fix: Envoy rejects XDS at runtime losing all routes on restart

[davidalger]

What type of PR is this?

fix: Envoy rejects XDS at runtime losing all routes on restart

What this PR does / why we need it:

By default Envoy rejects regex routes with a max program size > 100, which is very easy to trigger with simple regex matches:

rejected: regex '^/api/v1/object/[\w]{32}/action$' RE2 program size of 107 > max program size of 100

When envoy restarts, it loses all it's config resulting in 404 responses to all requests. This change lifts the deprecated validation done by max_program_size leaving in place a warning threshold which can be used to monitor for high complexity regex routes without putting stability of the system at risk. See thread on the related issue for full details.

Which issue(s) this PR fixes:

Relates #2543

[arkodg]

LGTM thanks !

[codecov]

Codecov Report

Attention: 4 lines in your changes are missing coverage. Please review.

Comparison is base (f21f9ff) 63.94% compared to head (7e6e694) 63.97%.
Report is 1 commits behind head on main.

Files	Patch %	Lines
...frastructure/kubernetes/proxy/resource_provider.go	50.00%	0 Missing and 4 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2576      +/-   ##
==========================================
+ Coverage   63.94%   63.97%   +0.03%     
==========================================
  Files         117      117              
  Lines       18057    18061       +4     
==========================================
+ Hits        11546    11554       +8     
+ Misses       5758     5755       -3     
+ Partials      753      752       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[shawnh2]

lgtm