GitOps Sync¶

Deployment source control and syncing with Gitops

Seldon Deploy can recognise that certain namespaces are to be maintained using GitOps. It will look for the label seldon.gitops: enabled.

If the seldon.gitops label is not present or is disabled then new deployments and modifications in the namespace will be pushed directly to the Kubernetes cluster.

If the seldon.gitops label is present then deploy will look for an annotation named git-repo with a git URI. It uses a service account token for accessing the repo which is stored in a Secret installed with Seldon Deploy using the Helm chart (along with username and email). Deploy will add metadata to any commits it makes, including recording which dex user took the action.

Important

Always manage resources in GitOps namespaces via Deploy–the UI or API–or through the corresponding git repository.

For GitOps namespaces, Seldon Deploy is only aware of resources defined in the corresponding git repository, but not any created manually in the namespace. As a result, any resources created in a GitOps namespace with kubectl, for example, will be ignored by Deploy.

Seldon Deploy can display an Audit Log for each deployment where it reads back git commits and makes the changes and metadata visible:

deployauditlog

If the user is permitted then the state can also be restored to a previous commit.

See the relevant Architecture section for more on how GitOps works.