There are several ways to ship a new version without downtime. This post covers how rolling updates, blue-green, and canary deployments work, their trade-offs, and basic Kubernetes implementations.
Why clicking through the AWS console is a recipe for pain, and how declaring infrastructure as code with Terraform changes everything. Practical VPC + EC2 + RDS example included.
Solving server waste at dawn and crashes at lunch. Understanding Auto Scaling vs Serverless through 'Taxi Dispatch' and 'Pizza Delivery' analogies. Plus, cost-saving tips using Spot Instances.
How to deploy without shutting down servers. Differences between Rolling, Canary, and Blue-Green. Deep dive into Database Rollback strategies, Online Schema Changes, AWS CodeDeploy integration, and Feature Toggles.
Why your server isn't hacked. From 'Packet Filtering' checking ports/IPs to AWS Security Groups. Evolution of Firewalls.
Deployments are nerve-wracking. The moment you push code, something can go wrong. So how you deploy matters just as much as what you deploy.
There are three major zero-downtime deployment strategies: rolling updates, blue-green, and canary. Each fits different situations with different trade-offs. Let's get clear on which to use when.
It used to be normal to post a maintenance notice and deploy at 3am. Not anymore.
Knowing how to deploy without downtime is now a baseline skill, not a bonus.
Replace instances one at a time (or in batches). Bring up a new version pod, then take down an old version pod.
Before: [v1] [v1] [v1] [v1]
Step 1: [v2] [v1] [v1] [v1]
Step 2: [v2] [v2] [v1] [v1]
Step 3: [v2] [v2] [v2] [v1]
After: [v2] [v2] [v2] [v2]
During the roll, both v1 and v2 serve traffic simultaneously. This means the two versions must be backward compatible with each other. DB schema changes or breaking API changes will cause issues.
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-service
spec:
replicas: 4
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1 # how many extra pods can exist during rollout
maxUnavailable: 0 # how many pods can be down (0 = always keep 4 running)
selector:
matchLabels:
app: api-service
template:
metadata:
labels:
app: api-service
spec:
containers:
- name: api-service
image: my-registry/api-service:v2
readinessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
With maxUnavailable: 0, at least 4 pods always run. The readinessProbe ensures traffic only flows to pods that are ready.
# Roll back to previous version immediately
kubectl rollout undo deployment/api-service
# Roll back to a specific revision
kubectl rollout undo deployment/api-service --to-revision=3
# Check rollout status
kubectl rollout status deployment/api-service
Maintain two identical production environments. "Blue" is currently live; "Green" is the new version. When the new version is ready, switch all traffic at once.
Phase 1 (before switch):
Traffic → [Blue: v1] [Blue: v1] [Blue: v1] [Blue: v1]
[Green: v2] [Green: v2] [Green: v2] [Green: v2] (standby)
Phase 2 (switch):
Traffic → [Green: v2] [Green: v2] [Green: v2] [Green: v2]
[Blue: v1] [Blue: v1] [Blue: v1] [Blue: v1] (standby, for rollback)
Phase 3 (after stabilization):
Decommission Blue, or repurpose it as the next deployment's "Blue"
# blue-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-service-blue
spec:
replicas: 4
selector:
matchLabels:
app: api-service
version: blue
template:
metadata:
labels:
app: api-service
version: blue
spec:
containers:
- name: api-service
image: my-registry/api-service:v1
---
# green-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-service-green
spec:
replicas: 4
selector:
matchLabels:
app: api-service
version: green
template:
metadata:
labels:
app: api-service
version: green
spec:
containers:
- name: api-service
image: my-registry/api-service:v2
---
# service.yaml — traffic switch happens here
apiVersion: v1
kind: Service
metadata:
name: api-service
spec:
selector:
app: api-service
version: blue # ← change this label to switch traffic
ports:
- port: 80
targetPort: 3000
Switching traffic means changing just one label in the Service selector:
# Switch to green
kubectl patch service api-service \
-p '{"spec":{"selector":{"version":"green"}}}'
# Something wrong? Instant rollback to blue (1-2 seconds)
kubectl patch service api-service \
-p '{"spec":{"selector":{"version":"blue"}}}'
Named after the canary in the coal mine — miners sent canaries ahead to detect toxic gas. You expose the new version to a small percentage of traffic first, validate it's safe, then gradually increase.
Traffic split (gradually increasing):
90% → [v1] [v1] [v1]
10% → [v2] ← canary
After validation:
70% → [v1] [v1] [v1]
30% → [v2] [v2]
Full rollout:
0% → (v1 removed)
100% → [v2] [v2] [v2] [v2]
# canary-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: api-service-canary
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-weight: "10" # 10% of traffic
spec:
rules:
- host: api.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: api-service-canary
port:
number: 80
# stable-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: api-service-stable
spec:
rules:
- host: api.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: api-service-stable
port:
number: 80
Adjusting the canary weight is just an annotation update:
# Increase canary to 30%
kubectl annotate ingress api-service-canary \
nginx.ingress.kubernetes.io/canary-weight="30" --overwrite
# If clean, bump to 50%
kubectl annotate ingress api-service-canary \
nginx.ingress.kubernetes.io/canary-weight="50" --overwrite
# After full rollout, update stable and remove canary ingress
kubectl set image deployment/api-service-stable api-service=my-registry/api-service:v2
kubectl delete ingress api-service-canary
Send only specific users (internal staff, beta testers) to the new version:
metadata:
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-by-header: "X-Canary"
nginx.ingress.kubernetes.io/canary-by-header-value: "true"
Only requests with the X-Canary: true header get routed to the canary.
const CANARY_METRICS = {
errorRate: {
threshold: 0.01, // error rate below 1%
query: 'rate(http_requests_total{status=~"5.."}[5m]) / rate(http_requests_total[5m])'
},
p99Latency: {
threshold: 500, // P99 latency below 500ms
query: 'histogram_quantile(0.99, rate(http_request_duration_ms_bucket[5m]))'
},
successRate: {
threshold: 0.99, // success rate above 99%
query: 'rate(http_requests_total{status=~"2.."}[5m]) / rate(http_requests_total[5m])'
}
};
| Factor | Rolling Update | Blue-Green | Canary |
|---|---|---|---|
| Downtime | None | None | None |
| Rollback Speed | Slow (re-roll) | Very fast (seconds) | Fast |
| Cost | Low | High (2x infra) | Medium |
| Complexity | Low | Medium | High |
| Blast Radius | Gradual | Full (on switch) | Limited (10–30%) |
| Version Coexistence | Yes | No | Yes |
| DB Migration | Tricky | Tricky | Tricky |
| Best Fit | Small/medium teams | Medium/large teams | Large, high-availability |
In practice, many teams use a mix: rolling for routine deploys, blue-green for major releases, canary for large feature launches.
Regardless of strategy, schema changes need to be managed separately. The expand-contract pattern:
-- Step 1: Add new column (backward-compatible, before deploy)
ALTER TABLE users ADD COLUMN display_name VARCHAR(100);
-- Step 2: Deploy new code (starts writing display_name)
-- Old code still running, so column must be nullable
-- Step 3: Backfill data
UPDATE users SET display_name = username WHERE display_name IS NULL;
-- Step 4: Add NOT NULL constraint (after old version is fully gone)
ALTER TABLE users ALTER COLUMN display_name SET NOT NULL;
-- Step 5: Drop old column (a few deploys later)
ALTER TABLE users DROP COLUMN username;
This staged approach works safely with any deployment strategy.
Argo Rollouts is a Kubernetes controller that makes canary and blue-green far easier to manage:
# rollout.yaml
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: api-service
spec:
replicas: 4
strategy:
canary:
steps:
- setWeight: 10 # 10% canary
- pause: {} # wait for manual approval
- setWeight: 30 # bump to 30%
- pause:
duration: 10m # auto-wait 10 minutes
- setWeight: 60
- pause:
duration: 10m
- setWeight: 100 # full rollout
analysis:
templates:
- templateName: success-rate
startingStep: 2
args:
- name: service-name
value: api-service-canary
template:
# ... Pod spec
If error rate exceeds the threshold, Argo Rollouts automatically rolls back. This is "Progressive Delivery" in practice.
Choosing a deployment strategy comes down to balancing three trade-offs:
The right fit depends on team size, service criticality, and deploy frequency. The goal is to make deployment a routine process, not a stressful event. The right strategy makes that journey a lot smoother.