80" storage_bucket: bucket: <blue_bucket_name> created_at: "2021-11-03T10:28:47.680825561Z"
  For more information about the yc alb backend-group update-http-backend command, see the CLI reference.
2. Set the canary-backend-green weight to 20 instead of 0:
  yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-green \ --weight 20
  Result:
  done (1s) id: ds7l9puc18c9******** name: canary-bg-production folder_id: b1g9hv2loamq******** http: backends: - name: canary-backend-green backend_weight: "20" storage_bucket: bucket: <green_bucket_name> created_at: "2021-11-03T10:28:47.680825561Z"
Use the BackendGroupService/UpdateBackend gRPC API call or the updateBackend REST API method.
Open https://cdn.yandexcloud.example/index.html in your browser several times. In about 20% of cases, you should see a page indicating version 2, and in the other cases, version 1.
Same as at steps 1-2, configure and check the following traffic allocations between the backends:
1. In the canary-bg-production backend group: 50% of traffic to each of the two backends.
2. In the canary-bg-production backend group: All traffic goes to canary-backend-green.
3. In the canary-bg-staging backend group (cdn-staging.yandexcloud.example domain name): All traffic goes to canary-backend-blue.
Re-enable caching:
Management console

API
1. In the management console, select example-folder.
2. From the list of services, select Cloud CDN.
3. Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
4. Navigate to the Caching tab.
5. Click Edit.
6. Enable CDN caching.
7. Click Save.
1. Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
2. Enable caching using the ResourceService/Update gRPC API call or the list REST API method.

Blue-green deployment for rolling back to version 1

Disable caching of the CDN resource and delete index.html from the cache:
Management console

API
1. In the management console, select example-folder.
2. From the list of services, select Cloud CDN.
3. Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
4. Navigate to the Caching tab.
5. Click Edit.
6. Disable the CDN caching option.
7. Click Save.
1. Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
2. Disable caching using the ResourceService/Update gRPC API call or the list REST API method.

Delete index.html from the cache:

Management console

Yandex Cloud CLI

API

In the management console, select example-folder.
From the list of services, select Cloud CDN.
Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
Navigate to the Content tab.
Click Purge cache.
In the Purge type field, select Selective.
Enter the path to the uploaded file: /index.html.
Click Purge cache.

Get the ID of the CDN resource you created:

yc cdn resource list

Result:

+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
|          ID          |          CNAME           |           CREATED AT           |           UPDATED AT           | ACTIVE |                  OPTIONS                  |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
| bc837xptmpkh******** | cdn.yandexcloud.example  | seconds:1637235693             | seconds:1637235693             | true   | edge_cache_settings:{enabled:true         |
|                      |                          | nanos:434085000                | nanos:434115000                |        | default_value:345600}                     |
|                      |                          |                                |                                |        | cache_http_headers:{value:"accept-ranges" |
|                      |                          |                                |                                |        | value:"cache-control" value:"connection"  |
|                      |                          |                                |                                |        | value:"content-encoding"                  |
|                      |                          |                                |                                |        | value:"content-length"                    |
|                      |                          |                                |                                |        | value:"content-type"                      |
|                      |                          |                                |                                |        | value:"date" value:"etag"                 |
|                      |                          |                                |                                |        | value:"expires" value:"keep-alive"        |
|                      |                          |                                |                                |        | value:"last-modified" value:"server"      |
|                      |                          |                                |                                |        | value:"vary"} stale:{enabled:true         |
|                      |                          |                                |                                |        | value:"error" value:"updating"}           |
|                      |                          |                                |                                |        | allowed_http_methods:{value:"GET"         |
|                      |                          |                                |                                |        | value:"POST" value:"HEAD"                 |
|                      |                          |                                |                                |        | value:"OPTIONS"}                          |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+

Delete the file from the cache:

yc cdn cache purge \
  --resource-id <CDN_resource_ID> \
  --path "/index.html"

Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
Delete index.html from the cache using the CacheService/Purge gRPC API call or the purge method.

Re-route all traffic from the cdn.yandexcloud.example domain name back to canary-backend-blue running version 1:

Management console

Yandex Cloud CLI

API

In the management console, select example-folder.
From the list of services, select Application Load Balancer.
In the left-hand panel, select Backend groups.
Select canary-bg-production.
Set the canary-backend-blue weight to 100 instead of 0:
1. Under Backends, find canary-backend-blue, click , and select Edit.
2. In the Weight field, specify 100.
3. Click Save.
Similarly, set the canary-backend-green weight to 0 instead of 100.
Click Save.

Set the canary-backend-blue weight to 100 instead of 0:

yc alb backend-group update-http-backend \
  --backend-group-name canary-bg-production \
  --name canary-backend-blue \
  --weight 100

Result:

done (1s)
id: ds7l9puc18c9********
name: canary-bg-production
folder_id: b1g9hv2loamq********
http:
  backends:
  - name: canary-backend-blue
    backend_weight: "100"
    storage_bucket:
      bucket: <blue_bucket_name>
created_at: "2021-11-03T10:28:47.680825561Z"

Set the canary-backend-green weight to 0 instead of 100:

yc alb backend-group update-http-backend \
  --backend-group-name canary-bg-production \
  --name canary-backend-green \
  --weight 0

Result:

done (1s)
id: ds7l9puc18c9********
name: canary-bg-production
folder_id: b1g9hv2loamq********
http:
  backends:
  - name: canary-backend-green
    backend_weight: "0"
    storage_bucket:
      bucket: <green_bucket_name>
created_at: "2021-11-03T10:28:47.680825561Z"

Use the BackendGroupService/UpdateBackend gRPC API call or the updateBackend REST API method.

Open https://cdn.yandexcloud.example/index.html in your browser several times. Each time, you should see a page indicating version 1.
Same as at steps 1-2, switch all traffic from cdn-staging.yandexcloud.example to canary-backend-green running version 2 and check the switchover in your browser.
Re-enable caching:
Management console

API
1. In the management console, select example-folder.
2. From the list of services, select Cloud CDN.
3. Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
4. Navigate to the Caching tab.
5. Click Edit.
6. Enable CDN caching.
7. Click Save.
1. Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
2. Enable caching using the ResourceService/Update gRPC API call or the list REST API method.

How to delete the resources you created

To shut down the infrastructure and stop paying for the resources you created:

If you previously set up CNAME records in Cloud DNS, delete canary-dns-zone.
Delete the CDN resource with cdn.yandexcloud.example as the primary domain name.
Delete the canary-balancer L7 load balancer.
Delete all objects from the blue and green buckets.
Delete the blue and green buckets.
Delete canary-subnet-ru-central1-a, canary-subnet-ru-central1-b, and canary-subnet-ru-central1-d.
Delete canary-network.

Enabling blue-green and canary deployment of web service versions

Supported toolsSupported tools

Get your cloud readyGet your cloud ready

Required paid resourcesRequired paid resources

Add a certificate to Certificate ManagerAdd a certificate to Certificate Manager

Create a cloud network and subnetsCreate a cloud network and subnets

Create buckets in Object StorageCreate buckets in Object Storage

Upload the files of your service to the bucketsUpload the files of your service to the buckets

Create a security groupCreate a security group

Create Application Load Balancer backend groupsCreate Application Load Balancer backend groups

Create an HTTP router and virtual hostsCreate an HTTP router and virtual hosts

Create an L7 load balancerCreate an L7 load balancer

Create a CDN resourceCreate a CDN resource

Configure DNS for the serviceConfigure DNS for the service

Test the service and version switchingTest the service and version switching

Check oneCheck one

Canary deployment of version 2Canary deployment of version 2

Blue-green deployment for rolling back to version 1Blue-green deployment for rolling back to version 1

How to delete the resources you createdHow to delete the resources you created

Was the article helpful?

Supported tools

Get your cloud ready

Required paid resources

Add a certificate to Certificate Manager

Create a cloud network and subnets

Create buckets in Object Storage

Upload the files of your service to the buckets

Create a security group

Create Application Load Balancer backend groups

Create an HTTP router and virtual hosts

Create an L7 load balancer

Create a CDN resource

Configure DNS for the service

Test the service and version switching

Check one

Canary deployment of version 2

Blue-green deployment for rolling back to version 1

How to delete the resources you created