MLOps Platforms
Why This Matters
Three data points that explain why platform design decisions are high-stakes:
- 5,000 models, 400 active projects: Uber's Michelangelo platform reached this scale by 2024 — from a team that had no shared ML infrastructure in 2015. The platform's standardized workflow API is what made that scale possible without the platform team becoming the bottleneck. (Uber Engineering Blog, 2024)
- 1–2 months → 24 hours: The reduction in model deployment time Zomato achieved after building a standardized ML Runtime with a unified Feature Store, Model Store, and Serving API. The previous timeline wasn't due to model complexity — it was due to every team reinventing the deployment path. (Zomato Engineering Blog, 2021)
- 60% of engineering time on infrastructure boilerplate: Netflix's internal audit finding before they built Metaflow — 60% of ML code was data pipelines, compute provisioning, and deployment plumbing. Only 40% was data science. The platform's goal was to invert that ratio. (Netflix Tech Blog, 2019)
The platform decisions in this chapter determine which side of those numbers your team lives on.
Reading
Complete the blog post before attempting the exercises: MLOps Platforms — blog-post.md
Think About It
Think about it: Your team currently has 4 production models across 3 different teams (ranking, fraud detection, and demand forecasting). Each team has their own training scripts, their own feature pipelines, and their own monitoring dashboards. The fraud detection team noticed last week that one of their features was being computed differently in training vs. serving — but only because they happened to run a manual audit. The demand forecasting team is about to ship a 5th model.
Using the five trigger conditions from the chapter, evaluate whether this organization needs a platform. Which condition(s) are already met? Which is most urgent? What specific production risk are you most concerned about going undetected?
Expert thinking →
Trigger analysis:
Condition 1 — >2–3 models, >1 team shipping: ✓ Already met. 4 models, 3 teams. This condition alone is sufficient to justify a platform.
Condition 2 — Frequent retraining cycles: Likely met, but not confirmed by the prompt. Demand forecasting typically requires weekly or daily retraining. Fraud detection often needs rapid retraining as fraud patterns shift. This warrants investigation.
Condition 3 — Incidents from skew/drift/silent failure: ✓ Already happening. The fraud detection training-serving skew was caught by a manual audit — meaning it existed in production for an unknown period before it was found. The team got lucky. Without a platform that standardizes feature definitions, this class of bug will recur.
Condition 4 — Duplicated tooling: ✓ Already met. Three teams each have their own training scripts, feature pipelines, and monitoring. They are paying 3× the maintenance cost.
Condition 5 — Compliance/audit requirements: Not confirmed. Fraud detection often does have regulatory requirements (model explainability, audit trails), but this depends on the domain.
Most urgent risk: The training-serving skew in fraud detection is the clearest immediate danger. The model in production was making predictions based on features computed differently from how it was trained. The impact could range from minor accuracy degradation to systematic errors in fraud decisions. Without a platform that standardizes feature definitions across training and serving paths, every team is one pipeline refactor away from the same silent failure.
What the organization needs first (Phase 1):
- Shared feature registry — one definition per feature, used in both training and serving
- Orchestrated training pipelines with automatic validation (catches schema mismatches before deployment)
- A model registry with lineage — so any model in production can be traced back to its exact training data and feature version
- Baseline monitoring with distribution drift alerts — so skew doesn't require a manual audit to discover
The 5th model shipping without these in place makes the duplicated-tooling and skew problems worse, not better.
Think about it: You are the platform team lead at a 60-person ML organization with 8 data scientists, 4 ML engineers, and 2 platform engineers. You are designing the golden path for model training. Two options are on the table:
Option A: Build on raw Kubernetes — full control over compute scheduling, hardware selection, and fault tolerance. Teams write Kubernetes YAMLs or use a thin wrapper.
Option B: Use a managed service (SageMaker Training, Vertex AI Training) with a thin Python SDK wrapper your team maintains. Less control, but the managed service handles orchestration, fault tolerance, and hardware provisioning.
Which option is right for your team? What is the single most important factor in that decision?
Expert thinking →
The answer is almost certainly Option B, and the reason comes down to one factor: operational capacity relative to the number of teams served.
With 2 platform engineers serving 8 data scientists and 4 ML engineers, those 2 engineers have a service-to-supported ratio of 1:6. Every hour they spend on Kubernetes cluster management is an hour they are not building platform capabilities (evaluation gates, feature store, monitoring integrations) that teams actually need.
The LyftLearn case study is directly applicable here. LyftLearn was built on Kubernetes-native primitives. The platform team spent their capacity managing Kubernetes infrastructure — custom resource management, operator development, hardware configuration — rather than building capabilities. Teams with non-standard requirements routed around the platform to SageMaker because it was faster. This is the failure mode Option A sets up.
The key principle: choose abstraction level based on operational capacity, not theoretical flexibility. Kubernetes gives you control over everything, but only if you have engineers whose job is to manage it. Two platform engineers do not have that capacity.
What Option B gives you:
- Fault tolerance, auto-scaling, hardware provisioning — all managed by the cloud provider
- Your team writes a thin Python SDK wrapper that standardizes job submission, logging integration, and artifact handling
- New hardware types (GPU types, spot instances) become available without your team implementing support
- The 2 platform engineers spend their time on feature registry, evaluation gates, and monitoring integration — the capabilities that actually differentiate your platform
When Option A is appropriate: when you have 5+ platform engineers with dedicated SRE responsibility, you have workloads that genuinely exceed managed service constraints (multi-node training at extreme scale, custom hardware), or the managed service cannot meet your latency or data residency requirements.
The mental test: "What happens when a training job fails at 3am?" With Option A, someone on your 2-person platform team is paged. With Option B, the managed service handles fault recovery and your team is paged only for application-level failures.
Think about it: Six months after deploying your Phase 1 platform (orchestrated training, model registry, one deployment path), adoption is lower than expected. 5 of the 8 data scientists use the platform for standard cases. 3 do not — they prefer their custom deployment scripts because "the platform doesn't support our use case" (their model uses a custom C++ inference engine that is not a standard framework).
Your platform team receives an average of 8 support tickets per week from platform users. 3 of those tickets are from the non-platform users who occasionally need registry or monitoring access.
Diagnose what is happening and what you should do. Is this a golden path problem, an escape hatch problem, an adoption problem, or something else?
Expert thinking →
Two separate problems are conflated here:
Problem 1 — The 3 non-adopters: This is an escape hatch gap, not an adoption problem. Those 3 data scientists have a legitimate non-standard requirement: a C++ inference engine that the platform does not support. If the only options are "use our standard Python serving" or "use nothing," they will rationally choose nothing. The platform team needs to add an escape hatch — a "bring your own serving container" path that still uses the platform's registry, monitoring, and deployment workflow, but does not mandate the platform's runtime. This is a well-defined engineering task, not a cultural problem.
Problem 2 — 8 support tickets per week for a 2-engineer platform team: This is a bottleneck signal. 8 tickets/week = 1.6 tickets per engineer per day, alongside their regular platform work. This is already high and will grow with adoption. Most of these tickets are probably questions that could be answered by better documentation — or by automating the thing the ticket is asking the platform team to do manually.
What to do:
-
Classify the 8 tickets. Which 3 ticket types account for 80% of the volume? If it is "help me submit a training job," the golden path needs better documentation or a simplified CLI. If it is "add my team to the registry," it is an access-management automation gap. Fix the root cause, not the individual tickets.
-
Build the escape hatch for the C++ serving case. Define what "bring your own container" means: a model package format that can wrap any runtime, with defined hooks for health checks, monitoring instrumentation, and canary traffic. This converts 3 non-users into platform users for the layers they can use (registry, monitoring) while respecting their runtime requirement.
-
Self-serve onboarding. If new teams have to file a ticket to get started, every adoption cohort begins with a bad experience. A documented "getting started in 30 minutes" path with working examples eliminates the onboarding ticket category entirely.
The adoption metric to watch: not "how many people use the platform" but "what fraction of the platform's supported use cases are actually on the platform." 5/8 data scientists on a platform that fully covers 3 framework types is 100% adoption for those frameworks. 0% adoption for the C++ case is an escape hatch gap, not an adoption problem. Treat them separately.
Case Study Review
The LyftLearn Platform Bottleneck
LyftLearn was a working ML platform until the "Feature Tax" made it too expensive to extend. The platform team spent their capacity on Kubernetes infrastructure management rather than capabilities, and teams routed to SageMaker.
Discussion questions (reflect before reading the answer):
- At what point should the LyftLearn team have recognized the Feature Tax was compounding?
- What is the leading indicator of the "platform becomes a bottleneck" failure mode — what would you see in platform metrics before the teams start routing around it?
- If you were the LyftLearn platform team lead at the moment teams started routing to SageMaker, what would your recovery plan be?
Analysis:
The leading indicator is always capability shipping velocity, not adoption metrics. By the time teams are routing around the platform, the failure mode has already progressed past early warning. The early signal: new capabilities taking longer and longer to ship, measured in weeks-to-release. If adding GPU support took 2 weeks in Year 1 and took 16 weeks in Year 2, the Feature Tax has compounded — even if adoption numbers are still growing.
The recovery plan when teams have started routing around you: stop building new features. Audit every capability in the platform and classify it as either "platform team should own this" or "managed service handles this better." Migrate the second category first. Reduce the operational surface the platform team is responsible for. Only once the team has capacity again should new capabilities be built.
Uber Michelangelo's Self-Serve Design
Michelangelo's workflow API enabled teams to go from experiment to production without platform team involvement for standard use cases. This is the "golden path + self-serve" principle in practice.
What made self-serve possible: standardized interfaces. The workflow API works because every training job, every model, and every deployment follows the same contract: standard input/output formats, standard evaluation hooks, standard deployment package. Once those contracts are defined, the platform team can automate the entire path without knowing anything about the model's domain or the team's business logic.
The lesson for your platform: the single most leveraged design decision for a self-serve platform is defining the model package format and the evaluation hook interface before building anything else. Everything downstream — deployment, serving, rollback, monitoring — can be automated once those contracts exist.
Advanced Exercises
Exercise 1 — Platform Strategy for a Scaling Fintech
Context: You are the first ML platform engineer at a fintech company that currently has:
- 6 production models (credit scoring, fraud detection, churn prediction, LTV estimation, collections prioritization, marketing attribution)
- 3 ML teams, each with their own pipelines and monitoring
- A compliance requirement: all credit-scoring model decisions must be explainable, audited, and reproducible for regulatory review
- Plans to ship 4 more models in the next quarter
Your task: Design the platform strategy for this organization. Address:
-
Trigger assessment: Which of the 5 trigger conditions are met? Which is most urgent given the compliance requirement?
-
Phase 1 scope: What specifically goes into Phase 1 for this organization? Given the compliance trigger, how does your Phase 1 differ from a non-regulated fintech?
-
Build vs. buy decisions: For each of the 8 capability groups, state whether you would build, buy, or use OSS — and why. Note which decisions are driven by the compliance requirement.
-
Team model: Given 1 platform engineer (you) serving 3 teams, which team interaction model do you adopt? What are the explicit ownership boundaries?
-
The compliance-specific features: What does "explainable, audited, and reproducible" require technically? Map each to a specific platform capability.
Model answer:
1. Trigger assessment: All 5 conditions are met. The most urgent: Condition 5 (compliance/audit requirements) combined with Condition 3 (skew/drift potential). Credit scoring models in regulated markets can trigger fair lending violations if a production model's behavior diverges from its validated state — and three teams with independent pipelines and no shared feature definitions make that divergence likely.
2. Phase 1 scope — regulated variant: Standard Phase 1 plus:
- Model registry with immutable artifact storage: once a model is registered for production, the artifact cannot be modified without creating a new version. This is non-negotiable for audit.
- Training lineage at registration: every registered model records the exact training code version, data snapshot, feature definitions, and hyperparameters used. Not as metadata — as linked, addressable artifacts.
- Evaluation gate with documented outcomes: every model that passes the quality gate for production must produce a logged gate outcome (which checks ran, what thresholds were applied, what values were observed). Regulators need this.
- Feature definition registry with versioning: feature definitions used in credit scoring must be versioned and immutable. If a feature changes, it creates a new version, not an edit.
3. Build vs. buy:
| Capability | Decision | Reason |
|---|---|---|
| Data & Features | OSS (Feast or Feathr) + build feature versioning | Feature versioning with compliance-grade immutability needs custom policy; OSS provides the base |
| Dev Experience | Buy (SageMaker Studio or Vertex AI Workbench) | You are 1 engineer; cannot maintain workspaces |
| Training | Buy (SageMaker Training or Vertex AI) | Same reason; operational complexity is too high for 1 engineer |
| Registry & Artifacts | OSS (MLflow) + build immutable artifact policy | MLflow provides the base; compliance immutability is custom |
| Evaluation | Build | Credit scoring evaluation needs domain-specific fairness checks (disparate impact, equal opportunity) that no generic tool provides |
| Serving | Buy (SageMaker Endpoints or Vertex AI) + build explainability wrapper | Explanation generation for credit decisions is domain-specific |
| Observability | Buy (Evidently AI or Arize) + extend for fairness metrics | Fairness drift (demographic parity, equalized odds) needs custom metrics |
| Governance | Build | Approval workflows for credit model promotion are regulatory-specific |
4. Team model: Hybrid platform + enablement. With 1 platform engineer, you cannot be embedded per team or review every ticket. Provide: self-serve training job submission (SageMaker SDK wrapper), standardized model package format, registry documentation with registration script, and office hours twice per week.
Ownership boundary: you own the registry, the evaluation gate framework (teams define their own thresholds), and the audit log format. Teams own their evaluation criteria, feature logic, and model on-call.
5. Compliance features:
- Explainable: SHAP or LIME explanation generation integrated into the serving path; explanation stored alongside every prediction for credit decisions. Platform provides the explanation infrastructure; teams configure the explanation method.
- Audited: every model promotion event, every evaluation gate outcome, every serving version change logged to an immutable audit trail with timestamp and actor identity. Registry must support this. MLflow audit logs + S3 object lock achieves this.
- Reproducible: lineage chain from serving artifact back to training code commit + data snapshot. The registry registration step enforces that all 6 lineage components are present before promotion is allowed.
Exercise 2 — Platform Postmortem: The Feature That Broke in Production
Context: You are a platform engineer conducting a postmortem. Three weeks ago, the demand forecasting model's accuracy dropped by 11% over two days. Root cause investigation revealed:
- The data engineering team updated the
rolling_7d_avg_ordersfeature pipeline to fix a latency issue - The fix changed how null values in the source table were handled: previously nulls were forward-filled, after the fix they were zero-filled
- The demand forecasting model had been trained on data with forward-filled nulls
- The serving pipeline used the updated feature logic (zero-filled) while the model expected forward-filled input
- The model had no training-serving parity test; the mismatch was only detected when business metrics moved
Your task:
-
Root cause classification: Is this a data quality failure, a platform design failure, or an individual team failure? Explain your reasoning.
-
Platform changes required: What specific platform capabilities, if they had existed, would have prevented this? For each, describe the mechanism.
-
Detection timeline: With the changes in (2) in place, at what point would the mismatch have been detected? Hours, days, or before deployment?
-
Blameless framing: Write the "lessons learned" section of the postmortem — 3 bullet points that identify systemic gaps rather than individual failures.
Model answer:
1. Root cause classification: Platform design failure. The data engineering team did exactly what they should do — fix a latency issue in their pipeline. The model team did exactly what they should do — train a model on the available data. The failure occurred at the interface between those two activities: there was no platform mechanism that enforced that feature logic used in training matched feature logic used in serving. No individual made an error. The system architecture made this failure possible.
This is the definition of a platform gap: when two teams operating correctly in isolation can produce a broken system at their boundary.
2. Platform changes required:
-
Feature registry with versioned, immutable feature definitions:
rolling_7d_avg_ordersshould have a version in the registry. When the data engineering team changes the null-handling logic, they create a new version (v2). The model registry stores which feature version each model was trained on. The serving pipeline resolves the feature version from the model's registry entry — not from "latest."How this prevents the failure: after the data engineering fix, the feature is
rolling_7d_avg_orders:v2. The demand forecasting model's registry entry still points torolling_7d_avg_orders:v1. The serving pipeline looks up the model's feature version and routes to the v1 logic. The mismatch never reaches production. -
Training-serving parity test in the CI/CD gate: before any feature logic change is deployed to production, a test computes the feature on a held-out dataset using both the old and new logic and compares distributions. If the distribution shift exceeds a threshold, the gate fails.
How this prevents the failure: the data engineering team's PR would have triggered a parity test showing that null handling changed the distribution of
rolling_7d_avg_orders. The gate failure surfaces the change before it reaches production; a conversation happens before a business metric moves. -
Feature lineage in model registration: at registration time, the model registry records not just that the model used
rolling_7d_avg_orders, but the exact pipeline code commit that produced the training features. If the production feature pipeline differs from the training pipeline at the code level, the registry flags it.
3. Detection timeline with these changes: before deployment. The parity test runs in CI when the data engineering PR is opened. The feature version system prevents the model from ever being served with incompatible feature logic. The issue surfaces in a PR review, not in a business metric postmortem.
4. Blameless lessons learned:
- "The platform did not have a mechanism to enforce that features used in training matched features used in serving. Feature updates that changed computation logic could silently produce serving-training skew without any alert."
- "Models in the registry did not record the specific version of each feature they were trained on. This prevented the platform from detecting version mismatches between training-time and serving-time feature logic."
- "CI gates for feature pipeline changes did not include distribution parity checks. A feature logic change that produced a significant distribution shift reached production without review."
Exercise 3 — Design the Platform Operating Model for a 200-Person ML Org
Context: You are the head of ML Platform at a large e-commerce company. The ML organization has:
- 12 ML teams across 5 product areas: Search, Recommendations, Pricing, Logistics, and Trust & Safety
- 180 production models in total across all teams
- A platform team of 8 engineers (including you)
- Highly varying requirements: real-time models (Trust & Safety, Pricing), batch models (Logistics), embedded models (on-device recommendations for the mobile app)
- A recurring complaint: "the platform team takes too long to respond to requests"
Your task:
-
Diagnose the bottleneck: What are the three most likely causes of "too long to respond" in an org this size? What data would you look at to confirm the diagnosis?
-
Operating model design: Design the team interaction model for this org. Given 8 platform engineers and 12 model teams, how do you structure ownership and interaction?
-
Ticket triage: Your team receives ~30 tickets per week. Without more engineers, how do you reduce this number by 50% without reducing platform value?
-
Golden paths for heterogeneous requirements: The org has three distinct model types (real-time, batch, on-device). Should you build one golden path or three? What are the tradeoffs?
Model answer:
1. Diagnosing the bottleneck:
The three most likely causes:
- Access and setup tickets: new team members or new teams requesting credentials, registry access, or namespace provisioning. These should be automated. Look at ticket categories — if 30–40% are "please add me to X," the automation gap is clear.
- Non-standard requirement requests: teams asking the platform team to support a new framework, a new hardware type, or a non-standard deployment pattern. These take disproportionate engineering time. Look at time-to-resolution by ticket category — these tickets will be outliers.
- Documentation gaps: teams asking "how do I do X" because the golden path documentation doesn't cover their case. Look at ticket subject lines for "how to" phrasing.
To confirm: tag every incoming ticket for 4 weeks. Classify by type (access, feature request, how-to, bug). Measure resolution time per type. The 3 types that consume 80% of engineering hours are your priorities.
2. Operating model design:
For 8 engineers and 12 teams, pure "central platform" is too thin (0.67 engineers per team, which means no responsiveness). Pure "embedded" is infeasible (would need 12 engineers, not 8). The hybrid model is the only option.
Recommended structure:
- 6 engineers on platform development: responsible for golden paths, Phase 2/3 capabilities, and self-serve tooling. No direct model team work.
- 2 engineers as Platform Enablement team: primary contact for the 12 model teams. They own onboarding, documentation, office hours (2x/week), and tier-1 support. They do not build platform capabilities — they identify gaps and route them to the development team.
Ownership boundaries: the enablement team owns the relationship; the development team owns the product. Model teams own everything specific to their domain (features, evaluation criteria, on-call for model behavior).
3. Reducing tickets by 50%:
- Self-serve access provisioning: build a service catalog or a GitHub-based approval workflow for common access requests (registry namespaces, compute quotas, monitoring dashboards). Automate the provisioning step. This category alone is typically 30–40% of tickets.
- Interactive documentation: replace static docs with a "getting started" notebook that a new team member can run end-to-end and get a working pipeline. Reduce "how do I" tickets to near zero for the 3 most common use cases.
- Escape hatch catalog: publish a documented menu of supported non-standard paths (custom serving runtimes, non-standard hardware, streaming inference). Teams with those requirements can self-select the right path instead of filing a ticket asking if it's possible.
4. One golden path vs. three:
Build three flavors of one golden path, not three separate systems. The underlying platform infrastructure (registry, lineage, monitoring) should be shared. The interface layer — how a team submits a training job, how they deploy a model, how they define monitoring alerts — should have three specialized variants.
A single golden path that forces real-time models through batch deployment machinery creates the same problem as no golden path: teams route around it. But three completely independent golden paths triple the maintenance surface and create three separate user communities that can't share tooling or learnings.
The right abstraction: shared core (registry, artifact store, monitoring backend) + modality-specific SDKs (real-time SDK, batch SDK, on-device SDK). Each SDK follows the same contract for registration and lifecycle management but presents the right interface for each deployment modality.
Python Implementations
Implementation 1 — ML Platform Health Dashboard
A lightweight platform health checker that assesses whether your organization's platform has the key capabilities in place. Useful for platform team retrospectives and new platform team members doing an initial assessment.
"""
Platform Health Assessment Tool
Evaluates whether a production ML platform has the key capabilities
across the 8 capability groups. Produces a health report with gap
identification and priority recommendations.
"""
from dataclasses import dataclass, field
from enum import Enum
from typing import List, Optional
import json
from datetime import datetime
class CapabilityStatus(Enum):
IMPLEMENTED = "implemented"
PARTIAL = "partial"
MISSING = "missing"
NOT_APPLICABLE = "not_applicable"
class Priority(Enum):
CRITICAL = "critical" # Missing and needed for production safety
HIGH = "high" # Missing and causing weekly pain
MEDIUM = "medium" # Partial or causing occasional pain
LOW = "low" # Nice-to-have
@dataclass
class Capability:
name: str
group: str
description: str
status: CapabilityStatus = CapabilityStatus.MISSING
notes: str = ""
priority: Priority = Priority.MEDIUM
@dataclass
class PlatformAssessment:
org_name: str
model_count: int
team_count: int
assessment_date: str = field(default_factory=lambda: datetime.now().isoformat()[:10])
capabilities: List[Capability] = field(default_factory=list)
def add_capability(
self,
name: str,
group: str,
description: str,
status: CapabilityStatus,
notes: str = "",
priority: Priority = Priority.MEDIUM
) -> None:
self.capabilities.append(Capability(
name=name,
group=group,
description=description,
status=status,
notes=notes,
priority=priority
))
def summary(self) -> dict:
total = len(self.capabilities)
by_status = {
"implemented": sum(1 for c in self.capabilities if c.status == CapabilityStatus.IMPLEMENTED),
"partial": sum(1 for c in self.capabilities if c.status == CapabilityStatus.PARTIAL),
"missing": sum(1 for c in self.capabilities if c.status == CapabilityStatus.MISSING),
}
critical_gaps = [
c for c in self.capabilities
if c.status in (CapabilityStatus.MISSING, CapabilityStatus.PARTIAL)
and c.priority == Priority.CRITICAL
]
return {
"org": self.org_name,
"models": self.model_count,
"teams": self.team_count,
"total_capabilities": total,
"by_status": by_status,
"health_score": round(by_status["implemented"] / total * 100, 1) if total > 0 else 0,
"critical_gaps": [c.name for c in critical_gaps],
"platform_level": self._infer_level(),
}
def _infer_level(self) -> str:
implemented = {c.name for c in self.capabilities if c.status == CapabilityStatus.IMPLEMENTED}
level_0_features = {"artifact_store", "model_registry"}
level_1_features = level_0_features | {"orchestrated_training", "deployment_rollback", "baseline_monitoring"}
level_2_features = level_1_features | {"automated_eval_gates", "progressive_delivery", "feature_parity", "lineage"}
if level_2_features.issubset(implemented):
return "Level 2 — CI/CD for ML"
elif level_1_features.issubset(implemented):
return "Level 1 — Repeatable Pipelines"
elif level_0_features.issubset(implemented):
return "Level 0+ — Basic Registry"
return "Level 0 — Ad hoc"
def print_report(self) -> None:
s = self.summary()
print(f"\n{'='*60}")
print(f"Platform Health Report: {s['org']}")
print(f"Date: {self.assessment_date} | Models: {s['models']} | Teams: {s['teams']}")
print(f"{'='*60}")
print(f"Health Score: {s['health_score']}%")
print(f"Platform Level: {s['platform_level']}")
print(f"Implemented: {s['by_status']['implemented']}/{s['total_capabilities']} capabilities")
print(f"Partial: {s['by_status']['partial']}/{s['total_capabilities']} capabilities")
print(f"Missing: {s['by_status']['missing']}/{s['total_capabilities']} capabilities")
if s['critical_gaps']:
print(f"\n⚠ CRITICAL GAPS ({len(s['critical_gaps'])}):")
for gap in s['critical_gaps']:
print(f" • {gap}")
print(f"\nCapability Detail by Group:")
groups = {}
for c in self.capabilities:
groups.setdefault(c.group, []).append(c)
status_icon = {
CapabilityStatus.IMPLEMENTED: "✓",
CapabilityStatus.PARTIAL: "~",
CapabilityStatus.MISSING: "✗",
CapabilityStatus.NOT_APPLICABLE: "-",
}
priority_icon = {
Priority.CRITICAL: "🔴",
Priority.HIGH: "🟠",
Priority.MEDIUM: "🟡",
Priority.LOW: "🟢",
}
for group, caps in groups.items():
print(f"\n {group}")
for c in caps:
icon = status_icon[c.status]
picon = priority_icon[c.priority] if c.status != CapabilityStatus.IMPLEMENTED else " "
note = f" — {c.notes}" if c.notes else ""
print(f" {icon} {picon} {c.name}{note}")
print()
def build_typical_level1_assessment(org_name: str, model_count: int, team_count: int) -> PlatformAssessment:
"""Build a sample assessment for a typical Level 1 platform team."""
assessment = PlatformAssessment(org_name=org_name, model_count=model_count, team_count=team_count)
# Data & Features
assessment.add_capability("feature_parity", "Data & Features", "Training-serving feature parity",
CapabilityStatus.MISSING, "Each team manages separately", Priority.CRITICAL)
assessment.add_capability("feature_registry", "Data & Features", "Centralized feature catalog",
CapabilityStatus.MISSING, "No shared catalog", Priority.HIGH)
# Dev Experience
assessment.add_capability("project_templates", "Dev Experience", "Standardized project templates",
CapabilityStatus.PARTIAL, "Exists but outdated", Priority.MEDIUM)
assessment.add_capability("reproducible_envs", "Dev Experience", "Reproducible environments",
CapabilityStatus.IMPLEMENTED, "Docker images used", Priority.LOW)
# Training
assessment.add_capability("orchestrated_training", "Training", "Automated orchestrated training pipeline",
CapabilityStatus.IMPLEMENTED, "Airflow DAGs in place", Priority.LOW)
assessment.add_capability("compute_scaling", "Training", "Scalable compute (multi-GPU, spot)",
CapabilityStatus.PARTIAL, "Manual GPU requests", Priority.MEDIUM)
# Registry & Artifacts
assessment.add_capability("artifact_store", "Registry & Artifacts", "Artifact storage with versioning",
CapabilityStatus.IMPLEMENTED, "S3 + naming convention", Priority.LOW)
assessment.add_capability("model_registry", "Registry & Artifacts", "Model registry with lineage",
CapabilityStatus.PARTIAL, "MLflow setup, lineage incomplete", Priority.HIGH)
# Evaluation
assessment.add_capability("automated_eval_gates", "Evaluation", "Automated quality gates before deployment",
CapabilityStatus.MISSING, "Manual evaluation only", Priority.CRITICAL)
assessment.add_capability("slice_evaluation", "Evaluation", "Performance evaluation on key data slices",
CapabilityStatus.MISSING, "Not implemented", Priority.HIGH)
# Serving
assessment.add_capability("deployment_rollback", "Serving", "Tested rollback path",
CapabilityStatus.IMPLEMENTED, "Blue-green deployment available", Priority.LOW)
assessment.add_capability("progressive_delivery", "Serving", "Canary / shadow traffic rollout",
CapabilityStatus.MISSING, "All-or-nothing deployment only", Priority.HIGH)
# Observability
assessment.add_capability("baseline_monitoring", "Observability", "System health + basic alerting",
CapabilityStatus.IMPLEMENTED, "Datadog dashboards", Priority.LOW)
assessment.add_capability("data_drift_monitoring", "Observability", "Prediction and feature distribution monitoring",
CapabilityStatus.MISSING, "No drift detection", Priority.CRITICAL)
assessment.add_capability("lineage", "Observability", "Full training lineage tracking",
CapabilityStatus.PARTIAL, "Partial — training code tracked, data not", Priority.HIGH)
# Governance
assessment.add_capability("audit_log", "Governance", "Immutable audit log for model promotions",
CapabilityStatus.MISSING, "No audit trail", Priority.HIGH)
assessment.add_capability("access_controls", "Governance", "Role-based access controls",
CapabilityStatus.IMPLEMENTED, "IAM policies in place", Priority.LOW)
return assessment
# Example usage
assessment = build_typical_level1_assessment(
org_name="ExampleCo ML Platform",
model_count=8,
team_count=3
)
assessment.print_report()
Expected output (abbreviated):
============================================================
Platform Health Report: ExampleCo ML Platform
Date: 2024-01-15 | Models: 8 | Teams: 3
============================================================
Health Score: 35.3%
Platform Level: Level 1 — Repeatable Pipelines
Implemented: 6/17 capabilities
Partial: 4/17 capabilities
Missing: 7/17 capabilities
⚠ CRITICAL GAPS (3):
• feature_parity
• automated_eval_gates
• data_drift_monitoring
Capability Detail by Group:
Data & Features
✗ 🔴 feature_parity — Each team manages separately
✗ 🟠 feature_registry — No shared catalog
...
Implementation 2 — Feature Version Conflict Detector
A tool that detects training-serving feature definition conflicts — the root cause of the skew failure in Exercise 2. Registers feature definitions with version hashes and alerts when a model is deployed with mismatched feature versions.
"""
Feature Version Conflict Detector
Prevents training-serving skew by tracking feature definitions with
content-addressed versioning. Detects when a model was trained with
a different feature computation than what serving will use.
The root cause of most training-serving skew is untracked feature
logic changes. This tool makes those changes explicit and catchable
before they reach production.
"""
import hashlib
import json
from dataclasses import dataclass, field, asdict
from typing import Dict, List, Optional, Callable
from datetime import datetime
@dataclass
class FeatureDefinition:
name: str
description: str
computation_logic: str # The actual code/SQL/expression as a string
null_handling: str # e.g., "forward_fill", "zero_fill", "drop"
data_type: str # e.g., "float32", "int64", "string"
source_table: str
version: str = field(init=False)
created_at: str = field(default_factory=lambda: datetime.now().isoformat())
def __post_init__(self):
self.version = self._compute_version_hash()
def _compute_version_hash(self) -> str:
"""Version is a hash of the logic — any logic change creates a new version."""
content = json.dumps({
"computation_logic": self.computation_logic,
"null_handling": self.null_handling,
"data_type": self.data_type,
"source_table": self.source_table,
}, sort_keys=True)
return hashlib.sha256(content.encode()).hexdigest()[:12]
@dataclass
class ModelFeatureSnapshot:
"""Records which feature versions a model was trained on."""
model_name: str
model_version: str
training_timestamp: str
feature_versions: Dict[str, str] # feature_name -> version_hash
class FeatureRegistry:
"""
Central registry for feature definitions with versioning.
In production, this would be backed by a database (PostgreSQL, DynamoDB).
Here we use in-memory storage for demonstration.
"""
def __init__(self):
# feature_name -> list of all versions (latest last)
self._registry: Dict[str, List[FeatureDefinition]] = {}
# model_name -> training snapshot
self._model_snapshots: Dict[str, ModelFeatureSnapshot] = {}
def register_feature(self, feature: FeatureDefinition) -> str:
"""Register a feature definition. Returns version hash."""
if feature.name not in self._registry:
self._registry[feature.name] = []
existing_versions = [f.version for f in self._registry[feature.name]]
if feature.version in existing_versions:
print(f"Feature '{feature.name}' v{feature.version[:8]} already registered (no change).")
return feature.version
self._registry[feature.name].append(feature)
is_update = len(self._registry[feature.name]) > 1
action = "Updated" if is_update else "Registered"
print(f"{action} feature '{feature.name}' → version {feature.version[:8]}")
if is_update:
prev = self._registry[feature.name][-2]
if prev.null_handling != feature.null_handling:
print(f" ⚠ Null handling changed: '{prev.null_handling}' → '{feature.null_handling}'")
if prev.source_table != feature.source_table:
print(f" ⚠ Source table changed: '{prev.source_table}' → '{feature.source_table}'")
return feature.version
def get_latest(self, feature_name: str) -> Optional[FeatureDefinition]:
versions = self._registry.get(feature_name, [])
return versions[-1] if versions else None
def get_version(self, feature_name: str, version_hash: str) -> Optional[FeatureDefinition]:
for f in self._registry.get(feature_name, []):
if f.version == version_hash:
return f
return None
def record_training_snapshot(
self, model_name: str, model_version: str, feature_names: List[str]
) -> ModelFeatureSnapshot:
"""Record which feature versions were used to train a model."""
snapshot = ModelFeatureSnapshot(
model_name=model_name,
model_version=model_version,
training_timestamp=datetime.now().isoformat(),
feature_versions={
fname: self.get_latest(fname).version
for fname in feature_names
if self.get_latest(fname) is not None
}
)
self._model_snapshots[f"{model_name}:{model_version}"] = snapshot
print(f"Recorded training snapshot for {model_name} v{model_version}")
return snapshot
def check_serving_compatibility(
self, model_name: str, model_version: str
) -> List[dict]:
"""
Check if current feature versions match what the model was trained on.
Returns a list of conflicts (empty = safe to serve).
"""
key = f"{model_name}:{model_version}"
snapshot = self._model_snapshots.get(key)
if snapshot is None:
return [{"error": f"No training snapshot found for {key}. Cannot verify serving safety."}]
conflicts = []
for feature_name, trained_version in snapshot.feature_versions.items():
current = self.get_latest(feature_name)
if current is None:
conflicts.append({
"feature": feature_name,
"severity": "ERROR",
"issue": "Feature no longer exists in registry",
"trained_on": trained_version[:8],
"current": "NOT FOUND"
})
elif current.version != trained_version:
trained_def = self.get_version(feature_name, trained_version)
conflicts.append({
"feature": feature_name,
"severity": "WARNING",
"issue": "Feature definition changed since training",
"trained_on": trained_version[:8],
"current": current.version[:8],
"null_handling_change": (
trained_def.null_handling != current.null_handling
if trained_def else "unknown"
),
"source_table_change": (
trained_def.source_table != current.source_table
if trained_def else "unknown"
)
})
return conflicts
def deployment_gate(self, model_name: str, model_version: str) -> bool:
"""
Returns True if the model is safe to deploy; False if there are conflicts.
This would be called as part of the CI/CD gate before any model promotion.
"""
print(f"\n{'─'*50}")
print(f"Deployment Gate: {model_name} v{model_version}")
print(f"{'─'*50}")
conflicts = self.check_serving_compatibility(model_name, model_version)
if not conflicts:
print("✓ No feature version conflicts. Safe to deploy.")
return True
print(f"✗ {len(conflicts)} conflict(s) detected — deployment blocked:")
for c in conflicts:
severity = c.get("severity", "ERROR")
print(f"\n [{severity}] Feature: {c['feature']}")
print(f" Issue: {c['issue']}")
if "trained_on" in c:
print(f" Trained: v{c['trained_on']}")
if "current" in c:
print(f" Current: v{c['current']}")
if c.get("null_handling_change"):
print(f" ⚠ Null handling changed")
if c.get("source_table_change"):
print(f" ⚠ Source table changed")
print(f"\nRecommendation: retrain {model_name} on updated features, or pin feature versions.")
return False
# ──────────────────────────────────────────────
# Reproduce the Exercise 2 failure (and prevent it)
# ──────────────────────────────────────────────
registry = FeatureRegistry()
# Step 1: Register original feature definition
rolling_avg_v1 = FeatureDefinition(
name="rolling_7d_avg_orders",
description="7-day rolling average of order count per customer",
computation_logic="AVG(order_count) OVER (PARTITION BY customer_id ORDER BY date ROWS BETWEEN 6 PRECEDING AND CURRENT ROW)",
null_handling="forward_fill",
data_type="float32",
source_table="orders_daily"
)
registry.register_feature(rolling_avg_v1)
# Step 2: Model is trained — snapshot records the feature version
snapshot = registry.record_training_snapshot(
model_name="demand_forecast_model",
model_version="v2.3.1",
feature_names=["rolling_7d_avg_orders"]
)
# Step 3: Data engineering team "fixes a latency issue" — changes null handling
rolling_avg_v2 = FeatureDefinition(
name="rolling_7d_avg_orders",
description="7-day rolling average of order count per customer (latency fix: zero-fill nulls)",
computation_logic="AVG(COALESCE(order_count, 0)) OVER (PARTITION BY customer_id ORDER BY date ROWS BETWEEN 6 PRECEDING AND CURRENT ROW)",
null_handling="zero_fill", # The critical change
data_type="float32",
source_table="orders_daily"
)
registry.register_feature(rolling_avg_v2)
# Step 4: Platform deployment gate runs before the model goes to production
is_safe = registry.deployment_gate("demand_forecast_model", "v2.3.1")
print(f"\nDeployment decision: {'PROCEED' if is_safe else 'BLOCKED'}")
Expected output:
Registered feature 'rolling_7d_avg_orders' → version a3f7c12b4d91
Recorded training snapshot for demand_forecast_model v2.3.1
Updated feature 'rolling_7d_avg_orders' → version 8e2d4f9a1c73
⚠ Null handling changed: 'forward_fill' → 'zero_fill'
──────────────────────────────────────────────────
Deployment Gate: demand_forecast_model v2.3.1
──────────────────────────────────────────────────
✗ 1 conflict(s) detected — deployment blocked:
[WARNING] Feature: rolling_7d_avg_orders
Issue: Feature definition changed since training
Trained: va3f7c12b
Current: v8e2d4f9a
⚠ Null handling changed
Recommendation: retrain demand_forecast_model on updated features, or pin feature versions.
Deployment decision: BLOCKED
Production Challenges
Challenge 1 — The Platform Adoption Death Spiral
A well-built ML platform can enter an adoption death spiral: usage stays low → platform team has limited feedback → platform doesn't improve → usage stays low.
The spiral's mechanics: platform adoption depends on the perceived value-to-effort ratio. If using the platform requires more work than a manual approach, teams choose the manual approach. The platform team, seeing low adoption, reduces investment. The platform falls further behind manual approaches in usability. Adoption falls further.
Breaking the spiral requires addressing the root cause:
-
Measure the right thing. "Are teams aware of the platform?" is not the right metric. "What fraction of new model projects started on the platform vs. manual?" is. If the fraction is declining, the value-to-effort ratio is the problem.
-
Do user research, not feature requests. Sit with a data scientist for 4 hours as they try to train and deploy a model using the golden path. Every time they pause, get confused, or open a browser tab to search for something, that is a platform usability gap. No amount of ticket triage reveals what direct observation does.
-
Eliminate the first friction point. The first 30 minutes of a data scientist's experience with the platform determines whether they will become regular users. Reduce time-to-first-successful-training-job to under 30 minutes via a working example notebook that requires zero setup.
-
Build one showstopper feature per quarter. Ask every non-adopter: "what would make you switch to the platform for your next model?" Build the single most common answer. Not because it's the most architecturally elegant addition — because it converts a non-user.
The measure of recovery: track monthly active teams (not users) on the platform. A team counts as "active" if they submitted at least one training job through the platform in the month. Growing this number is the only meaningful leading indicator of platform health.
Challenge 2 — Governance Without Bureaucracy
At scale, ML governance (audit trails, model approvals, lineage) is non-negotiable. But governance that requires manual steps — a model approval email chain, a checklist that gets copy-pasted — fails in two ways: it adds friction for compliant teams, and it gets bypassed by teams under deadline pressure.
The design principle: governance gates must be automated, not procedural.
A procedural gate says: "before deploying a model, get approval from the risk team." This produces emails, delays, and workarounds. An automated gate says: "the deployment pipeline will not proceed if the model has not passed the risk evaluation suite, which runs automatically on every training run." The risk team defines the suite. The platform runs it.
What automated governance looks like in practice:
- Model registration gate: a model cannot be added to the registry without a verified training lineage record. The lineage includes: training code commit hash, data snapshot ID, feature version snapshot, training environment container hash, hyperparameters, evaluation results.
- Promotion gate: a model cannot be promoted from staging to production without passing defined evaluation checks. The checks are configured per model type by the model team with a default set defined by the platform. Passing the gate produces an immutable audit record.
- Change detection: any change to a model's serving configuration (traffic weights, thresholds, feature versions) triggers a logged event with actor identity and timestamp. Changes that exceed a defined impact threshold require an approval workflow — which is itself automated (Slack approval bot or GitHub PR review requirement).
The governance question to ask about every policy: "can a team under deadline pressure bypass this without noticing they are doing so?" If yes, the policy is procedural and will fail. If the bypass requires explicitly disabling an automated check (and that disabling is itself logged), the policy is structural.
Applied Interview Questions
Q1: What is the difference between project-level MLOps and an ML platform? When does a team need to make the transition?
The distinction is scope and audience. Project-level MLOps is infrastructure that serves one team building one model — training scripts, a deployment path, basic monitoring. An ML platform is shared infrastructure that serves multiple teams building multiple models, with standardized interfaces that make the ML lifecycle repeatable across different domains.
The transition point is when the cost of every team reinventing the same infrastructure exceeds the cost of building something shared. In practice, this happens at 2–3 production models across more than one team, when teams start having the same types of production incidents (skew, drift, skipped retraining), or when compliance requirements make lineage and auditability non-negotiable.
A common mistake is treating the transition as binary — one day you are doing project MLOps, the next you are building a platform. A better framing: start with Phase 1 (registry + orchestrated training + one deployment path) when the triggers are met, and extend incrementally as pain compounds.
Q2: What is training-serving skew, and how does a platform prevent it?
Training-serving skew is when the model sees different input distributions at inference time than it saw at training time, caused by the same feature being computed differently in the training pipeline and the serving pipeline.
The most common cause: the data engineering team updates a feature pipeline (for latency, correctness, or schema reasons), and the model team does not retrain. The model continues to serve with the updated feature logic, but was trained on the old logic — and the two distributions diverge.
A platform prevents this through feature versioning with parity enforcement. Feature definitions are stored in a registry with a content-addressed version hash — any change to the computation logic, null handling, or source produces a new version. When a model is registered, its training snapshot records the exact feature version used for each feature. Before deployment, a gate checks that current feature versions match the training snapshot. If they do not match, deployment is blocked until the model team either retrains on the new feature version or explicitly pins to the old version.
Q3: You are designing an ML platform for a team that currently has 5 production models and 2 ML teams. What is your Phase 1 scope, and what do you explicitly defer?
Phase 1 scope: standardized project template with CI baseline, orchestrated training pipeline (Airflow or Prefect, not custom scripts), artifact store and model registry with training lineage, one deployment path with rollback (online or batch, whichever is more common), and baseline monitoring with alerting.
What I explicitly defer: feature store (project-level feature parity is sufficient at this scale), multi-tenant RBAC (2 teams can use a shared namespace), progressive delivery (canary/shadow is Phase 2), and advanced drift monitoring (baseline alerting is enough until Phase 1 is stable).
The Phase 1 delivery target is 6 weeks. The measure of success: every new model uses the platform for training, registration, and deployment — not a parallel custom path.
Q4: What is the "Feature Tax" pattern, and how do you avoid it?
The Feature Tax is the overhead required to add any new capability to a platform. It compounds when the platform's architecture is at too low an abstraction level — specifically, when the platform is built directly on Kubernetes primitives that require platform engineers to write custom resource management code for every new capability.
Lyft's LyftLearn documented this pattern: adding GPU support, new operator types, or custom hardware configurations each required significant Kubernetes engineering work. As the tax compounded, new capabilities took quarters instead of weeks. Model teams with non-standard requirements routed to SageMaker rather than waiting.
You avoid it by choosing abstraction level based on your operational capacity, not theoretical flexibility. A platform team of 4 engineers should not be maintaining low-level Kubernetes infrastructure — the managed service alternative absorbs the operational complexity and lets the platform team invest capacity in capabilities teams actually need. Build on Kubernetes only when you have dedicated platform SREs whose primary job is infrastructure operations.
Q5: An ML platform team receives 30 support tickets per week from 10 model teams. How do you reduce this by 50% without hiring more engineers?
Classify the tickets first. Without knowing the distribution, any solution is guessing. In my experience, 30–40% of platform tickets are access and provisioning requests (add me to the registry, give me a compute quota). These should be automated — a self-serve provisioning flow or a GitHub-based approval that auto-provisions on merge.
The next 30–40% are typically "how do I" questions — the documentation doesn't cover the use case or the getting-started experience is too slow. Fix the root cause: a working example notebook that covers the 3 most common use cases, runnable end-to-end in under 30 minutes.
The remaining 20% are likely non-standard requirement requests — teams asking if the platform supports a new framework, hardware type, or deployment pattern. These take disproportionate engineering time. Document the "escape hatch" options so teams can self-select the right path, and convert the most common non-standard requests into supported paths.
Execution: tag every ticket for 4 weeks, identify the 3 types consuming 80% of engineering hours, fix each one systematically. Target is to automate or self-serve everything in the top 2 categories, which typically gets you to 50% ticket reduction.
Q6: Why do ML platforms fail even when they are technically well-built?
The most common failure mode is adoption failure — the platform is architecturally sound but data scientists find it easier to use manual approaches. This happens when: the golden path requires more steps than the alternative, the documentation doesn't cover the team's use case, or the first-time experience has too much friction (setup time > 30 minutes loses most users permanently).
The second failure mode is the bottleneck pattern. The platform team centralizes ownership of things that model teams should own (evaluation criteria, model on-call) or underestimates the support burden of a shared platform. Request queues build, teams route around the platform, and the platform team loses the user trust needed to iterate.
The third failure mode is premature complexity. Teams build Level 3 infrastructure for Level 1 organizations. The platform engineers are maintaining Kubernetes instead of removing friction. New capabilities take quarters instead of weeks.
The common thread: all three failures are organizational and product design failures, not technical ones. A platform that optimizes for architectural elegance over developer experience, or that treats adoption as someone else's problem, will fail regardless of technical quality.
Q7: What are the 5 conditions that indicate an organization needs an ML platform?
- More than 2–3 production models, or more than one team shipping models — the coordination failure between teams building independent infrastructure exceeds the cost of shared infrastructure
- Frequent retraining or data refresh cycles — manual retraining does not scale, and automation that works for one team is project tooling
- Production incidents caused by skew, drift, or silent failure — recurring incidents of this type indicate the absence of feature parity enforcement and observability
- Duplicated tooling across teams — each team paying the full maintenance cost of an independent pipeline is a clear platform ROI signal
- Compliance or audit requirements — lineage, access controls, and approval gates become non-negotiable, which requires platform-level enforcement rather than per-team implementation
One condition is sufficient to justify a Phase 1 platform. When 3 or more are present simultaneously, the cost of not building is compounding faster than the cost of building.
Q8: How does Uber Michelangelo's design prevent the bottleneck failure mode?
Michelangelo's workflow API is the mechanism. It enables data scientists and ML engineers to go from experiment to production — training job submission, evaluation gate, registry promotion, deployment — without involving the platform team for standard use cases. The platform team's capacity is not a ceiling on how many models can ship.
This is the self-serve golden path principle implemented. The platform team built the API once; every subsequent model that uses the standard path costs the platform team zero marginal support effort. At 400 active ML projects and 5,000 production models, the ratio of models to platform engineers is hundreds-to-one. That ratio is only possible because the golden path is genuinely self-serve.
The contrast with the bottleneck pattern: a platform where every deployment requires a ticket, where model evaluation criteria are defined by the platform team, or where non-standard hardware requires a new operator to be written — all of those make the platform team's capacity the ceiling. Michelangelo's architecture explicitly avoids every one of those.
Q9: What does "standardize interfaces before standardizing tools" mean in practice?
A platform designed around a specific tool (MLflow, SageMaker, a specific orchestrator) locks every team into that tool's constraints and upgrade cycles. When a better tool becomes available, replacing it requires migrating every team that integrated against it.
A platform designed around interfaces — the data schema format, the feature definition contract, the model package format, the evaluation hook API — can swap tools without forcing teams to change their code. The interface is the stable abstraction; the tool is an implementation detail.
In practice this means: define the model package format first (what a "deployable model" looks like — artifact + environment + metadata), define the feature definition contract (name, version hash, computation logic, null handling), define the evaluation hook interface (inputs, outputs, pass/fail semantics). Then choose tools that satisfy those contracts. If a better registry comes along in two years, you can swap it without changing how teams register models, because they registered against your interface, not the registry's.
Q10: Design the minimal platform for a 3-person ML team with 2 production models.
For a team this size, "platform" is a misnomer — they need project-level MLOps with a foundation that can grow. The key is not over-engineering.
What to build:
- Orchestrated training pipeline: one Prefect or Airflow DAG per model, parameterized for different training runs. Scheduled + data-arrival trigger. Eliminates manual retraining.
- Model registry: MLflow tracking server (one instance, shared). Every training run logs artifacts, parameters, and evaluation metrics. A "prod" tag marks the currently serving version.
- Deployment: one Docker container per model, deployed to a managed service (SageMaker endpoint or Cloud Run). Blue-green swap for rollback — keep the previous container running until the new one is verified.
- Monitoring: one Evidently or Grafana dashboard per model: prediction distribution, latency, error rate. One alert threshold per model (if prediction distribution shifts by >X%, page someone).
What not to build: feature store (2 models, 1 team — a shared feature file is sufficient), progressive delivery (manual rollback is fine at this scale), multi-tenant RBAC (everyone is on one team).
The test of readiness: can a new team member reproduce either production model from scratch in under 4 hours? If not, the registry doesn't have complete enough lineage. Fix that before adding anything else.
Sources
- Uber Engineering Blog. "Meet Michelangelo: Uber's Machine Learning Platform." September 2017.
- Uber Engineering Blog. "Scaling Machine Learning at Uber with Michelangelo." 2019.
- Uber Engineering Blog. "From Predictive to Generative — How Michelangelo Accelerates Uber's AI Journey." 2024.
- Lyft Engineering Blog. "LyftLearn Evolution: Rethinking ML Platform Architecture." 2024.
- InfoQ. "Lyft Rearchitects ML Platform." December 2025.
- Zomato Engineering Blog. "The Elements of Scalable Machine Learning." 2021.
- LinkedIn Engineering Blog. "Scaling Machine Learning Productivity at LinkedIn." January 2019.
- LinkedIn Engineering Blog. "Open Sourcing Feathr — LinkedIn's Feature Store for Productive Machine Learning." April 2022.
- Netflix Technology Blog. "Supporting Diverse ML Systems at Netflix." 2024.
- InfoQ. "Netflix Uses Metaflow to Manage Hundreds of AI/ML Applications at Scale." March 2024.
- Tecton. "Why Centralized Machine Learning Teams Fail." 2022.
- Kedro. "A Practical Guide to Team Topologies for ML Platform Teams." 2023.
- Sculley, D. et al. "Hidden Technical Debt in Machine Learning Systems." NeurIPS, 2015.
- Kleppmann, Martin. "Designing Data-Intensive Applications." O'Reilly, 2017. (Chapter 10 on data pipelines and lineage)
- Huyen, Chip. "Designing Machine Learning Systems." O'Reilly, 2022. (Chapter 9 on continual learning and model deployment)