End of an era for Kubernetes

Time to change the runtime

A major change is coming to Kubernetes, the open-source project at the heart of many modern cloud deployments: a breakup, of sorts, with its legacy Docker container runtime.

Built-in dockershim support for the Docker Engine runtime will be removed from the upcoming new release of Kubernetes, version 1.24, which was supposed to arrive this week but now has May 3 as a scheduled release date. The change requires users who want to be running the latest version of the container-orchestration system to shift to another runtime that’s compatible with Kubernetes’ Container Runtime Interface (CRI) if they haven’t already, or to use dockershim’s external replacement, known as cri-dockerd.

• Developers and administrators who fail to make necessary changes could risk breaking their clusters and corresponding apps.
• But for most users, dockershim’s removal should be relatively straightforward to handle, according to James Laverack, who’s leading the release team for Kubernetes 1.24.
• “The major change will be that the Kubernetes nodes themselves — this is a running Kubernetes cluster — will no longer, by default, be able to use Docker as a container runtime,” said Laverack, a senior solutions engineer for Jetstack.
• “People have done this change a lot before. When we first introduced alternative container runtimes, many operators and users changed to using those runtimes instead of Docker for a variety of reasons, which is why we introduced the change at all.”

Developers use containers to speed up software development because they isolate all that’s needed to build and deploy applications without the overhead of an operating system. Early versions of Kubernetes worked only with Docker Engine as a container runtime, which is software that can execute the containers making up a Kubernetes pod.

• The Cloud Native Computing Foundation (CNCF)-hosted Kubernetes project introduced CRI in 2016 as a plug-in interface that enables interoperability between Kubernetes and a variety of container runtimes.
• Docker Engine itself isn’t CRI-compatible; it is dockershim, a container runtime interface shim, that allows developers to use Docker Engine as if it was compatible.
• Alternative CRI-compatible runtimes include the open-source containerd — an underlying component of Docker — and CRI-O, both hosted by the CNCF, among others.

“It's a great time to move on,” said Mrunal Patel, senior principal software engineer for Red Hat OpenShift, a hybrid-cloud, Kubernetes application platform. “These alternative runtimes have been proven in production already, so users shouldn't be afraid of this change. We should usher in this new era of CRI-based runtime that will help us move faster in adopting newer features.”

• Dockershim, which is built into Kubernetes’ kubelet code base, had always been viewed as a temporary solution, and maintaining it has been cited as a burden.
• “[Docker] has features for building containers as well as running containers,” Patel said. “When you talk about running containers in production, you don't necessarily need the same privileges as when you are a developer developing an application on your laptop. You need them more locked down. You need a more minimal runtime, which is more suitable for doing just exactly what Kubernetes needs and nothing more.”
• The removal of dockershim requires developers and cluster administrators to go through an “inconvenient, but necessary” migration as described by Víctor Jiménez Cerrada, a content manager engineer at container security software vendor Sysdig.
• Cluster operators should also determine if they have existing code that’s talking directly to Docker, “behind the back of Kubernetes,” Patel said.

Those using a managed Kubernetes service from a cloud provider likely can just sit back if they haven’t explicitly changed their container runtime, according to Kat Cosgrove, developer advocate for cloud engineering company Pulumi.

• Amazon Elastic Kubernetes Service, Microsoft’s Azure Kubernetes Service and Google Kubernetes Engine all now default to containerd, “though you should make sure they do not need updating if you have any node customizations,” Cosgrove noted in a recent Kubernetes blog post.
• Cluster operators who want to upgrade to Kubernetes 1.24 but maintain compatibility with Docker as a runtime have an option that isn’t as risky as running an old version of Kubernetes, according to Cosgrove.
• “Mirantis and Docker have jointly released, and are maintaining, a replacement for dockershim,” she wrote in the blog. “That replacement is called cri-dockerd. If you do need to maintain compatibility with Docker as a runtime, install cri-dockerd following the instructions in the project’s documentation.”

Those who stick with the latest version of Kubernetes with dockershim eventually risk operating without security fixes while also not benefitting from new features, according to Patel.

• “When you're running Kubernetes, one thing that should be at the top of your mind is security,” Patel said. “You're living dangerously if you're not moving to one of the recommended CRI runtimes.”

A MESSAGE FROM LENOVO

In a complex technological environment, when a business needs to pivot quickly in reaction to external forces, the “as-a-service” model of delivery for IT hardware, software and services offers companies of all sizes the ultimate flexibility to stay competitive with a scalable, cloud-like consumption model and predictable payment options for hardware and service inclusions.

Learn more

Sentiment analysis vs. emotion AI

When Zoom introduced new features last week to analyze customer sentiment during sales or business meetings based on conversation transcripts, the company said it is also considering the addition of a different but controversial form of AI to that service in the future: emotion AI.

Although both sentiment analysis and emotion AI aim to understand people’s attitudes and feelings, many researchers and experts agree that they are two very different things, even when sentiment analysis incorporates AI approaches such as deep learning.

Still, sometimes the terms have been used interchangeably, which might cause confusion.

Sentiment analysis tools mine text to gauge people’s opinions or attitudes toward something. Since the early days of social media, sentiment analysis and social media monitoring software providers have categorized the text in public posts, tweets and product reviews, analyzing their content in an attempt to determine what social posts say about products, retailers, restaurants or even politicians.

Even though emotion or affect AI attempts to detect people’s sentiments, it goes about it in a different way and uses forms of data that classic sentiment analysis does not. While sentiment analysis is all about words and text, emotion AI typically is about the face and facial expressions.

Nazanin Andalibi, an assistant professor at the University of Michigan School of Information who studies AI used to detect emotion, agreed that there are distinctions to be made between sentiment analysis and emotion AI, and that concerns around validity or bias may be more or less pronounced depending on what data sources are used and what is being measured.

However, she sees deeper connections between sentiment analysis and emotion AI.

“One of the critiques I have of existing discourse around emotion AI is that there is so much focus on facial recognition,” Andalibi said, pointing to other affective computing systems intended to detect emotion that use data including text, social media data and other computing behavior data, as well as biometric data such as voice and facial data.

Upcoming at Protocol

It’s been almost six months since Congress passed the landmark $1 trillion Infrastructure Investment and Jobs Act. What progress toward those goals have we seen so far — and what can we expect in the next six months?

In this Protocol virtual event on April 21 at 9 a.m. PT, we will explore how the infrastructure bill rollout is going and what it means for you. Join Protocol’s Issie Lapowsky in conversation with Alan Davidson, assistant secretary for Communications and Information, U.S. Department of Commerce; Nicol Turner Lee, senior fellow and director of the Center for Technology Innovation, The Brookings Institution; and Angela Siefer, executive director, National Digital Inclusion Alliance. RSVP here.

Intel promotes GPU head Raja Koduri

Intel promoted the company’s head of its graphics processor efforts, Raja Koduri, to the role of executive vice president, CEO Pat Gelsinger said Tuesday. Koduri has overseen Intel’s years-long plan to build a separate graphics chip to compete with offerings from Nvidia and AMD.

Gelsinger described the company’s plans around graphics and accelerated computing as critical to its overall plans for growth. Intel launched its first graphics chips that resulted from the five-year push to enter the graphics processing unit market in March.

Koduri joined Intel in 2017 after spending years as AMD’s chief architect for graphics chips, and now heads Intel’s Accelerated Computing Systems and Graphics Group. At its investor day earlier this year, Intel said that it expects $1 billion in graphics chip sales this year, and more than $10 billion in annual revenue by 2026.

Around the enterprise

IBM reported $14.2 billion in first-quarter revenue, up 7.7% compared to the same period last year and ahead of Wall Street expectations.

A MESSAGE FROM LENOVO

Lenovo’s broad portfolio of end-to-end solutions provide organizations with the breadth and depth of services that empower CIOs to leverage new IT to achieve their strategic outcomes. Organizations also have the flexibility to scale and invest in new technology solutions as they need them.

Learn more