gke cloudsql

• create serviceAccount with cloudsql privelage
• down cloudsql json key
• create kubectl secert
  ```
  kubectl create secret generic cloudsql-oauth-credentials --from-file=credentails.json=.json
  ```
• deployment.yaml
  ```
  

  volumes:
    - name: cloudsql-oauth-credentials
      secret:
        secretName: cloudsql-oauth-credentials
  
    - name: ssl-certs
      hostPath:
        path: /etc/ssl/certs
  
    - name: cloudsql
      emptyDir: {}
  
  - name: cloudsql-proxy
    image: gcr.io/cloudsql-docker/gce-proxy:1.11
    command: ["/cloud_sql_proxy",
              "-instances=projectName:region:instance=tcp:3306",
              "-credential_file=/secrets/cloudsql/credentials.json"]
    ports:
      - containerPort: 3306
        protocol: TCP
    securityContext:
      runAsUser: 2  # non-root user    allowPrivilegeEscalation: false
    volumeMounts:
      - name: cloudsql-oauth-credentials
        mountPath: /secrets/cloudsql
        readOnly: true
  

  ```