Kubeflow vs deployKF¶
Understand the differences between Kubeflow and deployKF.
Migrate to deployKF
When you're ready to start migrating from vanilla Kubeflow to deployKF, check out our migration guide:
Introduction¶
Kubeflow and deployKF are different but related projects. By using deployKF, you get everything that Kubeflow offers, plus a lot more.
Before we dive into the differences, let's define each project:
| Project | What is it? |
|---|---|
| deployKF | A tool for building Data and Machine Learning platforms on Kubernetes. |
| Kubeflow | A CNCF project to develop MLOps tools that run on Kubernetes. |
| Kubeflow Manifests | A collection of Kustomize manifests provided by the Kubeflow project. |
deployKF vs Kubeflow Manifests¶
deployKF and Kubeflow Manifests are both used to deploy Kubeflow. However, they are designed for different purposes and have different features.
| Kubeflow Manifests | deployKF | |
|---|---|---|
| Purpose | To be used as a base for packaged Kubeflow distributions by vendors. | Enable organizations to build their Data and ML Platforms on Kubernetes. |
| Key Feature | A collection of Kustomize manifests requiring significant manual patching to use in production. | A centralized config system to manage all aspects of the platform, very similar to Helm Chart values. |
Area: Ease of Use¶
| Feature | Kubeflow Manifests | deployKF |
|---|---|---|
| Easy Configuration | Manual patching of Kustomize manifests. | Configured with centralized values. |
| Easy Upgrades | Must start from scratch with each new version. | In-place upgrades are supported. Bring values forward to new versions. |
| Easy Uninstall | No built-in uninstall process. | Straightforward uninstall process. |
Area: Tools and Ecosystem¶
| Feature | Kubeflow Manifests | deployKF |
|---|---|---|
| Kubeflow Ecosystem | Included. | Optionally included. |
| Argo Server (Web interface of Argo Workflows) | Not included. | Optionally included. Integrated with single sign-on. User access is aligned to profile memberships. |
| MinIO Console (Web interface of MinIO) | Not included. | Optionally included. Integrated with single sign-on. User access is aligned to profile memberships. |
Area: Flexibility and Customization¶
| Feature | Kubeflow Manifests | deployKF |
|---|---|---|
| Selectively Enable Tools | Requires manual patching of Kustomize manifests. | Each tool has as single enabled value.Enable or disable tools. |
| Use Existing Cluster Dependencies | Requires manual patching of Kustomize manifests. | Easily use existing cluster dependencies. Connect your existing Istio. Connect your existing cert-manager. Connect your existing Kyverno. |
| Connect to Identity Providers | Requires manual patching of Kustomize manifests. | Easily connect any identity provider. Connect via OpenID Connect or LDAP. |
| Connect to External Services | Requires manual patching of Kustomize manifests. | Easily connect external services. Connect external S3 / Object Store. Connect external MySQL. |
Area: Special Features¶
| Feature | Kubeflow Manifests | deployKF |
|---|---|---|
| ArgoCD Support (GitOps) | No built-in support for ArgoCD. | Native support for GitOps with ArgoCD. |
| Automatic Restarts (Config and Secret Changes) | Manual pod restarts are required. | When a config or secret is changed, any affected components are automatically restarted using Kyverno. |
| Declarative Profiles (Users and team access) | Profiles are manually created. | Profiles are defined via values. Easily assign multiple users to a profile. |
| Browser Login Flow (Kubeflow Pipelines) | Not supported. | Users can authenticate the Kubeflow Pipelines SDK from off-cluster, using a web browser. |
Area: Security¶
| Feature | Kubeflow Manifests | deployKF |
|---|---|---|
| Random Secrets | Secrets are hardcoded in manifests. | Secrets are randomly generated at install time. |
| Hardened Kubeflow Pipelines | Object Store access keys are shared across all profiles. Access keys are not randomly generated. | Object Store access keys are isolated to each profile and scoped to the minimum required permissions. All access keys are randomly generated. |
| Hardened Istio | Istio is difficult to update. Standard images. | Easy to update Istio. Uses distroless images. Additional security patches. |
| Standard Auth Tools | Uses non-standard arrikto/oidc-authservice and often outdated dex. | Uses standard tools including Envoy (via Istio), oauth2-proxy, and dex. |
| HTTPS by Default | HTTPS is NOT enabled by default. | HTTPS is enabled by default. |
Next Steps¶
- If you're ready to start migrating from Kubeflow to deployKF, check out the Migrate from Kubeflow Distributions guide.
Last update: 2024-08-30
Created: 2023-04-24
Created: 2023-04-24