diff --git a/.github/workflows/operator-integration-test.yml b/.github/workflows/operator-integration-test.yml
index 9a23a2013..2e55849e1 100644
--- a/.github/workflows/operator-integration-test.yml
+++ b/.github/workflows/operator-integration-test.yml
@@ -1094,6 +1094,52 @@ jobs:
 
           echo "Updated JWT API invocation test passed (correctly rejected)!"
 
+      - name: Test Gateway Helm Upgrade
+        run: |
+          echo "Updating ConfigMap to trigger Helm Upgrade..."
+          kubectl get configmap test-gateway-config -o jsonpath='{.data.values\.yaml}' > values.yaml
+          
+          # Replace annotations to trigger upgrade
+          sed -i 's/annotations: {}/annotations: {helm-upgrade-test: "true"}/g' values.yaml
+          
+          kubectl create configmap test-gateway-config --from-file=values.yaml=values.yaml --dry-run=client -o yaml | kubectl apply -f -
+          
+          echo "Waiting for deployment update..."
+          # Give the operator a moment to detect and start the upgrade
+          sleep 5
+          kubectl wait --for=jsonpath='{.metadata.annotations.helm-upgrade-test}=true' deployment/test-gateway-gateway-router --timeout=180s
+          
+          echo "Deployment metadata updated. Waiting for rollout to complete..."
+          
+          # Wait for the deployments to finish rolling out to ensure stability
+          kubectl rollout status deployment/test-gateway-gateway-controller --timeout=300s
+          kubectl rollout status deployment/test-gateway-gateway-router --timeout=300s
+          kubectl rollout status deployment/test-gateway-gateway-policy-engine --timeout=300s || true
+          
+          echo "Waiting for Gateway CR to be Programmed..."
+          kubectl wait --for=condition=Programmed gateway/test-gateway --timeout=180s
+
+          echo "Gateway rollout complete. Verifying Controller health..."
+          # Give it a moment to stabilize
+          sleep 20
+
+          # Port forward the new controller to check health
+          kubectl port-forward svc/test-gateway-gateway-controller 9091:9090 &
+          PF_PID=$!
+          sleep 5
+          
+          HEALTH_STATUS=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:9091/health)
+          echo "Controller Health Status: $HEALTH_STATUS"
+          
+          kill $PF_PID || true
+          
+          if [ "$HEALTH_STATUS" != "200" ]; then
+            echo "Gateway Controller is not healthy after upgrade!"
+            exit 1
+          fi
+          
+          echo "Helm upgrade, rollout, and health check verified."
+
       - name: Multi-namespace API test
         run: |
           echo "Creating namespace test-ns..."
diff --git a/kubernetes/gateway-operator/internal/controller/restapi_controller.go b/kubernetes/gateway-operator/internal/controller/restapi_controller.go
index 3ab9f2a3f..cdc298de8 100644
--- a/kubernetes/gateway-operator/internal/controller/restapi_controller.go
+++ b/kubernetes/gateway-operator/internal/controller/restapi_controller.go
@@ -296,6 +296,17 @@ func (r *RestApiReconciler) processDeployment(
 	retryCount := 0
 	if hasExisting && existingEntry.Generation == generation {
 		retryCount = existingEntry.RetryCount
+
+		// Respect backoff if set
+		if !existingEntry.NextRetryTime.IsZero() {
+			wait := time.Until(existingEntry.NextRetryTime)
+			if wait > 0 {
+				r.Logger.Info("Waiting for backoff",
+					zap.String("api", apiConfig.Name),
+					zap.Duration("wait", wait))
+				return ctrl.Result{RequeueAfter: wait}, nil
+			}
+		}
 	}
 
 	// Update tracker to Processing