diff --git a/config/apiserver/deployment.yaml b/config/apiserver/deployment.yaml
index e13dd69f..f8de2057 100644
--- a/config/apiserver/deployment.yaml
+++ b/config/apiserver/deployment.yaml
@@ -11,7 +11,7 @@ spec:
   strategy:
     rollingUpdate:
       maxSurge: 25%
-      maxUnavailable: 25%
+      maxUnavailable: 0
     type: RollingUpdate
   template:
     metadata:
@@ -83,6 +83,7 @@ spec:
           - --events-provider-timeout=$(EVENTS_PROVIDER_TIMEOUT)
           - --events-provider-retries=$(EVENTS_PROVIDER_RETRIES)
           - --events-forward-extras=$(EVENTS_FORWARD_EXTRAS)
+          - --shutdown-delay-duration=$(SHUTDOWN_DELAY_DURATION)
         env:
           # Feature gates configuration
           # Sessions and UserIdentities are GA (enabled by default)
@@ -184,6 +185,8 @@ spec:
             value: "3"
           - name: EVENTS_FORWARD_EXTRAS
             value: "iam.miloapis.com/parent-api-group,iam.miloapis.com/parent-type,iam.miloapis.com/parent-name"
+          - name: SHUTDOWN_DELAY_DURATION
+            value: "10s"
         livenessProbe:
           failureThreshold: 3
           httpGet:
@@ -211,11 +214,11 @@ spec:
           timeoutSeconds: 15
         resources:
           requests:
-            cpu: 100m
-            memory: 128Mi
-          limits:
-            cpu: 500m
+            cpu: 200m
             memory: 512Mi
+          limits:
+            cpu: "1"
+            memory: 1Gi
         startupProbe:
           failureThreshold: 30
           httpGet:
diff --git a/config/apiserver/kustomization.yaml b/config/apiserver/kustomization.yaml
index a33121c3..e309f29e 100644
--- a/config/apiserver/kustomization.yaml
+++ b/config/apiserver/kustomization.yaml
@@ -3,3 +3,4 @@ kind: Kustomization
 resources:
   - deployment.yaml
   - service.yaml
+  - pdb.yaml
diff --git a/config/apiserver/pdb.yaml b/config/apiserver/pdb.yaml
new file mode 100644
index 00000000..4a32a8df
--- /dev/null
+++ b/config/apiserver/pdb.yaml
@@ -0,0 +1,9 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: milo-apiserver
+spec:
+  maxUnavailable: 20%
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: milo-apiserver
diff --git a/config/components/gateway-api/backend-traffic-policy.yaml b/config/components/gateway-api/backend-traffic-policy.yaml
new file mode 100644
index 00000000..96bdf468
--- /dev/null
+++ b/config/components/gateway-api/backend-traffic-policy.yaml
@@ -0,0 +1,37 @@
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: BackendTrafficPolicy
+metadata:
+  name: milo-apiserver
+  namespace: milo-system
+spec:
+  targetRefs:
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      name: milo-apiserver
+  retry:
+    numRetries: 3
+    retryOn:
+      triggers:
+        - gateway-error
+        - connect-failure
+        - reset
+    perRetry:
+      backOff:
+        baseInterval: 100ms
+        maxInterval: 1s
+      timeout: 2s
+  healthCheck:
+    active:
+      type: HTTP
+      http:
+        path: /readyz
+      interval: 5s
+      timeout: 3s
+      unhealthyThreshold: 2
+      healthyThreshold: 1
+    passive:
+      consecutive5XxErrors: 2
+      consecutiveGatewayErrors: 1
+      interval: 3s
+      baseEjectionTime: 15s
+      maxEjectionPercent: 33
diff --git a/config/components/gateway-api/kustomization.yaml b/config/components/gateway-api/kustomization.yaml
index 02c1ab2f..befaa445 100644
--- a/config/components/gateway-api/kustomization.yaml
+++ b/config/components/gateway-api/kustomization.yaml
@@ -4,3 +4,4 @@ kind: Component
 resources:
   - httproute.yaml
   - backend-tls-policy.yaml
+  - backend-traffic-policy.yaml