Welcome to issue #242 May 17th, 2021


Cloud Run Official Blog Serverless

Maximize your Cloud Run investments with new committed use discounts - Committed use discounts in Cloud Run enable predictable costs—and a substantial discount!

Cloud Run Official Blog Serverless

4 new features to secure your Cloud Run services - We’re improving the security of your Cloud Run environment with things like support for Secret Manager and Binary Authorization.

Official Blog Terraform Workflows

Deploying multi-YAML Workflows definitions with Terraform - Learn how to deploy workflows spread over multiple YAML files with Terraform.

BeyondCorp Official Blog Security

Deliver zero trust on unmanaged devices with new BeyondCorp Enterprise protected profiles - Maintain your zero trust security standards while enabling remote workers to access what they need with the new protected profile.

Cloud Armor Official Blog

Enhance DDoS protection & get predictable pricing with new Cloud Armor service - Protect yourself with the same technology that has protected Google from some of the largest cyber attacks ever reported.

Official Blog Translation API

Translation API Advanced can translate business documents across 100+ languages - Google Cloud AI translation services now directly translate documents in formats such as Docx, PPTx, XLSx and PDF while preserving document formatting.

Cloud Spanner Official Blog

Browse and query Cloud Spanner databases from Visual Studio Code - For developers who are building applications that interact with Cloud Spanner, we're excited to announce the Google Cloud Spanner driver for the popular SQLTools extension for VS Code.

Event Official Blog

The cloud developer’s guide to Google I/O 2021 - Learn about the most exciting cloud developer sessions, workshops, and meetups at Google I/O 2021.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Official Blog

Cloud CISO Perspectives: May 2021 - Google Cloud CISO Phil Venables shares his perspective on industry news as RSA 2021 approaches.

Billing Official Blog

Automate your budgeting with the Billing Budgets API - Budgets are ideal for visibility into your costs but they can become tedious to manually update. Using the Billing Budgets API you can automate updates and changes with your custom business logic!

Anthos Kubernetes Official Blog

Introduction to modern application platform for enterprises - With cloud adoption and changing technology landscape enterprises want to understand the features required by an application platform that runs modern applications.

Anthos Official Blog

How does Anthos simplify hybrid & multicloud deployments? - If you're an enterprise, chances are you have networking, storage, and compute on multiple clouds and in your own data center. How can you secure and operate existing apps, develop and deploy new apps across those disparate locations? How can you get centralized visibility and management of the resources? Well, that's why Anthos exists!

Anthos Official Blog

Congrats, you bought Anthos! Now what? - Deploying a new cloud application platform like Anthos is a big step. Here are some things you can do to help jumpstart adoption.

Compute Engine Kubernetes

Creating Kubernetes cluster by joining Google Cloud Platform (GCP) Virtual Machines - A brief tutorial to set Kubernetes cluster from scratch using Compute Engine instances.

Google Kubernetes Engine Kubernetes

Setup a Kubernetes GKE Cluster using Rancher - This articles describes a process of creating GKE cluster from Rancher.

BigQuery Google Kubernetes Engine Monitoring

GKE Usage Metering - GKE Usage Metering joined with billing — hourly analysis and full queries for GKE recharging a shared cluster.

DevOps IAM Security

How to generate short-lived GCP Service Account Keys or OAuth2 tokens with Vault - Storing service accounts inside the Vault.

IAM Security

Google Cloud Platform- Let’s dive into Security Best Practices-I - A few tips to improve security in your GCP projects.

Firebase Security

Something about Google API keys, how to secure them, and what Firebase got to do with this. - Securing API keys when using Firebase.

App Development, Serverless, Databases, DevOps

Apigee Official Blog

API design 101: Links to our most popular posts - Most requested blog posts on API design in one location to read now or bookmark for later.

Cloud Run Official Blog Serverless

Next-generation serverless: three ways enterprises can benefit - The next-generation of serverless is about a whole lot more than just functions.

Cloud Scheduler Cloud SQL

A simple way to automate On-demand Backups in Cloud SQL - Scheduling on-demand backups for Cloud SQL.

Cloud Functions Cloud Scheduler Cloud SQL Cloud Storage Official Blog Serverless

Scheduling Cloud SQL exports using Cloud Functions and Cloud Scheduler - Learn the steps required to schedule a weekly export of a Cloud SQL database to Cloud Storage.

CI Cloud Source Repositories DevOps Kubernetes

CI/CD Pipeline using Cloud Build with GitOps Technique - Learn how to set up a CI/CD pipeline for your frequent development code changes with Git Repository in Google Cloud.

C++ Cloud Run Serverless

Cloud Build Notifications with Cloud Run and C++ - This article describes how when a full build (as opposed to a pull request build) fails you get notified using Google Cloud services and C++ client libraries.

App Engine

How to Install OctoberCMS (Laravel) Application on Google App Engine - A tutorial on how to deploy Laravel application on GAE Flex.

App Engine PHP

How to Install WordPress in Google App Engine Standard Environment

App Engine Microservices Python

How to build Microservices on Google Cloud Platform and App Engine - Using App Engine for microservices.

Cloud Spanner

Cloud Spanner Point-In-Time-Recovery: Restoring a Dropped Table - This blog demonstrates how to recover a dropped table using PITR using gcloud commands in Cloud Spanner.

Big Data, Analytics, ML&AI

BigQuery Cloud Functions

Storing Snowplow bad row events in BigQuery - How to use Cloud Functions and a BigQuery schema generator to make Snowplow bad row schema violation events easily queryable.


PIVOT in BigQuery - Examples of using new PIVOT table function in BigQuery.

Cloud Functions Cloud Run Data Science Jupyter Notebook Serverless

Executing Jupyter Notebooks on serverless GCP products - Example of deploying and executing Jupyter notebook on serverless Google Cloud products.

BigQuery Machine Learning

Big Data Analytics with Cloud Notebooks and Query Style ML - Using two different ways to create a logistic regression model.

BigQuery Visualization

How to connect Plotly Dash to a SQL database - Visualizing data from BigQuery with Plotly.

Kubeflow Machine Learning

Creating a Kubeflow Pipelines Component - A tutorial to create Kubeflow pipelines component.

Machine Learning TensorFlow

MLOps: Big Picture in GCP - An overview of GCP products that can be used in MLOps.



10 Reasons Google Cloud Is #2 on Industry Cloud Top 10 List - Takeaways from interview with Lori Mitchell-Keller, Industry Solutions at Google Cloud.

GCP Experience Machine Learning Official Blog

Costa Mesa Sanitary District improves manhole maintenance with machine learning - Learn how Costa Mesa Sanitary District is using machine learning to automate and streamline manhole maintenance.

GCP Certification

Getting Certified as a Google Cloud Professional Cloud Architect — 2021 - Some tips for passing Cloud Architect certification exam.

GCP Certification

Passing the Google cloud professional networking engineer exam - Topics to study when preparing for the Networking Engineer certification exam.

GCP Certification

Google Cloud Professional Cloud Architect— Exam prep sheet v2 — New exam - Prep sheets for GCP certifications preparation.

Slides, Videos, Audio

GCP Podcast - #259 Document AI with Anu Srivastava and Sudheera Vanguri.

Kubernetes Podcast - #150 Pixie, with Zain Asgar and Ishan Mukherjee.



AI Platform - Deep Learning Containers - M70 Release Added TensorFlow Enterprise 2.5 containers. M69 Release Updated cuDNN from 8.0.4 to 8.0.5.

AI Platform - Deep Learning VMs - M70 Release Added TensorFlow Enterprise 2.5 images. M69 Release Migrated Collection Agent to Cloud Monitoring version 2.

Anthos Config Management - 1.7.1. Anthos Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: 9b5e4cf). A bug in Anthos Config Management 1.7.0 which broke nomos hydrate --no-api-server-check has been fixed. The Config Sync admission webhook in Anthos Config Management 1.7.0 would block requests when a managed resource in the cluster copied annotations to another resource. Config Sync container images are now correctly updated when Anthos Config Management is upgraded. A bug in Anthos Config Management 1.7.0 which caused nomos status to return errors when both unstructured repos and Hierarchy Controller were being used has been fixed.

Cloud Asset Inventory - New resource types are now available.

BigQuery - Updated version of ODBC driver for BigQuery includes bug fixes and install guide improvements. Updated version of JDBC driver for BigQuery includes bug fixes, service account keyfile support, connection property enhancements, and BigQuery client library updates. BigQuery now supports the following SQL query clauses and operators: PIVOT operator UNPIVOT operator QUALIFY clause This feature is in Preview.

BigTable - The Cloud Bigtable documentation on schema design for time series data has been updated with an emphasis on recommended design patterns. You can now use IAM conditions to define and enforce conditional access control for Cloud Bigtable instances, clusters, and tables.

Billing - Committed use discounts are now available for public preview to purchase for Cloud Run. Cloud Billing Reports now show the target budget amount when you open the report from a budget In the Cloud Billing Console, Billing Budgets are linked to the Billing Reports page.

Cloud Composer - Cloud Composer 1.16.4 and 1.17.0 release started on May 13, 2021. Preview: Cloud Composer supports Airflow 2. Airflow 2.0.1 is available in Cloud Composer images. You can now break down costs associated with particular Cloud Composer environments. New versions of Cloud Composer images: composer-1.17.0-preview.0-airflow-2.0.1 composer-1.16.4-airflow-1.10.15 composer-1.16.4-airflow-1.10.14 (default) composer-1.16.4-airflow-1.10.12. For new Cloud Composer environments with Airflow 2, SMTP configuration properties for Airflow have new default values: smtp_user is set to an empty value by default. Improved the error message that is generated when the specified service account does not have enough permissions to run Airflow workloads. Added troubleshooting information to error messages generated on Airflow web server deployment failures. GKE clusters of new Cloud Composer environments use Container-Optimized OS with Containerd (cos_containerd) image type. Kerberos client (krb5-user) package is pre-installed in Cloud Composer container images. Some environment operations that failed because of networking problems are now retried instead of failing. Database passwords are now redacted in error messages that appear in Composer Agent logs. Error messages about dependency conflicts that happen when installing Python packages are now correctly reported. When an environment upgrade fails because of package dependency conflicts, the error message contains detailed information about the conflict.

Compute Engine - Preview: You can use OS configuration management to deploy and automate software configurations on your virtual machine (VM) instances using gcloud command-line and OS Config API. N2 machines are now available in the following regions and zones: Osaka, Japan: asia-northeast2-a,b,c Seoul, South Korea: asia-northeast3-a,b,c See VM instance pricing for details. N2D machines are now available in Tokyo asia-northeast1-c.

Cloud Dataflow - You can now enable logging of human-readable hot keys. Dataflow Shuffle is now the default mode for all batch pipelines.

Datastore - You can now view recent import and export operations from the Google Cloud Console.

Cloud Debugger - Cloud Debugger has updated the configuration file naming and keywords that you use to block access to sensitive data.

Dialogflow - Preview launch of Twilio telephony integration.

Cloud Networking Products - Configuring Cloud DNS scopes is now available in Preview.

IAM - You can now use the Google Cloud Console to manage workload identity federation. The ability to attach service accounts to resources in other projects is now generally available.

Istio on GKE - 1.2.x & 1.0.x & 1.1.x & 1.4.x & 1.6.x. Google Support does not provide support for Istio installations.

Google Kubernetes Engine - (2021-R16) Version updates GKE cluster versions have been updated. Dataplane V2 is generally available in newly created clusters using GKE versions 1.20.6-gke.700 and later. The GKE Gateway controller, Google Cloud's implementation of the Gateway API, is available in Preview in GKE version 1.20 and later. In GKE version 1.20 and later, the GKE Gateway controller introduces the new gateway.networking.x-k8s.io resource. The Istio project recently disclosed a new security vulnerability (CVE-2021-31920) affecting Istio.

Google Kubernetes Engine Rapid - (2021-R16) Version updates Version 1.19.10-gke.1000 is now available in the Rapid channel.

Google Kubernetes Engine Regular - (2021-R16) Version updates Version 1.19.9-gke.1400 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2021-R16) Version updates Version 1.18.17-gke.700 is now available in the Stable channel.

Cloud Monitoring - Cloud Monitoring is introducing metrics scopes. The replacement of Cloud Monitoring Workspaces with metrics scopes is complete.

Cloud Run - Committed use discounts are now available for Cloud Run. Customer managed encryption keys are now available for use with Cloud Run. You can now use Binary authorization with Cloud Run to enforce policy-based deployment of Cloud Run services. Recommender now provides recommendations for securing Cloud Run services by creating dedicated service accounts. Cloud Run now provides UI, command line, and YAML support for referencing Secret Manager Secrets.

Cloud Storage - XML API multipart uploadsPreview launched.

Traffic Director - Fixed an issue where the Services user interface would display a warning if a service had a mix of healthy backend groups (x out of x healthy endpoints) and empty backend groups (0 out of 0 healthy endpoints).

Dialogflow Enterprise - Preview launch of Twilio telephony integration.

Secret Manager - Secret Manager now supports etags for optimistic concurrency control.

GKE on-prem 1.5 - A recently discovered vulnerability, CVE-2021-31920, affects Istio in respect to its authorization policies.

Workflows - v1. Workflows is HIPAA compliant.

Anthos clusters on VMware 1.7 - A recently discovered vulnerability, CVE-2021-31920, affects Istio in respect to its authorization policies.

Cloud Run for Anthos - CVE-2021-31920 affects Istio, a component used by Cloud Run for Anthos.

Anthos clusters on VMware 1.6 - A recently discovered vulnerability, CVE-2021-31920, affects Istio in respect to its authorization policies.

GKE - (2021-R16) Version updates Version 1.19.9-gke.1400 is now the default version.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]