Enabling a blue-green and canary deployment of web service versions

Written by

Updated at September 29, 2025

Supported tools
Get your cloud ready
- Required paid resources
Add a certificate to Certificate Manager
Create a cloud network and subnets
Create buckets in Object Storage
Upload the files of your service to the buckets
Create a security group
Create Application Load Balancer backend groups
Create an HTTP router and virtual hosts
Create an L7 load balancer
Create a CDN resource
Configure DNS for the service
Test the service and version switching
How to delete the resources you created

Configure your web service architecture to switch between versions using the two common deployment models: a blue-green deployment and a canary deployment.

Both models use two backends: a blue and a green one. First, you deploy a stable version generally available to users on one backend, e.g., the blue one. Then you use the other backend, the green one, to test the next version. When the testing is complete, the backends will switch roles:

In a blue-green deployment, all user traffic switches from one backend to the other right away.
In a canary deployment, traffic switches gradually, starting with only some of the users.

After that, the green backend becomes the primary one, and you can use the blue backend to test your next version. As long as your previous version runs on the blue backend, you can roll the service back to it by switching back the roles.

In this tutorial, we will use Yandex Object Storage buckets as backends with an L7 Yandex Application Load Balancer switching traffic between them. To reduce content delivery time, the load balancer receives user requests via the Yandex Cloud CDN content delivery network.

In our examples, we are going to use the cdn.yandexcloud.example and cdn-staging.yandexcloud.example domain names.

You can use various supported tools to perform these steps.

To build an architecture for a blue-green and canary deployment:

If you no longer need the resources you created, delete them.

Supported tools

You can complete most of the steps in this tutorial using any standard tool, such as the management console, Yandex Cloud and AWS CLIs, Terraform, and the Yandex Cloud API. Each step lists its respective supported tools.

Some steps do not support certain tools:

Currently, you cannot use CLIs and Terraform to:
- Create an Application Load Balancer backend group with buckets as backends.
- Get the domain name of a CDN load balancer when configuring DNS for the service.
- Disable and enable caching of a CDN when running a health check and testing version switching.
Currently, you cannot get the domain name of a CDN load balancer through the API when configuring DNS for the service.

Get your cloud ready

Navigate to the management console and log in to Yandex Cloud or create a new account.
On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure.

Learn more about clouds and folders here.

We will use a folder named example-folder in our example.

Required paid resources

The infrastructure support costs include:

Fee for data storage in Object Storage, data operations, and outbound traffic (see Object Storage pricing).
Fee for using the computing resources of the L7 load balancer (see Application Load Balancer pricing).
Fee for outbound traffic from CDN servers (see Cloud CDN pricing).
Fee for public DNS queries and DNS zones if using Yandex Cloud DNS (see Cloud DNS pricing).

Add a certificate to Certificate Manager

Certificates from Yandex Certificate Manager are supported. You can issue a new Let's Encrypt® certificate or upload one of your own.

The certificate must be located in the same folder as your CDN resource.

For a Let's Encrypt® certificate, pass an ownership check for the domain specified in the certificate.

Create a cloud network and subnets

All resources you create will belong to the same cloud network.

Management console

Yandex Cloud CLI

Terraform

API

In the management console, select example-folder.
From the list of services, select Virtual Private Cloud.
At the top right, click Create network.
In the Name field, specify canary-network.
In the Advanced field, select Create subnets.
Click Create network.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

Create a network named canary-network:

yc vpc network create canary-network

Result:

id: enptrcle5q3d********
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T09:25:03Z"
name: canary-network
default_security_group_id: enpbsnnop4ak********

For more information about the yc vpc network create command, see the CLI reference.

Create subnets in all availability zones:

ru-central1-a:

yc vpc subnet create canary-subnet-ru-central1-a \
  --zone ru-central1-a \
  --network-name canary-network \
  --range 10.1.0.0/16

Result:

id: e9bnnssj8sc8********
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T09:27:00Z"
name: canary-subnet-ru-central1-a
network_id: enptrcle5q3d********
zone_id: ru-central1-a
v4_cidr_blocks:
- 10.1.0.0/16

ru-central1-b:

yc vpc subnet create canary-subnet-ru-central1-b \
  --zone ru-central1-b \
  --network-name canary-network \
  --range 10.2.0.0/16

Result:

id: e2lghukd9iqo********
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T09:27:39Z"
name: canary-subnet-ru-central1-b
network_id: enptrcle5q3d********
zone_id: ru-central1-b
v4_cidr_blocks:
- 10.2.0.0/16

ru-central1-d:

yc vpc subnet create canary-subnet-ru-central1-d \
  --zone ru-central1-d \
  --network-name canary-network \
  --range 10.3.0.0/16

Result:

id: b0c3pte4o2kn********
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T09:28:08Z"
name: canary-subnet-ru-central1-d
network_id: enptrcle5q3d********
zone_id: ru-central1-d
v4_cidr_blocks:
- 10.3.0.0/16

For more information about the yc vpc subnet create command, see the CLI reference.

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

In the configuration file, describe the settings for canary-network and its canary-subnet-ru-central1-a, canary-subnet-ru-central1-b, and canary-subnet-ru-central1-d subnets:

resource "yandex_vpc_network" "canary-network" {
  name = "canary-network"
}

resource "yandex_vpc_subnet" "canary-subnet-a" {
  name           = "canary-subnet-ru-central1-a"
  zone           = "ru-central1-a"
  network_id     = "${yandex_vpc_network.canary-network.id}"
  v4_cidr_blocks = ["10.1.0.0/16"]
}

resource "yandex_vpc_subnet" "canary-subnet-b" {
  name           = "canary-subnet-ru-central1-b"
  zone           = "ru-central1-b"
  network_id     = "${yandex_vpc_network.canary-network.id}"
  v4_cidr_blocks = ["10.2.0.0/16"]
}

resource "yandex_vpc_subnet" "canary-subnet-d" {
  name           = "canary-subnet-ru-central1-d"
  zone           = "ru-central1-d"
  network_id     = "${yandex_vpc_network.canary-network.id}"
  v4_cidr_blocks = ["10.3.0.0/16"]
}

For more information, see the yandex_vpc_network and yandex_vpc_subnet descriptions in the Terraform provider documentation.

Make sure the configuration files are correct.
1. In the command line, navigate to the directory where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If the configuration description is correct, the terminal will display a list of the resources being created and their settings. If the configuration contains any errors, Terraform will point them out.
Deploy the cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources.

Create canary-network using the NetworkService/Create gRPC API call or the create REST API method.
Create canary-subnet-ru-central1-a, canary-subnet-ru-central1-b, and canary-subnet-ru-central1-d in the three availability zones using the SubnetService/Create gRPC API call or the create REST API method.

Create buckets in Object Storage

Management console

AWS CLI

Terraform

API

In the management console, select example-folder.
From the list of services, select Object Storage.
Create a blue bucket for the backend stable version:
1. At the top right, click Create bucket.
2. In the ** Name** field, enter a name for the bucket.
3. In the Read objects and Read object list fields, select For all.
4. Click Create bucket.
Similarly, create a green bucket for the backend test version.

Create a blue bucket for the backend stable version:

aws --endpoint-url https://storage.yandexcloud.net \
  s3 mb s3://<blue_bucket_name>

Result:

make_bucket: s3://<blue_bucket_name>

Enable public access to read objects and their list:

aws --endpoint-url https://storage.yandexcloud.net \
  s3api put-bucket-acl \
  --bucket <blue_bucket_name> \
  --acl public-read

Similarly, create a green bucket for the backend test version and enable public access to it.

Note

Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin, for the folder where you are going to create resources.

Describe the properties for creating a service account and access key in the configuration file:

...
// Creating a service account
resource "yandex_iam_service_account" "sa" {
  name = "<service_account_name>"
}

// Assigning a role to a service account
resource "yandex_resourcemanager_folder_iam_member" "sa-admin" {
  folder_id = "<folder_ID>"
  role      = "storage.admin"
  member    = "serviceAccount:${yandex_iam_service_account.sa.id}"
}

// Creating a static access key
resource "yandex_iam_service_account_static_access_key" "sa-static-key" {
  service_account_id = yandex_iam_service_account.sa.id
  description        = "static access key for object storage"
}

Add the properties of the blue (backend stable version) and green (backend test version) buckets to the configuration file:

...

resource "yandex_storage_bucket" "canary-bucket-blue" {
  access_key = yandex_iam_service_account_static_access_key.sa-static-key.access_key
  secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key
  bucket     = "<blue_bucket_name>"
  acl        = "public-read"
}

resource "yandex_storage_bucket" "canary-bucket-green" {
  access_key = yandex_iam_service_account_static_access_key.sa-static-key.access_key
  secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key
  bucket     = "<green_bucket_name>"
  acl        = "public-read"
}

For more information about yandex_storage_bucket, see the Terraform provider documentation.

Make sure the configuration files are correct.
1. In the command line, navigate to the directory where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If the configuration description is correct, the terminal will display a list of the resources being created and their settings. If the configuration contains any errors, Terraform will point them out.
Deploy the cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources.

Use the create REST API method.

Upload the files of your service to the buckets

Create two files, both named index.html. They will represent two service versions: version 1 and version 2.

Example of the index.html file, version 1

<!DOCTYPE html>
<html>
  <head>
    <title>Version 1</title>
  </head>
  <body>
    <p>Version 1 is working</p>
  </body>
</html>

Example of the index.html file, version 2

<!DOCTYPE html>
<html>
  <head>
    <title>Version 2</title>
  </head>
  <body>
    <p>Version 2 is working</p>
  </body>
</html>

Upload the files to the buckets:
Management console

AWS CLI

Terraform

API
1. In the management console, select example-folder.
2. From the list of services, select Object Storage.
3. Select the blue bucket.
4. Click Upload and select index.html version 1 for uploading.
5. Similarly, upload index.html version 2 to the green bucket.
1. Upload index.html version 1 to the blue bucket:
  aws --endpoint-url https://storage.yandexcloud.net \ s3 cp v1/index.html s3://<blue_bucket_name>/index.html
  Result:
  upload: v1/index.html to s3://<blue_bucket_name>/index.html
2. Upload index.html version 2 to the green bucket:
  aws --endpoint-url https://storage.yandexcloud.net \ s3 cp v2/index.html s3://<green_bucket_name>/index.html
  Result:
  upload: v2/index.html to s3://<green_bucket_name>/index.html
1. Add to the configuration file the properties of the v1/index.html and v2/index.html files uploaded to the blue and green buckets, respectively:
  ... resource "yandex_storage_object" "canary-bucket-blue-index" { bucket = "<blue_bucket_name>" key = "index.html" source = "v1/index.html" } resource "yandex_storage_bucket" "canary-bucket-green-index" { bucket = "<green_bucket_name>" key = "index.html" source = "v2/index.html" }
  For more information about yandex_storage_object, see the Terraform provider documentation.
2. Make sure the configuration files are correct.
  1. In the command line, navigate to the directory where you created the configuration file.
  2. Run a check using this command:
    
    terraform plan
  If the configuration description is correct, the terminal will display a list of the resources being created and their settings. If the configuration contains any errors, Terraform will point them out.
3. Deploy the cloud resources.
  1. If the configuration does not contain any errors, run this command:
    
    terraform apply
  2. Confirm creating the resources.
Use the upload REST API method.

Create a security group

Security groups contain rules that allow the L7 load balancer to receive inbound traffic and send it to backend buckets.

To create security groups:

Management console

Yandex Cloud CLI

Terraform

API

In the management console, select Virtual Private Cloud.
In the left-hand panel, select Security groups.
At the top right, click Create security group.
In the Name field, specify canary-sg.
In the Network field, select canary-network.

Under Rules, create the following rules using the instructions below the table:

Traffic direction	Description	Port range	Protocol	Source / destination	CIDR blocks
`Outgoing`	`any`	`All`	`Any`	`CIDR`	`0.0.0.0/0`
`Inbound`	`ext-http`	`80`	`TCP`	`CIDR`	`0.0.0.0/0`
`Inbound`	`ext-https`	`443`	`TCP`	`CIDR`	`0.0.0.0/0`
`Inbound`	`healthchecks`	`30080`	`TCP`	`Load balancer healthchecks`	—

Navigate to the Egress or Ingress tab.
Click Add.
In the Port range field of the window that opens, specify a single port or a port range for traffic to come to or from.
In the Protocol field, specify the required protocol or leave Any.
In the Destination name or Source field, select the rule purpose:
- CIDR: Rule will apply to the range of IP addresses. In the CIDR blocks field, specify the CIDRs and masks of subnets traffic will move to/from. To add multiple CIDRs, click Add.
- Load balancer healthchecks: Rule allowing a load balancer to health-check VMs.
Click Save. Repeat these steps to create all rules from the table.

Click Save.

Run the following command:

yc vpc security-group create canary-sg \
  --network-name canary-network \
  --rule direction=egress,port=any,protocol=any,v4-cidrs=[0.0.0.0/0] \
  --rule direction=ingress,port=80,protocol=tcp,v4-cidrs=[0.0.0.0/0] \
  --rule direction=ingress,port=443,protocol=tcp,v4-cidrs=[0.0.0.0/0] \
  --rule direction=ingress,port=30080,protocol=tcp,predefined=loadbalancer_healthchecks

Result:

id: enpd133ngcnr********
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T10:26:16Z"
name: canary-sg
network_id: enptrcle5q3d********
status: ACTIVE
rules:
- id: enpkgrpi2gsi********
  direction: EGRESS
  protocol_name: ANY
  protocol_number: "-1"
  cidr_blocks:
    v4_cidr_blocks:
    - 0.0.0.0/0
- id: enpgssij0i16********
  direction: INGRESS
  ports:
    from_port: "80"
    to_port: "80"
  protocol_name: TCP
  protocol_number: "6"
  cidr_blocks:
    v4_cidr_blocks:
    - 0.0.0.0/0
- id: enp0bft67j9l********
  direction: INGRESS
  ports:
    from_port: "443"
    to_port: "443"
  protocol_name: TCP
  protocol_number: "6"
  cidr_blocks:
    v4_cidr_blocks:
    - 0.0.0.0/0
- id: enpmorcimu65********
  direction: INGRESS
  ports:
    from_port: "30080"
    to_port: "30080"
  protocol_name: TCP
  protocol_number: "6"
  predefined_target: loadbalancer_healthchecks

For more information about the yc vpc security-group create command, see the CLI reference.

Add the canary-sg security group properties to the configuration file:

resource "yandex_vpc_security_group" "canary-sg" {
  name       = "canary-sg"
  network_id = yandex_vpc_network.canary-network.id

  egress {
    protocol       = "ANY"
    port           = "ANY"
    v4_cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol       = "TCP"
    port           = 80
    v4_cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol       = "TCP"
    port           = 443
    v4_cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol          = "TCP"
    port              = 30080
    predefined_target = "loadbalancer_healthchecks"
  }
}

For more information about resource properties in Terraform, see the relevant Terraform documentation.

Make sure the configuration files are correct.
1. In the command line, navigate to the directory where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If the configuration description is correct, the terminal will display a list of the resources being created and their settings. If the configuration contains any errors, Terraform will point them out.
Deploy the cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources.

Use the SecurityGroupService/Create gRPC API call or the create REST API method.

To add a rule for load balancer health checks, use the loadbalancer_healthchecks parameter in the SecurityGroupRuleSpec.target.predefined_target field for the gRPC API or the predefinedTarget field for the REST API.

Create Application Load Balancer backend groups

Management console

API

Create a backend group named canary-bg-production with canary-backend-blue and canary-backend-green:
1. In the management console, select example-folder.
2. From the list of services, select Application Load Balancer.
3. In the left-hand panel, select Backend groups.
4. At the top right, click Create backend group.
5. In the Name field, specify canary-bg-production.
6. Create a backend named canary-backend-blue:
  1. Under Backends, click Add.
  2. In the Name field, specify canary-backend-blue.
  3. In the Weight field, specify 100.
  4. In the Type field, select Bucket.
  5. Select the blue bucket in the Bucket field.
7. Create a backend named canary-backend-green:
  1. Under Backends, click Add.
  2. In the Name field, specify canary-backend-green.
  3. In the Weight field, specify 0.
  4. In the Type field, select Bucket.
  5. In the Bucket field, select the green bucket.
8. Click Create.
Similarly, create a backend group named canary-bg-staging. Set the canary-backend-blue weight to 0 and the canary-backend-green weight to 100.

If you are going to complete the next steps in Terraform, copy the IDs of the canary-bg-production and canary-bg-staging backend groups from the Backend groups tab.

Use the BackendGroupService/Create gRPC API call or the create REST API method.

Create an HTTP router and virtual hosts

Management console

Yandex Cloud CLI

Terraform

API

In the management console, select example-folder.
From the list of services, select Application Load Balancer.
In the left-hand panel, select HTTP routers.
At the top right, click Create HTTP router.
In the Name field, specify canary-router.
Create a virtual host named canary-vh-production:
1. Under Virtual hosts, click Add virtual host.
2. In the Name field, specify canary-vh-production.
3. In the Authority field, specify cdn.yandexcloud.example.
4. Click Add route.
5. In the Name field, specify canary-route-production.
6. In the Path field, select Starts with and specify the / path.
7. From the HTTP methods list, select GET.
8. In the Action field, keep Routing.
9. From the Backend group list, select canary-bg-production.
Create a virtual host named canary-vh-staging:
- Name: canary-vh-production
- Authority: cdn-staging.yandexcloud.example
- Route Name: canary-route-staging
- Backend group: canary-bg-staging
- The other settings are identical to those for canary-vh-production.
Click Create.

Create an HTTP router named canary-router:

yc alb http-router create canary-router

Result:

id: ds7qd0vj01dj********
name: canary-router
folder_id: b1g9hv2loamq********
created_at: "2021-11-03T10:31:41.027649223Z"

For more information about the yc alb http-router create command, see the CLI reference.

Create a virtual host named canary-vh-production:

yc alb virtual-host create canary-vh-production \
  --http-router-name canary-router \
  --authority cdn.yandexcloud.example

Result:

done (1s)
name: canary-vh-production
authority:
- cdn.yandexcloud.example

For more information about the yc alb virtual-host create command, see the CLI reference.

Create a route named canary-route-production in the canary-vh-production virtual host:

yc alb virtual-host append-http-route canary-route-production \
  --http-router-name canary-router \
  --virtual-host-name canary-vh-production \
  --prefix-path-match "/" \
  --backend-group-name canary-bg-production

Result:

done (1s)
name: canary-vh-production
authority:
- cdn.yandexcloud.example
routes:
- name: canary-route-production
  http:
    match:
      path:
        prefix_match: /
    route:
      backend_group_id: ds7pbm5fj2v0********

For more information about the yc alb virtual-host append-http-route command, see the CLI reference.

Create a virtual host named canary-vh-staging:

yc alb virtual-host create canary-vh-staging \
  --http-router-name canary-router \
  --authority cdn-staging.yandexcloud.example

Result:

done (1s)
name: canary-vh-staging
authority:
- cdn-staging.yandexcloud.example

Create a route named canary-route-staging in the canary-vh-staging virtual host:

yc alb virtual-host append-http-route canary-route-staging \
  --http-router-name canary-router \
  --virtual-host-name canary-vh-staging \
  --prefix-path-match "/" \
  --backend-group-name canary-bg-staging

Result:

done (1s)
name: canary-vh-staging
authority:
- cdn-staging.yandexcloud.example
routes:
- name: canary-route-staging
  http:
    match:
      path:
        prefix_match: /
    route:
      backend_group_id: ds765atleota********

Add the settings for the canary-router HTTP router, its virtual hosts, and routes to the configuration file :

...

resource "yandex_alb_http_router" "canary-router" {
  name = "canary-router"
}

resource "yandex_alb_virtual_host" "canary-vh-production" {
  name           = "canary-vh-production"
  http_router_id = ${yandex_alb_http_router.canary-router.id}
  authority      = "cdn.yandexcloud.example"

  route {
    name = "canary-route-production"
    http_route {
      http_route_action {
        backend_group_id = "<canary-bg-production_backend_group_ID>"
      }
    }
  }  
}

resource "yandex_alb_virtual_host" "canary-vh-staging" {
  name           = "canary-vh-staging"
  http_router_id = ${yandex_alb_http_router.canary-router.id}
  authority      = "cdn-staging.yandexcloud.example"

  route {
    name = "canary-route-staging"
    http_route {
      http_route_action {
        backend_group_id = "<canary-bg-staging_backend_group_ID>"
      }
    }
  }  
}

For more information, see the yandex_alb_http_router and yandex_alb_virtual_host descriptions in the Terraform provider documentation.

Make sure the configuration files are correct.
1. In the command line, navigate to the directory where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If the configuration description is correct, the terminal will display a list of the resources being created and their settings. If the configuration contains any errors, Terraform will point them out.
Deploy the cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources.

Create an HTTP router named canary-router using the HttpRouterService/Create gRPC API call or the create REST API method.
Create the canary-vh-production and canary-vh-staging virtual hosts bound to the router and their routes using the VirtualHostService/Create gRPC API call or the create REST API method.

Create an L7 load balancer

Management console

Yandex Cloud CLI

Terraform

API

In the management console, select example-folder.
From the list of services, select Application Load Balancer.
At the top right, click Create L7 load balancer.
In the Name field, specify canary-balancer.
Under Network settings:
1. In the Network field, select canary-network.
2. In the Security groups field, select canary-sg. Leaving this field blank will allow any inbound and outbound traffic for the load balancer.
Under Allocation, select the three subnets for the load balancer nodes (canary-subnet-ru-central1-a, canary-subnet-ru-central1-b, and canary-subnet-ru-central1-d) and enable traffic to these subnets.
Under Listeners, click Add listener and set up the listener:
1. In the Name field, specify canary-listener.
2. Under Public IP address:
  - In the Port field, specify 80.
  - In the Type field, select Automatically.
3. In the HTTP router field, select canary-router.
Click Create.

Get the subnet IDs for canary-network:

yc vpc network list-subnets canary-network

Result:

+----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+
|          ID          |            NAME             |      FOLDER ID       |      NETWORK ID      | ROUTE TABLE ID |     ZONE      |     RANGE     |
+----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+
| e9bnnssj8sc8******** | canary-subnet-ru-central1-d | b1g9hv2loamq******** | enptrcle5q3d******** |                | ru-central1-d | [10.1.0.0/16] |
| e2lghukd9iqo******** | canary-subnet-ru-central1-b | b1g9hv2loamq******** | enptrcle5q3d******** |                | ru-central1-b | [10.2.0.0/16] |
| b0c3pte4o2kn******** | canary-subnet-ru-central1-a | b1g9hv2loamq******** | enptrcle5q3d******** |                | ru-central1-a | [10.3.0.0/16] |
+----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+

For more information about the yc vpc network list-subnets command, see the CLI reference.

Get the canary-sg security group ID:
```
yc vpc security-group get canary-sg | grep "^id"
```
Result:
```
id: enpd133ngcnr********
```
For more information about the yc vpc security-group get command, see the CLI reference.

Create a load balancer named canary-balancer:

yc alb load-balancer create canary-balancer \
  --network-name canary-network \
  --security-group-id <canary-sg_security_group_ID> \
  --location zone=ru-central1-a,subnet-id=<canary-subnet-ru-central1-a_subnet_ID> \
  --location zone=ru-central1-b,subnet-id=<canary-subnet-ru-central1-b_subnet_ID> \
  --location zone=ru-central1-d,subnet-id=<canary-subnet-ru-central1-d_subnet_ID>

Result:

done (3m0s)
id: ds77q7v39b4u********
name: canary-balancer
folder_id: b1g9hv2loamq********
status: ACTIVE
region_id: ru-central1
network_id: enptrcle5q3d********
allocation_policy:
  locations:
  - zone_id: ru-central1-d
    subnet_id: b0c3pte4o2kn********
  - zone_id: ru-central1-b
    subnet_id: e2lghukd9iqo********
  - zone_id: ru-central1-a
    subnet_id: e9bnnssj8sc8********
log_group_id: ckg23vr4dlks********
security_group_ids:
- enpd133ngcnr********
created_at: "2021-11-03T10:55:49.134935148Z"

For more information about the yc alb load-balancer create command, see the CLI reference.

Add a listener to the load balancer:

yc alb load-balancer add-listener \
  --name canary-balancer \
  --listener-name canary-listener \
  --external-ipv4-endpoint port=80 \
  --http-router-name canary-router

Result:

done (43s)
id: ds77q7v39b4u********
name: canary-balancer
folder_id: b1g9hv2loamq********
status: ACTIVE
region_id: ru-central1
network_id: enptrcle5q3d********
listeners:
- name: canary-listener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 84.252.133.149
    ports:
    - "80"
  http:
    handler:
      http_router_id: ds7qd0vj01dj********
allocation_policy:
  locations:
  - zone_id: ru-central1-d
    subnet_id: b0c3pte4o2kn********
  - zone_id: ru-central1-b
    subnet_id: e2lghukd9iqo********
  - zone_id: ru-central1-a
    subnet_id: e9bnnssj8sc8********
log_group_id: ckg23vr4dlks********
security_group_ids:
- enpd133ngcnr********
created_at: "2021-11-03T10:55:49.134935148Z"

For more information about the yc alb load-balancer add-listener command, see the CLI reference.

Add the settings for canary-balancer to the configuration file:

...

resource "yandex_alb_load_balancer" "canary-balancer" {
  name               = "canary-balancer"
  network_id         = ${yandex_vpc_network.canary-network.id}
  security_group_ids = [ ${yandex_vpc_security_group.canary-sg.id} ]

  allocation_policy {
    location {
      zone_id   = "ru-central1-a"
      subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-a.id}
    }

    location {
      zone_id   = "ru-central1-b"
      subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-b.id}
    }

    location {
      zone_id   = "ru-central1-d"
      subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-d.id}
    }
  }

  listener {
    name = "canary-listener"
    endpoint {
      address {
        external_ipv4_address {
        }
      }
      ports = [80]
    }
    http {
      handler {
        http_router_id = ${yandex_alb_http_router.canary-router.id}
      }
    }
  }
}

For more information about yandex_alb_load_balancer, see the Terraform provider documentation.

Make sure the configuration files are correct.
1. In the command line, navigate to the directory where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If the configuration description is correct, the terminal will display a list of the resources being created and their settings. If the configuration contains any errors, Terraform will point them out.
Deploy the cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources.

Use the LoadBalancerService/Create gRPC API call or the create REST API method.

Create a CDN resource

Management console

Yandex Cloud CLI

Terraform

API

In the management console, select example-folder.
In the list of services, select Cloud CDN.
Click Create resource.
Configure the basic CDN resource settings:
- Under Content:
  - Enable Enable access to content.
  - In the Content query field, select From one origin.
  - In the Origin type field, select L7 load balancer.
  - In the L7 load balancer field, select canary-balancer.
  - In the IP address field, select the IP address assigned to the load balancer (the only one in the list).
  - In the Origin request protocol field, select HTTP.
  - In the Domain name field, specify cdn.yandexcloud.example.
  - Click Add domain name and specify cdn-staging.yandexcloud.example.
    
    Alert
    
    The first domain name, cdn.yandexcloud.example, will become the primary one, and you will not be able to edit it after you create a CDN resource.
- Under Additional settings:
  - In the Redirect clients field, select HTTP to HTTPS.
  - In the Certificate type field, specify Use from Certificate Manager and select a certificate for the cdn.yandexcloud.example and cdn-staging.yandexcloud.example domain names.
  - In the Host header field, select Match client.
Click Continue.
Under Caching in the CDN section, enable CDN caching.
Click Continue.
Under HTTP headers and methods, and Advanced, leave the default settings. Click Continue.

Create an origin group named canary-origin-group and indicate the load balancer IP address:

yc cdn origin-group create --name "canary-origin-group" \
  --origin source=<load_balancer_IP_address>:80,enabled=true

Result:

id: "90748"
folder_id: b1geoelk7fld********
name: canary-origin-group
use_next: true
origins:
- id: "562449"
  origin_group_id: "90748"
  source: 51.250.10.216:80
  enabled: true

For more information about the yc cdn origin-group create command, see the CLI reference.

Copy origin_group_id from the previous step and create a CDN resource by running this command:

yc cdn resource create \
  --cname cdn.yandexcloud.example \
  --origin-group-id <origin_group_ID> \
  --secondary-hostnames cdn-staging.yandexcloud.example \
  --origin-protocol http \
  --cert-manager-ssl-cert-id <certificate_ID> \
  --forward-host-header

Result:

id: bc843k2yinvq********
folder_id: b1ge1elk72ld********
cname: cdn.yandexcloud.example
...
active: true
...
...
secondary_hostnames:
- cdn-staging.yandexcloud.example
...

For more information about the yc cdn resource create command, see the CLI reference.

Enable client redirects for the resource:

yc cdn resource update <resource_ID> --redirect-http-to-https

Add the CDN settings to the configuration file:

...

resource "yandex_cdn_origin_group" "my_group" {
  name     = "canary-origin-group"
  use_next = true
  origin {
   source = "<load_balancer_IP_address>:80"
   backup = false
  }
}

resource "yandex_cdn_resource" "my_resource" {

    cname               = "cdn.yandexcloud.example"
    active              = true
    origin_protocol     = "http"
    secondary_hostnames = ["cdn-staging.yandexcloud.example"]
    origin_group_id     = yandex_cdn_origin_group.my_group.id
    ssl_certificate {
      type                   = "certificate_manager"
      certificate_manager_id = "<certificate_ID>"
    }
    options {
        edge_cache_settings    = "345600"
        browser_cache_settings = "1800"
        ignore_cookie          = true
        ignore_query_params    = false
    }

}

For more information, see the yandex_cdn_origin_group and yandex_cdn_resource descriptions in the Terraform provider documentation.

Make sure the configuration files are correct.
1. In the command line, navigate to the directory where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If the configuration description is correct, the terminal will display a list of the resources being created and their settings. If the configuration contains any errors, Terraform will point them out.
Deploy the cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources: type yes in the terminal and press Enter.
This will create all the resources you need in the specified folder. You can check the new resources and their settings using the management console.
Enable client redirects for the resource. In the CDN resource settings, add this field at the top of the options section:
```
...
options {
  redirect_https_to_http = true
...
```
Run a check using this command:
```
terraform plan
```
If the configuration description is correct, the terminal will display a list of updated resources and their properties. If the configuration contains any errors, Terraform will point them out.
If there are no errors, run this command:
```
terraform apply
```
Confirm the resource update by typing yes in the terminal and pressing Enter.

This will enable redirects for the resource.

Use the ResourceService/Create gRPC API call or the create REST API method.

Configure DNS for the service

The cdn.yandexcloud.example and cdn-staging.yandexcloud.example domain names must be mapped to the CDN resource using DNS records.

To configure DNS:

Get the domain name of the CDN load balancer:
Management console
1. In the management console, select example-folder.
2. From the list of services, select Cloud CDN.
3. From the list of CDN resources, select the one with cdn.yandexcloud.example as its primary domain name.
4. From DNS settings at the bottom of the page, copy the domain name in 328938ed********.a.yccdn.cloud.yandex.net or cl-msa87*****.edgecdn.ru format depending on the CDN provider you use.
On the website of your DNS hosting provider, navigate to the DNS settings.
Create or edit CNAME records for cdn.yandexcloud.example and cdn-staging.yandexcloud.example so that they point to the domain name you copied:
```
cdn CNAME 328938ed********.a.yccdn.cloud.yandex.net
cdn-staging CNAME 328938ed********.a.yccdn.cloud.yandex.net
```
Note

Do not use an ANAME resource record with domain names for content distribution; otherwise, the end user will get a response from a CDN server not linked to the user geolocation. The response will always be the same for all users.

If you use Cloud DNS, follow this guide to configure the record:
Configuring DNS records for Cloud DNS
Management console

Yandex Cloud CLI

Terraform

API
In the management console, select Cloud DNS.

If you do not have a public DNS zone, create one:

Click Create zone.

In the Zone field, enter the website domain name with a trailing dot: yandexcloud.example..

In the Type field, select Public.

In the Name field, specify canary-dns-zone.

Click Create.

Create a CNAME record for cdn.yandexcloud.example in the zone:

Select canary-dns-zone.

Click Create record.

In the Name field, specify cdn.

In the Type field, specify CNAME.

In the Data field, paste the value you copied in 328938ed********.a.yccdn.cloud.yandex.net format.

Click Create.

Similarly, create a CNAME record for cdn-staging.yandexcloud.example in the same zone. In the Name field, specify cdn-staging.
If you do not have a public DNS zone, create one:

yc dns zone create \ --name canary-dns-zone \ --zone yandexcloud.example. \ --public-visibility

Result:

id: dns4rq4taddd******** folder_id: b1g9hv2loamq******** created_at: "2021-11-03T11:03:28.847Z" name: canary-dns-zone zone: yandexcloud.example. public_visibility: {}

For more information about the yc dns zone create command, see the CLI reference.

In the zone, create a CNAME record for cdn.yandexcloud.example and cdn-staging.yandexcloud.example with the value you copied in 328938ed********.a.yccdn.cloud.yandex.net format:

yc dns zone add-records \ --name canary-dns-zone \ --record "cdn CNAME 328938ed********.a.yccdn.cloud.yandex.net" \ --record "cdn-staging CNAME 328938ed********.a.yccdn.cloud.yandex.net"

For more information about the yc dns zone add-records command, see the CLI reference.
Add the canary-dns-zone settings and the zone’s CNAME records to the configuration file:

... resource "yandex_dns_zone" "canary-dns-zone" { zone = "yandexcloud.example." name = "canary-dns-zone" public = true } resource "yandex_dns_recordset" "canary-recordset-production" { zone_id = ${yandex_dns_zone.canary-dns-zone.id} name = "cdn" type = "CNAME" data = ["<copied_value_in_328938ed********.a.yccdn.cloud.yandex.net_format>"] } resource "yandex_dns_recordset" "canary-recordset-staging" { zone_id = ${yandex_dns_zone.canary-dns-zone.id} name = "cdn-staging" type = "CNAME" data = ["<copied_value_in_328938ed********.a.yccdn.cloud.yandex.net"_format] }

For more information, see the yandex_dns_zone and yandex_dns_recordset descriptions in the Terraform provider documentation.

Make sure the configuration files are correct.

In the command line, navigate to the directory where you created the configuration file.

Run a check using this command:

terraform plan

If the configuration description is correct, the terminal will display a list of the resources being created and their settings. If the configuration contains any errors, Terraform will point them out.

Deploy the cloud resources.

If the configuration does not contain any errors, run this command:

terraform apply

Confirm creating the resources.
Create a DNS zone named canary-dns-zone using the DnsZoneService/Create gRPC API call or the create REST API method.

Add the cdn and cdn-staging CNAME records to the zone with the value you copied in 328938ed********.a.yccdn.cloud.yandex.net format using the DnsZoneService/UpdateRecordSets gRPC API call or the updateRecordSets REST API method.

It may take a few hours to update DNS records on the DNS servers. After that, you can check the health of the service.

Test the service and version switching

Check one

Check that cdn.yandexcloud.example is mapped to version 1 and cdn-staging.yandexcloud.example, to version 2:

Open https://cdn.yandexcloud.example/index.html in your browser. You should see a page indicating version 1.

Delete the index.html file from the CDN resource cache:

Management console

Yandex Cloud CLI

API

In the management console, select example-folder.
In the list of services, select Cloud CDN.
Select the CDN resource you created (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
Navigate to the Content tab.
Click Purge cache.
In the Purge type field, select Selective.
Enter the path to the file you uploaded: /index.html.
Click Purge cache.

Get the ID of the CDN resource you created:

yc cdn resource list

Result:

+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
|          ID          |          CNAME           |           CREATED AT           |           UPDATED AT           | ACTIVE |                  OPTIONS                  |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
| bc837xptmpkh******** | cdn.yandexcloud.example  | seconds:1637235693             | seconds:1637235693             | true   | edge_cache_settings:{enabled:true         |
|                      |                          | nanos:434085000                | nanos:434115000                |        | default_value:345600}                     |
|                      |                          |                                |                                |        | cache_http_headers:{value:"accept-ranges" |
|                      |                          |                                |                                |        | value:"cache-control" value:"connection"  |
|                      |                          |                                |                                |        | value:"content-encoding"                  |
|                      |                          |                                |                                |        | value:"content-length"                    |
|                      |                          |                                |                                |        | value:"content-type"                      |
|                      |                          |                                |                                |        | value:"date" value:"etag"                 |
|                      |                          |                                |                                |        | value:"expires" value:"keep-alive"        |
|                      |                          |                                |                                |        | value:"last-modified" value:"server"      |
|                      |                          |                                |                                |        | value:"vary"} stale:{enabled:true         |
|                      |                          |                                |                                |        | value:"error" value:"updating"}           |
|                      |                          |                                |                                |        | allowed_http_methods:{value:"GET"         |
|                      |                          |                                |                                |        | value:"POST" value:"HEAD"                 |
|                      |                          |                                |                                |        | value:"OPTIONS"}                          |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+

For more information about the yc cdn resource list command, see the CLI reference.

Delete the file from the cache:
```
yc cdn cache purge \
  --resource-id <CDN_resource_ID> \
  --path "/index.html"
```
For more information about the yc cdn cache purge command, see the CLI reference.

Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
Delete index.html from the cache using the CacheService/Purge gRPC API call or the purge method.

Open https://cdn-staging.yandexcloud.example/index.html in your browser. You should see a page indicating version 2.

Canary deployment of version 2

Disable caching of the CDN resource and delete index.html from the cache:
Management console

API
1. In the management console, select example-folder.
2. In the list of services, select Cloud CDN.
3. Select the CDN resource you created (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
4. Navigate to the Caching tab.
5. Click Edit.
6. Disable the CDN caching option.
7. Click Save.
1. Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
2. Disable caching using the ResourceService/Update gRPC API call or the list REST API method.

Delete index.html from the cache:

Management console

Yandex Cloud CLI

API

In the management console, select example-folder.
In the list of services, select Cloud CDN.
Select the CDN resource you created (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
Navigate to the Content tab.
Click Purge cache.
In the Purge type field, select Selective.
Enter the path to the file you uploaded: /index.html.
Click Purge cache.

Get the ID of the CDN resource you created:

yc cdn resource list

Result:

+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
|          ID          |          CNAME           |           CREATED AT           |           UPDATED AT           | ACTIVE |                  OPTIONS                  |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
| bc837xptmpkh******** | cdn.yandexcloud.example  | seconds:1637235693             | seconds:1637235693             | true   | edge_cache_settings:{enabled:true         |
|                      |                          | nanos:434085000                | nanos:434115000                |        | default_value:345600}                     |
|                      |                          |                                |                                |        | cache_http_headers:{value:"accept-ranges" |
|                      |                          |                                |                                |        | value:"cache-control" value:"connection"  |
|                      |                          |                                |                                |        | value:"content-encoding"                  |
|                      |                          |                                |                                |        | value:"content-length"                    |
|                      |                          |                                |                                |        | value:"content-type"                      |
|                      |                          |                                |                                |        | value:"date" value:"etag"                 |
|                      |                          |                                |                                |        | value:"expires" value:"keep-alive"        |
|                      |                          |                                |                                |        | value:"last-modified" value:"server"      |
|                      |                          |                                |                                |        | value:"vary"} stale:{enabled:true         |
|                      |                          |                                |                                |        | value:"error" value:"updating"}           |
|                      |                          |                                |                                |        | allowed_http_methods:{value:"GET"         |
|                      |                          |                                |                                |        | value:"POST" value:"HEAD"                 |
|                      |                          |                                |                                |        | value:"OPTIONS"}                          |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+

Delete the file from the cache:

yc cdn cache purge \
  --resource-id <CDN_resource_ID> \
  --path "/index.html"

Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
Delete index.html from the cache using the CacheService/Purge gRPC API call or the purge method.

Configure the canary-bg-production backend group so that canary-backend-green running version 2 processes 20% of the traffic coming to cdn.yandexcloud.example:
Management console

Yandex Cloud CLI

API
1. In the management console, select example-folder.
2. From the list of services, select Application Load Balancer.
3. In the left-hand panel, select Backend groups.
4. Select canary-bg-production.
5. Set the canary-backend-blue weight to 80 instead of 100:
  1. Under Backends, find canary-backend-blue, click , and select Edit.
  2. In the Weight field, specify 80.
  3. Click Save.
6. Similarly, set the canary-backend-green weight to 20 instead of 0.
7. Click Save.
1. Set the canary-backend-blue weight to 80 instead of 100:
  yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-blue \ --weight 80
  Result:
  done (1s) id: ds7l9puc18c9******** name: canary-bg-production folder_id: b1g9hv2loamq******** http: backends: - name: canary-backend-blue backend_weight: "80" storage_bucket: bucket: <blue_bucket_name> created_at: "2021-11-03T10:28:47.680825561Z"
  For more information about the yc alb backend-group update-http-backend command, see the CLI reference.
2. Set the canary-backend-green weight to 20 instead of 0:
  yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-green \ --weight 20
  Result:
  done (1s) id: ds7l9puc18c9******** name: canary-bg-production folder_id: b1g9hv2loamq******** http: backends: - name: canary-backend-green backend_weight: "20" storage_bucket: bucket: <green_bucket_name> created_at: "2021-11-03T10:28:47.680825561Z"
Use the BackendGroupService/UpdateBackend gRPC API call or the updateBackend REST API method.
Open https://cdn.yandexcloud.example/index.html in your browser several times. In about 20% of cases, you should see a page indicating version 2, and in the other cases, version 1.
Same as at steps 1-2, configure and check the following traffic allocations between the backends:
1. In the canary-bg-production backend group: 50% of traffic to each of the two backends.
2. In the canary-bg-production backend group: All traffic goes to canary-backend-green.
3. In the canary-bg-staging backend group (the cdn-staging.yandexcloud.example domain name): All traffic goes to canary-backend-blue.
Re-enable caching:
Management console

API
1. In the management console, select example-folder.
2. In the list of services, select Cloud CDN.
3. Select the CDN resource you created (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
4. Navigate to the Caching tab.
5. Click Edit.
6. Enable CDN caching.
7. Click Save.
1. Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
2. Enable caching using the ResourceService/Update gRPC API call or the list REST API method.

Blue-green deployment for rolling back to version 1

Disable caching of the CDN resource and delete index.html from the cache:
Management console

API
1. In the management console, select example-folder.
2. In the list of services, select Cloud CDN.
3. Select the CDN resource you created (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
4. Navigate to the Caching tab.
5. Click Edit.
6. Disable the CDN caching option.
7. Click Save.
1. Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
2. Disable caching using the ResourceService/Update gRPC API call or the list REST API method.

Delete index.html from the cache:

Management console

Yandex Cloud CLI

API

In the management console, select example-folder.
In the list of services, select Cloud CDN.
Select the CDN resource you created (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
Navigate to the Content tab.
Click Purge cache.
In the Purge type field, select Selective.
Enter the path to the file you uploaded: /index.html.
Click Purge cache.

Get the ID of the CDN resource you created:

yc cdn resource list

Result:

+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
|          ID          |          CNAME           |           CREATED AT           |           UPDATED AT           | ACTIVE |                  OPTIONS                  |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
| bc837xptmpkh******** | cdn.yandexcloud.example  | seconds:1637235693             | seconds:1637235693             | true   | edge_cache_settings:{enabled:true         |
|                      |                          | nanos:434085000                | nanos:434115000                |        | default_value:345600}                     |
|                      |                          |                                |                                |        | cache_http_headers:{value:"accept-ranges" |
|                      |                          |                                |                                |        | value:"cache-control" value:"connection"  |
|                      |                          |                                |                                |        | value:"content-encoding"                  |
|                      |                          |                                |                                |        | value:"content-length"                    |
|                      |                          |                                |                                |        | value:"content-type"                      |
|                      |                          |                                |                                |        | value:"date" value:"etag"                 |
|                      |                          |                                |                                |        | value:"expires" value:"keep-alive"        |
|                      |                          |                                |                                |        | value:"last-modified" value:"server"      |
|                      |                          |                                |                                |        | value:"vary"} stale:{enabled:true         |
|                      |                          |                                |                                |        | value:"error" value:"updating"}           |
|                      |                          |                                |                                |        | allowed_http_methods:{value:"GET"         |
|                      |                          |                                |                                |        | value:"POST" value:"HEAD"                 |
|                      |                          |                                |                                |        | value:"OPTIONS"}                          |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+

Delete the file from the cache:

yc cdn cache purge \
  --resource-id <CDN_resource_ID> \
  --path "/index.html"

Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
Delete index.html from the cache using the CacheService/Purge gRPC API call or the purge method.

Re-route all traffic from the cdn.yandexcloud.example domain name back to canary-backend-blue running version 1:

Management console

Yandex Cloud CLI

API

In the management console, select example-folder.
From the list of services, select Application Load Balancer.
In the left-hand panel, select Backend groups.
Select canary-bg-production.
Set the canary-backend-blue weight to 100 instead of 0:
1. Under Backends, find canary-backend-blue, click , and select Edit.
2. In the Weight field, specify 100.
3. Click Save.
Similarly, set the canary-backend-green weight to 0 instead of 100.
Click Save.

Set the canary-backend-blue weight to 100 instead of 0:

yc alb backend-group update-http-backend \
  --backend-group-name canary-bg-production \
  --name canary-backend-blue \
  --weight 100

Result:

done (1s)
id: ds7l9puc18c9********
name: canary-bg-production
folder_id: b1g9hv2loamq********
http:
  backends:
  - name: canary-backend-blue
    backend_weight: "100"
    storage_bucket:
      bucket: <blue_bucket_name>
created_at: "2021-11-03T10:28:47.680825561Z"

Set the canary-backend-green weight to 0 instead of 100:

yc alb backend-group update-http-backend \
  --backend-group-name canary-bg-production \
  --name canary-backend-green \
  --weight 0

Result:

done (1s)
id: ds7l9puc18c9********
name: canary-bg-production
folder_id: b1g9hv2loamq********
http:
  backends:
  - name: canary-backend-green
    backend_weight: "0"
    storage_bucket:
      bucket: <green_bucket_name>
created_at: "2021-11-03T10:28:47.680825561Z"

Use the BackendGroupService/UpdateBackend gRPC API call or the updateBackend REST API method.

Open https://cdn.yandexcloud.example/index.html in your browser several times. Each time, you should see a page indicating version 1.
Same as at steps 1-2, switch all traffic from cdn-staging.yandexcloud.example to canary-backend-green running version 2 and check the switchover in your browser.
Re-enable caching:
Management console

API
1. In the management console, select example-folder.
2. In the list of services, select Cloud CDN.
3. Select the CDN resource you created (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
4. Navigate to the Caching tab.
5. Click Edit.
6. Enable CDN caching.
7. Click Save.
1. Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
2. Enable caching using the ResourceService/Update gRPC API call or the list REST API method.

How to delete the resources you created

To shut down the infrastructure and stop paying for the resources you created:

If you set up CNAME records in Cloud DNS, delete the canary-dns-zone DNS zone.
Delete the CDN resource with cdn.yandexcloud.example as the primary domain name.
Delete canary-balancer.
Delete all objects from the blue and green buckets.
Delete the blue and green buckets.
Delete canary-subnet-ru-central1-a, canary-subnet-ru-central1-b, and canary-subnet-ru-central1-d.
Delete canary-network.

Enabling a blue-green and canary deployment of web service versions

Supported toolsSupported tools

Get your cloud readyGet your cloud ready

Required paid resourcesRequired paid resources

Add a certificate to Certificate ManagerAdd a certificate to Certificate Manager

Create a cloud network and subnetsCreate a cloud network and subnets

Create buckets in Object StorageCreate buckets in Object Storage

Upload the files of your service to the bucketsUpload the files of your service to the buckets

Create a security groupCreate a security group

Create Application Load Balancer backend groupsCreate Application Load Balancer backend groups

Create an HTTP router and virtual hostsCreate an HTTP router and virtual hosts

Create an L7 load balancerCreate an L7 load balancer

Create a CDN resourceCreate a CDN resource

Configure DNS for the serviceConfigure DNS for the service

Test the service and version switchingTest the service and version switching

Check oneCheck one

Canary deployment of version 2Canary deployment of version 2

Blue-green deployment for rolling back to version 1Blue-green deployment for rolling back to version 1

How to delete the resources you createdHow to delete the resources you created

Was the article helpful?

Supported tools

Get your cloud ready

Required paid resources

Add a certificate to Certificate Manager

Create a cloud network and subnets

Create buckets in Object Storage

Upload the files of your service to the buckets

Create a security group

Create Application Load Balancer backend groups

Create an HTTP router and virtual hosts

Create an L7 load balancer

Create a CDN resource

Configure DNS for the service

Test the service and version switching

Check one

Canary deployment of version 2

Blue-green deployment for rolling back to version 1

How to delete the resources you created