Zero down time deployments

For production read-only endpoints, it may be necessary to perform deployments of software and/or content updates without down time.

Zero down time deployments are possible for read-only endpoints by standing up a parallel instance (or instances for a horizontally scaled endpoint) with new software/content using its own filesystem storage and database. This can be swapped into service with the existing Ontoserver instance which can then be terminated.

This is best handled using a load balancer that the new container can be enlisted with once it is booted and loaded with content, and the old container can be disconnected from the load balancer, existing connections drained and then terminated.

In the above diagram the following states/steps are followed:

1. An instance is deployed, populated from Feed A and delivered via a load balancer to the consumer.
2. A new Feed B is deployed, and a new container is created populating from Feed Bbut not yet connected to the load balancer.
3. Once ready for service, the new container populated from Feed B is connected to the load balancer to serve new incoming requests. The old container populated from Feed A is kept until all active client connections are drained and as a hot standby should the new container populated from Feed B need to be rolled back.
4. Once connections are fully drained and it is clear rollback from the new container populated from Feed B will not be required, the old container populated from Feed Acan be terminated. Note that Feed A itself can be retained should it be necessary to boot a container and populated it from Feed A to roll back in the future, or perform analysis of what was deployed at that time.

This example refers to a change in the content through preload feed, but this is just as applicable for a software update to Ontoserver.