apiVersion: apps/v1
kind: Deployment
metadata:
  name: api-node
  labels:
    app: api-node
spec:
  replicas: 1
  selector:
    matchLabels:
      app: api-node
  template:
    metadata:
      labels:
        app: api-node
    spec:
      containers:
      - name: kpb-api-business
        image: gcr.io/projeto/api-node
        ports:
          - containerPort: 3000
        env:
          - name: NODE_ENV
            value: staging
          - name: PORT
            value: "3000"
          - name: VIRTUAL_PORT
            value: "3000"
          - name: GCS_BUCKET
            value: bucket
          - name: GCLOUD_PROJECT
            value: project
          - name: GOOGLE_APPLICATION_CREDENTIALS
            value: /app/credential_file
          - name: ENC_FILE
            value: "/app/encfile.enc"
          - name: DB_USER
            valueFrom:
              secretKeyRef:
                name: cloudsql-db-user-credentials
                key: username
          - name: DB_PASSWORD
            valueFrom:
              secretKeyRef:
               name: cloudsql-db-passwd-credentials
               key: password
        
      - name: cloudsql-proxy
        image: gcr.io/cloudsql-docker/gce-proxy:1.11
        command: ["/cloud_sql_proxy","-instances=instance-connection=tcp:3306","-credential_file=/secrets/cloudsql/credentials.json"]
        securityContext:
          runAsUser: 2
          allowPrivilegeEscalation: false
        volumeMounts:
            - name: cloudsql-instance-credentials
              mountPath: /secrets/cloudsql
              readOnly: true
      volumes:
        - name: cloudsql-instance-credentials
          secret:
            secretName: cloudsql-instance-credentials