A Rolling Update is good, but for mission-critical apps, you need more control. You need a way to Test in Production before you switch 100% of the traffic.
You have two identical environments: Blue (Old) and Green (New). You deploy V2 to Green, test it thoroughly, and then flip the Load Balancer switch to point to Green. If anything fails, you flip it back to Blue instantly. **Cons:** Twice the infrastructure cost.
You deploy V2 to just 1% of your users. You monitor the error rates and performance. If it's stable, you go to 10%, 50%, and finally 100%. This is the safest way to release, as it limits the 'Blast Radius' of any hidden bugs.
Combine Canary deployments with **Feature Flags**. You ship the code, but the feature is "Off." You then turn it "On" for internal users first, then specific 'Beta' users. This decouples 'Deployment' (moving code) from 'Release' (turning on features).
Q: "How do you handle 'Schema Changes' during a Blue-Green deployment?"
Architect Answer: "The database must be **Backward Compatible**. You can never delete a column or rename it in one step. You must use the **Expand-and-Contract** pattern: 1. Add the new column. 2. Deploy V2 (which writes to both). 3. Backfill old data. 4. Deploy V3 (which only uses the new column). 5. Delete the old column. This ensures that during the 'Green' phase, the 'Blue' app doesn't crash when it sees the new schema."