wso2 · sgayangi · Dec 22, 2025 · Dec 17, 2025 · Dec 19, 2025 · Dec 19, 2025
@@ -24,8 +24,8 @@ ENV LANG=C.UTF-8
 
 ARG APK_USER=wso2
 ARG APK_USER_ID=10001
-ARG CHECKSUM_AMD64="8302d54fc41d4ffbfea6871b6a04584265d5eabbe738aee2966f9a574b6f17d1"
-ARG CHECKSUM_ARM64="8ebe934e7cf29a65ca31d671a97949467fba6977d656b5e6d6c40902ae7402f6"
+ARG CHECKSUM_AMD64="b92eeb7e9ffbc3b156f85f3bb18129bd18a27f739330f6e9d3fcb630898df442"
+ARG CHECKSUM_ARM64="e5d1951a7d57de20ea88e660d555bb2563c82f520406e43bf5f4d67fa53b4606"
 ARG APK_USER_GROUP=wso2
 ARG APK_USER_GROUP_ID=10001
 ARG APK_USER_HOME=/home/${APK_USER}
@@ -47,7 +47,7 @@ RUN \
     && echo '[ ! -z "${TERM}" -a -r /etc/motd ] && cat /etc/motd' >> /etc/bash.bashrc; echo "${MOTD}" > /etc/motd
 
 RUN \
-    wget -q https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/v0.4.37/grpc_health_probe-linux-${TARGETARCH} \
+    wget -q https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/v0.4.42/grpc_health_probe-linux-${TARGETARCH} \
     && mv grpc_health_probe-linux-${TARGETARCH} ${GRPC_HEALTH_PROBE_PATH} \
     && if [ "${TARGETARCH}" = "amd64" ]; then echo "${CHECKSUM_AMD64}  ${GRPC_HEALTH_PROBE_PATH}" | sha256sum -c -; fi
 

@@ -476,6 +476,10 @@ func DeploySubscriptionRateLimitPolicyCR(policy eventhubTypes.SubscriptionPolicy
 							RequestsPerUnit: uint32(policy.DefaultLimit.RequestCount.RequestCount),
 							Unit:            policy.DefaultLimit.RequestCount.TimeUnit,
 						},
+						BurstControl: &dpv1alpha3.BurstControl{
+							RequestsPerUnit: uint32(policy.RateLimitCount),
+							Unit:            policy.RateLimitTimeUnit,
+						},
 					},
 				},
 				TargetRef: gwapiv1b1.NamespacedPolicyTargetReference{Group: constants.GatewayGroup, Kind: "Subscription", Name: "default"},
@@ -489,8 +493,16 @@ func DeploySubscriptionRateLimitPolicyCR(policy eventhubTypes.SubscriptionPolicy
 	} else {
 		crRateLimitPolicy.Spec.Override.Subscription.StopOnQuotaReach = policy.StopOnQuotaReach
 		crRateLimitPolicy.Spec.Override.Subscription.Organization = policy.TenantDomain
+		if crRateLimitPolicy.Spec.Override.Subscription.RequestCount == nil {
+			crRateLimitPolicy.Spec.Override.Subscription.RequestCount = &dpv1alpha3.RequestCount{}
+		}
 		crRateLimitPolicy.Spec.Override.Subscription.RequestCount.RequestsPerUnit = uint32(policy.DefaultLimit.RequestCount.RequestCount)
 		crRateLimitPolicy.Spec.Override.Subscription.RequestCount.Unit = policy.DefaultLimit.RequestCount.TimeUnit
+		if crRateLimitPolicy.Spec.Override.Subscription.BurstControl == nil {
+			crRateLimitPolicy.Spec.Override.Subscription.BurstControl = &dpv1alpha3.BurstControl{}
+		}
+		crRateLimitPolicy.Spec.Override.Subscription.BurstControl.RequestsPerUnit = uint32(policy.RateLimitCount)
+		crRateLimitPolicy.Spec.Override.Subscription.BurstControl.Unit = policy.RateLimitTimeUnit
 		if err := k8sClient.Update(context.Background(), &crRateLimitPolicy); err != nil {
 			loggers.LoggerK8sClient.Error("Unable to update RateLimitPolicies CR: " + err.Error())
 		} else {

@@ -141,12 +141,25 @@ func FetchRateLimitPoliciesOnEvent(ratelimitName string, organization string, c
 		logger.LoggerSynchronizer.Debugf("Policies received: %v", rateLimitPolicyList.List)
 		var rateLimitPolicies []eventhubTypes.RateLimitPolicy = rateLimitPolicyList.List
 		for _, policy := range rateLimitPolicies {
-			if policy.DefaultLimit.RequestCount.TimeUnit == "min" {
+			switch policy.DefaultLimit.RequestCount.TimeUnit {
+			case "min":
 				policy.DefaultLimit.RequestCount.TimeUnit = "Minute"
-			} else if policy.DefaultLimit.RequestCount.TimeUnit == "hour" {
+			case "hour":
 				policy.DefaultLimit.RequestCount.TimeUnit = "Hour"
-			} else if policy.DefaultLimit.RequestCount.TimeUnit == "day" {
+			case "day":
 				policy.DefaultLimit.RequestCount.TimeUnit = "Day"
+			default:
+				logger.LoggerSynchronizer.Errorf("Unsupported timeunit %s", policy.DefaultLimit.RequestCount.TimeUnit)
+				continue
+			}
+			switch policy.RateLimitTimeUnit {
+			case "min":
+				policy.RateLimitTimeUnit = "Minute"
+			case "sec":
+				policy.RateLimitTimeUnit = "Second"
+			default:
+				logger.LoggerSynchronizer.Errorf("Unsupported timeunit %s", policy.RateLimitTimeUnit)
+				continue
 			}
 			managementserver.AddRateLimitPolicy(policy)
 			logger.LoggerSynchronizer.Infof("RateLimit Policy added to internal map: %v", policy)
@@ -317,12 +330,25 @@ func FetchSubscriptionRateLimitPoliciesOnEvent(ratelimitName string, organizatio
 					logger.LoggerSynchronizer.Errorf("AIQuota type response recieved but no data found. %+v", policy.DefaultLimit)
 				}
 			} else {
-				if policy.DefaultLimit.RequestCount.TimeUnit == "min" {
+				switch policy.DefaultLimit.RequestCount.TimeUnit {
+				case "min":
 					policy.DefaultLimit.RequestCount.TimeUnit = "Minute"
-				} else if policy.DefaultLimit.RequestCount.TimeUnit == "hours" {
+				case "hours":
 					policy.DefaultLimit.RequestCount.TimeUnit = "Hour"
-				} else if policy.DefaultLimit.RequestCount.TimeUnit == "days" {
+				case "days":
 					policy.DefaultLimit.RequestCount.TimeUnit = "Day"
+				default:
+					logger.LoggerSynchronizer.Errorf("Unsupported timeunit %s", policy.DefaultLimit.RequestCount.TimeUnit)
+					continue
+				}
+				switch policy.RateLimitTimeUnit {
+				case "min":
+					policy.RateLimitTimeUnit = "Minute"
+				case "sec":
+					policy.RateLimitTimeUnit = "Second"
+				default:
+					logger.LoggerSynchronizer.Errorf("Unsupported timeunit %s", policy.RateLimitTimeUnit)
+					continue
 				}
 				managementserver.AddSubscriptionPolicy(policy)
 				logger.LoggerSynchronizer.Infof("RateLimit Policy added to internal map: %v", policy)

@@ -178,12 +178,14 @@ type RateLimitPolicyList struct {
 
 // RateLimitPolicy for struct RateLimitPolicy Info events
 type RateLimitPolicy struct {
-	TenantDomain    string           `json:"tenantDomain"`
-	Name            string           `json:"name"`
-	QuotaType       string           `json:"quotaType"`
-	ConditionGroups []ConditionGroup `json:"conditionGroups"`
-	ApplicableLevel string           `json:"applicableLevel"`
-	DefaultLimit    DefaultLimit     `json:"defaultLimit"`
+	TenantDomain      string           `json:"tenantDomain"`
+	Name              string           `json:"name"`
+	QuotaType         string           `json:"quotaType"`
+	ConditionGroups   []ConditionGroup `json:"conditionGroups"`
+	ApplicableLevel   string           `json:"applicableLevel"`
+	DefaultLimit      DefaultLimit     `json:"defaultLimit"`
+	RateLimitCount    int              `json:"rateLimitCount"`
+	RateLimitTimeUnit string           `json:"rateLimitTimeUnit"`
 }
 
 // ConditionGroup represents the condition group within the response.

@@ -70,13 +70,13 @@ spec:
               mountPath: /home/wso2/conf/
             - name: apk-agent-certificates
               mountPath: /home/wso2/security/keystore/apk-agent.key
-              subPath: tls.key
+              subPath: {{ .Values.configs.tls.certKeyFilename | default "tls.key" }}
             - name: apk-agent-certificates
               mountPath: /home/wso2/security/keystore/apk-agent.crt
-              subPath: tls.crt
+              subPath: {{ .Values.configs.tls.certFilename | default "tls.crt" }}
             - name: apk-agent-certificates
               mountPath: /home/wso2/security/truststore/apk-agent-ca.crt
-              subPath: ca.crt
+              subPath: {{ .Values.configs.tls.certCAFilename | default "ca.crt" }}
           readinessProbe:
             exec:
               command: [ "sh", "check_health.sh" ]
@@ -106,4 +106,4 @@ spec:
             name: {{ .Release.Name }}-log-conf
         - name: apk-agent-certificates
           secret:
-            secretName: apk-agent-server-cert
+            secretName: {{ .Values.configs.tls.secretName | default "apk-agent-server-cert"}}
@@ -56,3 +56,9 @@ serviceAccount:
   enableClusterRoleCreation: true
   serviceAccountName: wso2agent-platform
   roleName: wso2agent-role
+# configs:
+#   tls:
+#     secretName: "apk-agent-tls-secret"
+#     certKeyFilename: "tls.key"
+#     certFilename: "tls.crt"
+#     certCAFilename: "ca.crt"