You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I’m encountering an issue in a Kubernetes environment where Kong (accessing upstream services via Kubernetes Service) returns intermittent 502 errors during rolling updates of upstream pods.
Problem
During pod rolling updates, upstream pods are terminated with a preStop hook that sleeps for 15 seconds:
however, it appears that Kong is still routing traffic to connections associated with pods that are in the process of terminating.
120.229.251.78 - - [11/May/2026:13:25:22 +0000] "POST /api/service-smc/grayapi/city/shop-page HTTP/1.1" 200 req_time: "0.010" ups_addr: "10.101.241.164:8080" ups_status: "502" ups_rsp_time: "0.001" "https://servicewechat.com/wx696a42df4f2456d3/1317/page-frame.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.73(0x18004925) NetType/WIFI Language/zh_CN" kong_request_id: "42136306e1bc3932d151a33be0c78f69" trace_id: "5f03eb3f00a07cc0ecc3ec01635f2088"
2026/05/11 13:25:22 [error] 1406#0: *2290317 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 120.229.251.78, server: kong, request: "POST /api/service-smc/grayapi/city/shop-page HTTP/1.1", upstream: "http://10.101.241.164:8080/api/service-smc/grayapi/city/shop-page", host: "go.heytea.com", referrer: "https://servicewechat.com/wx696a42df4f2456d3/1317/page-frame.html", request_id: "42136306e1bc3932d151a33be0c78f69"
Suspicion
We suspect the issue is caused by Kong reusing stale keepalive connections from its upstream connection pool after pods have started terminating.
The expectation is that setting a maximum connection lifetime lower than the pod termination delay would avoid this issue.
Attempted Configuration
We tried configuring upstream keepalive behavior, but it did not achieve the expected effect:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Description
I’m encountering an issue in a Kubernetes environment where Kong (accessing upstream services via Kubernetes Service) returns intermittent 502 errors during rolling updates of upstream pods.
Problem
During pod rolling updates, upstream pods are terminated with a preStop hook that sleeps for 15 seconds:
We are using the K8s Service address for our downstream endpoints
however, it appears that Kong is still routing traffic to connections associated with pods that are in the process of terminating.
Suspicion
We suspect the issue is caused by Kong reusing stale keepalive connections from its upstream connection pool after pods have started terminating.
The expectation is that setting a maximum connection lifetime lower than the pod termination delay would avoid this issue.
Attempted Configuration
We tried configuring upstream keepalive behavior, but it did not achieve the expected effect:
Expected Behavior
We expect Kong to:
Actual Behavior
Question
Is there a supported way in Kong to:
If not, what is the recommended approach to handle this scenario in Kubernetes environments?
Beta Was this translation helpful? Give feedback.
All reactions