Is “zero downtime” realistic for database migrations?

Yes, but not with big-bang breaking schema changes. Use expand/contract, keep old+new compatible during the transition, backfill in chunks, and verify. For cross-system moves, CDC (e.g., Debezium→Kafka) is usually safer than ad-hoc dual writes.

What’s the minimum set of metrics to gate a canary?

At minimum: request rate, error rate (5xx and key 4xx), p95/p99 latency, and saturation (CPU/memory plus DB connections/replication lag). If you can add one business KPI (conversion/auth success), do it.

How do we avoid “unknown dependencies” during cutover?

Inventory outbound calls (service mesh telemetry helps), scan configs for endpoints/queues/topics, and run shadow traffic. Keep the old system warm post-cutover to catch stragglers, and alert on any traffic to deprecated routes.

When should we choose blue/green vs canary?

Blue/green is simpler when state is stable and rollback is easy (stateless services, minimal data coupling). Canary is better when you need to observe behavior under real traffic gradually—especially for performance-sensitive or dependency-heavy workloads.

Guides · Jan 3, 2026 · 8 minute read

The Zero‑Downtime Migration Checklist That Survives Real Traffic (and Real Humans)

A hands-on, step-by-step runbook for moving a critical workload without paging the team into oblivion. Includes checkpoints, exit criteria, and battle-tested tooling.

Back to all posts

The Zero‑Downtime Migration Checklist That Survives Real Traffic (and Real Humans)

Key takeaways

Implementation checklist