Blue/green deployments for safe Convox release updates

I’m always a bit nervous about updating my Convox racks, because updating the version often causes some short outages. For example, my API briefly went offline when I updated from 3.3.4 to 3.5.0.

It would be really really nice if Convox had some built-in support for blue/green deployments for the entire infrastructure. I would like to spin up a completely new EKS cluster and new servers, and then update DNS records to point to the new Convox infrastructure. This would also prevent any risk of downtime, since updates are only happening on the new infrastructure before it starts serving any requests.

I believe that Convox would also need to have support for the DNS01 Challenge Provider for LetsEncrypt, so that it could issue SSL certs for the new infrastructure before it starts serving requests. An actual Cloudflare integration would be incredibly useful, so that I could just give Convox my Cloudflare API key and it could handle the rest. It could go even further and even update my Cloudflare DNS record to point to the new router once it’s ready to accept requests.

Another (better) way might be to export the existing SSL certs and import them into the new EKS cluster. I’m not sure if that’s possible or easy to do.

EDIT: It seems very straightforward: Backup and Restore Resources - cert-manager Documentation

I could automate most of this myself with a script, but it would be amazing if Convox had first-class support for this pattern. I’m trying to aim for 100% uptime (or as close as possible), so it feels very risky to update the Convox release on my live production servers.