diff --git a/config/envoyconfig/bootstrap.go b/config/envoyconfig/bootstrap.go
index 5f76715c4..a5e94df9e 100644
--- a/config/envoyconfig/bootstrap.go
+++ b/config/envoyconfig/bootstrap.go
@@ -9,6 +9,7 @@ import (
 	envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
 	envoy_config_metrics_v3 "github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3"
 	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/structpb"
 
 	"github.com/pomerium/pomerium/config"
 	"github.com/pomerium/pomerium/internal/telemetry"
@@ -27,6 +28,29 @@ func (b *Builder) BuildBootstrapAdmin(cfg *config.Config) (*envoy_config_bootstr
 	}, nil
 }
 
+// BuildBootstrapLayeredRuntime builds the layered runtime for the envoy bootstrap.
+func (b *Builder) BuildBootstrapLayeredRuntime() (*envoy_config_bootstrap_v3.LayeredRuntime, error) {
+	layer, err := structpb.NewStruct(map[string]interface{}{
+		"overload": map[string]interface{}{
+			"global_downstream_max_connections": 50000,
+		},
+	})
+	if err != nil {
+		return nil, fmt.Errorf("envoyconfig: failed to create layered runtime layer: %w", err)
+	}
+
+	return &envoy_config_bootstrap_v3.LayeredRuntime{
+		Layers: []*envoy_config_bootstrap_v3.RuntimeLayer{
+			{
+				Name: "static_layer_0",
+				LayerSpecifier: &envoy_config_bootstrap_v3.RuntimeLayer_StaticLayer{
+					StaticLayer: layer,
+				},
+			},
+		},
+	}, nil
+}
+
 // BuildBootstrapStaticResources builds the static resources for the envoy bootstrap. It includes the control plane
 // cluster.
 func (b *Builder) BuildBootstrapStaticResources() (*envoy_config_bootstrap_v3.Bootstrap_StaticResources, error) {
diff --git a/config/envoyconfig/bootstrap_test.go b/config/envoyconfig/bootstrap_test.go
index 141bad6c4..82b29b0c2 100644
--- a/config/envoyconfig/bootstrap_test.go
+++ b/config/envoyconfig/bootstrap_test.go
@@ -40,6 +40,22 @@ func TestBuilder_BuildBootstrapAdmin(t *testing.T) {
 	})
 }
 
+func TestBuilder_BuildBootstrapLayeredRuntime(t *testing.T) {
+	b := New("localhost:1111", "localhost:2222", filemgr.NewManager(), nil)
+	staticCfg, err := b.BuildBootstrapLayeredRuntime()
+	assert.NoError(t, err)
+	testutil.AssertProtoJSONEqual(t, `
+		{ "layers": [{
+			"name": "static_layer_0",
+			"staticLayer": {
+				"overload": {
+					"global_downstream_max_connections": 50000
+				}
+			}
+		}] }
+	`, staticCfg)
+}
+
 func TestBuilder_BuildBootstrapStaticResources(t *testing.T) {
 	t.Run("valid", func(t *testing.T) {
 		b := New("localhost:1111", "localhost:2222", filemgr.NewManager(), nil)
diff --git a/internal/envoy/envoy.go b/internal/envoy/envoy.go
index f80186788..5e148f483 100644
--- a/internal/envoy/envoy.go
+++ b/internal/envoy/envoy.go
@@ -273,12 +273,18 @@ func (srv *Server) buildBootstrapConfig(cfg *config.Config) ([]byte, error) {
 		return nil, err
 	}
 
+	layeredRuntimeCfg, err := srv.builder.BuildBootstrapLayeredRuntime()
+	if err != nil {
+		return nil, err
+	}
+
 	bootstrapCfg := &envoy_config_bootstrap_v3.Bootstrap{
 		Node:             nodeCfg,
 		Admin:            adminCfg,
 		DynamicResources: dynamicCfg,
 		StaticResources:  staticCfg,
 		StatsConfig:      statsCfg,
+		LayeredRuntime:   layeredRuntimeCfg,
 	}
 
 	jsonBytes, err := protojson.Marshal(proto.MessageV2(bootstrapCfg))