diff --git a/script/deploy b/script/deploy
index 1e648336d4..78f965575c 100755
--- a/script/deploy
+++ b/script/deploy
@@ -5,13 +5,33 @@
 # - Log in to the DigitalOcean docker registry
 #   doctl registry login
 #
-# - Set the default K8s context to production
+# - Target the `zed-1` kubernetes cluster
 #   doctl kubernetes cluster kubeconfig save zed-1
 
-set -e
+set -eu
 
-IMAGE_ID=registry.digitalocean.com/zed/zed-server
+if [[ $# < 1 ]]; then
+  echo "Usage: $0 [production|staging|...]"
+  exit 1
+fi
 
-docker build . --tag $IMAGE_ID
-docker push $IMAGE_ID
-kubectl rollout restart deployment zed
+export ZED_KUBE_NAMESPACE=$1
+ENV_FILE="server/k8s/environments/${ZED_KUBE_NAMESPACE}.sh"
+if [[ ! -f $ENV_FILE ]]; then
+  echo "Invalid environment name '${ZED_KUBE_NAMESPACE}'"
+  exit 1
+fi
+
+if [[ -n $(git status --short) ]]; then
+  echo "Cannot deploy with uncommited changes"
+  exit 1
+fi
+
+git_sha=$(git rev-parse HEAD)
+export ZED_IMAGE_ID=registry.digitalocean.com/zed/zed-server:${ZED_KUBE_NAMESPACE}-${git_sha}
+export $(cat $ENV_FILE)
+
+docker build . --tag $ZED_IMAGE_ID
+docker push $ZED_IMAGE_ID
+
+envsubst < server/k8s/manifest.template.yml | kubectl apply -f -
diff --git a/script/deploy-migration b/script/deploy-migration
index 251e7a4518..2ecc7d373b 100755
--- a/script/deploy-migration
+++ b/script/deploy-migration
@@ -1,11 +1,42 @@
 #!/bin/bash
 
-set -e
+# Prerequisites:
+#
+# - Log in to the DigitalOcean docker registry
+#   doctl registry login
+#
+# - Target the `zed-1` kubernetes cluster
+#   doctl kubernetes cluster kubeconfig save zed-1
 
-IMAGE_ID=registry.digitalocean.com/zed/zed-migrator
+set -eu
+
+if [[ $# < 1 ]]; then
+  echo "Usage: $0 [production|staging|...]"
+  exit 1
+fi
+
+export ZED_KUBE_NAMESPACE=$1
+ENV_FILE="server/k8s/environments/${ZED_KUBE_NAMESPACE}.sh"
+if [[ ! -f $ENV_FILE ]]; then
+  echo "Invalid environment name '${ZED_KUBE_NAMESPACE}'"
+  exit 1
+fi
+
+if [[ -n $(git status --short) ]]; then
+  echo "Cannot deploy with uncommited changes"
+  exit 1
+fi
+
+git_sha=$(git rev-parse HEAD)
+export ZED_IMAGE_ID=registry.digitalocean.com/zed/zed-migrator:${ZED_KUBE_NAMESPACE}-${git_sha}
+export ZED_MIGRATE_JOB_NAME=zed-migrate-${git_sha}
 
 docker build . \
   --file ./Dockerfile.migrator \
-  --tag $IMAGE_ID
-docker push $IMAGE_ID
-kubectl apply -f ./server/migrate.yml
+  --tag $ZED_IMAGE_ID
+docker push $ZED_IMAGE_ID
+
+envsubst < server/k8s/migrate.template.yml | kubectl apply -f -
+
+pod=$(kubectl --namespace=${ZED_KUBE_NAMESPACE} get pods --selector=job-name=${ZED_MIGRATE_JOB_NAME} --output=jsonpath='{.items[*].metadata.name}')
+echo "pod:" $pod
diff --git a/server/k8s/environments/production.sh b/server/k8s/environments/production.sh
new file mode 100644
index 0000000000..58c2ba81c6
--- /dev/null
+++ b/server/k8s/environments/production.sh
@@ -0,0 +1 @@
+ZED_LOAD_BALANCER_CERT_ID=6f857971-20fb-4c68-a7d6-35fef9e5ec4c
diff --git a/server/k8s/environments/staging.sh b/server/k8s/environments/staging.sh
new file mode 100644
index 0000000000..f068a07b4d
--- /dev/null
+++ b/server/k8s/environments/staging.sh
@@ -0,0 +1 @@
+ZED_LOAD_BALANCER_CERT_ID=b0d48941-4895-4d75-a966-fe5a571b1fff
diff --git a/server/manifest.yml b/server/k8s/manifest.template.yml
similarity index 88%
rename from server/manifest.yml
rename to server/k8s/manifest.template.yml
index 9f7f4260c4..02a30232e3 100644
--- a/server/manifest.yml
+++ b/server/k8s/manifest.template.yml
@@ -1,11 +1,17 @@
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ${ZED_KUBE_NAMESPACE}
+---
 kind: Service
 apiVersion: v1
 metadata:
+  namespace: ${ZED_KUBE_NAMESPACE}
   name: zed
   annotations:
     service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
-    service.beta.kubernetes.io/do-loadbalancer-certificate-id: "606e2db9-2b58-4ae7-b12c-a0c7d56af49b"
+    service.beta.kubernetes.io/do-loadbalancer-certificate-id: "${ZED_LOAD_BALANCER_CERT_ID}"
 spec:
   type: LoadBalancer
   selector:
@@ -19,6 +25,7 @@ spec:
 apiVersion: apps/v1
 kind: Deployment
 metadata:
+  namespace: ${ZED_KUBE_NAMESPACE}
   name: zed
 spec:
   replicas: 1
@@ -32,7 +39,7 @@ spec:
     spec:
       containers:
         - name: zed
-          image: registry.digitalocean.com/zed/zed-server
+          image: "${ZED_IMAGE_ID}"
           ports:
             - containerPort: 8080
               protocol: TCP
diff --git a/server/k8s/migrate.template.yml b/server/k8s/migrate.template.yml
new file mode 100644
index 0000000000..9b1dc14d7e
--- /dev/null
+++ b/server/k8s/migrate.template.yml
@@ -0,0 +1,18 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: ${ZED_KUBE_NAMESPACE}
+  name: ${ZED_MIGRATE_JOB_NAME}
+spec:
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+        - name: migrator
+          image: ${ZED_IMAGE_ID}
+          env:
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: database
+                  key: url
diff --git a/server/migrate.yml b/server/migrate.yml
deleted file mode 100644
index 58badca60d..0000000000
--- a/server/migrate.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: migrate
-spec:
-  template:
-    spec:
-      restartPolicy: Never
-      containers:
-      - name: migrator
-        image: registry.digitalocean.com/zed/zed-migrator
-        env:
-          - name: DATABASE_URL
-            valueFrom:
-              secretKeyRef:
-                name: database
-                key: url