fix global downstream max connections behaviour

pkg/bootstrap/config.go

@@ -18,6 +18,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"math"
 	"os"
 	"path"
 	"sort"
@@ -54,6 +55,9 @@ const (
 	// IstioMetaJSONPrefix is used to pass annotations and similar environment info.
 	IstioMetaJSONPrefix = "ISTIO_METAJSON_"
 
+	// GlobalDownstreamMaxConnections is the metadata key for global downstream max connections.
+	GlobalDownstreamMaxConnections = "ISTIO_META_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS"
+
 	lightstepAccessTokenBase = "lightstep_access_token.txt"
 
 	// required stats are used by readiness checks.
@@ -367,6 +371,29 @@ func getNodeMetadataOptions(node *model.Node, policy string) []option.Instance {
 		option.RuntimeFlags(extractRuntimeFlags(node.Metadata.ProxyConfig, policy)),
 		option.EnvoyStatusPort(node.Metadata.EnvoyStatusPort),
 		option.EnvoyPrometheusPort(node.Metadata.EnvoyPrometheusPort))
+	// Default value of max connections is the maximum integer value.
+	globalDownstreamMaxConnections := math.MaxInt32
+	// If proxy metadata is set, use it to set the global downstream max connections.
+	// If not set, use the default value of max connections.
+	// TODO: Consider moving this to proxy config A
+	metadataExists := false
+	if node.Metadata.ProxyConfig.ProxyMetadata != nil {
+		if maxConnections, err := strconv.Atoi(node.Metadata.ProxyConfig.ProxyMetadata[GlobalDownstreamMaxConnections]); err == nil {
+			globalDownstreamMaxConnections = maxConnections
+			metadataExists = true
+		}
+	}
+	if !metadataExists {
+		// If the runtime flag overload.global_downstream_max_connections is set, honor it
+		// for backwards compatibility. This will be removed in a future release.
+		globalDownstreamMaxConnectionsRuntime := globalDownstreamMaxConnectionsRuntimeFlag(node.Metadata.ProxyConfig)
+		if globalDownstreamMaxConnectionsRuntime != "" {
+			if maxConnections, err := strconv.Atoi(globalDownstreamMaxConnectionsRuntime); err == nil {
+				globalDownstreamMaxConnections = maxConnections
+			}
+		}
+	}
+	opts = append(opts, option.GlobalDownstreamMaxConnections(globalDownstreamMaxConnections))
 	return opts
 }
 
@@ -409,6 +436,15 @@ func extractRuntimeFlags(cfg *model.NodeMetaProxyConfig, policy string) map[stri
 	return runtimeFlags
 }
 
+func globalDownstreamMaxConnectionsRuntimeFlag(cfg *model.NodeMetaProxyConfig) string {
+	for k, v := range cfg.RuntimeValues {
+		if k == "overload.global_downstream_max_connections" {
+			return v
+		}
+	}
+	return ""
+}
+
 func getLocalityOptions(l *core.Locality) []option.Instance {
 	return []option.Instance{option.Region(l.Region), option.Zone(l.Zone), option.SubZone(l.SubZone)}
 }

pkg/bootstrap/instance_test.go

@@ -251,6 +251,21 @@ func TestGolden(t *testing.T) {
 				"sidecar.istio.io/statsEvictionInterval": "20s",
 			},
 		},
+		{
+			base: "global_downstream_max_connections_meta",
+			envVars: map[string]string{
+				GlobalDownstreamMaxConnections: "10000",
+			},
+		},
+		{
+			base: "global_downstream_max_connections_runtime",
+		},
+		{
+			base: "global_downstream_max_connections_both",
+			envVars: map[string]string{
+				GlobalDownstreamMaxConnections: "20000",
+			},
+		},
 	}
 
 	test.SetForTest(t, &version.Info.Version, "binary-1.0")
@@ -270,6 +285,14 @@ func TestGolden(t *testing.T) {
 				t.Fatalf("unable to load proxy config: %s\n%v", c.base, err)
 			}
 
+			// Set ProxyMetadata from env vars for global downstream max connections
+			if proxyConfig.ProxyMetadata == nil {
+				proxyConfig.ProxyMetadata = make(map[string]string)
+			}
+			if val, ok := c.envVars[GlobalDownstreamMaxConnections]; ok {
+				proxyConfig.ProxyMetadata[GlobalDownstreamMaxConnections] = val
+			}
+
 			_, localEnv := createEnv(t, map[string]string{}, c.annotations)
 			for k, v := range c.envVars {
 				localEnv = append(localEnv, k+"="+v)

pkg/bootstrap/option/instances.go

@@ -232,6 +232,10 @@ func EnvoyStatusPort(value int) Instance {
 	return newOption("envoy_status_port", value)
 }
 
+func GlobalDownstreamMaxConnections(value int) Instance {
+	return newOption("global_downstream_max_connections", value)
+}
+
 func EnvoyStatusPortEnableProxyProtocol(value bool) Instance {
 	return newOption("envoy_status_port_enable_proxy_protocol", value)
 }

pkg/bootstrap/testdata/global_downstream_max_connections_both.proxycfg

@@ -0,0 +1,13 @@
+config_path:               "/etc/istio/proxy"
+binary_path:               "/usr/local/bin/envoy"
+service_cluster:           "istio-proxy"
+drain_duration:            {seconds: 2}
+discovery_address:         "istio-pilot:15010"
+proxy_admin_port:          15000
+control_plane_auth_policy: NONE
+runtime_values:            [{ key: "overload.global_downstream_max_connections" value: "5000" }]
+
+#
+# Test case: Both ISTIO_META_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS and overload.global_downstream_max_connections set
+# ISTIO_META_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS should take precedence
+