Envoy: suggested improvement: allow specifying environment variable for unix socket path

Would we want pipe paths to have arbitrary env var expansion? Or a single environment variable for all UDS paths?

I don't think there are any additional security concerns, but adding environment variable dependencies adds another dimension when trying to understand Envoy configurations state (we already have bootstrap config, runtime filesystem and dynamic configuration via xDS).

Another thought on this proposal; It seems we can accomplish the above with bootstrap and a local xDS proxy that can manipulate xDS based on the local context. This is admittedly a lot more complicated, but it has the advantage we have less mechanism inside Envoy.

I'm not sure I understand the first question, but here's the type of proto change I'm suggesting https://github.com/mpuncel/envoy/commit/0e3cfd341875e9e9dae228b4939f5d23bc2e1cea

You raise a good point that adding indirection to Envoy's configuration adds some cost to this. If I inspect the listeners via /config_dump I won't see the socket path anymore, I'd see an environment variable and then I'd have to go figure out what that environment variable is to know what's going on.

Some way of avoiding specifying paths in xDS would be useful, because these paths are brittle and will break if something changes on the server Envoy is running on.

closing this, I think it's moot for use cases using containes, and can be solved in other ways for others

Hm, I just found this and I would like this as well inside Docker container so that I can configure through environment variable to where a container should connect.