Envoy REST XDS returning 404 for /v3/discovery:clusters and /v3/discovery:listeners

7 views
Skip to first unread message

Lakshmi

unread,
Oct 8, 2025, 9:15:16 AM (2 days ago) Oct 8
to envoy-dev

Hi everyone,
I’m working on setting up Envoy with a custom REST XDS control plane in a Kubernetes environment, and I’m running into a persistent issue where Envoy fails to fetch clusters and listeners from the control plane.

Here’s the setup and what I’ve observed:

🧱 Deployment Context

  • Envoy and control plane are both deployed in the same namespace:
    distributed-cache-tenant-dev

  • Control plane is a Spring Boot service exposing the following endpoints:

    /v3/discovery:clusters /v3/discovery:listeners

  • Envoy bootstrap configuration (simplified):

    node: id: envoy-node-1 cluster: envoy-xds static_resources: clusters: - name: xds-rest-cluster connect_timeout: 1s type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: xds-rest-cluster endpoints: - lb_endpoints: - endpoint: address: socket_address: address: accelerex-xds-svc.distributed-cache-tenant-dev.svc.cluster.local port_value: 8080 dynamic_resources: lds_config: api_config_source: api_type: REST cluster_names: [xds-rest-cluster] refresh_delay: 5s cds_config: api_config_source: api_type: REST cluster_names: [xds-rest-cluster] refresh_delay: 5s

🧩 Observed Issue

Envoy container logs show continuous warnings like:

[warning][config] [source/extensions/config_subscription/rest/http_subscription_impl.cc:120] REST update for /v3/discovery:clusters failed [warning][config] [source/extensions/config_subscription/rest/http_subscription_impl.cc:120] REST update for /v3/discovery:listeners failed

When I manually test from within the same namespace:

kubectl run -it --rm debug --image=curlimages/curl:8.2.1 -n distributed-cache-tenant-dev -- \ curl -v http://accelerex-xds-svc.distributed-cache-tenant-dev.svc.cluster.local:8080/v3/discovery/clusters

I get:

HTTP/1.1 404 {"timestamp":"2025-10-07T13:29:33.916+00:00","status":404,"error":"Not Found","path":"/v3/discovery/clusters"}

So it seems Envoy is calling /v3/discovery:clusters and /v3/discovery:listeners (note the colon), but the server was initially serving /v3/discovery/clusters and /v3/discovery/listeners.

I’ve updated the control plane to serve both:

@GetMapping({"/discovery:clusters", "/discovery/clusters"}) @GetMapping({"/discovery:listeners", "/discovery/listeners"})

However, I’m still seeing the same REST update failures in Envoy logs.

🔍 Questions

  1. Does Envoy REST XDS strictly require colon-based paths (e.g. /v3/discovery:clusters)?

  2. Are there specific response headers or structure required for REST XDS responses beyond standard JSON (e.g. Content-Type, type_url, version_info, etc.)?

  3. Any example of a minimal working REST XDS control plane implementation that successfully satisfies Envoy?

Would really appreciate any insights, examples, or references from folks who’ve implemented custom REST-based control planes for Envoy before. 🙏


Thanks

Lakshmi

Reply all
Reply to author
Forward
0 new messages