Skip to content

Kubeflow vs deployKF

Understand the differences between Kubeflow and deployKF.


Kubeflow and deployKF are different but related projects. By using deployKF, you get everything that Kubeflow offers, plus a lot more.

Before we dive into the differences, let's define each project:

Project What is it?
deployKF A tool for building Data and Machine Learning platforms on Kubernetes.
Kubeflow A CNCF project to develop MLOps tools that run on Kubernetes.
Kubeflow Manifests A collection of Kustomize manifests provided by the Kubeflow project.

Migrate to deployKF

When you're ready to start migrating from vanilla Kubeflow to deployKF, check out our migration guide:

Migrate from Kubeflow Distributions

deployKF vs Kubeflow Manifests

deployKF and Kubeflow Manifests are both used to deploy Kubeflow. However, they are designed for different purposes and have different features.

deployKF Kubeflow Manifests
Purpose Enable organizations to build their Data and ML Platforms on Kubernetes. To be used as a base for packaged Kubeflow distributions by vendors.
Key Feature A centralized config system to manage all aspects of the platform, very similar to Helm Chart values. A collection of Kustomize manifests requiring significant manual patching to use in production.

Area: Ease of Use

Feature deployKF Kubeflow Manifests
Easy Configuration
Configured with centralized values.

Manual patching of Kustomize manifests.
Easy Upgrades
In-place upgrades are supported.
Bring values forward to new versions.

Must start from scratch with each new version.
Easy Uninstall
Straightforward uninstall process.

No built-in uninstall process.

Area: Tools and Ecosystem

Feature deployKF Kubeflow Manifests
Kubeflow Ecosystem
Optionally included.

Argo Server
(Web interface of Argo Workflows)

Optionally included.
Integrated with single sign-on.
User access is aligned to profile memberships.

Not included.
MinIO Console
(Web interface of MinIO)

Optionally included.
Integrated with single sign-on.
User access is aligned to profile memberships.

Not included.

Area: Flexibility and Customization

Feature deployKF Kubeflow Manifests
Selectively Enable Tools
Each tool has as single enabled value.

Requires manual patching of Kustomize manifests.
Use Existing Cluster Dependencies
Easily use existing cluster dependencies.
Connect your existing Istio.
Connect your existing cert-manager.
Connect your existing Kyverno.

Requires manual patching of Kustomize manifests.
Connect to Identity Providers
Easily connect any identity provider.
Connect via OpenID Connect or LDAP.

Requires manual patching of Kustomize manifests.
Connect to External Services
Easily connect external services.
Connect external S3 / Object Store.
Connect external MySQL.

Requires manual patching of Kustomize manifests.

Area: Special Features

Feature deployKF Kubeflow Manifests
ArgoCD Support

Native support for GitOps with ArgoCD.

No built-in support for ArgoCD.
Automatic Restarts
(Config and Secret Changes)

When a config or secret is changed, any affected components are automatically restarted using Kyverno.

Manual pod restarts are required.
Declarative Profiles
(Users and team access)

Profiles are defined via values.
Easily assign multiple users to a profile.

Profiles are manually created.
Browser Login Flow
(Kubeflow Pipelines)

Users can authenticate the Kubeflow Pipelines SDK from off-cluster, using a web browser.

Not supported.

Area: Security

Feature deployKF Kubeflow Manifests
Random Secrets
Secrets are randomly generated at install time.

Secrets are hardcoded in manifests.
Hardened Kubeflow Pipelines
Object Store access keys are isolated to each profile and scoped to the minimum required permissions. All access keys are randomly generated.

Object Store access keys are shared across all profiles. Access keys are not randomly generated.
Hardened Istio
Easy to update Istio.
Uses distroless images.
Additional security patches.

Istio is difficult to update.
Standard images.
Standard Auth Tools
Uses standard tools including Envoy (via Istio), oauth2-proxy, and dex.

Uses non-standard arrikto/oidc-authservice and often outdated dex.
HTTPS by Default
HTTPS is enabled by default.

HTTPS is NOT enabled by default.

Next Steps

Last update: 2024-03-16
Created: 2023-04-24