External Secrets Operator: The Reference Architecture for Hybrid Secrets Management
TL;DR Secrets (API keys, database passwords) do not belong in Git code, but their runtime …
13.01.2026
David Hussain
•
•
4 Minuten Lesezeit
Cloud-Native AI Pipelines: MLOps with Kubeflow vs. Ray
The excitement around Large Language Models (LLMs) and generative AI has brought a fundamental question back to IT departments: How do we scale Machine Learning (ML) workloads without creating parallel shadow IT?
cloud-native
mlops
kubeflow
ray
machine-learning
kubernetes
workflow-orchestrierung
The excitement around Large Language Models (LLMs) and generative AI has brought a fundamental question back to IT departments: How do we scale Machine Learning (ML) workloads without creating parallel shadow IT?
Kubernetes has established itself as a foundation, but the choice of framework determines whether your data scientists work efficiently or get bogged down in infrastructure details. Kubeflow and Ray are two heavyweights with fundamentally different philosophies.
Kubeflow: The Orchestral Heavyweight
Kubeflow aims to provide a complete end-to-end MLOps platform based on Kubernetes. It is less of a single tool and more of a loosely coupled collection of components (Pipelines, Training Operator, Katib for hyperparameter tuning, KServe).
Technical Focus
- Workflow Orchestration: Kubeflow Pipelines is based on Argo Workflows. Each step in the ML cycle (data preparation, training, evaluation) runs as an isolated Kubernetes pod.
- Complexity: Since Kubeflow deeply integrates with K8s resources (CRDs, RBAC, service meshes like Istio), the operational overhead is high.
- Use Case: Ideal for companies that require strict standardization across the entire ML lifecycle and already have a strong platform engineering team.
Ray: The Performance Specialist for Distributed Workloads
Ray takes a different approach. It was not designed as an MLOps platform but as a universal framework for distributing Python code. While Kubeflow thinks in “containers,” Ray thinks in “tasks” and “actors.”
Technical Focus
- Granularity: Ray allows Python functions to be distributed with minimal overhead across thousands of CPUs or GPUs. It abstracts the compute power, not the workflow.
- Ray on Kubernetes (KubeRay): Through the KubeRay operator, Ray can be seamlessly integrated into K8s. Kubernetes provides the resources (nodes/pods), while Ray handles the internal scheduling of AI jobs.
- Use Case: Perfect for compute-intensive tasks like training LLMs or reinforcement learning, where latency between computation steps is critical.
Architecture Comparison: Where Are the Differences?
| Feature | Kubeflow | Ray |
|---|---|---|
| Primary Abstraction | Kubernetes Pods / Containers | Python Tasks / Actors |
| Focus | Governance & Lifecycle | Performance & Scalability |
| Learning Curve | Steep (K8s knowledge required) | Flat (Python-focused) |
| Scheduling | K8s Scheduler (more static) | Own Low-Latency Scheduler |
| Serving | KServe (tightly integrated) | Ray Serve (very flexible) |
The Harsh Reality: When Kubernetes Becomes a Hurdle
A common mistake in mid-sized companies is forcing data scientists to become Kubernetes experts. If an ML expert has to write YAML manifests to train a model, productivity drops drastically.
The Path to “Production-Ready” Infrastructure: A modern ML infrastructure should use Kubernetes as “Invisible Infrastructure.” This means:
- Abstraction: Use tools like KubeRay or Kubeflow SDKs so that code can be developed locally and pushed to the cluster via API call.
- GPU Management: Implement efficient GPU sharing (e.g., NVIDIA MIG) as AI workloads often block expensive resources without fully utilizing them.
- Data Gravity: Pay attention to where your training data resides. The cluster is only as fast as the connection to the storage (S3/NFS).
Conclusion: Which System Wins?
It’s not an either-or situation. In fact, we increasingly see hybrid architectures: Kubeflow is used for orchestrating the entire pipeline and governance, while within the pipeline steps, Ray is used for high-performance, distributed training.
For mid-sized companies, start with the lowest possible complexity level. Often, a well-configured Ray cluster on Kubernetes is the faster path to the first productive AI model than installing the complete Kubeflow stack.
Technical FAQ: AI Infrastructure
Can I run Ray and Kubeflow simultaneously in the same cluster? Yes. Thanks to namespace isolation in Kubernetes, both systems can coexist. There are even specific integrations to start Ray jobs directly from Kubeflow pipelines.
How do I manage the costs for GPU nodes? Use the Cluster Autoscaler in conjunction with Taints and Tolerations. GPU nodes should only spin up when a corresponding job is in the queue and terminate immediately after completion.
Do we need a service mesh like Istio for MLOps? Kubeflow often relies on Istio for ingress and security. However, if you only use Ray, a service mesh is usually an unnecessary complexity overhead unless you have very specific requirements for zero-trust communication between worker nodes.
Are you facing the decision for an ML stack? Building a stable AI pipeline is a marathon. At ayedo, we help you choose the right architecture that frees your data scientists instead of burdening them with infrastructure problems.
Ähnliche Artikel
Observability 2.0: Gaining Deep Insights with eBPF
Until now, monitoring was often a compromise: Those who wanted to know exactly what was happening …
13.01.2026
Event-Driven Scaling with KEDA: When the Message Queue Controls the Cluster
The classic Horizontal Pod Autoscaler (HPA) of Kubernetes is like a thermostat: When the room gets …
13.01.2026