From 39ac723f5e1a631bf0632ac69cf6548125e833df Mon Sep 17 00:00:00 2001
From: Max Brunsfeld <maxbrunsfeld@gmail.com>
Date: Wed, 29 Sep 2021 14:53:20 -0700
Subject: [PATCH 1/3] Add SYS_ADMIN capability to the server container

This will let us run perf(1) on the zed-server to debug
any performance problems we encounter in production.

Co-Authored-By: Nathan Sobo <nathan@zed.dev>
---
 server/k8s/manifest.template.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server/k8s/manifest.template.yml b/server/k8s/manifest.template.yml
index 02a30232e399cb14ceebf59466fac0950ecf4968..ff9929e98a2beb2da9463c648e6dbefaaef6a06d 100644
--- a/server/k8s/manifest.template.yml
+++ b/server/k8s/manifest.template.yml
@@ -76,3 +76,8 @@ spec:
                 secretKeyRef:
                   name: github
                   key: privateKey
+          securityContext:
+            capabilities:
+              # FIXME - Switch to the more restrictive `PERFMON` capability.
+              # This capability isn't yet available in a stable version of Debian.
+              add: ["SYS_ADMIN"]

From 09f38bbd16e56260141b2e0e348580887265bfd3 Mon Sep 17 00:00:00 2001
From: Max Brunsfeld <maxbrunsfeld@gmail.com>
Date: Wed, 29 Sep 2021 14:53:52 -0700
Subject: [PATCH 2/3] Fix errors in deploy script

Also, allow deploying to staging with uncommitted changes.

Co-Authored-By: Nathan Sobo <nathan@zed.dev>
---
 script/deploy | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/script/deploy b/script/deploy
index 78f965575cce449473195f47fbe5d328afddf4a5..b375329c91fb3f83810291836788391c280509f7 100755
--- a/script/deploy
+++ b/script/deploy
@@ -22,16 +22,16 @@ if [[ ! -f $ENV_FILE ]]; then
   exit 1
 fi
 
-if [[ -n $(git status --short) ]]; then
-  echo "Cannot deploy with uncommited changes"
+if [[ $ZED_KUBE_NAMESPACE == "production" && -n $(git status --short) ]]; then
+  echo "Cannot deploy uncommited changes to production"
   exit 1
 fi
 
 git_sha=$(git rev-parse HEAD)
-export ZED_IMAGE_ID=registry.digitalocean.com/zed/zed-server:${ZED_KUBE_NAMESPACE}-${git_sha}
+export ZED_IMAGE_ID="registry.digitalocean.com/zed/zed-server:${ZED_KUBE_NAMESPACE}-${git_sha}"
 export $(cat $ENV_FILE)
 
-docker build . --tag $ZED_IMAGE_ID
-docker push $ZED_IMAGE_ID
+docker build . --tag "$ZED_IMAGE_ID"
+docker push "$ZED_IMAGE_ID"
 
 envsubst < server/k8s/manifest.template.yml | kubectl apply -f -

From a4169f1007006acf9540f402274b9308ad4f660c Mon Sep 17 00:00:00 2001
From: Max Brunsfeld <maxbrunsfeld@gmail.com>
Date: Wed, 29 Sep 2021 14:55:16 -0700
Subject: [PATCH 3/3] Add kube-shell script, for running shell commands in a
 deployed container

Co-Authored-By: Nathan Sobo <nathan@zed.dev>
---
 script/kube-shell | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100755 script/kube-shell

diff --git a/script/kube-shell b/script/kube-shell
new file mode 100755
index 0000000000000000000000000000000000000000..9181dc959c41f7c813e09cdf6f6230a08216c14f
--- /dev/null
+++ b/script/kube-shell
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [[ $# < 1 ]]; then
+  echo "Usage: $0 [production|staging|...]"
+  exit 1
+fi
+
+export ZED_KUBE_NAMESPACE=$1
+
+pod=$(kubectl --namespace=${ZED_KUBE_NAMESPACE} get pods --selector=app=zed --output=jsonpath='{.items[*].metadata.name}')
+exec kubectl --namespace $ZED_KUBE_NAMESPACE exec --tty --stdin $pod -- /bin/bash
\ No newline at end of file