Welcome to issue #169 December 23rd, 2019

As 2019 is coming to an end, it is a time when various recaps are popping up. Enjoy the holidays with no service disruptions and let's see what 2020 will bring.



DevOps Official Blog

Accelerate GCP Foundation Buildout with automation - Build your GCP environment fast with Cloud Foundation Toolkit templates.

Official Blog Security

Google Cloud: Supporting our customers with the California Consumer Privacy Act (CCPA) - How Google Cloud is committed to CCPA compliance and helping customers meet CCPA obligations.

Networking Official Blog

Availability, scale, and ease of management with new Layer-4 Internal Load Balancing features - The L4 Internal Load Balancer has new features that improve the scale and availability of internal applications.

Cloud SQL Official Blog

Introducing more maintenance controls for Cloud SQL - The Cloud SQL fully managed database service now lets you control routine maintenance tasks with advanced notification and maintenance rescheduling.

Cloud External Key Manager Official Blog Security

Use third-party keys in the cloud with Cloud External Key Manager, now beta - The key benefits of Cloud External Key Manager and the partners that can help implement it.

Official Blog Storage

File storage made easier with NetApp Cloud Volumes, now GA - Enterprise-grade cloud file storage that’s highly available and high performing from Google Cloud and NetApp Cloud Volumes.

Data Analytics Official Blog

Big data, big world: new NOAA datasets available on Google Cloud - Weather, climate and more datasets from NOAA are now available on Google Cloud. Explore atmospheric and other big data.

Official Blog Security

Enabling a more secure cloud with our partners - New offerings and updates from Google Cloud partners.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Official Blog Security

BeyondProd: How Google moved from perimeter-based to cloud-native security - Learn about BeyondProd, Google’s approach to security in cloud-native environments.

Using Forseti to Secure GCP Environments - Forseti is an opensource project designed specifically for improving the security of your Google Cloud Platform (GCP). In this article we take a quick look at the Inventory, Scanner, Enforcer.


Google Cloud Platform Security Best Practices - Overview of some of the GCP features and security recommendations and advice on how to configure GCP environments.

Security Terraform

Terraform — Securing your State file - An example of encrypting and storing Terraform state file in a private Cloud Storage bucket.

Compute Engine Official Blog

5 best practices for Compute Engine Cost Optimization - Best practices for saving money on Google Compute Engine.


Warm Disaster recovery for applications in Google Cloud - The article explains how to set up a Warm Disaster Recovery pattern for application.

Google Kubernetes Engine Kubernetes Security Tutorial

Enabling GKE Workload Identity - Step by step tutorial to set up and use Workload Identity on Kubernetes Engine.

App Development, Serverless, Databases, DevOps

Cloud Pub/Sub Cloud Run Cloud Tasks

Cloud-Native Advantages of Moving Your ETL Process to Cloud Run - Using Cloud Run for ETL jobs.

Cloud Run Terraform

Configuring Cloud Run with Terraform - Example of deploying Cloud Run app with Terraform.

Cloud Storage SRE Stackdriver Storage

Monitoring bytes sent from Google Cloud Storage buckets - The article describes how to set up monitoring and creating alerts based on data transferred from Cloud Storage.

Cloud Storage

Your Sequentially Named Files are Slowing down your uploads - The article describes how naming of files affects uploading speed to Cloud Storage.

Cloud Storage

Finding the Optimal Download size with GCS - A test for file download speed from Cloud Storage depending on chunk size.

Cloud IoT IoT

How I Saved Money On My Water Bill - Building a home automation system on Google Cloud.

Istio Knative

Traffic Management for Knative Services - This article examines the different options for traffic management including the default feature enabled by Knative and some special requirements that can be achieved with Istio.

Big Data, Analytics, ML&AI

Big Data Data Analytics Official Blog

Opening doors, embracing change with cloud data warehouses - Cloud data warehouse migrations bring technology changes and new ways of working for data analysts and administrators. Change management is important.

AI Platform BigQuery Cloud Dataflow

Pro tips for Google Cloud Dataflow & BigQuery - Sharing accumulated knowledge about BigQuery and Cloud Dataflow.

Big Data BigQuery

Partition on any field with BigQuery - BigQuery has introduced integer partition capability. Now you can partition on numeric field, but not only, and surprisingly!

Big Data BigQuery

BigQuery Integer Partitioning is in Beta - Demonstrating a new BigQuery integer partition feature on New York Taxi dataset.

Google Kubernetes Engine Kubeflow Machine Learning Python

E2E Kubeflow Pipeline for time-series forecast — Part 2 - Building end to end pipeline with Kubeflow on Google Kubernetes Engine.

AI Platform Machine Learning Python

Deploy Keras model on GCP and making custom predictions via the AI Platform Training & Prediction API - This tutorial will show how to train a simple Keras model locally using Colab and then how to deploy this model to the AI Platform.


Data Analytics Official Blog

Year in review: smart analytics makes great strides - Cloud data analytics highlights from 2019 include data warehouse, streaming, and BI news. See how smart analytics at Google Cloud made strides.

Google Cloud Platform Official Blog

Last year today: Top Google Cloud posts in 2019 - Here are the cloud computing technology highlights from Google Cloud in 2019.

Kubernetes Official Blog

Kubernetes Podcast in 2019: year-end recap - A look back on the most popular Kubernetes podcasts of 2019.

Google Cloud Platform

Top 10 Blogs from 2019 on Google Cloud - List of top 10 posts from Google Cloud blog.

Slides, Videos, Audio

Kubernetes Podcast - #84 Monitoring, Metrics and M3, with Martin Mao and Rob Skillington



KMS - Cloud External Key Manager (Cloud EKM) (Beta) allows you to encrypt data stored in Google Cloud using keys stored in a supported partner external key management system.

AI Platform - VPC Service Controls now supports AI Platform Training. AI Platform Training now offers two built-in algorithms to train a machine learning model on image data without writing your own training code: Built-in image classification algorithm Built-in image object detection algorithm Both image algorithms are available in beta. AI Platform runtime version 1.15 is now available for training and prediction.

Cloud Spanner - Cloud Spanner regional instances can now be created in Frankfurt (europe-west3).

Cloud SQL - Cloud SQL now supports VPC Service Controls, which let you add a service perimeter around the Cloud SQL Admin API and host project for Cloud SQL instances to reduce the risk of data exfiltration.

Stackdriver - GA release: You can now use partitioned tables for logs exports to BigQuery. Integration of Stackdriver Trace with Virtual Private Cloud Service Controls is now beta.

Stackdriver Trace - Integration of Stackdriver Trace with Virtual Private Cloud Service Controls is now beta.

Virtual Private Cloud - Private Google Access for on-premises hosts now permits on-premises hosts to send traffic from any internal IP addresses, not just RFC 1918 addresses.

VPC Service Controls - Beta stage support for the following integration: AI Platform Training. Beta stage support for the following integrations: Cloud Asset Inventory. General availability support for: Cloud SQL. Beta stage support for the following integrations: Trace API.

Anthos - Anthos 1.2 is now available.

BigQuery - The ALTER TABLE and ALTER VIEW Data Definition Language statements are now Generally Available (GA). BigQuery Reservations is now available in the Tokyo (asia-northeast1) region.

BigQuery ML - BigQuery ML data preprocessing is now Generally Available (GA).

BigQuery Transfer - Third party transfers for loading data from external data sources are now generally available GA. Support for transferring Google Play reports is now generally available GA.

Cloud Composer - New versions of Cloud Composer images: composer-1.8.3-airflow-1.9.0, composer-1.8.3-airflow-1.10.1, composer-1.8.3-airflow-1.10.2, and composer-1.8.3-airflow-1.10.3. Composer now uses OpenAPI to manage components running on GKE clusters. Fixed the formatting for validation errors returned by the projects.locations.environments.create API method.

Config Connector - Added the external field to support the external resource references. Added support for ComputeTargetTCPProxy.

Dialogflow - If you use the Telegram integration, and the bot was created before August 19th, 2019, you must restart the integration in the Dialogflow console by February 28th, 2020.

GKE on Prem - GKE on-prem version 1.2.0-gke.6 is now available. This minor version includes the following changes: The default Kubernetes version for cluster nodes is now version 1.14.7-gke.24 (previously 1.13.7-gke.20). GKE on-prem now supports vSphere 6.7 Update 3. GKE on-prem now supports VMware NSX-T version 2.4.2. Any user cluster, even your first use cluster, can now use a datastore that is separate from the admin cluster's datastore. Expanded preflight checks for validating your GKE on-prem configuration file before your create your clusters. Published basic installation workflow. Published guidelines for installing Container Storage Interface (CSI) drivers. Updated documentation for authenticating using OpenID Connect (OIDC) with the Anthos Plugin for Kubectl. From the admin workstation, gcloud now requires that you log in to gcloud with a Google Cloud user account. You can now create admin and user clusters separately from one another. Fixes an issue that prevented resuming cluster creation for HA user clusters. Affected versions: 1.1.0-gke.6, 1.2.0-gke.6 The stackdriver.proxyconfigsecretname field was removed in version 1.1.0-gke.6. Affected versions: 1.2.0-6-gke.6 In user clusters, Prometheus and Grafana get automatically disabled during upgrade. Affected versions: All versions Before version 1.2.0-gke.6, a known issue prevents Stackdriver from updating its configuration after cluster upgrades.

IAM - Policy Troubleshooter is now generally available.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]