---
name: loggr-forwarder-agent

templates:
  bpm.yml.erb: config/bpm.yml
  prom_scraper_config.yml.erb: config/prom_scraper_config.yml
  loggregator_ca.crt.erb: config/certs/loggregator_ca.crt
  forwarder.crt.erb: config/certs/forwarder.crt
  forwarder.key.erb: config/certs/forwarder.key
  metrics_ca.crt.erb: config/certs/metrics_ca.crt
  metrics.crt.erb: config/certs/metrics.crt
  metrics.key.erb: config/certs/metrics.key

packages:
- forwarder-agent

properties:
  port:
    description: "Port the agent is serving gRPC via mTLS"
    default: 3458
  downstream_ingress_port_glob:
    description: |
      Files matching the glob are expected to contain ports of downstream
      consumers that will be bound to 127.0.0.1:{port} with the provided
      mTLS configuration. The forwarder assumes the downstream server is
      serving Loggregator's V2 IngressService. See code.cloudfoundry.org/loggregator-api.
    default: /var/vcap/jobs/*/config/ingress_port.yml

  deployment:
    description: "Name of deployment (added as tag on all outgoing v1 envelopes)"
    default: ""
  tags:
    description: "Collection of tags to add on all outgoing v2 envelopes. Bosh deployment, job, index and IP will be merged with this property if they are not provided"
    default: {}
    example: {"deployment": "cf"}

  tls.ca_cert:
    description: |
      TLS loggregator root CA certificate. It is required for key/cert
      verification.
  tls.cert:
    description: "TLS certificate for forwarder signed by the loggregator CA"
  tls.key:
    description: "TLS private key for forwarder signed by the loggregator CA"
  tls.cipher_suites:
    description: |
      An ordered list of supported SSL cipher suites. Allowed cipher suites are
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384.
    default: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"

  metrics.port:
    description: "Port the agent uses to serve metrics and debug information"
    default: 14823
  metrics.ca_cert:
    description: "TLS CA cert to verify requests to metrics endpoint."
  metrics.cert:
    description: "TLS certificate for metrics server signed by the metrics CA"
  metrics.key:
    description: "TLS private key for metrics server signed by the metrics CA"
  metrics.server_name:
    description: "The server name used in the scrape configuration for the metrics endpoint"
