Seldon Deploy can recognise that certain namespaces are to be maintained using GitOps. It will look for the label
If the gitops label is not present or disabled then new deployments and modifications in the namespace will be pushed directly to the kubernetes cluster.
If the gitops label is present then deploy will look for an annotation named
git-repo and a git URI. It uses a service account token for accessing the repo which is stored in a Secret installed with Seldon Deploy using the helm chart (along with username and email). Deploy will add metadata to any commits it makes, including recording which dex user took the action.
Seldon Deploy can display an
Audit Log for each deployment where it reads back git commits and makes the changes and metadata visible:
If the user is permitted then the state can also be restored to a previous commit.
Architecture for more on how GitOps works.