Kubeflow vs deployKF¶
Understand the differences between Kubeflow and deployKF.
Introduction¶
Kubeflow and deployKF are different but related projects. By using deployKF, you get everything that Kubeflow offers, plus a lot more.
Before we dive into the differences, let's define each project:
| Project | What is it? |
|---|---|
| deployKF | A tool for building Data and Machine Learning platforms on Kubernetes. |
| Kubeflow | A CNCF project to develop MLOps tools that run on Kubernetes. |
| Kubeflow Manifests | A collection of Kustomize manifests provided by the Kubeflow project. |
Migrate to deployKF
When you're ready to start migrating from vanilla Kubeflow to deployKF, check out our migration guide:
deployKF vs Kubeflow Manifests¶
deployKF and Kubeflow Manifests are both used to deploy Kubeflow. However, they are designed for different purposes and have different features.
| deployKF | Kubeflow Manifests | |
|---|---|---|
| Purpose | Enable organizations to build their Data and ML Platforms on Kubernetes. | To be used as a base for packaged Kubeflow distributions by vendors. |
| Key Feature | A centralized config system to manage all aspects of the platform, very similar to Helm Chart values. | A collection of Kustomize manifests requiring significant manual patching to use in production. |
Area: Ease of Use¶
| Feature | deployKF | Kubeflow Manifests |
|---|---|---|
| Easy Configuration | Configured with centralized values. | Manual patching of Kustomize manifests. |
| Easy Upgrades | In-place upgrades are supported. Bring values forward to new versions. | Must start from scratch with each new version. |
| Easy Uninstall | Straightforward uninstall process. | No built-in uninstall process. |
Area: Tools and Ecosystem¶
| Feature | deployKF | Kubeflow Manifests |
|---|---|---|
| Kubeflow Ecosystem | Optionally included. | Included. |
| Argo Server (Web interface of Argo Workflows) | Optionally included. Integrated with single sign-on. User access is aligned to profile memberships. | Not included. |
| MinIO Console (Web interface of MinIO) | Optionally included. Integrated with single sign-on. User access is aligned to profile memberships. | Not included. |
Area: Flexibility and Customization¶
| Feature | deployKF | Kubeflow Manifests |
|---|---|---|
| Selectively Enable Tools | Each tool has as single enabled value. | Requires manual patching of Kustomize manifests. |
| Use Existing Cluster Dependencies | Easily use existing cluster dependencies. Connect your existing Istio. Connect your existing cert-manager. Connect your existing Kyverno. | Requires manual patching of Kustomize manifests. |
| Connect to Identity Providers | Easily connect any identity provider. Connect via OpenID Connect or LDAP. | Requires manual patching of Kustomize manifests. |
| Connect to External Services | Easily connect external services. Connect external S3 / Object Store. Connect external MySQL. | Requires manual patching of Kustomize manifests. |
Area: Special Features¶
| Feature | deployKF | Kubeflow Manifests |
|---|---|---|
| ArgoCD Support (GitOps) | Native support for GitOps with ArgoCD. | No built-in support for ArgoCD. |
| Automatic Restarts (Config and Secret Changes) | When a config or secret is changed, any affected components are automatically restarted using Kyverno. | Manual pod restarts are required. |
| Declarative Profiles (Users and team access) | Profiles are defined via values. Easily assign multiple users to a profile. | Profiles are manually created. |
| Browser Login Flow (Kubeflow Pipelines) | Users can authenticate the Kubeflow Pipelines SDK from off-cluster, using a web browser. | Not supported. |
Area: Security¶
| Feature | deployKF | Kubeflow Manifests |
|---|---|---|
| Random Secrets | Secrets are randomly generated at install time. | Secrets are hardcoded in manifests. |
| Hardened Kubeflow Pipelines | Object Store access keys are isolated to each profile and scoped to the minimum required permissions. All access keys are randomly generated. | Object Store access keys are shared across all profiles. Access keys are not randomly generated. |
| Hardened Istio | Easy to update Istio. Uses distroless images. Additional security patches. | Istio is difficult to update. Standard images. |
| Standard Auth Tools | Uses standard tools including Envoy (via Istio), oauth2-proxy, and dex. | Uses non-standard arrikto/oidc-authservice and often outdated dex. |
| HTTPS by Default | HTTPS is enabled by default. | HTTPS is NOT enabled by default. |
Next Steps¶
- If you're ready to start migrating from Kubeflow to deployKF, check out the Migrate from Kubeflow Distributions guide.
Last update: 2024-05-10
Created: 2024-05-10
Created: 2024-05-10