sopacifics opened a new issue, #2589:
URL: https://github.com/apache/apisix-ingress-controller/issues/2589
### Current Behavior
**Current Behavior**
**Summary**
After a workload pod restarts and receives a new IP, APISIX continues
routing to the old endpoint. In addition, route-level custom plugins
(auth/credentials) are not refreshed. This leads to 502 Bad Gateway responses
until a manual resync.
Also, when a new route is created via CDR, it does not appear in the admin
route list (returns 404), even though the route creation itself succeeds.
Deleting and recreating the route does not resolve the issue.
**Environment**
* helm-chart: 2.11.6
* adc: 0.21.1 (custom image for linux/arm64)
* apisix-ingress-controller: 2.0.0-rc4
* apisix: 3.13
* Traffic config: APISIX CRDs (ApisixRoute, etc.)
```
2025-09-29T10:17:21Z Service restarted
New pod IP: 10.13.195.107
APISIX admin view (after restart) still shows old node:
"upstream": {
"nodes":[{"host":"10.13.197.151","port":3000,"weight":100,"priority":0}]
}
```
APISIX then attempts to route to a non-existent pod → 502 Bad Gateway.
**Expected**
* New routes created via CRDs should appear in admin and work as expected.
* Upstream nodes should update promptly to reflect the new pod IP(s).
* Route custom plugins (auth/credentials) should reconcile with the current
CRD state.
**Actual**
* New routes are missing in admin
(`https://127.0.0.1:9180/apisix/admin/routes`) → 404 Not Found.
* Upstream continues pointing to the previous pod IP.
* Route custom plugins are not refreshed.
* Requests return 502 until a manual resync.
**Notes**
* We build our own `adc:0.21.1` image for arm64 (binary pulled from the
linked release asset).
**Versions**
* APISIX: 3.13
* Helm-chart: 2.11.6
* Ingress-controller: 2.0.0-rc4 (arm64)
* ADC: 0.21.1 (arm64)
* OS: (output of `uname -a`)
**Related Links**
* PR:
[https://github.com/api7/adc/pull/344](https://github.com/api7/adc/pull/344)
* Release:
[https://github.com/api7/adc/releases/tag/v0.21.1](https://github.com/api7/adc/releases/tag/v0.21.1)
### Expected Behavior
_No response_
### Error Logs
_No response_
### Steps to Reproduce
Steps to Reproduce
502 Bad Gateway.
- Deploy a Service/Deployment behind an ApisixRoute.
- Confirm upstream node(s) in APISIX match the running pod IP(s).
- Restart the pod (e.g., kubectl rollout restart deploy/<name>).
- Observe new pod IP via kubectl get pod -o wide.
- Query APISIX admin or /status to inspect upstream nodes.
- Send traffic to the route.
404 Not Found
- Create a new route
- Confirm that the route is created successfully
`status:
conditions:
- message: Sync Successfully
observedGeneration: 1
reason: ResourcesSynced
status: "True"
type: ResourcesAvailable`
- Observe route via kubectl get apisixroute -A
- Route is not appearing in APISIX admin route
- 404 when try to reach the new route.
### Environment
- APISIX Ingress controller version (run `apisix-ingress-controller version
--long`)
- Kubernetes cluster version (run `kubectl version`)
- OS version if running APISIX Ingress controller in a bare-metal
environment (run `uname -a`)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
