Namespaces¶
Managing Kubernetes namespaces for Seldon Deploy
Namespaces are where your models are deployed. You can set up GitOps and access controls on a per-namespace basis.
For an introduction to namespaces in Kubernetes, please refer to the official documentation. The rest of this guide discusses namespaces in the context of Seldon Deploy.
Namespace Detection¶
Seldon Deploy requires namespaces to be labelled for use with ML deployments. Otherwise, it will not detect them and so cannot manage resources within them.
You can create a new namespace and make it visible to Deploy using the following commands:
NAMESPACE=<name>
kubectl create namespace $NAMESPACE || echo "namespace $NAMESPACE already exists"
kubectl label namespace $NAMESPACE seldon.restricted=false --overwrite=true
This is the minimum needed to use a namespace.
GitOps¶
Seldon Deploy supports GitOps with ArgoCD to manage deployments to a namespace through git.
A namespace can be set up for GitOps with Seldon Deploy by providing suitable metadata. See the GitOps section for a detailed guide on how to achieve this.
Authorization Policies¶
Seldon Deploy supports both user-based and group-based authorization policies to control visibility and permissions for namespaces. See the installation and operations guides for more details.
Namespaces that the user has access to appear in a drop-down namespace selector in the top-right:
From there the user can search for or choose to drill into deployments:
Multi-Tenancy¶
In a multi-tenant setup, Deploy is not automatically provided with permissions to manage multiple namespaces. Instead, each namespace needs further permissions to be defined. Details on this can be found in the multi-tenant section.
Special Namespaces¶
The seldon-logs namespace is used for infrastructure for inference request logging.
It is a special namespace and its setup is covered in the request logging section.
This namespace should not be used for ML deployments.