ML Operations.

log_metric logs a single key-value at an optional step (for epoch-level tracking in loops); log_metrics logs a dictionary at once for batch efficiency. Use log_metric(step=epoch) inside training loops, log_metrics({}) for final summary metrics at the end of a run.

Tag runs at creation with mlflow.set_tag("status","active"). Filter actives with MlflowClient.search_runs(filter_string="tags.status = 'active'"). Soft-delete stales via MlflowClient.delete_run() — it moves runs to Deleted state (recoverable for 30 days), not permanent erasure. Never hard-delete without confirming no Model Registry versions reference the run_id.

The artifact store is a raw file store (S3/GCS) for anything logged during a run. The registry is a higher-level abstraction adding versioning, lifecycle stages, aliases, and lineage on top of specific model artifacts. A model can exist in the artifact store without being registered; registration is an explicit promotion step that signals deployment-readiness.

MLflow allows this intentionally for canary/A/B deployments. Set aliases explicitly (client.set_registered_model_alias("churn-gbm","champion","12"), "challenger","14") and load by alias in serving code. Archive the older version once the newer one is fully validated and traffic has been fully cut over.

Retrieve the MLflow run by run_id, read tags for git_commit and dvc_data_hash. git checkout that commit, dvc pull to restore the exact dataset, then mlflow run . with the logged parameters. The Model Registry version links to run_id which links to Git and DVC — full three-way provenance chain.

Git + DVC (S3 remote) + MLflow (SQLite backend to start). Enforce: always commit .dvc files alongside code changes; log git_commit tag in every run; use dvc.yaml pipelines so retraining is one command. This covers experiment reproducibility and data lineage with zero Kubernetes overhead.

Git LFS stores files via a Git-native protocol and downloads all LFS objects on clone by default — expensive for large datasets. DVC decouples storage (any cloud provider), supports partial downloads (dvc pull specific/file.dvc), and adds pipeline tracking that LFS lacks entirely. DVC also uses content-addressable storage, deduplicating identical file versions across branches.

git checkout the commit or tag, then dvc pull to restore all .dvc-tracked files to that commit's exact versions. Check the MLflow run linked to that tag for hyperparameters and the entry point, then run mlflow run . with those parameters. Git commit + DVC data + MLflow params = complete reproducibility.

DVC marks the changed stage and all downstream stages as "changed" (their deps hash differs from the cached state). It re-runs them in topological order, using cached outputs for any unchanged branches. The result is minimal re-computation — only what is actually affected by the change propagates forward.

Mark that stage's outputs with cache: false to disable DVC caching. Set always_changed: true on the stage so it always re-runs. Wrap the API call with retry logic and store a checksum of the response alongside the output — a changed checksum is the canonical signal that the data actually changed, not just that the stage ran.

At run start, call mlflow.set_tag("dvc_data_hash", dvc_md5()) and mlflow.set_tag("git_commit", git_hash()). Store the DVC remote URL as a tag too. These three tags make any run fully reproducible: checkout the git commit, dvc pull the hash, run with the logged parameters — one command each.

Git + DVC (S3 remote) + MLflow (SQLite backend). Enforce: commit .dvc files alongside every code change; log git_commit tag in every run; use dvc.yaml so retraining is dvc repro. This costs nothing beyond an S3 bucket and covers data lineage + experiment history for the full model lifecycle.

The validation set influences model selection (early stopping, hyperparameter choices), making it an optimistic estimator of generalization. A golden test set is held completely out of all training decisions, giving an unbiased estimate of production performance. Evaluating on validation in CI means your gate is blind to overfitting.

Split into two workflows: a fast gate (schema validation + lint + unit tests, < 5 min) on every PR, and a slow gate (full train + evaluate + promote) triggered only on merge to main or on schedule. Use actions/cache to persist the trained model artifact between CI steps. For nightly retraining, use workflow_dispatch or a cron trigger separate from the merge pipeline.

Minimum 200 samples per class (400 total) for AUC standard error < 0.02. For high-stakes models (fraud, medical), target 1,000+. Prioritize distribution coverage over raw count — ensure all important subgroups and edge cases are represented, even if oversampled.

Version the golden set in DVC (golden/test_v1, v2, v3). When switching to v3, run the current champion on v3 and store that AUC as the new baseline in the MLflow model version tag. Never compare v3 results to v2 baselines — the sets have different distributions. Document the version boundary in the registry changelog.

Tier 1 (auto-rollback): HTTP error rate > 5% for 2 minutes OR p99 latency > 1s for 5 minutes. Tier 2 (alert, manual review): model score distribution shift (KS p < 0.01), business metric drop > 3%. Tier 3 (scheduled review): gradual AUC decay < 0.005/week on labeled holdout. Automate only Tier 1 — Tier 2/3 require human judgment about tradeoffs.

Not automatically, but investigate before dismissing. If the challenger has 40% lower p99 latency, better calibration, or higher AUC on a critical user segment, manual promotion may be justified. Always log the reasoning as a model registry comment — this decision history is invaluable for calibrating future thresholds.

Single-stage builds include all build-time tools (gcc, cmake, dev headers) in the final image — adding attack surface and bloating size. Multi-stage builds produce an image containing only runtime artifacts. For ML specifically, packages like torch include large compiled extensions that separate cleanly from source files, yielding dramatic size reductions.

The CUDA toolkit version inside the container must be ≤ the maximum CUDA version supported by the host driver (check with nvidia-smi). Use official CUDA base images (nvidia/cuda:12.1-runtime-ubuntu22.04) and document the minimum host driver version. In K8s, use the NVIDIA device plugin and taint GPU nodes so only pods with matching tolerations and explicit nvidia.com/gpu resource requests can schedule there.

Job: event-driven training triggered by data arrival, a CI pipeline, or a drift alert — single execution to completion. CronJob: time-based scheduled retraining (weekly model refresh, nightly batch scoring) when the trigger is calendar-based. For complex dependencies like "wait for feature store refresh before training," use Airflow with KubernetesPodOperator to trigger a Job rather than a raw CronJob.

kubectl describe pod <pod> confirms exit code 137 (OOM). Check memory requests — if set too low (8Gi for a model needing 24Gi), increase. Profile peak memory with torch.cuda.memory_summary() or memory_profiler to find the spike. Common causes: full dataset loaded into RAM (use streaming DataLoader), gradient accumulation buffers not cleared, model weights not offloaded after the forward pass.

HPA was designed for CPU-bound services. GPU inference has near-zero CPU utilization regardless of load — the GPU does all the work — so HPA never triggers scale-up. The correct signal is queue depth (how many requests are waiting) or GPU utilization. KEDA supports both via its Prometheus scaler, directly targeting the metric that indicates actual saturation.

Strategy 1: minReplicaCount: 1 — keep one warm replica always; eliminates cold start but costs one idle pod. Strategy 2: K8s init container pre-loads model weights, readinessProbe passes only after warmup — KEDA routes traffic only when the pod is ready. Strategy 3: queue incoming requests in Redis during scale-up and drain once ready. If TTFT < 500ms is an SLO, minReplicas=1 is the only safe option.

Shadow mode when the new model's output cannot be compared to the current model in real-time (e.g., personalized recommendations with no single ground truth), or when any user exposure to errors is unacceptable (medical/financial). Canary when you need real user signal (clicks, purchases) to evaluate the model, and you can accept 5% of users receiving the new experience.

Immediately halt progression (do not move to 30%). Run statistical significance check — if p < 0.05 and the confidence interval for the CTR difference excludes zero, the regression is real. Rollback to 0% canary, tag the MLflow model version as "failed-canary-20pct", and open an investigation. Never promote a model with a statistically significant regression, even if it has better offline AUC.

Apply the migration before switching traffic (expand phase): add new columns, keep old columns. Switch to green. Once green is stable and old blue is decommissioned, run the contract phase: remove old columns. The two-phase approach ensures both blue and green are compatible with the database at all times, making rollback safe at any point.

When you need both instant rollback (blue-green gives this) and user-segment targeting (feature flags give this). Example: deploy the new model to green for all users via blue-green, but enable it via feature flag only for premium users initially. If a bug appears in the premium cohort, toggle the flag off — no redeploy needed. Combine for maximum control.

Auto-rollback: HTTP error rate > 5% for 2 min, or p99 > 1s for 5 min — these are unambiguously user-impacting. Manual review alert: score distribution shift (KS p < 0.01), business metric drop > 3%, gradual AUC decay. Automate only when the signal is sharp and unambiguous; anything requiring business context belongs in a human review queue.

Use a rate() window of at least 5 minutes and the for: 5m clause to require sustained breach, not a single spike. Combine error rate with p99 latency — a traffic spike raises both, while a model regression raises error rate without a corresponding spike in successful-request latency. Also check upstream service health in the runbook before treating the alert as a model issue.

Offline batching collects requests over a time window in application code and sends them together — adding application-layer latency and complexity. Triton's dynamic batching happens at the inference server level, transparently to the client: each client sends one request, Triton coalesces concurrent arrivals internally within a microsecond-level delay window. The client sees normal synchronous latency; the GPU sees efficient batched execution.

Triton when: throughput > 100 RPS, you have multi-model pipelines (ensemble), you need hardware-optimized backends (TensorRT), or you need multiple model versions concurrently. FastAPI when: throughput < 50 RPS, the model is a simple sklearn pipeline with no GPU, or you need rapid iteration on pre/postprocessing logic. The crossover point is usually when GPU utilization on FastAPI exceeds 60%.

BentoML handles dependency packaging (bento includes exact pip requirements), model versioning (models are stored in a local store and referenced by tag), runner abstraction (async batching across replicas without custom code), and containerization (bentoml containerize produces a Docker image). A raw FastAPI wrapper requires you to implement all of this manually. BentoML is FastAPI with ML-specific batteries included.

Ray Serve excels at: multi-model pipelines where models call each other (deployment graphs), shared GPU memory across replicas (actor model), fractional GPU allocation (0.5 GPU per replica for small models), and heterogeneous pipelines mixing Python, ONNX, and PyTorch models. BentoML is simpler for single-model REST APIs. Choose Ray Serve when the serving topology is a graph, not a single endpoint.

TTFT is the latency from request submission to the first token appearing in the response. For chat interfaces, users perceive TTFT as responsiveness — a TTFT of 500ms feels instant even if total generation takes 10 seconds. TTFT is determined by prompt prefill time (grows with context length). Optimize TTFT with speculative decoding (draft model generates a candidate, the main model verifies in parallel) and efficient KV-cache reuse for shared system prompts.

Implement a bounded queue (depth 50–100) in front of the inference service. When the queue is full, return HTTP 429 with Retry-After header immediately — fail fast rather than accumulating unbounded latency. Expose queue depth as a KEDA metric to trigger scale-up before the queue saturates. Implement circuit breaker in the client to stop sending requests when 429 rate exceeds 10%.

Three approaches: (1) Proxy metrics — track upstream signals correlated with model quality (CTR, add-to-cart rate for a recommendation model) that arrive in minutes. (2) Delayed ground truth — collect actual outcomes (churn, fraud) with a time lag and compute AUC on a rolling window. (3) Model-based signals — track prediction score distribution, calibration, and confidence entropy; significant shifts indicate drift even before labels arrive.

SLI (Service Level Indicator): a specific measurable metric — e.g., fraction of requests with latency < 200ms. SLO (Service Level Objective): a target for the SLI — e.g., 99.5% of requests < 200ms over a 30-day window. SLA (Service Level Agreement): a contractual commitment to the customer — e.g., 99% uptime with financial penalties for breach. SLOs drive engineering decisions; SLAs drive business consequences. Set SLOs 1–2% tighter than SLAs to give an engineering buffer.

Use a two-stage strategy: probabilistic head sampling (1% of requests) to control volume in steady state, combined with tail-based sampling that captures 100% of requests exceeding your latency SLO or returning errors. The tail sampler buffers spans in memory and makes the keep/drop decision after the full trace completes. OpenTelemetry Collector supports tail sampling via the tailsampling processor.

Pull traces for the slowest 1% of requests from your trace store (Jaeger, Tempo). Compare span durations across the trace tree — the widest span in the slow requests reveals the bottleneck. Common ML-specific causes: dynamic batching waiting for a full batch (add batch_wait_time span attribute), model cold start (first-request weight loading), garbage collection pause (track GC metrics separately), or network serialization for large feature vectors.

Immediately: (1) Stop all non-critical deployments for the rest of the month — no features, only bug fixes. (2) Review what consumed the 80% (incident audit). (3) Identify and fix the top error-budget burner (usually one or two recurring issues). Proactively: present the budget status in the weekly engineering review with a burn-rate projection. If you hit 100%, the SLO is breached — notify stakeholders and trigger a formal incident review.

Baseline from load testing: run realistic traffic against staging, measure p99 latency and error rate under peak load, then set SLO at 5–10% above the load-test baseline (leave room for production surprises). If no load test data exists, use industry benchmarks (99% for internal ML APIs, 99.5% for customer-facing). Commit to revisiting the SLO after 30 days of production traffic once you have real baseline data.

PSI < 0.1: no action needed. PSI 0.1–0.2: increased monitoring cadence, investigate if accompanied by business metric drop. PSI > 0.2: page the ML team — this almost always requires investigation and likely retraining. The thresholds are industry-standard (originated in credit scoring) but calibrate them to your feature distributions. Some low-variance features warrant alerts at PSI > 0.05.

Three proxy approaches: (1) Track upstream features correlated with the label — if "days since last purchase" distribution shifts, churn probability likely changes. (2) Monitor prediction score distribution (mean, std) — a shift in the score histogram indicates the model is making systematically different predictions, which may reflect concept drift. (3) Use a small labeled monitoring set updated weekly with delayed ground truth — compute AUC weekly and alert on decline.

Pipeline bug signatures: sudden PSI spike (> 0.5) in a previously stable feature, null rate jump, feature value range outside training bounds, specific feature goes to zero or constant. Drift signatures: gradual PSI increase over days/weeks, score distribution shift, AUC decay correlated with known real-world events. Check data pipeline logs and feature value statistics first — a bug fix is faster than a retrain, and misattributing a bug as drift leads to retraining on corrupted data.

Run a statistical significance test on the AUC comparison: bootstrap both time periods' holdout AUC distributions and check if their confidence intervals overlap. If the drop is consistent across two consecutive weeks and p < 0.05, treat it as real drift. 0.02 absolute drop is borderline — check if it corresponds to a business metric drop (CTR, conversion). If business metrics are also degrading, retrain. If business metrics are stable, increase monitoring frequency but defer retraining.

Continuous training (online learning): when the target distribution changes rapidly and the model can learn incrementally (click prediction, fraud detection with streaming labels). Scheduled retraining: when ground truth is delayed (churn prediction with 30-day lag), retraining is expensive, or model evaluation requires a held-out validation cycle. Most production ML systems use scheduled retraining (weekly/monthly) over continuous — it is simpler to validate and audit.

Date-window the training data: use only data from before the detected shift onset, plus recent post-stabilization data (if the shift is permanent and understood). Never include data from the drift transition period. Cross-validate the new model on both pre-drift and post-drift holdout sets — if performance is acceptable on both, the model generalizes to the new distribution without memorizing the transition artifacts.

Point-in-time correctness means that when retrieving historical features for a training label at time T, only feature values available before T are returned. Without it, the model learns from future feature values it cannot have at serving time (data leakage), producing inflated offline metrics and poor production performance. Feast implements this via entity_df with event_timestamp — the most important parameter to get right.

Check Redis memory usage first — if Redis is near capacity, eviction policies (LRU) are dropping keys and causing cache misses that fall through to the offline store. Then check the materialization job — if it failed or ran late, keys may have expired without refresh. Finally, check Redis connection pool exhaustion in the Feast serving SDK — too few connections under load cause queuing delays. Instrument get_online_features() with explicit timing spans.

Log model input features (post all preprocessing) for a random 1% sample of serving requests. Weekly, compare their mean and std to the training set statistics using a z-score test (alert at > 3σ) and PSI (alert at > 0.1). Any significant difference is either a preprocessing bug or a genuine distribution shift. Skew appears immediately after deployment (bug) or gradually over weeks (drift) — the timing tells you which it is.

Training-serving skew. Pull 500 live serving requests' input features and compare their statistics to the training set. If any feature has mean > 3σ from training, you have skew. Common culprits in order: (1) feature TTL mismatch in the online store, (2) preprocessing step that exists in training but not serving, (3) different time zone handling between pipeline and serving code, (4) null imputation using training-set statistics not available at serving time.

Daily-updating feature: TTL = 2 days (handles one missed materialization cycle + buffer). Hourly-updating feature: TTL = 3 hours (2 cycles + buffer). The formula is TTL = 2 × update_interval + 30min buffer. For features where staleness causes a material model quality drop (real-time fraud signals), monitor TTL freshness separately and alert at 1.5× update_interval, not just on cache miss rate.

Four checks: (1) Row count matches entity_df — no missing rows. (2) Null rate per feature is within expected range (some nulls are normal for sparse features). (3) Value range per feature matches training baseline statistics (no impossible values: negative ages, future timestamps). (4) Leakage check: if AUC on a linear model using only engineered features exceeds 0.95 on held-out labels, suspect leakage and audit the highest-coefficient feature first.

Design every step to be idempotent: featurize writes to a staging prefix, then atomically copies to the final prefix only on success. Training writes to a temp MLflow experiment, then calls register_model only on success. This way, a failed step leaves no partial outputs that downstream steps could pick up. Airflow retries the failed task from scratch — idempotency ensures the retry is safe.

Cron + shell has no: dependency management (step B must wait for step A), retry logic (step fails → whole pipeline dies), visibility (no UI to see what ran and when), failure alerting, or SLA monitoring. Airflow provides all of these. The breakeven point is roughly 3+ pipeline steps or more than one pipeline that shares data — at that point, the operational overhead of cron-managed pipelines exceeds the cost of running Airflow.

Three patterns: (1) Content-addressed output path: s3://features/{YYYY-MM-DD}/{input_hash}/ — same inputs always produce the same path, safe to re-run. (2) MERGE instead of INSERT: upsert on natural key handles re-runs without duplicates. (3) Atomic writes: write to a temp path, then rename/move to final path only on success — a failed run leaves no partial output for downstream tasks to pick up.

If replication lag is 15 minutes and your labels are assigned at event time T, using CDC features computed up to T may miss the final 15 minutes of events — the model trains on incomplete feature states. More dangerously, if the lag is variable (2 minutes normally, 20 minutes during peak), the amount of missing information varies across training rows, creating a noisy and non-reproducible training signal. Always apply a conservative lag buffer and log the assumed lag as a training metadata tag.

DDP provides near-linear speedup when: the model fits in one GPU (otherwise use FSDP), the dataset is large enough that each GPU sees statistically diverse batches, and data loading is not the bottleneck. Practical threshold: single-GPU epoch > 30 minutes. Below that, DDP setup overhead (cluster provisioning, NCCL init) often exceeds the speedup. Profile single-GPU training first — I/O-bound models benefit from better data loading before DDP.

DDP has no built-in fault tolerance — if any rank fails, the AllReduce operation blocks indefinitely until NCCL timeout, then the entire job fails. Recovery: restart the full K8s Job from the last saved checkpoint (save every N steps, not just end-of-epoch). PyTorch's torchrun (elastic training) supports fault-tolerant restarts with a dynamic worker count — use --max-restarts=3 to automatically restart failed workers without killing the entire job.

A retry policy re-attempts failed requests — useful for transient failures (network blip). A circuit breaker stops attempting after N failures and redirects to a fallback — essential when the primary service is down for minutes or hours. Use retries for sub-second transient errors (max 3 retries with exponential backoff); use circuit breakers when the failure is sustained (> 5 consecutive failures). Combining both: retry within a closed circuit, skip retries when the circuit is open.

Tier 1 fallback (< 10ms): serve pre-computed popular items from Redis (updated hourly). Tier 2 fallback (if Redis is also down): serve a static list of 20 globally popular items hardcoded in the service. Tier 3 (complete system outage): return HTTP 200 with an empty recommendations list and let the frontend handle gracefully. Document and test all three tiers — the fallback you have not tested is not a real fallback.

Without bulkheads, one tenant generating 10× normal request volume saturates the shared thread pool — all other tenants queue behind them (the "noisy neighbor" problem). Bulkheads give each tier a dedicated, bounded resource pool. A noisy premium tenant can exhaust the premium pool but cannot affect the standard pool's resources. Combine bulkheads with rate limiting (token bucket per tenant) to cap the maximum load any single tenant can generate.

Assess impact first: are EU users receiving materially different quality (AUC diff > 0.005 between versions)? If yes, expedite the EU deploy (fast-track CI gate, skip non-critical validation steps). If no material quality difference, complete the normal EU deploy cycle. Prevent recurrence by enforcing a maximum version lag policy (> 48 hours behind triggers a P2 incident) and automating multi-region promotion in the CI pipeline.

In priority order: (1) Pod kill with HPA/KEDA — validates autoscaling recovery time (should be < 2 minutes). (2) Latency injection on model server — validates that circuit breaker trips and fallback is served correctly. (3) Feature store outage — validates that the model handles null features gracefully rather than throwing unhandled exceptions. (4) GPU OOM simulation (ulimit memory) — validates that the pod restarts cleanly rather than hanging. These four cover the most common real production failure modes for ML systems.

Blast radius = what breaks if this experiment goes wrong. Assess before any experiment: (1) Which downstream services depend on the target? (Use service mesh topology or Jaeger trace fan-out.) (2) How many users are affected if the target is unavailable for 5 minutes? (Check traffic analytics.) (3) Is there a fallback? (Test it separately first.) Run experiments in staging with production-like traffic before moving to production. Define explicit abort criteria (rollback the experiment if error rate > 10%) and have someone monitoring dashboards throughout.

Minimum: (1) Intended use — automated pre-screening only, not final credit decision. (2) Training data — source, date range, demographic representation, known sampling biases. (3) Evaluation results — AUC, precision, recall overall AND per demographic slice (age group, gender, race). (4) Fairness metrics — disparate impact ratio, equalized odds per group. (5) Limitations — performance degrades for applicants with < 1 year credit history. (6) Prohibited uses — not for employment screening, insurance, or housing.

Immediately: halt promotion to Production — 0.75 < 0.8 threshold is a compliance breach for credit/employment/housing models. Investigate: is the disparity from the training data (biased historical labels), the features (proxy variables for protected attributes), or the model (fitting differently on subgroups)? Remediation options: reweigh training samples (Fairlearn), apply constraint optimization during training (exponentiated gradient), or post-process predictions with a calibrated threshold per group. Re-audit after remediation before any production use.

Article 22 grants individuals the right not to be subject to solely automated decisions that significantly affect them (credit, employment, medical) without a meaningful explanation. In practice: store SHAP/LIME explanations for every high-stakes automated decision at the time it was made. The explanation must be human-intelligible — not "feature 47 had weight 0.3" but "your application was affected by: limited credit history (most important), high existing debt, and recent late payment." Explanations must be delivered within 30 days of a subject access request.

For classical ML (gradient boosting, logistic regression): retrain from scratch on the dataset with the user removed, document the retrain in the MLflow registry, and certify the new model is in production. For neural networks: full retraining is prohibitively expensive at scale — document residual memorization risk, apply differential privacy training to future models, and consult legal on whether the documented retrain meets the erasure requirement. Store the erasure request and the subsequent retrain run_id in an immutable audit log.

High-risk: AI systems that are safety components of products regulated under EU law (medical devices, cars) OR standalone AI in: biometric identification, critical infrastructure management, educational/vocational access decisions, employment/worker management, essential services access (credit, insurance), law enforcement decisions, migration/asylum screening, administration of justice. If your ML system makes or influences credit approval, hiring, medical diagnosis, or criminal risk scoring for EU residents, it is high-risk and requires full conformity assessment.

Each prediction must log: (1) Input data fingerprint (hash of features, not raw PII), (2) Model version and run_id, (3) Output score and decision threshold, (4) Explanation summary (top 3 SHAP factors), (5) Human review flag and reviewer ID if applicable, (6) Timestamp (UTC, millisecond precision). Store in S3 Object Lock (COMPLIANCE mode, 10-year retention). Encrypt with customer-managed KMS key. Test the log integrity quarterly by re-hashing stored records and comparing to stored hashes. Grant read access only to compliance team via IAM — no one can delete or modify.