---
Parameters:
  EnvironmentName:
    Type: String
    Description: Environment name that joins all the stacks

  AppMeshMeshName:
    Type: String
    Description: Name of mesh

  EnvoyImageName:
    Type: String
    Description: The image to use for the Envoy container

  ColorTellerImageName:
    Description: The name for the color teller image
    Type: String

Resources:

  ColorTellerServiceDiscoveryRecord:
    Type: 'AWS::ServiceDiscovery::Service'
    Properties:
      Name: "colorteller"
      DnsConfig:
        NamespaceId:
          'Fn::ImportValue': !Sub "${EnvironmentName}:ECSServiceDiscoveryNamespace"
        DnsRecords:
          - Type: A
            TTL: 300
      HealthCheckCustomConfig:
        FailureThreshold: 1

  ColorTellerTaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      RequiresCompatibilities:
        - 'FARGATE'
      Family: 'colorteller'
      NetworkMode: 'awsvpc'
      Cpu: 256
      Memory: 512
      TaskRoleArn:
        'Fn::ImportValue': !Sub "${EnvironmentName}:TaskIamRoleArn"
      ExecutionRoleArn:
        'Fn::ImportValue': !Sub "${EnvironmentName}:TaskExecutionIamRoleArn"
      ProxyConfiguration:
        Type: 'APPMESH'
        ContainerName: 'envoy'
        ProxyConfigurationProperties:
          - Name: 'IgnoredUID'
            Value: '1337'
          - Name: 'ProxyIngressPort'
            Value: '15000'
          - Name: 'ProxyEgressPort'
            Value: '15001'
          - Name: 'AppPorts'
            Value: '9080'
          - Name: 'EgressIgnoredIPs'
            Value: '169.254.170.2,169.254.169.254'
      ContainerDefinitions:
        - Name: 'app'
          Image: !Sub '${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ColorTellerImageName}'
          Essential: true
          DependsOn:
            - ContainerName: 'envoy'
              Condition: 'HEALTHY'
          LogConfiguration:
            LogDriver: 'awslogs'
            Options:
              awslogs-group:
                Fn::ImportValue: !Sub "${EnvironmentName}:ECSServiceLogGroup"
              awslogs-region: !Ref AWS::Region
              awslogs-stream-prefix: 'colorteller'
          PortMappings:
            - ContainerPort: 9080
              Protocol: 'http'
          Environment:
            - Name: 'PORT'
              Value: 9080
            - Name: 'COLOR'
              Value: 'yellow'
        - Name: envoy
          Image: !Sub '${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${EnvoyImageName}'
          Essential: true
          User: '1337'
          Ulimits:
            - Name: "nofile"
              HardLimit: 15000
              SoftLimit: 15000
          PortMappings:
            - ContainerPort: 9901
              Protocol: 'tcp'
          HealthCheck:
            Command:
              - 'CMD-SHELL'
              - 'curl -s http://localhost:9901/server_info | grep state | grep -q LIVE'
            Interval: 5
            Timeout: 2
            Retries: 3
          LogConfiguration:
            LogDriver: 'awslogs'
            Options:
              awslogs-group:
                Fn::ImportValue: !Sub "${EnvironmentName}:ECSServiceLogGroup"
              awslogs-region: !Ref AWS::Region
              awslogs-stream-prefix: 'colorteller'
          Environment:
            - Name: 'APPMESH_RESOURCE_ARN'
              Value: !Sub 'mesh/${AppMeshMeshName}/virtualNode/colorteller-vn'
            - Name: CERTIFICATE_NAME
              Value: 'colorteller'

  ColorTellerService:
    Type: 'AWS::ECS::Service'
    Properties:
      Cluster:
        'Fn::ImportValue': !Sub "${EnvironmentName}:ECSCluster"
      DeploymentConfiguration:
        MaximumPercent: 200
        MinimumHealthyPercent: 100
      DesiredCount: 1
      LaunchType: FARGATE
      ServiceRegistries:
        - RegistryArn:
            'Fn::GetAtt': ColorTellerServiceDiscoveryRecord.Arn
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: DISABLED
          SecurityGroups:
            - 'Fn::ImportValue': !Sub "${EnvironmentName}:ECSServiceSecurityGroup"
          Subnets: 
            - 'Fn::ImportValue': !Sub "${EnvironmentName}:PrivateSubnet1"
            - 'Fn::ImportValue': !Sub "${EnvironmentName}:PrivateSubnet2"
      TaskDefinition: { Ref: ColorTellerTaskDefinition }

  PublicLoadBalancerSG:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Access to the public facing load balancer
      VpcId:
        'Fn::ImportValue': !Sub "${EnvironmentName}:VPC"
      SecurityGroupIngress:
          - CidrIp: 0.0.0.0/0
            IpProtocol: tcp
            FromPort: 80
            ToPort: 80

  GatewayServiceDiscoveryRecord:
    Type: 'AWS::ServiceDiscovery::Service'
    Properties:
      Name: "gateway"
      DnsConfig:
        NamespaceId:
          'Fn::ImportValue': !Sub "${EnvironmentName}:ECSServiceDiscoveryNamespace"
        DnsRecords:
          - Type: A
            TTL: 300
      HealthCheckCustomConfig:
        FailureThreshold: 1

  GatewayTaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      RequiresCompatibilities:
        - 'FARGATE'
      Family: 'gateway'
      NetworkMode: 'awsvpc'
      Cpu: 256
      Memory: 512
      TaskRoleArn:
        'Fn::ImportValue': !Sub "${EnvironmentName}:TaskIamRoleArn"
      ExecutionRoleArn:
        'Fn::ImportValue': !Sub "${EnvironmentName}:TaskExecutionIamRoleArn"
      ContainerDefinitions:
        - Name: envoy
          Image: !Sub '${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${EnvoyImageName}'
          Essential: true
          User: '1337'
          Ulimits:
            - Name: "nofile"
              HardLimit: 15000
              SoftLimit: 15000
          PortMappings:
            - ContainerPort: 9080
              Protocol: 'tcp'
            - ContainerPort: 9901
              Protocol: 'tcp'
          HealthCheck:
            Command:
              - 'CMD-SHELL'
              - 'curl -s http://localhost:9901/server_info | grep state | grep -q LIVE'
            Interval: 5
            Timeout: 2
            Retries: 3
          LogConfiguration:
            LogDriver: 'awslogs'
            Options:
              awslogs-group:
                Fn::ImportValue: !Sub "${EnvironmentName}:ECSServiceLogGroup"
              awslogs-region: !Ref AWS::Region
              awslogs-stream-prefix: 'gateway'
          Environment:
            - Name: 'APPMESH_RESOURCE_ARN'
              Value: !Sub 'mesh/${AppMeshMeshName}/virtualGateway/gateway-vgw'
            - Name: CERTIFICATE_NAME
              Value: 'gateway'
            - Name: ENVOY_LOG_LEVEL
              Value: 'debug'

  GatewayService:
    Type: 'AWS::ECS::Service'
    DependsOn:
      - PublicLoadBalancerListener
    Properties:
      Cluster:
        'Fn::ImportValue': !Sub "${EnvironmentName}:ECSCluster"
      DeploymentConfiguration:
        MaximumPercent: 200
        MinimumHealthyPercent: 100
      DesiredCount: 1
      LaunchType: FARGATE
      ServiceRegistries:
        - RegistryArn:
            'Fn::GetAtt': GatewayServiceDiscoveryRecord.Arn
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: DISABLED
          SecurityGroups:
            - 'Fn::ImportValue': !Sub "${EnvironmentName}:ECSServiceSecurityGroup"
          Subnets: 
            - 'Fn::ImportValue': !Sub "${EnvironmentName}:PrivateSubnet1"
            - 'Fn::ImportValue': !Sub "${EnvironmentName}:PrivateSubnet2"
      LoadBalancers:
        - ContainerName: envoy
          ContainerPort: 9080
          TargetGroupArn: !Ref WebTargetGroup
      TaskDefinition: { Ref: GatewayTaskDefinition }

  # public NLB for gateway
  PublicLoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Scheme: internet-facing
      Type: network
      Subnets:
        - { 'Fn::ImportValue': !Sub "${EnvironmentName}:PublicSubnet1" }  
        - { 'Fn::ImportValue': !Sub "${EnvironmentName}:PublicSubnet2" }  

  WebTargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    DependsOn:
      - PublicLoadBalancer
    Properties:
      Protocol: TCP
      TargetType: ip
      Name: !Sub "${EnvironmentName}-web2"
      Port: 80
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: 120
      VpcId:
        'Fn::ImportValue': !Sub "${EnvironmentName}:VPC"
  
  PublicLoadBalancerListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - TargetGroupArn: !Ref WebTargetGroup
          Type: 'forward'
      LoadBalancerArn: !Ref 'PublicLoadBalancer'
      Port: 80
      Protocol: TCP

Outputs: 

  ColorAppEndpoint:
    Description: Public endpoint for Color App service
    Value: !Join ['', ['http://', !GetAtt 'PublicLoadBalancer.DNSName']]