envoy: migrate deprecated overload setting (#5082)

Migrate from overload.global_downstream_max_connections to the suggested
envoy.resource_monitors.global_downstream_max_connections replacement.

config/envoyconfig/bootstrap.go

@@ -12,7 +12,9 @@ import (
 	envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
 	envoy_config_metrics_v3 "github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3"
+	envoy_config_overload_v3 "github.com/envoyproxy/go-control-plane/envoy/config/overload/v3"
 	envoy_extensions_access_loggers_file_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3"
+	envoy_extensions_resource_monitors_downstream_connections_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/resource_monitors/downstream_connections/v3"
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/structpb"
 
@@ -21,6 +23,8 @@ import (
 	"github.com/pomerium/pomerium/internal/telemetry/trace"
 )
 
+const maxActiveDownstreamConnections = 50000
+
 var (
 	envoyAdminAddressPath = filepath.Join(os.TempDir(), "pomerium-envoy-admin.sock")
 	envoyAdminAddressMode = 0o600
@@ -68,6 +72,17 @@ func (b *Builder) BuildBootstrap(
 		return nil, err
 	}
 
+	bootstrap.OverloadManager = &envoy_config_overload_v3.OverloadManager{
+		ResourceMonitors: []*envoy_config_overload_v3.ResourceMonitor{{
+			Name: "envoy.resource_monitors.global_downstream_max_connections",
+			ConfigType: &envoy_config_overload_v3.ResourceMonitor_TypedConfig{
+				TypedConfig: marshalAny(&envoy_extensions_resource_monitors_downstream_connections_v3.DownstreamConnectionsConfig{
+					MaxActiveDownstreamConnections: maxActiveDownstreamConnections,
+				}),
+			},
+		}},
+	}
+
 	return bootstrap, nil
 }
 
@@ -135,9 +150,6 @@ func (b *Builder) BuildBootstrapDynamicResources(
 // BuildBootstrapLayeredRuntime builds the layered runtime for the envoy bootstrap.
 func (b *Builder) BuildBootstrapLayeredRuntime() (*envoy_config_bootstrap_v3.LayeredRuntime, error) {
 	layer, err := structpb.NewStruct(map[string]interface{}{
-		"overload": map[string]interface{}{
-			"global_downstream_max_connections": 50000,
-		},
 		"re2": map[string]any{
 			"max_program_size": map[string]any{
 				"error_level": 1024 * 1024,

config/envoyconfig/bootstrap_test.go

@@ -41,9 +41,6 @@ func TestBuilder_BuildBootstrapLayeredRuntime(t *testing.T) {
 		{ "layers": [{
 			"name": "static_layer_0",
 			"staticLayer": {
-				"overload": {
-					"global_downstream_max_connections": 50000
-				},
 				"re2": {
 					"max_program_size": {
 						"error_level": 1048576,
@@ -126,3 +123,28 @@ func TestBuilder_BuildBootstrapStatsConfig(t *testing.T) {
 		`, statsCfg)
 	})
 }
+
+func TestBuilder_BuildBootstrap(t *testing.T) {
+	b := New("localhost:1111", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil)
+	t.Run("OverloadManager", func(t *testing.T) {
+		bootstrap, err := b.BuildBootstrap(context.Background(), &config.Config{
+			Options: &config.Options{
+				EnvoyAdminAddress: "localhost:9901",
+			},
+		}, false)
+		assert.NoError(t, err)
+		testutil.AssertProtoJSONEqual(t, `
+			{
+				"resourceMonitors": [
+					{
+						"name": "envoy.resource_monitors.global_downstream_max_connections",
+						"typedConfig": {
+							"@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig",
+							"maxActiveDownstreamConnections": "50000"
+						}
+					}
+				]
+			}
+		`, bootstrap.OverloadManager)
+	})
+}