Why Devs Love Open Source KitOps–Tales from the ML Trenches

Gorkem Ercan - Aug 29 - - Dev Community

In the world of AI/ML there are a lot of puff pieces singing the latest technical innovation. Most of the time, these innovations aren’t being used outside of a cadre of scientists who have adopted. In contrast, we put together this article to share how a real user at a real company is using KitOps - and explain, in stark terms, why KitOps is the only solution that meets their needs.

The Folly of TARs and S3

First, let's address the elephant in the room: TAR files. Yes, they’re handy little bundles of joy, squeezing your artifacts into neat, portable packages. But that’s where the honeymoon ends. One user, Niklas and engineer at a German federal technology company, broke it down for us with the kind of brutal honesty that only comes from experience “S3 and GitLFS are like the wild west—anything goes, and that’s precisely the problem because both fall short
Not Tamper Proof: Without immutability, there's no guarantee your artifacts haven’t been tampered with. Good luck explaining that to your compliance officer.

Lack of Audibility: When it’s time to trace back a decision to its source, TARs and S3 aren’t much help. New AI regulations, Niklas points out, "requires securing the integrity and authenticity of release artifacts." How’s that supposed to happen when your artifacts are floating around, unchained and unverified?

No Easy Tagging: Champion vs. challenger models, semantic versioning—good luck implementing those without the right tools. TARs don’t do it, and neither does S3.

Poor Metadata Handling: Sure, your artifact might have a name, but does it tell the whole story? What about the additional metadata that’s crucial for downstream processes?
Inconsistent Supply Chain: "Everything is in Artifactory," Niklas notes. "So why not store ML artifacts there too?" It’s about consistency, and that’s not something TARs or S3 can deliver.

The Power of KitOps

KitOps, by contrast, doesn’t just store your artifacts—it puts them into your existing OCI registry (DockerHub, Quay.io, Artifactory, GitHub Container Registry) which has already passed security vetting and is covered by enterprise-grade authentication and authorization. Now they’re guarded like a hawk, while the KitOps ModelKit format ensures that every byte is accounted for, every version is tagged and tracked, and every artifact is as immutable as Mount Everest. This isn’t just about meeting compliance—it’s about ensuring that your AI models are trustworthy, reliable, and secure from the get-go.

Why KitOps?

Tamper-Proof: With KitOps, your artifacts are locked down, hashed, and immutably stored. No more waking up in cold sweats wondering if something was altered on the sly.

Auditability: Every artifact comes with a complete history, ensuring that when the auditors come knocking, you’re not scrambling for answers.

Tagging and Versioning: With built-in support for champion vs. challenger models, semantic versioning, and more, KitOps makes it easy to manage complex ML workflows.

Elegant Bundling: KitOps doesn’t just store your artifacts—it bundles them with all the metadata you need, ensuring that every deployment is consistent and reliable.

Consistency Across the Supply Chain: By storing everything in Artifactory, KitOps ensures that your AI/ML workflows are as seamless as the rest of your DevOps processes.

Scaling Up

Of course, all of this wouldn’t mean much if KitOps couldn’t scale. But as Niklas explains, that’s not an issue. His team might be small now—just 10-15 data scientists, engineers, and SREs working on five predictive ML models—but they’re growing. And as they do, KitOps will scale with them, ensuring that their workflows remain smooth, secure, and consistent, no matter how many models they deploy. That’s why it’s being adopted by some of the largest government agencies, science labs, and global technology companies in the world.

Predictive ML, Not LLMs

It’s worth noting that Niklas’s team isn’t diving into the deep end of LLMs just yet—they’re focused on predictive ML. But whether you’re deploying LLMs, fine-tuning them, or just managing a handful of predictive models, KitOps has you covered. Of course, if you’re doing LLMs, KitOps makes even more sense since the number and size of project artifacts only grows.

The Bottom Line

If you’re serious about AI/ML, and you’re tired of wrestling with tools that promise the world but deliver a mess, it’s time to give KitOps a look. It’s not just about storing your artifacts—it’s about ensuring they’re secure, auditable, and ready for deployment at a moment’s notice. Because in this game, anything less is a risk you can’t afford to take.

If you have questions about integrating KitOps with your team, join the conversation on Discord and start using KitOps today!

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .