Kubeflow vs deployKF¶
Understand the differences between Kubeflow and deployKF.
Introduction¶
Kubeflow and deployKF are different but related projects. By using deployKF, you get everything that Kubeflow offers, plus a lot more.
Before we dive into the differences, let's define each project:
Project | What is it? |
---|---|
deployKF | A tool for building Data and Machine Learning platforms on Kubernetes. |
Kubeflow | A CNCF project to develop MLOps tools that run on Kubernetes. |
Kubeflow Manifests | A collection of Kustomize manifests provided by the Kubeflow project. |
Migrate to deployKF
When you're ready to start migrating from vanilla Kubeflow to deployKF, check out our migration guide:
deployKF vs Kubeflow Manifests¶
deployKF and Kubeflow Manifests are both used to deploy Kubeflow. However, they are designed for different purposes and have different features.
deployKF | Kubeflow Manifests | |
---|---|---|
Purpose | Enable organizations to build their Data and ML Platforms on Kubernetes. | To be used as a base for packaged Kubeflow distributions by vendors. |
Key Feature | A centralized config system to manage all aspects of the platform, very similar to Helm Chart values. | A collection of Kustomize manifests requiring significant manual patching to use in production. |
Area: Ease of Use¶
Feature | deployKF | Kubeflow Manifests |
---|---|---|
Easy Configuration | Configured with centralized values. | Manual patching of Kustomize manifests. |
Easy Upgrades | In-place upgrades are supported. Bring values forward to new versions. | Must start from scratch with each new version. |
Easy Uninstall | Straightforward uninstall process. | No built-in uninstall process. |
Area: Tools and Ecosystem¶
Feature | deployKF | Kubeflow Manifests |
---|---|---|
Kubeflow Ecosystem | Optionally included. | Included. |
Argo Server (Web interface of Argo Workflows) | Optionally included. Integrated with single sign-on. User access is aligned to profile memberships. | Not included. |
MinIO Console (Web interface of MinIO) | Optionally included. Integrated with single sign-on. User access is aligned to profile memberships. | Not included. |
Area: Flexibility and Customization¶
Feature | deployKF | Kubeflow Manifests |
---|---|---|
Selectively Enable Tools | Each tool has as single enabled value. | Requires manual patching of Kustomize manifests. |
Use Existing Cluster Dependencies | Easily use existing cluster dependencies. Connect your existing Istio. Connect your existing cert-manager. Connect your existing Kyverno. | Requires manual patching of Kustomize manifests. |
Connect to Identity Providers | Easily connect any identity provider. Connect via OpenID Connect or LDAP. | Requires manual patching of Kustomize manifests. |
Connect to External Services | Easily connect external services. Connect external S3 / Object Store. Connect external MySQL. | Requires manual patching of Kustomize manifests. |
Area: Special Features¶
Feature | deployKF | Kubeflow Manifests |
---|---|---|
ArgoCD Support (GitOps) | Native support for GitOps with ArgoCD. | No built-in support for ArgoCD. |
Automatic Restarts (Config and Secret Changes) | When a config or secret is changed, any affected components are automatically restarted using Kyverno. | Manual pod restarts are required. |
Declarative Profiles (Users and team access) | Profiles are defined via values. Easily assign multiple users to a profile. | Profiles are manually created. |
Browser Login Flow (Kubeflow Pipelines) | Users can authenticate the Kubeflow Pipelines SDK from off-cluster, using a web browser. | Not supported. |
Area: Security¶
Feature | deployKF | Kubeflow Manifests |
---|---|---|
Random Secrets | Secrets are randomly generated at install time. | Secrets are hardcoded in manifests. |
Hardened Kubeflow Pipelines | Object Store access keys are isolated to each profile and scoped to the minimum required permissions. All access keys are randomly generated. | Object Store access keys are shared across all profiles. Access keys are not randomly generated. |
Hardened Istio | Easy to update Istio. Uses distroless images. Additional security patches. | Istio is difficult to update. Standard images. |
Standard Auth Tools | Uses standard tools including Envoy (via Istio), oauth2-proxy, and dex. | Uses non-standard arrikto/oidc-authservice and often outdated dex. |
HTTPS by Default | HTTPS is enabled by default. | HTTPS is NOT enabled by default. |
Next Steps¶
- If you're ready to start migrating from Kubeflow to deployKF, check out the Migrate from Kubeflow Distributions guide.
Last update: 2024-05-10
Created: 2024-05-10
Created: 2024-05-10