Enabling blue-green and canary deployment of web service versions

Written by

Supported tools
Prepare your cloud
- Required paid resources
Create a cloud network and subnets
Create buckets in Object Storage
Upload the files of your service to the buckets
Create a security group
Create Application Load Balancer backend groups#create-l7backend.
Create an HTTP router and virtual hosts
Create an L7 load balancer
Create a CDN resource
Configure DNS for the service
Run a health check and test the switching between versions
How to delete the resources you created

Configure web service architecture to switch between versions using the commonly adopted deployment models: blue-green deployment and canary deployment.

Both models use two backends: a "blue" and a "green" one. First you deploy a stable version generally available to users on one backend (let it be the blue one). Then you use the other backend (the green one) to test the next version. When the testing is complete, the backends switch roles:

With a blue-green deployment, all user traffic switches from one backend to the other right away.
With canary deployment, the traffic is switched over gradually, starting with some part of your user base.

After that, the green backend becomes the primary one, and you can use the "blue" backend to test your next version. As long as your previous version runs on the blue backend, you can roll the service back to it by switching the backends back.

In this tutorial, we use Yandex Object Storage buckets as backends with the Yandex Application Load Balancer L7 load balancer switching traffic between them. User requests are transmitted to the load balancer via the Yandex Cloud CDN content delivery network (CDN) that reduces the time of content delivery.

We'll use the domain names cdn.yandexcloud.example and cdn-staging.yandexcloud.example as examples.

To perform steps, you can use various supported tools.

To build an architecture for the blue-green and canary deployment:

If you no longer need the resources you created, delete them.

Supported tools

You can complete most of the steps in the tutorial in any standard tool, such as the management console, Yandex Cloud and AWS CLIs, Terraform, and the Yandex Cloud API. Each step lists tools supported for it.

Some steps do not support certain tools:

Currently, you cannot use CLIs and Terraform to:
- Create a Application Load Balancer backend group with buckets as backends.
- Get the domain name of a CDN load balancer when configuring DNS for the service.
- Disable and enable caching of a CDN resource when running a health check and testing version switching.
Currently, you cannot get the domain name of a CDN load balancer when configuring DNS for the service.

Prepare your cloud

Before you start, sign up for Yandex Cloud and create a billing account:

Go to the management console and log in to Yandex Cloud or register if you don't have an account yet.
On the billing page, make sure you linked a billing account and it has the ACTIVE or TRIAL_ACTIVE status. If you don't have a billing account, create one.

If you have an active billing account, you can go to the cloud page to create or select a folder to run your infrastructure.

Learn more about clouds and folders.

We use a folder named example-folder as an example.

Required paid resources

The cost of this infrastructure includes:

Fee for data storage in Object Storage, operations with data, and outgoing traffic (see Object Storage pricing).
Fee for using computing resources of the L7 load balancer (see Application Load Balancer pricing).
Fee for outgoing traffic from CDN servers (see Cloud CDN pricing).
Fee for public DNS queries and DNS zones if you use Yandex Cloud DNS (see Cloud DNS pricing).

Create a cloud network and subnets

All resources belong to the same cloud network.

To create a network and subnets:

Management console

CLI

Terraform

API

In the management console, select example-folder.
In the list of services, select Virtual Private Cloud.
Click Create network.
Specify the Name of the network: canary-network.
In the Advanced field, select Create subnets.
Click Create network.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

Create a network named canary-network:

yc vpc network create canary-network

Result:

id: enptrcle5q3d3ktd33hj
folder_id: b1g9hv2loamqfnbul7d9
created_at: "2021-11-03T09:25:03Z"
name: canary-network
default_security_group_id: enpbsnnop4akg7ng70ll

For more information about the yc vpc network create command, see the CLI reference.

Create subnets in all availability zones.

In ru-central1-a:

yc vpc subnet create canary-subnet-ru-central1-a \
  --zone ru-central1-a \
  --network-name canary-network \
  --range 10.1.0.0/16

Result:

id: e9bnnssj8sc8mjhat9qk
folder_id: b1g9hv2loamqfnbul7d9
created_at: "2021-11-03T09:27:00Z"
name: canary-subnet-ru-central1-a
network_id: enptrcle5q3d3ktd33hj
zone_id: ru-central1-a
v4_cidr_blocks:
- 10.1.0.0/16

In ru-central1-b:

yc vpc subnet create canary-subnet-ru-central1-b \
  --zone ru-central1-b \
  --network-name canary-network \
  --range 10.2.0.0/16

Result:

id: e2lghukd9iqo4haidjbt
folder_id: b1g9hv2loamqfnbul7d9
created_at: "2021-11-03T09:27:39Z"
name: canary-subnet-ru-central1-b
network_id: enptrcle5q3d3ktd33hj
zone_id: ru-central1-b
v4_cidr_blocks:
- 10.2.0.0/16

In ru-central1-c:

yc vpc subnet create canary-subnet-ru-central1-c \
  --zone ru-central1-c \
  --network-name canary-network \
  --range 10.3.0.0/16

Result:

id: b0c3pte4o2kn4v12o05p
folder_id: b1g9hv2loamqfnbul7d9
created_at: "2021-11-03T09:28:08Z"
name: canary-subnet-ru-central1-c
network_id: enptrcle5q3d3ktd33hj
zone_id: ru-central1-c
v4_cidr_blocks:
- 10.3.0.0/16

For more information about the yc vpc subnet create command, see the CLI reference.

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

In the configuration file, describe the parameters of canary-network and its subnets: canary-subnet-ru-central1-a, canary-subnet-ru-central1-b, and canary-subnet-ru-central1-c:

resource "yandex_vpc_network" "canary-network" {
  name = "canary-network"
}

resource "yandex_vpc_subnet" "canary-subnet-a" {
  name           = "canary-subnet-ru-central1-a"
  zone           = "ru-central1-a"
  network_id     = "${yandex_vpc_network.canary-network.id}"
  v4_cidr_blocks = ["10.1.0.0/16"]
}

resource "yandex_vpc_subnet" "canary-subnet-b" {
  name           = "canary-subnet-ru-central1-b"
  zone           = "ru-central1-b"
  network_id     = "${yandex_vpc_network.canary-network.id}"
  v4_cidr_blocks = ["10.2.0.0/16"]
}

resource "yandex_vpc_subnet" "canary-subnet-c" {
  name           = "canary-subnet-ru-central1-c"
  zone           = "ru-central1-c"
  network_id     = "${yandex_vpc_network.canary-network.id}"
  v4_cidr_blocks = ["10.3.0.0/16"]
}

Learn more in the description of the yandex_vpc_network and yandex_vpc_subnet resources in the Terraform provider documentation.

Make sure the configuration files are valid.
1. In the command line, go to the directory where you created the configuration file.
2. Run the check using this command:
```
terraform plan
```
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm that you want to create the resources.

Create the canary-network network using the NetworkService/Create or REST API create gRPC API method.
Create the canary-subnet-ru-central1-a, canary-subnet-ru-central1-b and canary-subnet-ru-central1-c in the three availability zones by calling the SubnetService/Create or the REST API create gRPC API method.

Create buckets in Object Storage

Create two buckets: canary-bucket-blue and canary-bucket-green:

Management console

AWS CLI

Terraform

API

In the management console, select example-folder.
In the list of services, select Object Storage.
Create a bucket named canary-bucket-blue:
1. Click Create bucket.
2. Specify the bucket Name: canary-bucket-blue.
3. In the Object read access and Object listing access fields, select Public.
4. Click Create bucket.
Similarly create a bucket named canary-bucket-green.

Create a bucket named canary-bucket-blue:

aws --endpoint-url https://storage.yandexcloud.net \
  s3 mb s3://canary-bucket-blue

Result:

make_bucket: s3://canary-bucket-blue

Enable public access to reading objects and their list:

aws --endpoint-url https://storage.yandexcloud.net \
  s3api put-bucket-acl \
  --bucket canary-bucket-blue \
  --acl public-read

In a similar way, create a bucket named canary-bucket-green and enable public access to it.

Add the parameters of the canary-bucket-blue and canary-bucket-green buckets to the configuration file:

...

resource "yandex_storage_bucket" "canary-bucket-blue" {
  bucket = "canary-bucket-blue"
  acl    = "public-read"
}

resource "yandex_storage_bucket" "canary-bucket-green" {
  bucket = "canary-bucket-green"
  acl    = "public-read"
}

For more information about the yandex_storage_bucket resource, see the Terraform provider documentation.

Make sure the configuration files are valid.
1. In the command line, go to the directory where you created the configuration file.
2. Run the check using this command:
```
terraform plan
```
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm that you want to create the resources.

Use the create REST API method.

Upload the files of your service to the buckets

Create two files named index.html. They will represent two service versions: version 1 and version 2.

Example of the index.html file version 1

<!DOCTYPE html>
<html>
  <head>
    <title>Version 1</title>
  </head>
  <body>
    <p>Version 1 is working</p>
  </body>
</html>

Example of the index.html file version 2

<!DOCTYPE html>
<html>
  <head>
    <title>Version 2</title>
  </head>
  <body>
    <p>Version 2 is working</p>
  </body>
</html>

Upload files to buckets:
Management console

AWS CLI

Terraform

API
1. In the management console, select example-folder.
2. In the list of services, select Object Storage.
3. In the bucket list, select canary-bucket-blue.
4. Click Upload and select the index.html file for version 1.
5. Similarly upload to the canary-bucket-green bucket the index.html file for version 2.
1. To the canary-bucket-blue bucket, upload the index.html file version 1:
  aws --endpoint-url https://storage.yandexcloud.net \ s3 cp v1/index.html s3://canary-bucket-blue/index.html
  Result:
  upload: v1/index.html to s3://canary-bucket-blue/index.html
2. Upload to the canary-bucket-green bucket the index.html file version 2:
  aws --endpoint-url https://storage.yandexcloud.net \ s3 cp v2/index.html s3://canary-bucket-green/index.html
  Result:
  upload: v2/index.html to s3://canary-bucket-green/index.html
1. To the configuration file, add the parameters of the v1/index.html and v2/index.html files uploaded to canary-bucket-blue and canary-bucket-green, respectively:
  ... resource "yandex_storage_object" "canary-bucket-blue-index" { bucket = "canary-bucket-blue" key = "index.html" source = "v1/index.html" } resource "yandex_storage_bucket" "canary-bucket-green-index" { bucket = "canary-bucket-green" key = "index.html" source = "v2/index.html" }
  For more information about the yandex_storage_object resource, see the Terraform provider documentation.
2. Make sure the configuration files are valid.
  1. In the command line, go to the directory where you created the configuration file.
  2. Run the check using this command:
    
    terraform plan
  If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
3. Deploy cloud resources.
  1. If the configuration does not contain any errors, run this command:
    
    terraform apply
  2. Confirm that you want to create the resources.
Use the upload REST API method.

Create a security group

Note

Security groups are at the Preview stage. If they are unavailable on your network, all incoming and outgoing traffic will be allowed for the resources. No additional setup is required.

To enable security groups, request access to this feature from the support team.

Security groups contain rules that allow the L7 load balancer to receive incoming traffic and send it to backend buckets.

To create security groups:

Management console

CLI

Terraform

API

In the management console, select Virtual Private Cloud.
Click the Security groups tab.
Click Create group.
Enter the Name of the group: canary-sg.
Select the canary-network Network.

Under Rules, create the following rules using the instructions below the table:

Traffic direction	Description	Port range	Protocol	Source/ destination type	Source / destination
Outgoing	any	All	Any	CIDR	0.0.0.0/0
Incoming	ext-http	80	TCP	CIDR	0.0.0.0/0
Incoming	ext-https	443	TCP	CIDR	0.0.0.0/0
Incoming	healthchecks	30080	TCP	Load balancer health checks	N/A

Go to the Outgoing traffic or Incoming traffic tab.
Click Add rule.
In the Port range field of the window that opens, specify a single port or a range of ports that traffic will come to or from.
In the Protocol field, specify the desired protocol or leave Any to allow traffic transmission over any protocol.
In the Purpose or Source field, select the purpose of the rule:
- CIDR: Rule will apply to the range of IP addresses. In the CIDR blocks field, specify the CIDR and masks of subnets that traffic will come to or from. To add multiple CIDRs, click Add CIDR.
- Security group: Rule will apply to the VMs from the current group or the selected security group.
- Load balancer health checks: Rule that allows an L7 load balancer to check the health of VMs.
Click Save. Repeat the steps to create all rules from the table.

Click Save.

Run the following command:

yc vpc security-group create canary-sg \
  --network-name canary-network \
  --rule direction=egress,port=any,protocol=any,v4-cidrs=[0.0.0.0/0] \
  --rule direction=ingress,port=80,protocol=tcp,v4-cidrs=[0.0.0.0/0] \
  --rule direction=ingress,port=443,protocol=tcp,v4-cidrs=[0.0.0.0/0] \
  --rule direction=ingress,port=30080,protocol=tcp,predefined=loadbalancer_healthchecks

Result:

id: enpd133ngcnrgc8475cc
folder_id: b1g9hv2loamqfnbul7d9
created_at: "2021-11-03T10:26:16Z"
name: canary-sg
network_id: enptrcle5q3d3ktd33hj
status: ACTIVE
rules:
- id: enpkgrpi2gsibdm6aotd
  direction: EGRESS
  protocol_name: ANY
  protocol_number: "-1"
  cidr_blocks:
    v4_cidr_blocks:
    - 0.0.0.0/0
- id: enpgssij0i168jknb85r
  direction: INGRESS
  ports:
    from_port: "80"
    to_port: "80"
  protocol_name: TCP
  protocol_number: "6"
  cidr_blocks:
    v4_cidr_blocks:
    - 0.0.0.0/0
- id: enp0bft67j9lrlnhdur5
  direction: INGRESS
  ports:
    from_port: "443"
    to_port: "443"
  protocol_name: TCP
  protocol_number: "6"
  cidr_blocks:
    v4_cidr_blocks:
    - 0.0.0.0/0
- id: enpmorcimu65fk4oaanm
  direction: INGRESS
  ports:
    from_port: "30080"
    to_port: "30080"
  protocol_name: TCP
  protocol_number: "6"
  predefined_target: loadbalancer_healthchecks

For more information about the yc vpc security-group create command, see the CLI reference.

Add the canary-sg security group parameters to the configuration file:

resource "yandex_vpc_security_group" "canary-sg" {
  name       = "canary-sg"
  network_id = yandex_vpc_network.canary-network.id

  egress {
    protocol       = "ANY"
    port           = "ANY"
    v4_cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol       = "TCP"
    port           = 80
    v4_cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol       = "TCP"
    port           = 443
    v4_cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol          = "TCP"
    port              = 30080
    predefined_target = "loadbalancer_healthchecks"
  }
}

For more information about resource parameters in Terraform, see the provider documentation.

Make sure the configuration files are valid.
1. In the command line, go to the directory where you created the configuration file.
2. Run the check using this command:
```
terraform plan
```
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm that you want to create the resources.

Use the SecurityGroupService/Create gRPC API call or the create REST API method.

To add a rule for load balancer health checks, use the loadbalancer_healthchecks parameter in the SecurityGroupRuleSpec.target.predefined_target field for the gRPC API or the predefinedTarget field for the REST API.

Create Application Load Balancer backend groups#create-l7backend.

Management console

API

Create a backend group named canary-bg-production with the canary-backend-blue and canary-backend-green backends:
1. In the management console, select example-folder.
2. In the list of services, select Application Load Balancer and go to the Backend groups tab.
3. Click Create backend group.
4. Enter the backend group name: canary-bg-production.
5. Under Backends, click Add. Specify the backend settings:
  1. Enter the backend name: canary-backend-blue.
  2. Set the weight of the backend: 100.
  3. Select Bucket as the backend type.
  4. In the Bucket field, enter the bucket name: canary-bucket-blue.
6. Click Add and similarly enter settings for the canary-backend-green backend with the weight of 0 and the canary-bucket-green bucket.
7. Click Create.
In a similar way, create a backend group named canary-bg-staging. For the canary-backend-blue backend, set the weight to 0; for canary-backend-green, set the weight to 100.
If you are going to complete the next steps in Terraform, copy the IDs of the canary-bg-production and canary-bg-staging backend groups from the Backend groups tab.

Use the BackendGroupService/Create gRPC API call or the create REST API method.

Create an HTTP router and virtual hosts

Create an HTTP router with two virtual hosts: cdn.mywebsite.com and cdn-staging.mywebsite.com:

Management console

CLI

Terraform

API

In the management console, select example-folder.
In the list of services, select Application Load Balancer and go to the HTTP routers tab.
Click Create HTTP router.
Enter the router name: canary-router.
Create a virtual host named canary-vh-production:
1. Under Virtual hosts, click Add virtual host.
2. Enter the host name: canary-vh-production.
3. Specify the value for Authority: cdn.yandexcloud.example
4. Click Add route.
5. Enter the Name: canary-route-production.
6. In the Path field, select Starts with and specify the path /.
7. In the HTTP methods list, select GET.
8. In the Action field, leave the Routing value.
9. In the Backend group list, select canary-bg-production.
In a similar way, create a virtual host named canary-vh-staging with the following parameters:
- Authority: cdn-staging.yandexcloud.example.
- Route Name: canary-route-staging.
- Backend group: canary-bg-staging.
- The other parameters are the same as for canary-vh-production.
Leave all other settings as they are and click Create.

Create the canary-router HTTP Router:

yc alb http-router create canary-router

Result:

id: ds7qd0vj01djuu3c6f8q
name: canary-router
folder_id: b1g9hv2loamqfnbul7d9
created_at: "2021-11-03T10:31:41.027649223Z"

For more information about the yc alb http-router create command, see the CLI reference.

Create a virtual host named canary-vh-production:

yc alb virtual-host create canary-vh-production \
  --http-router-name canary-router \
  --authority cdn.yandexcloud.example

Result:

done (1s)
name: canary-vh-production
authority:
- cdn.yandexcloud.example

For more information about the yc alb virtual-host create command, see the CLI reference.

Create a route named canary-route-production in the canary-vh-production virtual host:

yc alb virtual-host append-http-route canary-route-production \
  --http-router-name canary-router \
  --virtual-host-name canary-vh-production \
  --prefix-path-match "/" \
  --backend-group-name canary-bg-production

Result:

done (1s)
name: canary-vh-production
authority:
- cdn.yandexcloud.example
routes:
- name: canary-route-production
  http:
    match:
      path:
        prefix_match: /
    route:
      backend_group_id: ds7pbm5fj2v09ptnn29p

For more information about the yc alb virtual-host append-http-route command, see the CLI reference.

Create a virtual host named canary-vh-staging:

yc alb virtual-host create canary-vh-staging \
  --http-router-name canary-router \
  --authority cdn-staging.yandexcloud.example

Result:

done (1s)
name: canary-vh-staging
authority:
- cdn-staging.yandexcloud.example

Create a route named canary-route-staging in the canary-vh-staging virtual host:

yc alb virtual-host append-http-route canary-route-staging \
  --http-router-name canary-router \
  --virtual-host-name canary-vh-staging \
  --prefix-path-match "/" \
  --backend-group-name canary-bg-staging

Result:

done (1s)
name: canary-vh-staging
authority:
- cdn-staging.yandexcloud.example
routes:
- name: canary-route-staging
  http:
    match:
      path:
        prefix_match: /
    route:
      backend_group_id: ds765atleotaiui5pqeu

To the configuration file, add parameters of the canary-router HTTP router, its virtual hosts and routes:

...

resource "yandex_alb_http_router" "canary-router" {
  name = "canary-router"
}

resource "yandex_alb_virtual_host" "canary-vh-production" {
  name           = "canary-vh-production"
  http_router_id = ${yandex_alb_http_router.canary-router.id}
  authority      = "cdn.yandexcloud.example"

  route {
    name = "canary-route-production"
    http_route {
      http_route_action {
        backend_group_id = "<ID_of_the_backend_group_canary-bg-production>"
      }
    }
  }  
}

resource "yandex_alb_virtual_host" "canary-vh-staging" {
  name           = "canary-vh-staging"
  http_router_id = ${yandex_alb_http_router.canary-router.id}
  authority      = "cdn-staging.yandexcloud.example"

  route {
    name = "canary-route-staging"
    http_route {
      http_route_action {
        backend_group_id = "<ID_of the_backend_group_canary-bg-staging>"
      }
    }
  }  
}

Learn more in the description of the yandex_alb_http_router and yandex_alb_virtual_host resources in the Terraform provider documentation.

Make sure the configuration files are valid.
1. In the command line, go to the directory where you created the configuration file.
2. Run the check using this command:
```
terraform plan
```
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm that you want to create the resources.

Create the example-router HTTP canary-router using the HttpRouterService/Create gRPC API call or the create REST API method.
Create the canary-vh-production and canary-vh-staging virtual hosts linked to the router, then create their routes using the VirtualHostService/Create gRPC API call or the create REST API method.

Create an L7 load balancer

Management console

CLI

Terraform

API

In the management console, select example-folder.
In the list of services, select Application Load Balancer, then click Load balancers.
Click Create L7 load balancer.
Enter the load balancer name: canary-balancer.
Under Network settings:
1. Select the canary-network Network.
2. Select the canary-sg Security group. If you leave this field blank, any incoming and outgoing traffic will be allowed for the load balancer.
Under Allocation, select three subnets for the load balancer nodes: canary-subnet-ru-central1-a, canary-subnet-ru-central1-b, and canary-subnet-ru-central1-c, then enable traffic to these subnets.
Click Add listener under Listeners. Set the listener settings:
1. Enter the listener name: canary-listener.
2. Under Public IP address settings, enable traffic.
3. Set the port to 80.
4. In the Assign IP address field, select Automatically.
In the HTTP router field, select canary-router.
Click Create.

Get the IDs of subnets for canary-network:

yc vpc network list-subnets canary-network

Result:

+----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+
|          ID          |            NAME             |      FOLDER ID       |      NETWORK ID      | ROUTE TABLE ID |     ZONE      |     RANGE     |
+----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+
| e9bnnssj8sc8mjhat9qk | canary-subnet-ru-central1-c | b1g9hv2loamqfnbul7d9 | enptrcle5q3d3ktd33hj |                | ru-central1-c | [10.1.0.0/16] |
| e2lghukd9iqo4haidjbt | canary-subnet-ru-central1-b | b1g9hv2loamqfnbul7d9 | enptrcle5q3d3ktd33hj |                | ru-central1-b | [10.2.0.0/16] |
| b0c3pte4o2kn4v12o05p | canary-subnet-ru-central1-a | b1g9hv2loamqfnbul7d9 | enptrcle5q3d3ktd33hj |                | ru-central1-a | [10.3.0.0/16] |
+----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+

For more information about the yc vpc network list-subnets command, see the CLI reference.

Get the canary-sg security group ID:
```
yc vpc security-group get canary-sg | grep "^id"
```
Result:
```
id: enpd133ngcnrgc8475cc
```
For more information about the yc vpc security-group get command, see the CLI reference.

Create a load balancer named canary-balancer:

yc alb load-balancer create canary-balancer \
  --network-name canary-network \
  --security-group-id <canary-sg_security_group_ID> \
  --location zone=ru-central1-a,subnet-id=<canary-subnet-ru-central1-a_subnet_ID> \
  --location zone=ru-central1-b,subnet-id=<canary-subnet-ru-central1-b_subnet_ID> \
  --location zone=ru-central1-c,subnet-id=<canary-subnet-ru-central1-c_subnet_ID>

Result:

done (3m0s)
id: ds77q7v39b4ubg8ta2n4
name: canary-balancer
folder_id: b1g9hv2loamqfnbul7d9
status: ACTIVE
region_id: ru-central1
network_id: enptrcle5q3d3ktd33hj
allocation_policy:
  locations:
  - zone_id: ru-central1-c
    subnet_id: b0c3pte4o2kn4v12o05p
  - zone_id: ru-central1-b
    subnet_id: e2lghukd9iqo4haidjbt
  - zone_id: ru-central1-a
    subnet_id: e9bnnssj8sc8mjhat9qk
log_group_id: ckg23vr4dlkse3hvq0kc
security_group_ids:
- enpd133ngcnrgc8475cc
created_at: "2021-11-03T10:55:49.134935148Z"

For more information about the yc alb load-balancer create command, see the CLI reference.

Add a listener to the load balancer:

yc alb load-balancer add-listener \
  --name canary-balancer \
  --listener-name canary-listener \
  --external-ipv4-endpoint port=80 \
  --http-router-name canary-router

Result:

done (43s)
id: ds77q7v39b4ubg8ta2n4
name: canary-balancer
folder_id: b1g9hv2loamqfnbul7d9
status: ACTIVE
region_id: ru-central1
network_id: enptrcle5q3d3ktd33hj
listeners:
- name: canary-listener
  endpoints:
  - addresses:
    - external_ipv4_address:
        address: 84.252.133.149
    ports:
    - "80"
  http:
    handler:
      http_router_id: ds7qd0vj01djuu3c6f8q
allocation_policy:
  locations:
  - zone_id: ru-central1-c
    subnet_id: b0c3pte4o2kn4v12o05p
  - zone_id: ru-central1-b
    subnet_id: e2lghukd9iqo4haidjbt
  - zone_id: ru-central1-a
    subnet_id: e9bnnssj8sc8mjhat9qk
log_group_id: ckg23vr4dlkse3hvq0kc
security_group_ids:
- enpd133ngcnrgc8475cc
created_at: "2021-11-03T10:55:49.134935148Z"

For more information about the yc alb load-balancer add-listener command, see the CLI reference.

Add the parameters of the canary-balancer L7 load balancer to the configuration file:

...

resource "yandex_alb_load_balancer" "canary-balancer" {
  name               = "canary-balancer"
  network_id         = ${yandex_vpc_network.canary-network.id}
  security_group_ids = [ ${yandex_vpc_security_group.canary-sg.id} ]

  allocation_policy {
    location {
      zone_id   = "ru-central1-a"
      subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-a.id}
    }

    location {
      zone_id   = "ru-central1-b"
      subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-b.id}
    }

    location {
      zone_id   = "ru-central1-c"
      subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-c.id}
    }
  }

  listener {
    name = "canary-listener"
    endpoint {
      address {
        external_ipv4_address {
        }
      }
      ports = [80]
    }
    http {
      handler {
        http_router_id = ${yandex_alb_http_router.canary-router.id}
      }
    }
  }
}

For more information about the yandex_alb_load_balancer resource, see the Terraform provider documentation.

Make sure the configuration files are valid.
1. In the command line, go to the directory where you created the configuration file.
2. Run the check using this command:
```
terraform plan
```
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm that you want to create the resources.

Use the LoadBalancerService/Create gRPC API call or the create REST API method.

Create a CDN resource

Management console

CLI

Terraform

API

In the management console, select example-folder.
In the list of services, select Cloud CDN.
If the CDN provider hasn't been activated yet, click Activate provider.
Create a CDN resource:
1. On the CDN resources tab, click Create resource.
2. Set up the main parameters of the CDN resource as follows:
  - Content query: From one origin.
  - Source type: L7 load balancer.
  - L7 load balancer: canary-balancer.
  - IP address: The IP address assigned to the load balancer (the only one in the list).
  - Domain names for content distribution: cdn.yandexcloud.example and cdn-staging.yandexcloud.example.
    
    Alert
    
    The first domain name cdn.yandexcloud.example will become the primary one, and you won't be able to edit it after you create a CDN resource.
  - In the Advanced section:
    - In the Source protocol field, select HTTP.
    - In the Redirect clients field, select Don't use.
    - Enable End-user access to content.
    - In the Certificate type field, select Let's Encrypt® to automatically issue a certificate for the cdn.yandexcloud.example and cdn-staging.yandexcloud.example domain names after creating the CDN resource.
    - In the Host header field, select Forward.
3. Click Create.
Wait until the Let's Encrypt® certificate is issued for the domain name. This may take up to 30 minutes.
Enable a client redirect from HTTP to HTTPS:
1. In the CDN resources tab, select the previously created resource.
2. Make sure the certificate status under Additional changes to Issued.
3. At the top right, click Edit.
4. Under Additional, in the Redirect clients field, select HTTP to HTTPS.
5. Click Save.
Enable caching on CDN servers for the resource:
1. In the CDN resources tab, select the previously created resource.
2. Go to Caching.
3. At the top right, click Edit.
4. Enable CDN caching.
5. Click Save.

If the CDN provider hasn't been activated yet, run the command:

yc cdn provider activate --folder-id <folder_ID> --type gcore

Create the canary-origin-grouporigin group by indicating the IP address of the load balancer:

yc cdn origin-group create --name "canary-origin-group" \
  --origin source=<load_balancer_IP_address>:80,enabled=true

Result:

id: "90748"
folder_id: b1geoelk7fldts6chmjq
name: canary-origin-group
use_next: true
origins:
- id: "562449"
  origin_group_id: "90748"
  source: 51.250.10.216:80
  enabled: true

For more information about the yc cdn origin-group create command, see the CLI reference.

Copy the origin_group_id from the previous step and create a CDN resource by running the command:

yc cdn resource create \
  --cname cdn.yandexcloud.example \
  --origin-group-id <origin_group_ID> \
  --secondary-hostnames cdn-staging.yandexcloud.example \
  --origin-protocol http \
  --lets-encrypt-gcore-ssl-cert \
  --forward-host-header

Result:

id: bc843k2yinvq5fhgvuvc
folder_id: b1ge1elk72ldts6chmjq
cname: cdn.yandexcloud.example
...
active: true
...
...
secondary_hostnames:
- cdn-staging.yandexcloud.example
...

For more information about the yc cdn resource create command, see the CLI reference.

Enable a client redirect for a resource:

yc cdn resource update <resource_ID> --redirect-http-to-https

Add parameters of CDN resources to the configuration file:

...

resource "yandex_cdn_origin_group" "my_group" {
  name     = "canary-origin-group"
  use_next = true
  origin {
   source = "<load_balancer_IP_address>:80"
   backup = false
  }
}

resource "yandex_cdn_resource" "my_resource" {

    cname               = "cdn.yandexcloud.example"
    active              = true
    origin_protocol     = "http"
    secondary_hostnames = ["cdn-staging.yandexcloud.example"]
    origin_group_id     = yandex_cdn_origin_group.my_group.id
    ssl_certificate {
      type = "lets_encrypt_gcore"
    }
    options {
        edge_cache_settings    = "345600"
        browser_cache_settings = "1800"
        ignore_cookie          = true
        ignore_query_params    = false
    }

}

For more information, see the descriptions of the yandex_cdn_origin_group and yandex_cdn_resource resources in the Terraform provider documentation.

Make sure the configuration files are valid.
1. In the command line, go to the directory where you created the configuration file.
2. Run the check using this command:
```
terraform plan
```
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm the resource creation: type yes in the terminal and press Enter.
Once you are done, all the resources you need will be created in the specified folder. You can check that the resources are there and their settings are correct using the management console.
Enable client redirect for a resource. Add the following field at the beginning of the options section for a CDN resource:
```
...
options {
  redirect_https_to_http = true
...
```
Run the check using this command:
```
terraform plan
```
If the configuration is described correctly, the terminal will display a list of updated resources and their parameters. If the configuration contains any errors, Terraform will point them out.
If there are no errors, run this command:
```
terraform apply
```
Confirm the resource update: type yes in the terminal and press Enter.

This enables redirect for the resource.

Use the ResourceService/Create gRPC API call or the create REST API method.

Configure DNS for the service

The cdn.yandexcloud.example and cdn-staging.yandexcloud.example domain names must be linked to the CDN resource using DNS records.

To configure DNS:

Get the domain name of the CDN load balancer:
Management console
1. In the management console, select example-folder.
2. In the list of services, select Cloud CDN.
3. In the list of CDN resources, select the resource with the cdn.yandexcloud.example primary domain name.
4. From DNS settings, copy the domain name in cl-....edgecdn.ru format.
On the site of your DNS hosting provider, go to the DNS settings.
Create or edit CNAME records for cdn.yandexcloud.example and cdn-staging.yandexcloud.example to link them to the copied domain name:
```
cdn CNAME cl-....edgecdn.ru
cdn-staging CNAME cl-....edgecdn.ru
```
If you use Cloud DNS, follow these instructions to configure the record:
Instructions for configuring DNS records for Cloud DNS
Management console

CLI

Terraform

API
In the management console, select Cloud DNS.

If you don't have a public DNS zone, create one:

Click Create zone.

In the Zone field, enter the site's domain name with a trailing dot: yandexcloud.example.

Select the zone Type: Public.

Specify the Name of the zone: canary-dns-zone.

Click Create.

In the zone, create a CNAME record for cdn.yandexcloud.example:

In the list of zones, click canary-dns-zone.

Click Create record.

In the Name field, enter cdn.

Select the record Type: CNAME.

In the Value field, paste the copied value in cl-....edgecdn.ru format.

Click Create.

In a similar way, create in the same zone a CNAME record for cdn-staging.yandexcloud.example. In the Name field, specify cdn-staging.
If you don't have a public DNS zone, create one:

yc dns zone create \ --name canary-dns-zone \ --zone yandexcloud.example. \ --public-visibility

Result:

id: dns4rq4tadddth4h20qm folder_id: b1g9hv2loamqfnbul7d9 created_at: "2021-11-03T11:03:28.847Z" name: canary-dns-zone zone: yandexcloud.example. public_visibility: {}

For more information about the yc dns zone create command, see the CLI reference.

In the zone, create CNAME records for cdn.yandexcloud.example and cdn-staging.yandexcloud.example with a copied value in cl-....edgecdn.ru format:

yc dns zone add-records \ --name canary-dns-zone \ --record "cdn CNAME cl-....edgecdn.ru" \ --record "cdn-staging CNAME cl-....edgecdn.ru"

For more information about the yc dns zone add-records command, see the CLI reference.
Add the parameters of the canary-dns-zone DNS zone and its CNAME records to the configuration file:

... resource "yandex_dns_zone" "canary-dns-zone" { zone = "yandexcloud.example." name = "canary-dns-zone" public = true } resource "yandex_dns_recordset" "canary-recordset-production" { zone_id = ${yandex_dns_zone.canary-dns-zone.id} name = "cdn" type = "CNAME" data = ["<copied_value_in_the_format_cl-....edgecdn.ru>"] } resource "yandex_dns_recordset" "canary-recordset-staging" { zone_id = ${yandex_dns_zone.canary-dns-zone.id} name = "cdn-staging" type = "CNAME" data = ["<copied_value_in_the_format_cl-....edgecdn.ru>"] }

Learn more in the description of the yandex_dns_zone and yandex_dns_recordset resources in the Terraform provider documentation.

Make sure the configuration files are valid.

In the command line, go to the directory where you created the configuration file.

Run the check using this command:

terraform plan

If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.

Deploy cloud resources.

If the configuration does not contain any errors, run this command:

terraform apply

Confirm that you want to create the resources.
Create a DNS zone named canary-dns-zone using the DnsZoneService/Create gRPC API call or the create REST API method.

Add the cdn and cdn-staging CNAME records to the zone with a copied cl-....edgecdn.ru value by using the DnsZoneService/UpdateRecordSets gRPC API call or the updateRecordSets REST API method.

A few hours might be needed to update DNS records on DNS servers. After that, you can check the health of the service.

Run a health check and test the switching between versions

Check one

Check that the domain name cdn.yandexcloud.example corresponds to version 1 and cdn-staging.yandexcloud.example corresponds to version 2:

Open a browser and go to https://cdn.yandexcloud.example/index.html. You should see a page indicating version 1.

Delete index.html from the CDN resource cache:

Management console

CLI

API

In the management console, select example-folder.
In the list of services, select Cloud CDN.
Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
Go to the Content tab.
Click Purge cache.
Select the purge type: Selective.
Enter the path to the uploaded file: /index.html.
Click Purge cache.

Get the ID of the CDN resource that you created:

yc cdn resource list

Result:

+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
|          ID          |          CNAME           |           CREATED AT           |           UPDATED AT           | ACTIVE |                  OPTIONS                  |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
| bc837xptmpkhbc7xwioa | cdn.yandexcloud.example  | seconds:1637235693             | seconds:1637235693             | true   | edge_cache_settings:{enabled:true         |
|                      |                          | nanos:434085000                | nanos:434115000                |        | default_value:345600}                     |
|                      |                          |                                |                                |        | cache_http_headers:{value:"accept-ranges" |
|                      |                          |                                |                                |        | value:"cache-control" value:"connection"  |
|                      |                          |                                |                                |        | value:"content-encoding"                  |
|                      |                          |                                |                                |        | value:"content-length"                    |
|                      |                          |                                |                                |        | value:"content-type"                      |
|                      |                          |                                |                                |        | value:"date" value:"etag"                 |
|                      |                          |                                |                                |        | value:"expires" value:"keep-alive"        |
|                      |                          |                                |                                |        | value:"last-modified" value:"server"      |
|                      |                          |                                |                                |        | value:"vary"} stale:{enabled:true         |
|                      |                          |                                |                                |        | value:"error" value:"updating"}           |
|                      |                          |                                |                                |        | allowed_http_methods:{value:"GET"         |
|                      |                          |                                |                                |        | value:"POST" value:"HEAD"                 |
|                      |                          |                                |                                |        | value:"OPTIONS"}                          |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+

For more information about the yc cdn resource list command, see the CLI reference.

Delete the file from the cache:
```
yc cdn cache purge \
  --resource-id <CDN_resource_ID> \
  --path "/index.html"
```
For more information about the yc cdn cache purge command, see the CLI reference.

Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
Delete the index.html file from the cache using the CacheService/Purge gRPC API call or the purge method.

Open the browser and go to https://cdn-staging.yandexcloud.example/index.html. You should see a page indicating version 2.

Canary deployment of version 2

Disable caching of the CDN resource and delete the index.html file from the cache:
Management console

API
1. In the management console, select example-folder.
2. In the list of services, select Cloud CDN.
3. Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
4. Go to the Caching tab
5. Click Edit.
6. Disable CDN caching.
7. Click Save.
1. Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
2. Disable caching using the ResourceService/Update gRPC API call or the list REST API method.

Delete index.html from the cache:

Management console

CLI

API

In the management console, select example-folder.
In the list of services, select Cloud CDN.
Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
Go to the Content tab.
Click Purge cache.
Select the purge type: Selective.
Enter the path to the uploaded file: /index.html.
Click Purge cache.

Get the ID of the CDN resource that you created:

yc cdn resource list

Result:

+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
|          ID          |          CNAME           |           CREATED AT           |           UPDATED AT           | ACTIVE |                  OPTIONS                  |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
| bc837xptmpkhbc7xwioa | cdn.yandexcloud.example  | seconds:1637235693             | seconds:1637235693             | true   | edge_cache_settings:{enabled:true         |
|                      |                          | nanos:434085000                | nanos:434115000                |        | default_value:345600}                     |
|                      |                          |                                |                                |        | cache_http_headers:{value:"accept-ranges" |
|                      |                          |                                |                                |        | value:"cache-control" value:"connection"  |
|                      |                          |                                |                                |        | value:"content-encoding"                  |
|                      |                          |                                |                                |        | value:"content-length"                    |
|                      |                          |                                |                                |        | value:"content-type"                      |
|                      |                          |                                |                                |        | value:"date" value:"etag"                 |
|                      |                          |                                |                                |        | value:"expires" value:"keep-alive"        |
|                      |                          |                                |                                |        | value:"last-modified" value:"server"      |
|                      |                          |                                |                                |        | value:"vary"} stale:{enabled:true         |
|                      |                          |                                |                                |        | value:"error" value:"updating"}           |
|                      |                          |                                |                                |        | allowed_http_methods:{value:"GET"         |
|                      |                          |                                |                                |        | value:"POST" value:"HEAD"                 |
|                      |                          |                                |                                |        | value:"OPTIONS"}                          |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+

Delete the file from the cache:

yc cdn cache purge \
  --resource-id <CDN_resource_ID> \
  --path "/index.html"

Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
Delete the index.html file from the cache using the CacheService/Purge gRPC API call or the purge method.

Configure the canary-bg-production so that 20% of the traffic coming to the cdn.yandexcloud.example domain name is processed by the canary-backend-green backend that runs version 2:
Management console

CLI

API
1. In the management console, select example-folder.
2. In the list of services, select Application Load Balancer and go to the Backend groups tab.
3. Select canary-bg-production in the backend group list.
4. For the canary-backend-blue backend, set the weight to 80 instead of 100:
  1. In the Backends section, find canary-backend-blue, then click → Edit.
  2. In the Weight field, enter 80.
  3. Click Save.
5. Similarly set the weight to 20 instead of 0 for canary-backend-green.
6. Click Save.
1. For the canary-backend-blue backend, set the weight to 80 instead of 100:
  yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-blue \ --weight 80
  Result:
  done (1s) id: ds7l9puc18c9b40cd359 name: canary-bg-production folder_id: b1g9hv2loamqfnbul7d9 http: backends: - name: canary-backend-blue backend_weight: "80" storage_bucket: bucket: canary-bucket-blue created_at: "2021-11-03T10:28:47.680825561Z"
  For more information about the yc alb backend-group update-http-backend command, see the CLI reference.
2. Set the weight to 20 instead of 0 for canary-backend-green:
  yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-green \ --weight 20
  Result:
  done (1s) id: ds7l9puc18c9b40cd359 name: canary-bg-production folder_id: b1g9hv2loamqfnbul7d9 http: backends: - name: canary-backend-green backend_weight: "20" storage_bucket: bucket: canary-bucket-green created_at: "2021-11-03T10:28:47.680825561Z"
Use the BackendGroupService/UpdateBackend gRPC API call or the updateBackend REST API method.
Open the browser and go to https://cdn.yandexcloud.example/index.html, refreshing the page several times. In about 20% of cases, you should see a page indicating version 2, in the other cases, version 1.
Similarly to steps 1–2, configure and check the following traffic allocations between the backends:
1. In the canary-bg-production backend group: 50%-50% traffic distribution between backends.
2. In the canary-bg-production backend group, forward all traffic to canary-backend-green.
3. In the canary-bg-staging backend group (with the domain name of cdn-staging.yandexcloud.example), allocate all traffic to canary-backend-blue.
Re-enable caching:
Management console

API
1. In the management console, select example-folder.
2. In the list of services, select Cloud CDN.
3. Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
4. Go to the Caching tab
5. Click Edit.
6. Enable CDN caching.
7. Click Save.
1. Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
2. Enable caching using the ResourceService/Update gRPC API call or the list REST API method.

Blue-green deployment for rolling back to version 1

Disable caching of the CDN resource and delete the index.html file from the cache:
Management console

API
1. In the management console, select example-folder.
2. In the list of services, select Cloud CDN.
3. Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
4. Go to the Caching tab
5. Click Edit.
6. Disable CDN caching.
7. Click Save.
1. Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
2. Disable caching using the ResourceService/Update gRPC API call or the list REST API method.

Delete index.html from the cache:

Management console

CLI

API

In the management console, select example-folder.
In the list of services, select Cloud CDN.
Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
Go to the Content tab.
Click Purge cache.
Select the purge type: Selective.
Enter the path to the uploaded file: /index.html.
Click Purge cache.

Get the ID of the CDN resource that you created:

yc cdn resource list

Result:

+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
|          ID          |          CNAME           |           CREATED AT           |           UPDATED AT           | ACTIVE |                  OPTIONS                  |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
| bc837xptmpkhbc7xwioa | cdn.yandexcloud.example  | seconds:1637235693             | seconds:1637235693             | true   | edge_cache_settings:{enabled:true         |
|                      |                          | nanos:434085000                | nanos:434115000                |        | default_value:345600}                     |
|                      |                          |                                |                                |        | cache_http_headers:{value:"accept-ranges" |
|                      |                          |                                |                                |        | value:"cache-control" value:"connection"  |
|                      |                          |                                |                                |        | value:"content-encoding"                  |
|                      |                          |                                |                                |        | value:"content-length"                    |
|                      |                          |                                |                                |        | value:"content-type"                      |
|                      |                          |                                |                                |        | value:"date" value:"etag"                 |
|                      |                          |                                |                                |        | value:"expires" value:"keep-alive"        |
|                      |                          |                                |                                |        | value:"last-modified" value:"server"      |
|                      |                          |                                |                                |        | value:"vary"} stale:{enabled:true         |
|                      |                          |                                |                                |        | value:"error" value:"updating"}           |
|                      |                          |                                |                                |        | allowed_http_methods:{value:"GET"         |
|                      |                          |                                |                                |        | value:"POST" value:"HEAD"                 |
|                      |                          |                                |                                |        | value:"OPTIONS"}                          |
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+

Delete the file from the cache:

yc cdn cache purge \
  --resource-id <CDN_resource_ID> \
  --path "/index.html"

Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
Delete the index.html file from the cache using the CacheService/Purge gRPC API call or the purge method.

Forward all traffic of the cdn.yandexcloud.example domain name back to the canary-backend-blue backend running version 1:
Management console

CLI

API
1. In the management console, select example-folder.
2. In the list of services, select Application Load Balancer and go to the Backend groups tab.
3. Select canary-bg-production in the backend group list.
4. For the canary-backend-blue backend, set the weight to 100 instead of 0:
  1. In the Backends section, find canary-backend-blue, then click → Edit.
  2. In the Weight field, enter 100.
  3. Click Save.
5. Similarly, set the weight to 0 instead of 100 for canary-bucket-green.
6. Click Save.
1. For the canary-backend-blue backend, set the weight to 100 instead of 0:
  yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-blue \ --weight 100
  Result:
  done (1s) id: ds7l9puc18c9b40cd359 name: canary-bg-production folder_id: b1g9hv2loamqfnbul7d9 http: backends: - name: canary-backend-blue backend_weight: "100" storage_bucket: bucket: canary-bucket-blue created_at: "2021-11-03T10:28:47.680825561Z"
2. For canary-backend-green, set the weight to 0 instead of 100:
  yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-green \ --weight 0
  Result:
  done (1s) id: ds7l9puc18c9b40cd359 name: canary-bg-production folder_id: b1g9hv2loamqfnbul7d9 http: backends: - name: canary-backend-green backend_weight: "0" storage_bucket: bucket: canary-bucket-green created_at: "2021-11-03T10:28:47.680825561Z"
Use the BackendGroupService/UpdateBackend gRPC API call or the updateBackend REST API method.
Open the browser and go to https://cdn.yandexcloud.example/index.html, refreshing the page several times. In all other cases, you should see a page indicating version 1.
Similarly to steps 1–2, switch all the traffic for the cdn-staging.yandexcloud.example domain name to canary-backend-green running version 2 and check the switching in the browser.
Re-enable caching:
Management console

API
1. In the management console, select example-folder.
2. In the list of services, select Cloud CDN.
3. Select the created CDN resource (the list of resources will contain its primary domain name: cdn.yandexcloud.example).
4. Go to the Caching tab
5. Click Edit.
6. Enable CDN caching.
7. Click Save.
1. Get the ID of the CDN resource you created using the ResourceService/List gRPC API call or the list REST API method.
2. Enable caching using the ResourceService/Update gRPC API call or the list REST API method.

How to delete the resources you created

To shut down the infrastructure and stop paying for the created resources:

If you set up CNAME records in Cloud DNS, delete the canary-dns-zone DNS zone.
Delete the CDN resource with the primary cdn.yandexcloud.example domain name.
Delete the canary-balancer L7 load balancer.
Delete all objects from the canary-bucket-blue and canary-bucket-green buckets.
Delete the canary-bucket-blue and canary-bucket-green buckets.
Delete the canary-subnet-ru-central1-a, canary-subnet-ru-central1-b, and canary-subnet-ru-central1-c subnets.
Delete canary-network network.

Enabling blue-green and canary deployment of web service versions

Supported tools

Prepare your cloud

Required paid resources

Create a cloud network and subnets

Create buckets in Object Storage

Upload the files of your service to the buckets

Create a security group

Create Application Load Balancer backend groups#create-l7backend.

Create an HTTP router and virtual hosts

Create an L7 load balancer

Create a CDN resource

Configure DNS for the service

Run a health check and test the switching between versions

Check one

Canary deployment of version 2

Blue-green deployment for rolling back to version 1

How to delete the resources you created

Was the article helpful?