From 39ac723f5e1a631bf0632ac69cf6548125e833df Mon Sep 17 00:00:00 2001
From: Max Brunsfeld <maxbrunsfeld@gmail.com>
Date: Wed, 29 Sep 2021 14:53:20 -0700
Subject: [PATCH] Add SYS_ADMIN capability to the server container

This will let us run perf(1) on the zed-server to debug
any performance problems we encounter in production.

Co-Authored-By: Nathan Sobo <nathan@zed.dev>
---
 server/k8s/manifest.template.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server/k8s/manifest.template.yml b/server/k8s/manifest.template.yml
index 02a30232e3..ff9929e98a 100644
--- a/server/k8s/manifest.template.yml
+++ b/server/k8s/manifest.template.yml
@@ -76,3 +76,8 @@ spec:
                 secretKeyRef:
                   name: github
                   key: privateKey
+          securityContext:
+            capabilities:
+              # FIXME - Switch to the more restrictive `PERFMON` capability.
+              # This capability isn't yet available in a stable version of Debian.
+              add: ["SYS_ADMIN"]