I was going to ask why do you do it in this way, but I've just seen that you're following the CF doc.
It's better to update the labels in the deployment than the labels in the service. By doing it your way, there might be some downtime (when the selector changes and the endpoints are updated).
1.- Deploy version A, labels as color=Blue,access=public
2.- Create a service PUBLIC with selector access=public
3.- Deploy version B, label as color=Green
4.- Create a service INTERNAL with selector color=Green
This is the setup until Step 2
in the CF page. Now we have to update the access, this is, version B has to be accessed via the PUBLIC service. To do so, you have to add the access label to version B
kubectl label pods -l color=green access=public
Now you have Step 3
, public traffic is sent to both pods: green and blue. Then we remove the blue pod (version A)
kubectl label pods -l color=blue access-
etc... Using labels at the right level will guarantee no issues ๐