Enabling blue-green and canary deployment of web service versions
- Supported tools
- Before you start
- Create a cloud network and subnets
- Create buckets in Object Storage
- Upload the files of your service to the buckets
- Create a security group
- Create Application Load Balancer backend groups
- Create an HTTP router and virtual hosts
- Create an L7 load balancer
- Create a CDN resource
- Configure DNS for the service
- Run a health check and test the switching between versions
- Delete the resources you created
In this tutorial, you'll configure your web service architecture to switch between versions using the commonly adopted deployment models: blue-green deployment and canary deployment.
Both models use two backends: a "blue" and a "green" one. First you deploy a stable version generally available to users on one backend (let it be the blue one). Then you use the other backend (the green one) to test the next version. When the testing is complete, the backends switch roles:
- With a blue-green deployment, all user traffic switches from one backend to the other right away.
- With canary deployment, the traffic is switched over gradually, starting with some part of your user base.
After that, the green backend becomes the primary one, and you can use the "blue" backend to test your next version. As long as your previous version runs on the blue backend, you can roll the service back to it by switching the backends back.
In this tutorial, we use Yandex Object Storage buckets as backends with the Yandex Application Load Balancer L7 load balancer switching traffic between them. User requests are transmitted to the load balancer via the Yandex Cloud CDN content delivery network (CDN) that reduces the time of content delivery.
In the tutorial, we'll use the domain names cdn.yandexcloud.example
and cdn-staging.yandexcloud.example
as examples.
To complete the tutorial, use the supported tools.
To build an architecture for the blue-green and canary deployment:
- Before you start.
- Create a cloud network and subnets.
- Create buckets in Object Storage.
- Upload the service files to buckets.
- Create Application Load Balancer backend groups.
- Create an HTTP router and virtual hosts.
- Create an L7 load balancer.
- Create a CDN resource.
- Configure DNS for the service.
- Run a health check and test the switching between service versions.
If you no longer need the created resources, delete them.
Supported tools
Most of the steps in the tutorial can be completed in any standard tool: management console, command line interfaces (CLI) Yandex Cloud, AWS, Terraform, and APIs Yandex Cloud. Each step lists tools supported for it.
Some steps don't support certain tools:
- At the moment, you can't use command-line interfaces and Terraform in order to:
- Create a Application Load Balancer backend group with buckets as backends.
- Create a CDN resource.
- Get the domain name of a CDN load balancer when configuring DNS for the service.
- Disable and enable caching of a CDN resource when running a health check and testing version switching.
- Currently, you can't get the domain name of a CDN load balancer via API when configuring DNS for the service.
Before you start
Before working, you need to register in Yandex Cloud and create a billing account:
- Go to the management console. Then log in to Yandex Cloud or sign up if don't already have an account.
- On the billing page, make sure you linked a billing account, and it has the
ACTIVE
orTRIAL_ACTIVE
status. If you don't have a billing account, create one.
If you have an active billing account, you can create or select a folder to run your VM in from the Yandex Cloud page.
Learn more about clouds and folders.
This use case uses a folder named example-folder
as an example.
Required paid resources
The cost of this infrastructure includes:
- A fee for data storage in Object Storage, operations with data, and outgoing traffic (see Object Storage pricing).
- A fee for using computing resources of the L7 load balancer (see Application Load Balancer pricing).
- A fee for outgoing traffic from CDN servers (see Cloud CDN pricing).
- A fee for public DNS queries and DNS zones if you use Yandex Cloud DNS (see Cloud DNS pricing).
Create a cloud network and subnets
All resources you have created in the tutorial belong to the same cloud network.
To create a network and subnets:
- In the management console, select the
example-folder
folder. - In the list of services, select Virtual Private Cloud.
- Click Create network.
- Specify the Name of the network:
canary-network
. - In the Advanced field, select Create subnets.
- Click Create network.
If you don't have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
Create a network named
canary-network
:yc vpc network create canary-network
Command output:
id: enptrcle5q3d3ktd33hj folder_id: b1g9hv2loamqfnbul7d9 created_at: "2021-11-03T09:25:03Z" name: canary-network default_security_group_id: enpbsnnop4akg7ng70ll
For more information about the
yc vpc network create
command, see the CLI reference. -
Create subnets in all availability zones:
-
In
ru-central1-a
:yc vpc subnet create canary-subnet-ru-central1-a \ --zone ru-central1-a \ --network-name canary-network \ --range 10.1.0.0/16
Command output:
id: e9bnnssj8sc8mjhat9qk folder_id: b1g9hv2loamqfnbul7d9 created_at: "2021-11-03T09:27:00Z" name: canary-subnet-ru-central1-a network_id: enptrcle5q3d3ktd33hj zone_id: ru-central1-a v4_cidr_blocks: - 10.1.0.0/16
-
In
ru-central1-b
:yc vpc subnet create canary-subnet-ru-central1-b \ --zone ru-central1-b \ --network-name canary-network \ --range 10.2.0.0/16
Command output:
id: e2lghukd9iqo4haidjbt folder_id: b1g9hv2loamqfnbul7d9 created_at: "2021-11-03T09:27:39Z" name: canary-subnet-ru-central1-b network_id: enptrcle5q3d3ktd33hj zone_id: ru-central1-b v4_cidr_blocks: - 10.2.0.0/16
-
In
ru-central1-c
:yc vpc subnet create canary-subnet-ru-central1-c \ --zone ru-central1-c \ --network-name canary-network \ --range 10.3.0.0/16
Command output:
id: b0c3pte4o2kn4v12o05p folder_id: b1g9hv2loamqfnbul7d9 created_at: "2021-11-03T09:28:08Z" name: canary-subnet-ru-central1-c network_id: enptrcle5q3d3ktd33hj zone_id: ru-central1-c v4_cidr_blocks: - 10.3.0.0/16
For more information about the
yc vpc subnet create
command, see the CLI reference. -
If you don't have Terraform, install it and configure the Yandex Cloud provider.
-
In the configuration file, describe the parameters of
canary-network
and its subnets:canary-subnet-ru-central1-a
,canary-subnet-ru-central1-b
, andcanary-subnet-ru-central1-c
:resource "yandex_vpc_network" "canary-network" { name = "canary-network" } resource "yandex_vpc_subnet" "canary-subnet-a" { name = "canary-subnet-ru-central1-a" zone = "ru-central1-a" network_id = "${yandex_vpc_network.canary-network.id}" v4_cidr_blocks = ["10.1.0.0/16"] } resource "yandex_vpc_subnet" "canary-subnet-b" { name = "canary-subnet-ru-central1-b" zone = "ru-central1-b" network_id = "${yandex_vpc_network.canary-network.id}" v4_cidr_blocks = ["10.2.0.0/16"] } resource "yandex_vpc_subnet" "canary-subnet-c" { name = "canary-subnet-ru-central1-c" zone = "ru-central1-c" network_id = "${yandex_vpc_network.canary-network.id}" v4_cidr_blocks = ["10.3.0.0/16"] }
For more information, see the yandex_vpc_network and yandex_vpc_subnet resource descriptions in the Terraform provider documentation.
-
Make sure that the configuration files are correct.
-
In the command line, go to the directory where you created the configuration file.
-
Run the check using the command:
terraform plan
If the configuration is described correctly, the terminal displays a list of created resources and their parameters. If there are errors in the configuration, Terraform points them out.
-
-
Deploy the cloud resources.
-
If the configuration doesn't contain any errors, run the command:
terraform apply
-
Confirm that you want to create the resources.
-
- Create the
canary-network
network using the gRPC API NetworkService/Create call or the REST API create method. - Create the
canary-subnet-ru-central1-a
,canary-subnet-ru-central1-b
, andcanary-subnet-ru-central1-c
subnets in the three availability zones by calling the gRPC API SubnetService/Create or the REST API create method.
Create buckets in Object Storage
Create two buckets: canary-bucket-blue
and canary-bucket-green
:
-
In the management console, select the
example-folder
folder. -
In the list of services, select Object Storage.
-
Create a bucket named
canary-bucket-blue
:- Click Create bucket.
- Specify the bucket Name:
canary-bucket-blue
. - In the Object read access and Object listing access fields, select Public.
- Click Create bucket.
-
Similarly create a bucket named
canary-bucket-green
.
-
Create a bucket named
canary-bucket-blue
:aws --endpoint-url https://storage.yandexcloud.net \ s3 mb s3://canary-bucket-blue
Command output:
make_bucket: s3://canary-bucket-blue
-
Enable public access to reading objects and their list:
aws --endpoint-url https://storage.yandexcloud.net \ s3api put-bucket-acl \ --bucket canary-bucket-blue \ --acl public-read
-
In a similar way, create a bucket named
canary-bucket-green
and enable public access to it.
-
Add the parameters of the
canary-bucket-blue
andcanary-bucket-green
buckets to the configuration file:... resource "yandex_storage_bucket" "canary-bucket-blue" { bucket = "canary-bucket-blue" acl = "public-read" } resource "yandex_storage_bucket" "canary-bucket-green" { bucket = "canary-bucket-green" acl = "public-read" }
For more information about the
yandex_storage_bucket
resource, see the Terraform provider documentation. -
Make sure that the configuration files are correct.
-
In the command line, go to the directory where you created the configuration file.
-
Run the check using the command:
terraform plan
If the configuration is described correctly, the terminal displays a list of created resources and their parameters. If there are errors in the configuration, Terraform points them out.
-
-
Deploy the cloud resources.
-
If the configuration doesn't contain any errors, run the command:
terraform apply
-
Confirm that you want to create the resources.
-
Use the create REST API method.
Upload the files of your service to the buckets
-
Create two files named
index.html
. They will represent two service versions: version 1 and version 2.Sample file index.html version 1<!DOCTYPE html> <html> <head> <title>Version 1</title> </head> <body> <p>Version 1 is working</p> </body> </html>
Sample file index.html version 2<!DOCTYPE html> <html> <head> <title>Version 2</title> </head> <body> <p>Version 2 is working</p> </body> </html>
-
Upload files to buckets:
Management consoleAWS CLITerraformAPI- In the management console, select the
example-folder
folder. - In the list of services, select Object Storage.
- In the bucket list, select
canary-bucket-blue
. - Click Upload and select the
index.html
file for version 1. - Similarly upload to the
canary-bucket-green
bucket theindex.html
file for version 2.
-
To the
canary-bucket-blue
bucket, upload theindex.html
file version 1:aws --endpoint-url https://storage.yandexcloud.net \ s3 cp v1/index.html s3://canary-bucket-blue/index.html
Command output:
upload: v1/index.html to s3://canary-bucket-blue/index.html
-
Upload to the
canary-bucket-green
bucket theindex.html
file version 2:aws --endpoint-url https://storage.yandexcloud.net \ s3 cp v2/index.html s3://canary-bucket-green/index.html
Command output:
upload: v2/index.html to s3://canary-bucket-green/index.html
-
To the configuration file, add the parameters of the
v1/index.html
andv2/index.html
files uploaded tocanary-bucket-blue
andcanary-bucket-green
, respectively:... resource "yandex_storage_object" "canary-bucket-blue-index" { bucket = "canary-bucket-blue" key = "index.html" source = "v1/index.html" } resource "yandex_storage_bucket" "canary-bucket-green-index" { bucket = "canary-bucket-green" key = "index.html" source = "v2/index.html" }
For more information about the
yandex_storage_object
resource, see the Terraform provider documentation. -
Make sure that the configuration files are correct.
-
In the command line, go to the directory where you created the configuration file.
-
Run the check using the command:
terraform plan
If the configuration is described correctly, the terminal displays a list of created resources and their parameters. If there are errors in the configuration, Terraform points them out.
-
-
Deploy the cloud resources.
-
If the configuration doesn't contain any errors, run the command:
terraform apply
-
Confirm that you want to create the resources.
-
Use the upload REST API method.
- In the management console, select the
Create a security group
Note
Security groups are at the Preview stage. If they aren't available on your network, all incoming and outgoing traffic will be enabled for the resources and no additional setup is required.
Security groups contain rules that allow the L7 load balancer to receive incoming traffic and send it to backend buckets.
To create security groups:
-
In the management console, open Virtual Private Cloud.
-
Click the Security groups tab.
-
Click Create group.
-
Enter the Name of the group:
canary-sg
. -
Select the Network
canary-network
. -
Under Rules, create the following rules using the instructions below the table:
Traffic
directionDescription Port
rangeProtocol Source/
destination typeSource /
destinationOutgoing any All Any CIDR 0.0.0.0/0 Incoming ext-http 80 TCP CIDR 0.0.0.0/0 Incoming ext-https 443 TCP CIDR 0.0.0.0/0 Incoming healthchecks 30080 TCP CIDR 198.18.235.0/24
198.18.248.0/24-
Go to the Outgoing traffic or Incoming traffic tab.
-
Click Add rule.
-
In the Port range field of the window that opens, specify a single port or a range of ports that traffic will come to or from.
-
In the Protocol field, specify the desired protocol or leave Any to allow traffic transmission over any protocol.
-
In the Purpose or Source field, select the purpose of the rule:
- CIDR: The rule will apply to the range of IP addresses. In the CIDR blocks field, specify the CIDR and masks of subnets that traffic will come to or from. To add multiple CIDRs, click Add CIDR.
- Security group: The rule will apply to the VMs from the current group or the selected security group.
-
Tap Save. Repeat the steps to create all rules from the table.
-
-
Tap Save.
Run the following command:
yc vpc security-group create canary-sg \
--network-name canary-network \
--rule direction=egress,port=any,protocol=any,v4-cidrs=[0.0.0.0/0] \
--rule direction=ingress,port=80,protocol=tcp,v4-cidrs=[0.0.0.0/0] \
--rule direction=ingress,port=443,protocol=tcp,v4-cidrs=[0.0.0.0/0] \
--rule direction=ingress,port=30080,protocol=tcp,v4-cidrs=[198.18.235.0/24,198.18.248.0/24]
Command output:
id: enpd133ngcnrgc8475cc
folder_id: b1g9hv2loamqfnbul7d9
created_at: "2021-11-03T10:26:16Z"
name: canary-sg
network_id: enptrcle5q3d3ktd33hj
status: ACTIVE
rules:
- id: enpkgrpi2gsibdm6aotd
direction: EGRESS
protocol_name: ANY
protocol_number: "-1"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
- id: enpgssij0i168jknb85r
direction: INGRESS
ports:
from_port: "80"
to_port: "80"
protocol_name: TCP
protocol_number: "6"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
- id: enp0bft67j9lrlnhdur5
direction: INGRESS
ports:
from_port: "443"
to_port: "443"
protocol_name: TCP
protocol_number: "6"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
- id: enpmorcimu65fk4oaanm
direction: INGRESS
ports:
from_port: "30080"
to_port: "30080"
protocol_name: TCP
protocol_number: "6"
cidr_blocks:
v4_cidr_blocks:
- 198.18.235.0/24
- 198.18.248.0/24
For more information about the yc vpc security-group create
command, see the CLI reference.
-
Add the
canary-sg
security group parameters to the configuration file:resource "yandex_vpc_security_group" "canary-sg" { name = "canary-sg" network_id = "${yandex_vpc_network.canary-network.id}" egress { protocol = "ANY" port = "ANY" v4_cidr_blocks = ["0.0.0.0/0"] } ingress { protocol = "TCP" port = 80 v4_cidr_blocks = ["0.0.0.0/0"] } ingress { protocol = "TCP" port = 443 v4_cidr_blocks = ["0.0.0.0/0"] } ingress { protocol = "TCP" port = 30080 v4_cidr_blocks = ["198.18.235.0/24", "198.18.248.0/24"] } }
For more information about the
yandex_vpc_security_group
resource, see the Terraform provider documentation. -
Make sure that the configuration files are correct.
-
In the command line, go to the directory where you created the configuration file.
-
Run the check using the command:
terraform plan
If the configuration is described correctly, the terminal displays a list of created resources and their parameters. If there are errors in the configuration, Terraform points them out.
-
-
Deploy the cloud resources.
-
If the configuration doesn't contain any errors, run the command:
terraform apply
-
Confirm that you want to create the resources.
-
Use the SecurityGroupService/Create gRPC API call or the create REST API method.
Create Application Load Balancer backend groups
-
Create a backend group named
canary-bg-production
with thecanary-backend-blue
andcanary-backend-green
backends:- In the management console, select the
example-folder
folder. - In the list of services, select Application Load Balancer and go to the Backend groups tab.
- Click Create backend group.
- Enter the backend group name:
canary-bg-production
. - Under Backends, click Add. Specify the backend settings:
- Enter the backend name:
canary-backend-blue
. - set the weight of the backend:
100
. - Select Bucket as the backend type.
- In the Bucket field, enter the bucket name:
canary-bucket-blue
.
- Enter the backend name:
- Click Add and similarly enter settings for the
canary-backend-green
backend with the weight of0
and thecanary-bucket-green
bucket. - Click Create.
- In the management console, select the
-
In a similar way, create a backend group named
canary-bg-staging
. For thecanary-backend-blue
backend, set the weight to0
, forcanary-backend-green
, set the weight to100
. -
If you are going to complete the next steps in Terraform, copy the IDs of the backend groups
canary-bg-production
andcanary-bg-staging
from the Backend groups tab.
Use the BackendGroupService/Create gRPC API call or the REST API create method.
Create an HTTP router and virtual hosts
Create an HTTP router with two virtual hosts: cdn.mywebsite.com
and cdn-staging.mywebsite.com
:
-
In the management console, select the
example-folder
folder. -
In the list of services, select Application Load Balancer and go to the HTTP routers tab.
-
Click Create HTTP router.
-
Enter the router name:
canary-router
. -
Create a virtual host named
canary-vh-production
:- Under Add virtual host, click Add host.
- Enter the host name:
canary-vh-production
. - Specify the value for Authority:
cdn.yandexcloud.example
- Click Add route.
- Enter the Name:
canary-route-production
. - In the Path field, select Starts with and specify the path
/
. - In the HTTP methods list, select GET.
- In the Action field, leave the value Routing.
- In the Backend group list, select
canary-bg-production
.
-
In a similar way, create a virtual host named
canary-vh-staging
with the following parameters:- Authority:
cdn-staging.yandexcloud.example
. - Route name:
canary-route-staging
. - Backend group:
canary-bg-staging
. - The other parameters are the same as for
canary-vh-production
.
- Authority:
-
Leave the other settings as they are and click Create.
-
Create the
canary-router
HTTP Router:yc alb http-router create canary-router
Command output:
id: ds7qd0vj01djuu3c6f8q name: canary-router folder_id: b1g9hv2loamqfnbul7d9 created_at: "2021-11-03T10:31:41.027649223Z"
For more information about the
yc alb http-router create
command, see the CLI reference. -
Create a virtual host named
canary-vh-production
:yc alb virtual-host create canary-vh-production \ --http-router-name canary-router \ --authority cdn.yandexcloud.example
Command output:
done (1s) name: canary-vh-production authority: - cdn.yandexcloud.example
For more information about the
yc alb virtual-host create
command, see the CLI reference. -
Create a route named
canary-route-production
in thecanary-vh-production
virtual host:yc alb virtual-host append-http-route canary-route-production \ --http-router-name canary-router \ --virtual-host-name canary-vh-production \ --prefix-path-match "/" \ --backend-group-name canary-bg-production
Command output:
done (1s) name: canary-vh-production authority: - cdn.yandexcloud.example routes: - name: canary-route-production http: match: path: prefix_match: / route: backend_group_id: ds7pbm5fj2v09ptnn29p
For more information about the
yc alb virtual-host append-http-route
command, see the CLI reference. -
Create a virtual host named
canary-vh-staging
:yc alb virtual-host create canary-vh-staging \ --http-router-name canary-router \ --authority cdn-staging.yandexcloud.example
Command output:
done (1s) name: canary-vh-staging authority: - cdn-staging.yandexcloud.example
-
Create a route named
canary-route-staging
in thecanary-vh-staging
virtual host:yc alb virtual-host append-http-route canary-route-staging \ --http-router-name canary-router \ --virtual-host-name canary-vh-staging \ --prefix-path-match "/" \ --backend-group-name canary-bg-staging
Command output:
done (1s) name: canary-vh-staging authority: - cdn-staging.yandexcloud.example routes: - name: canary-route-staging http: match: path: prefix_match: / route: backend_group_id: ds765atleotaiui5pqeu
-
To the configuration file, add parameters of the
canary-router
HTTP router, its virtual hosts and routes:... resource "yandex_alb_http_router" "canary-router" { name = "canary-router" } resource "yandex_alb_virtual_host" "canary-vh-production" { name = "canary-vh-production" http_router_id = ${yandex_alb_http_router.canary-router.id} authority = "cdn.yandexcloud.example" route { name = "canary-route-production" http_route { http_route_action { backend_group_id = "<ID of the canary-bg-production backend group>" } } } } resource "yandex_alb_virtual_host" "canary-vh-staging" { name = "canary-vh-staging" http_router_id = ${yandex_alb_http_router.canary-router.id} authority = "cdn-staging.yandexcloud.example" route { name = "canary-route-staging" http_route { http_route_action { backend_group_id = "<ID of the canary-bg-staging backend group>" } } } }
For more information, see the yandex_alb_http_router and yandex_alb_virtual_host resource descriptions in the Terraform provider documentation.
-
Make sure that the configuration files are correct.
-
In the command line, go to the directory where you created the configuration file.
-
Run the check using the command:
terraform plan
If the configuration is described correctly, the terminal displays a list of created resources and their parameters. If there are errors in the configuration, Terraform points them out.
-
-
Deploy the cloud resources.
-
If the configuration doesn't contain any errors, run the command:
terraform apply
-
Confirm that you want to create the resources.
-
- Create the
canary-router
HTTP router using the gRPC API HttpRouterService/Create call or the create REST API method. - Create the
canary-vh-production
andcanary-vh-staging
virtual hosts linked to the router, then create their routes using the gRPC API VirtualHostService/Create call or the create REST API method.
Create an L7 load balancer
-
In the management console, select the
example-folder
folder. -
In the list of services, select Application Load Balancer, then click Load balancers.
-
Click Create L7 load balancer.
-
Enter the load balancer name:
canary-balancer
. -
Under Network settings:
- Select the Network
canary-network
. - Select the Security group
canary-sg
. If this field is omitted, any incoming and outgoing traffic is allowed for the load balancer.
- Select the Network
-
Under Allocation, select three subnets for the load balancer nodes:
canary-subnet-ru-central1-a
,canary-subnet-ru-central1-b
, andcanary-subnet-ru-central1-c
, then enable traffic to these subnets. -
Click Add listener under Listeners. Set the listener settings:
- Enter the listener name:
canary-listener
. - Under Public IP address settings, enable traffic.
- Set the port to
80
. - In the Assign IP address field, select Automatically.
- Enter the listener name:
-
In the HTTP router field, select
canary-router
. -
Click Create.
-
Get the IDs of subnets for
canary-network
:yc vpc network list-subnets canary-network
Command output:
+----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+ | ID | NAME | FOLDER ID | NETWORK ID | ROUTE TABLE ID | ZONE | RANGE | +----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+ | e9bnnssj8sc8mjhat9qk | canary-subnet-ru-central1-c | b1g9hv2loamqfnbul7d9 | enptrcle5q3d3ktd33hj | | ru-central1-c | [10.1.0.0/16] | | e2lghukd9iqo4haidjbt | canary-subnet-ru-central1-b | b1g9hv2loamqfnbul7d9 | enptrcle5q3d3ktd33hj | | ru-central1-b | [10.2.0.0/16] | | b0c3pte4o2kn4v12o05p | canary-subnet-ru-central1-a | b1g9hv2loamqfnbul7d9 | enptrcle5q3d3ktd33hj | | ru-central1-a | [10.3.0.0/16] | +----------------------+-----------------------------+----------------------+----------------------+----------------+---------------+---------------+
For more information about the
yc vpc network list-subnets
command, see the CLI reference. -
Get the
canary-sg
security group ID:yc vpc security-group get canary-sg | grep "^id"
Command output:
id: enpd133ngcnrgc8475cc
For more information about the
yc vpc security-group get
command, see the CLI reference. -
Create a load balancer named
canary-balancer
:yc alb load-balancer create canary-balancer \ --network-name canary-network \ --security-group-id <ID of the canary-sg security group> \ --location zone=ru-central1-a,subnet-id=<ID of the canary-subnet-ru-central1-a subnet> \ --location zone=ru-central1-b,subnet-id=<ID of the canary-subnet-ru-central1-b subnet> \ --location zone=ru-central1-c,subnet-id=<ID of the canary-subnet-ru-central1-c subnet>
Command output:
done (3m0s) id: ds77q7v39b4ubg8ta2n4 name: canary-balancer folder_id: b1g9hv2loamqfnbul7d9 status: ACTIVE region_id: ru-central1 network_id: enptrcle5q3d3ktd33hj allocation_policy: locations: - zone_id: ru-central1-c subnet_id: b0c3pte4o2kn4v12o05p - zone_id: ru-central1-b subnet_id: e2lghukd9iqo4haidjbt - zone_id: ru-central1-a subnet_id: e9bnnssj8sc8mjhat9qk log_group_id: ckg23vr4dlkse3hvq0kc security_group_ids: - enpd133ngcnrgc8475cc created_at: "2021-11-03T10:55:49.134935148Z"
For more information about the
yc alb load-balancer create
command, see the CLI reference. -
Add a listener to the load balancer:
yc alb load-balancer add-listener \ --name canary-balancer \ --listener-name canary-listener \ --external-ipv4-endpoint port=80 \ --http-router-name canary-router
Command output:
done (43s) id: ds77q7v39b4ubg8ta2n4 name: canary-balancer folder_id: b1g9hv2loamqfnbul7d9 status: ACTIVE region_id: ru-central1 network_id: enptrcle5q3d3ktd33hj listeners: - name: canary-listener endpoints: - addresses: - external_ipv4_address: address: 84.252.133.149 ports: - "80" http: handler: http_router_id: ds7qd0vj01djuu3c6f8q allocation_policy: locations: - zone_id: ru-central1-c subnet_id: b0c3pte4o2kn4v12o05p - zone_id: ru-central1-b subnet_id: e2lghukd9iqo4haidjbt - zone_id: ru-central1-a subnet_id: e9bnnssj8sc8mjhat9qk log_group_id: ckg23vr4dlkse3hvq0kc security_group_ids: - enpd133ngcnrgc8475cc created_at: "2021-11-03T10:55:49.134935148Z"
For more information about the
yc alb load-balancer add-listener
command, see the CLI reference.
-
Add the parameters of the
canary-balancer
L7 load balancer to the configuration file:... resource "yandex_alb_load_balancer" "canary-balancer" { name = "canary-balancer" network_id = ${yandex_vpc_network.canary-network.id} security_group_ids = [ ${yandex_vpc_security_group.canary-sg.id} ] allocation_policy { location { zone_id = "ru-central1-a" subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-a.id} } location { zone_id = "ru-central1-b" subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-b.id} } location { zone_id = "ru-central1-c" subnet_id = ${yandex_vpc_subnet.canary-subnet-ru-central1-c.id} } } listener { name = "canary-listener" endpoint { address { external_ipv4_address { } } ports = [80] } http { handler { http_router_id = ${yandex_alb_http_router.canary-router.id} } } } }
For more information about the
yandex_alb_load_balancer
resource, see the Terraform provider documentation. -
Make sure that the configuration files are correct.
-
In the command line, go to the directory where you created the configuration file.
-
Run the check using the command:
terraform plan
If the configuration is described correctly, the terminal displays a list of created resources and their parameters. If there are errors in the configuration, Terraform points them out.
-
-
Deploy the cloud resources.
-
If the configuration doesn't contain any errors, run the command:
terraform apply
-
Confirm that you want to create the resources.
-
Use the LoadBalancerService/Create gRPC API call or the REST API create method.
Create a CDN resource
-
In the management console, select the
example-folder
folder. -
In the list of services, select Cloud CDN.
-
If the CDN provider hasn't been activated yet, click Activate provider.
-
Create a CDN resource:
-
On the CDN resources tab, click Create resource.
-
Set up the main parameters of the CDN resource as follows:
-
Content query: From one origin.
-
Source type: L7 load balancer.
-
L7 load balancer:
canary-balancer
. -
IP address: The IP address assigned to the load balancer (the only one in the list).
-
Domain names for content distribution:
cdn.yandexcloud.example
andcdn-staging.yandexcloud.example
.Alert
The first domain name
cdn.yandexcloud.example
will become the primary one, and you won't be able to edit it after you create a CDN resource. -
In the Advanced section:
- In the Source protocol field, select HTTP.
- In the Redirect clients field, select HTTP to HTTPS.
- Enable End-user access to content.
- In the Certificate type field, select Let's Encrypt® to automatically issue a certificate for the
cdn.yandexcloud.example
andcdn-staging.yandexcloud.example
domain names after creating the CDN resource. - In the Host header field, select HTTP and HTTPS.
-
-
Click Create.
-
Enable CDN caching:
- In the list of CDN resources, select the resource with the
cdn.yandexcloud.example
primary domain name. - Go to the Caching tab.
- Click Edit.
- Enable CDN caching.
- Tap Save.
- In the list of CDN resources, select the resource with the
-
Use the gRPC API ResourceService/Create call or the REST API create method.
Configure DNS for the service
The domain names cdn.yandexcloud.example
and cdn-staging.yandexcloud.example
must be linked to the CDN resource using DNS records.
To configure DNS:
-
Get the domain name of the CDN load balancer:
Management console- In the management console, select the
example-folder
folder. - In the list of services, select Cloud CDN.
- In the list of CDN resources, select the resource with the
cdn.yandexcloud.example
primary domain name. - From DNS settings, copy the domain name that has the format
cl-....gcdn.co
.
- In the management console, select the
-
On the site of your DNS hosting provider, go to the DNS settings.
-
Create or edit CNAME records for
cdn.yandexcloud.example
andcdn-staging.yandexcloud.example
to link them to the copied domain name:cdn CNAME cl-....gcdn.co cdn-staging CNAME cl-....gcdn.co
If you use Cloud DNS, follow these instructions to configure the record:
Instruction for configuring DNS records for Cloud DNSManagement consoleCLITerraformAPI-
In the management console, open Cloud DNS.
-
If you don't have a public DNS zone, create one:
- Click Create zone.
- In the Zone field, enter the site's domain name with a trailing dot:
yandexcloud.example.
- Select the zone Type: Public.
- Specify the Name of the zone:
canary-dns-zone
. - Click Create.
-
In the zone, create a CNAME record for
cdn.yandexcloud.example
:- In the list of zones, click
canary-dns-zone
. - Click Create record.
- In the Name field, enter
cdn
. - Select the record Type: CNAME.
- In the Value field, paste the copied value in the
cl-....gcdn.co
format. - Click Create.
- In the list of zones, click
-
In a similar way, create in the same zone a CNAME record for
cdn-staging.yandexcloud.example
. In the Name field, specifycdn-staging
.
-
If you don't have a public DNS zone, create one:
yc dns zone create \ --name canary-dns-zone \ --zone yandexcloud.example. \ --public-visibility
Command output:
id: dns4rq4tadddth4h20qm folder_id: b1g9hv2loamqfnbul7d9 created_at: "2021-11-03T11:03:28.847Z" name: canary-dns-zone zone: yandexcloud.example. public_visibility: {}
For more information about the
yc dns zone create
command, see the CLI reference. -
In the zone, create CNAME records for
cdn.yandexcloud.example
andcdn-staging.yandexcloud.example
with a copied value in thecl-....gcdn.co
format:yc dns zone add-records \ --name canary-dns-zone \ --record "cdn CNAME cl-....gcdn.co" \ --record "cdn-staging CNAME cl-....gcdn.co"
For more information about the
yc dns zone add-records
command, see the CLI reference.
-
Add the parameters of the
canary-dns-zone
DNS zone and its CNAME records to the configuration file:... resource "yandex_dns_zone" "canary-dns-zone" { zone = "yandexcloud.example." name = "canary-dns-zone" public = true } resource "yandex_dns_recordset" "canary-recordset-production" { zone_id = ${yandex_dns_zone.canary-dns-zone.id} name = "cdn" type = "CNAME" data = ["<copied value in the format cl-....gcdn.co>"] } resource "yandex_dns_recordset" "canary-recordset-staging" { zone_id = ${yandex_dns_zone.canary-dns-zone.id} name = "cdn-staging" type = "CNAME" data = ["<copied value in the format cl-....gcdn.co>"] }
For more information, see the descriptions of the yandex_dns_zone and yandex_dns_recordset resources in the Terraform provider documentation.
-
Make sure that the configuration files are correct.
-
In the command line, go to the directory where you created the configuration file.
-
Run the check using the command:
terraform plan
If the configuration is described correctly, the terminal displays a list of created resources and their parameters. If there are errors in the configuration, Terraform points them out.
-
-
Deploy the cloud resources.
-
If the configuration doesn't contain any errors, run the command:
terraform apply
-
Confirm that you want to create the resources.
-
- Create a DNS zone named
canary-dns-zone
using the gRPC API DnsZoneService/Create call or the REST API create method. - Add the
cdn
andcdn-staging
CNAME records to the zone, copying thecl-....gcdn.co
value with the gRPC API DnsZoneService/UpdateRecordSets call or the REST API updateRecordSets method.
-
Wait 15 to 20 minutes after setting up the DNS to check that the service is up and running.
Run a health check and test the switching between versions
Check one
Check that the domain name cdn.yandexcloud.example
corresponds to version 1 and cdn-staging.yandexcloud.example
corresponds to version 2:
-
Open a browser and go to
https://cdn.yandexcloud.example/index.html
. You should see a page indicating version 1. -
Delete
index.html
from the CDN resource cache:Management consoleCLIAPI- In the management console, select the
example-folder
folder. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Content tab.
- Click Purge cache.
- Select the purge type: Selective.
- Enter the path to the uploaded file:
/index.html
. - Click Purge cache.
-
Get the ID of the CDN resource that you created:
yc cdn resource list
Command output:
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+ | ID | CNAME | CREATED AT | UPDATED AT | ACTIVE | OPTIONS | +----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+ | bc837xptmpkhbc7xwioa | cdn.yandexcloud.example | seconds:1637235693 | seconds:1637235693 | true | edge_cache_settings:{enabled:true | | | | nanos:434085000 | nanos:434115000 | | default_value:345600} | | | | | | | cache_http_headers:{value:"accept-ranges" | | | | | | | value:"cache-control" value:"connection" | | | | | | | value:"content-encoding" | | | | | | | value:"content-length" | | | | | | | value:"content-type" | | | | | | | value:"date" value:"etag" | | | | | | | value:"expires" value:"keep-alive" | | | | | | | value:"last-modified" value:"server" | | | | | | | value:"vary"} stale:{enabled:true | | | | | | | value:"error" value:"updating"} | | | | | | | allowed_http_methods:{value:"GET" | | | | | | | value:"POST" value:"HEAD" | | | | | | | value:"OPTIONS"} | +----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
-
Delete the file from the cache:
yc cdn cache purge \ --resource-id <ID of the CDN resource> \ --path "/index.html"
- Get the ID of the CDN resource that you created using the gRPC API ResourceService/List call or the REST API list method.
- Delete the
index.html
file from the cache using the gRPC API CacheService/Purge call or the purge method.
- In the management console, select the
-
Open the browser and go to
https://cdn-staging.yandexcloud.example/index.html
. You should see a page indicating version 2.
Canary deployment of version 2
-
Disable caching of the CDN resource and delete the
index.html
file from the cache:Management consoleAPI- In the management console, select the
example-folder
folder. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Caching tab
- Click Edit.
- Disable CDN caching.
- Tap Save.
- Get the ID of the CDN resource that you created using the gRPC API ResourceService/List call or the REST API list method.
- Disable caching using the gRPC API ResourceService/Update call or the REST API list method.
- In the management console, select the
-
Delete
index.html
from the cache:Management consoleCLIAPI- In the management console, select the
example-folder
folder. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Content tab.
- Click Purge cache.
- Select the purge type: Selective.
- Enter the path to the uploaded file:
/index.html
. - Click Purge cache.
-
Get the ID of the CDN resource that you created:
yc cdn resource list
Command output:
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+ | ID | CNAME | CREATED AT | UPDATED AT | ACTIVE | OPTIONS | +----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+ | bc837xptmpkhbc7xwioa | cdn.yandexcloud.example | seconds:1637235693 | seconds:1637235693 | true | edge_cache_settings:{enabled:true | | | | nanos:434085000 | nanos:434115000 | | default_value:345600} | | | | | | | cache_http_headers:{value:"accept-ranges" | | | | | | | value:"cache-control" value:"connection" | | | | | | | value:"content-encoding" | | | | | | | value:"content-length" | | | | | | | value:"content-type" | | | | | | | value:"date" value:"etag" | | | | | | | value:"expires" value:"keep-alive" | | | | | | | value:"last-modified" value:"server" | | | | | | | value:"vary"} stale:{enabled:true | | | | | | | value:"error" value:"updating"} | | | | | | | allowed_http_methods:{value:"GET" | | | | | | | value:"POST" value:"HEAD" | | | | | | | value:"OPTIONS"} | +----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
-
Delete the file from the cache:
yc cdn cache purge \ --resource-id <ID of the CDN resource> \ --path "/index.html"
- Get the ID of the CDN resource that you created using the gRPC API ResourceService/List call or the REST API list method.
- Delete the
index.html
file from the cache using the gRPC API CacheService/Purge call or the purge method.
- In the management console, select the
-
Configure the
canary-bg-production
so that 20% of the traffic coming to thecdn.yandexcloud.example
domain name is processed by thecanary-backend-green
backend that runs version 2:Management consoleCLIAPI-
In the management console, select the
example-folder
folder. -
In the list of services, select Application Load Balancer and go to the Backend groups tab.
-
Select
canary-bg-production
in the backend group list. -
For the
canary-backend-blue
backend, set the weight to 80 instead of 100:- In the Backends section, find
canary-backend-blue
, then click → Edit. - In the Weight field, enter
80
. - Tap Save.
- In the Backends section, find
-
Similarly set the weight to 20 instead of 0 for
canary-backend-green
. -
Tap Save.
-
For the
canary-backend-blue
backend, set the weight to 80 instead of 100:yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-blue \ --weight 80
Command output:
done (1s) id: ds7l9puc18c9b40cd359 name: canary-bg-production folder_id: b1g9hv2loamqfnbul7d9 http: backends: - name: canary-backend-blue backend_weight: "80" storage_bucket: bucket: canary-bucket-blue created_at: "2021-11-03T10:28:47.680825561Z"
For more information about the
yc alb backend-group update-http-backend
command, see the CLI reference. -
Set the weight to 20 instead of 0 for
canary-backend-green
:yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-green \ --weight 20
Command output:
done (1s) id: ds7l9puc18c9b40cd359 name: canary-bg-production folder_id: b1g9hv2loamqfnbul7d9 http: backends: - name: canary-backend-green backend_weight: "20" storage_bucket: bucket: canary-bucket-green created_at: "2021-11-03T10:28:47.680825561Z"
Use the gRPC API BackendGroupService/UpdateBackend call of the REST API updateBackend method.
-
-
Open the browser and go to
https://cdn.yandexcloud.example/index.html
, refreshing the page several times. In about 20% of cases, you should see a page indicating version 2, in the other cases, version 1. -
Similarly to steps 1–2, configure and check the following traffic allocations between the backends:
- In the
canary-bg-production
backend group: 50%-50% traffic distribution between backends. - In the
canary-bg-production
backend group, forward all traffic tocanary-backend-green
. - In the
canary-bg-staging
backend group (with the domain name ofcdn-staging.yandexcloud.example
), allocate all traffic tocanary-backend-blue
.
- In the
-
Re-enable caching:
Management consoleAPI- In the management console, select the
example-folder
folder. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Caching tab
- Click Edit.
- Enable CDN caching.
- Tap Save.
- Get the ID of the CDN resource that you created using the gRPC API ResourceService/List call or the REST API list method.
- To enable caching, use the gRPC API ResourceService/Update call or the REST API list method.
- In the management console, select the
Blue-green deployment for rolling back to version 1
-
Disable caching of the CDN resource and delete the
index.html
file from the cache:Management consoleAPI- In the management console, select the
example-folder
folder. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Caching tab
- Click Edit.
- Disable CDN caching.
- Tap Save.
- Get the ID of the CDN resource that you created using the gRPC API ResourceService/List call or the REST API list method.
- Disable caching using the gRPC API ResourceService/Update call or the REST API list method.
- In the management console, select the
-
Delete
index.html
from the cache:Management consoleCLIAPI- In the management console, select the
example-folder
folder. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Content tab.
- Click Purge cache.
- Select the purge type: Selective.
- Enter the path to the uploaded file:
/index.html
. - Click Purge cache.
-
Get the ID of the CDN resource that you created:
yc cdn resource list
Command output:
+----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+ | ID | CNAME | CREATED AT | UPDATED AT | ACTIVE | OPTIONS | +----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+ | bc837xptmpkhbc7xwioa | cdn.yandexcloud.example | seconds:1637235693 | seconds:1637235693 | true | edge_cache_settings:{enabled:true | | | | nanos:434085000 | nanos:434115000 | | default_value:345600} | | | | | | | cache_http_headers:{value:"accept-ranges" | | | | | | | value:"cache-control" value:"connection" | | | | | | | value:"content-encoding" | | | | | | | value:"content-length" | | | | | | | value:"content-type" | | | | | | | value:"date" value:"etag" | | | | | | | value:"expires" value:"keep-alive" | | | | | | | value:"last-modified" value:"server" | | | | | | | value:"vary"} stale:{enabled:true | | | | | | | value:"error" value:"updating"} | | | | | | | allowed_http_methods:{value:"GET" | | | | | | | value:"POST" value:"HEAD" | | | | | | | value:"OPTIONS"} | +----------------------+--------------------------+--------------------------------+--------------------------------+--------+-------------------------------------------+
-
Delete the file from the cache:
yc cdn cache purge \ --resource-id <ID of the CDN resource> \ --path "/index.html"
- Get the ID of the CDN resource that you created using the gRPC API ResourceService/List call or the REST API list method.
- Delete the
index.html
file from the cache using the gRPC API CacheService/Purge call or the purge method.
- In the management console, select the
-
Forward all traffic of the
cdn.yandexcloud.example
domain name back to thecanary-backend-blue
backend running version 1:Management consoleCLIAPI-
In the management console, select the
example-folder
folder. -
In the list of services, select Application Load Balancer and go to the Backend groups tab.
-
Select
canary-bg-production
in the backend group list. -
For the
canary-backend-blue
backend, set the weight to 100 instead of 0:- In the Backends section, find
canary-backend-blue
, then click → Edit. - In the Weight field, enter
100
. - Tap Save.
- In the Backends section, find
-
Similarly, set the weight to 0 instead of 100 for
canary-bucket-green
. -
Tap Save.
-
For the
canary-backend-blue
backend, set the weight to 100 instead of 0:yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-blue \ --weight 100
Command output:
done (1s) id: ds7l9puc18c9b40cd359 name: canary-bg-production folder_id: b1g9hv2loamqfnbul7d9 http: backends: - name: canary-backend-blue backend_weight: "100" storage_bucket: bucket: canary-bucket-blue created_at: "2021-11-03T10:28:47.680825561Z"
-
For
canary-backend-green
, set the weight to 0 instead of 100:yc alb backend-group update-http-backend \ --backend-group-name canary-bg-production \ --name canary-backend-green \ --weight 0
Command output:
done (1s) id: ds7l9puc18c9b40cd359 name: canary-bg-production folder_id: b1g9hv2loamqfnbul7d9 http: backends: - name: canary-backend-green backend_weight: "0" storage_bucket: bucket: canary-bucket-green created_at: "2021-11-03T10:28:47.680825561Z"
Use the gRPC API BackendGroupService/UpdateBackend call of the REST API updateBackend method.
-
-
Open the browser and go to
https://cdn.yandexcloud.example/index.html
, refreshing the page several times. In all other cases, you should see a page indicating version 1. -
Similarly to steps 1–2, switch all the traffic for the
cdn-staging.yandexcloud.example
domain name tocanary-backend-green
running version 2 and check the switching in the browser. -
Re-enable caching:
Management consoleAPI- In the management console, select the
example-folder
folder. - In the list of services, select Cloud CDN.
- Select the created CDN resource (the list of resources will contain its primary domain name:
cdn.yandexcloud.example
). - Go to the Caching tab
- Click Edit.
- Enable CDN caching.
- Tap Save.
- Get the ID of the CDN resource that you created using the gRPC API ResourceService/List call or the REST API list method.
- To enable caching, use the gRPC API ResourceService/Update call or the REST API list method.
- In the management console, select the
Delete the resources you created
To shut down the infrastructure and stop paying for the created resources:
- If you set up CNAME records in Cloud DNS, delete
canary-dns-zone
. - Delete the CDN resource with the primary
cdn.yandexcloud.example
domain name. - Delete the
canary-balancer
L7 load balancer. - Delete all objects from the
canary-bucket-blue
andcanary-bucket-green
buckets. - Delete the
canary-bucket-blue
andcanary-bucket-green
buckets. - Delete the
canary-subnet-ru-central1-a
,canary-subnet-ru-central1-b
, andcanary-subnet-ru-central1-c
subnets. - Delete
canary-network
.