What if my workload maintains sticky sessions?

Centralize session state (Redis, DynamoDB) or temporarily reduce stickiness during cutover. Ensure both blue and green can read the same session store and validate serialization format compatibility.

Can I skip dual-writes if I trust my backfill?

You can, but I wouldn’t for critical paths. Dual-writes behind a flag buy you proof over time and a fast rollback if the new path corrupts data. Turn it off after 24–48h of clean CDC parity.

How do I handle long-lived connections (WebSockets, gRPC)?

Introduce max connection age and aggressive readines probes. Use connection draining on LBs and graceful shutdown hooks. For gRPC, set max connection age/timeouts in server and enforce retryable idempotent methods.

We don’t use Kubernetes. Does this still apply?

Yes. Replace Rollouts with Spinnaker or AWS CodeDeploy blue/green, Istio with ALB/Nginx canaries, and Prometheus gates with CloudWatch/Datadog monitors. The principles—data-first, progressive traffic, automated gates—stay the same.

Guides · Oct 14, 2025 · 10 minute read

Zero-Downtime or Bust: The Migration Checklist I Trust for Payments, Search, and Auth

A pragmatic, step-by-step runbook with gates, metrics, and tooling to move critical workloads without a blip.

Alex Rivera

Principal Engineer, GitPlumbers

20 years shipping and fixing distributed systems across fintech, commerce, and infra—ex-Stripe platform, ex-AWS SA, SRE before it was cool. At GitPlumbers, Alex leads zero-downtime modernizations and ‘oh-no’ incident rescues.

I don’t ship ‘no-risk’ migrations. I ship migrations with tiny, reversible risks and hard gates you can bet your SLOs on.

Back to all posts

Zero-Downtime or Bust: The Migration Checklist I Trust for Payments, Search, and Auth

Key takeaways

Implementation checklist