Welcome to issue #251 July 19th, 2021


Infrastructure Official Blog

The new Google Cloud region in Delhi NCR is now open - The Google Cloud region in Delhi NCR is now open for business, ready to host your workloads.

Certificate Authority Service Official Blog

Announcing general availability of Google Cloud CA Service - Google Cloud CAS provides a highly scalable and available private CA to address the unprecedented growth in certificates in the digital world.

Cloud Armor Official Blog

Cloud Armor: enhancing security at the edge with Adaptive Protection, expanded coverage scope, and new rules - Cloud Armor gets Adaptive Protection, expanded coverage scope, and new rules.

Cloud Logging Cloud Operations Official Blog

Create alerts from your logs, available now in Preview - Google Cloud announces the preview of log-based alerts, a new feature that opens alerts to all log types, adds new notification channels, and helps you make alerts more actionable within minutes.

Networking Official Blog

Introducing Quilkin: open-source UDP proxies built for game server communication - Developed in collaboration with Embark Studios, Quilkin is an open source UDP proxy, tailor-made for high performance real-time multiplayer games.

Google Cloud Platform Official Blog

Helping you pick the greenest region for your Google Cloud resources - An enhanced region picker makes it easy to choose a Google Cloud region with the lowest CO2 output.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Infrastructure Official Blog

Beyond malloc efficiency to fleet efficiency - In a paper, the Google Systems Infrastructure team shows how using huge pages in its memory allocator improves application performance.


Cleaning up your Google Cloud Environment: Safety Guaranteed* - Use Cloud Custodian’s new metric filters to clean up your Google Cloud environment while minimizing any potential impacts.

App Development, Serverless, Databases, DevOps

Compute Engine Official Blog

Simplify VM migrations with Migrate for Compute Engine as a service - Migrate for Compute Engine enables simple, frictionless, and large-scale enterprise migrations of virtual machines to Google Compute Engine with minimal downtime and risk. Read on to understand how we are delivering Migrate for Compute Engine as a service.

Cloud Logging Monitoring

GCP — Set up alerts for particular logs - Alert when systemd timer does not trigger the systemd service.

Cloud Firestore NodeJS Python

Try a Tutorial in the Google Cloud Console - How the console can help you clean up your tab game.

Cloud Spanner Docker

Google Cloud Spanner Emulator Setup - This article will show you how you can set up a Google Cloud Spanner emulator on your local machine for testing, debugging, or configuring CI/CD using Docker Compose.

Cloud Firestore Firebase

Rename Collection in Firebase Firestore - The official Firebase Console does not support renaming collections. Luckily there’s Firefoo, the powerful GUI client for Firestore!

Cloud Run

Call Cloud Run from App Script: The easy way - App Script and Cloud Run belong to 2 different worlds at Google, one in Cloud, the other in Workspace. Using both is powerful but not easy.

Terraform Tutorial Workflows

Deploy Workflows using Terraform - This quickstart shows you how to create, deploy, and execute your first workflow using Terraform.

Big Data, Analytics, ML&AI

Cloud Data Fusion Cloud Functions Python

Google Data Fusion: Using Cloud Storage file uploads to trigger Data Fusion ETL Pipelines - Google Cloud Functions and Google Data Fusion’s REST API can be jointly used to deliver event-based execution.

BigQuery Official Blog

BigQuery Admin reference guide: Jobs & reservation model - Learn all about workload management in BigQuery by understanding what a job is and how slot reservations can be leveraged across your organization.

BigQuery dbt

A macro-ful way to test incremental models and snapshots - Unit testing in DBT and BigQuery.

BigQuery Billing Looker Official Blog Visualization

Optimizing your Google Cloud spend with BigQuery and Looker - Learn how you can export billing data into BigQuery and leverage pre-built dashboards, plus self-service data exploration environments to save costs.


BigQuery SQL Snippets - A curated collection of helpful SQL queries and functions.

BigQuery Security

Using HKDF in BigQuery via UDFs for Improved Security Hygiene - BigQuery supports encryption, decryption and cryptoshredding. By adding key derivations via HKDF we add an extra layer of security.

BigQuery Visualization

How to visualize your business performance with cohort tables using Grafana and BigQuery - An example of how to analyze the behavior of your customer cohorts using Grafana and BigQuery.

Data Analytics Firebase Python

Mindfulness App: How to Analyse User Behaviour Using Google Firebase Events Data - This article presents the solutions to some of the most common challenges in analyzing Firebase events data to generate app use insights.

BigQuery GIS

Simplified tileset creation for streamlined app development - Using Carto to create tiles on top of BigQuery data.

BigQuery Machine Learning

Anomaly detection in time series data using BigQuery ML - Create an ARIMA model, then detect anomalies.


Event Official Blog

Google Cloud Government Security Summit - Join us for ‘can’t miss’ content and solutions for your toughest cybersecurity challenges - Register today to reserve your spot on July 20th, 2021.

GCP Experience Official Blog

How Wunderkind scales up to 200K requests per second using Google Cloud - How the performance marketing channel handles 31 billion events a day.

GCP Certification

Qwiklabs on YouTube: Membership with benefits - Qwiklabs offers paid Youtube membership which contains training content from Google and partners.


Not So BigQuery Newsletter - A weekly newsletter about BigQuery and other data-related things from the GCP world.


Serverless Toronto Meetup - Building a Data Cloud to enable Analytics and AI-Driven Innovation - Data Science, Data Warehousing, Machine Learning to Business Transformation with Lak Lakshmanan.

Slides, Videos, Audio

GCP Podcast - #267 Cloud Firestore for Users who are new to Firestore.

Kubernetes Podcast - #154 Gatekeeper and Policy Controller, with Max Smythe.



AppEngine Standard Java - Updated Java SDK to version 1.9.90.

BigTable - New Dataflow templates are now available to help you import data into Cloud Bigtable. The Cloud Bigtable documentation has been updated to include information about connection pools and when to consider resizing them.

Chronicle - New documentation to support Chronicle data ingestion planning You can now find information about Chronicle supported default parsers.

Compute Engine - Preview: Access the Compute Engine API using Cloud Client Libraries built on our latest client library model. Preview: The Observability tab on Compute Engine's VM instance details page includes a new category for process metrics.

Config Connector - Config Connector 1.56.0 is now available. Added support for ComputeInstanceGroupManager resource (Issue #314). Added support for BinaryAuthorizationPolicy resource. Added cluster.kmsKeyRef field to BigtableInstance. Added expire, rotation, topics, and ttl fields to SecretManagerSecret (Issue #471). Fixed bug that was causing CloudIdentityGroup to go through infinite updates. Added timestamp to log messages. Aggregated the cnrm-admin ClusterRole to the admin and edit ClusterRoles, and aggregated the cnrm-viewer ClusterRole to view ClusterRole.

Dataproc - For 2.0+ image clusters, the dataproc:dataproc.master.custom.init.actions.mode cluster property can be set to RUN_AFTER_SERVICES to run initialization actions on the master after HDFS and any services that depend on HDFS are initialized.

Datastore - Added DATA_READ and DATA_WRITE Data Access audit logs.

Deep Learning Containers - M75 Release Enhanced environment configurations so it is easier to install additional frameworks in CUDA containers.

Deep Learning VM - M75 Release Improved the clarity of error messages for custom container users.

Cloud Firestore - Added DATA_READ and DATA_WRITE Data Access audit logs.

Google Kubernetes Engine - A new security vulnerability, CVE-2021-22555, has been discovered where a malicious actor with CAP_NET_ADMIN privileges can potentially cause a container breakout to root on the host. There is a known issue that prevents the gcloud client from interacting with multi-cluster Ingress that was introduced in gcloud version 346.0.0 and was fixed in version 348.0.0.

Cloud Logging - The Cloud Console now supports creating Logging sinks at the organization or folder level. Starting on October 12, 2021, your Dataflow logs that are ingested and stored in Cloud Logging will be charged at the standard Cloud Logging prices. You can now install the Logging and Monitoring agents on multiple VMs from the Inventory tab on the Cloud Monitoring VM Instances page.

Cloud Monitoring - Metrics Explorer, a stand-alone charting tool that lets you quickly chart and explore time-series data, has a new interface and supports enhanced aggregation options. The VM instances page has a new Processes tab in Preview. You can now install the Logging and Monitoring agents on multiple VMs from the Inventory tab on the Cloud Monitoring VM Instances page. A warning annotation is now added to charts when they are missing data due to a data outage.

Network Intelligence Center - In the Google Cloud console, the trace panel for each Connectivity Test now includes links to VMs, firewall rules, and other resources that were analyzed as part of the test.

SAP Solutions - SAP HANA: sizing guidelines for persistent disks reduced For most Compute Engine VM types that are certified for SAP HANA, Google Cloud has reduced the required minimum sizes of SSD and balanced persistent disks that are used for block storage by reducing the amount of storage that is allocated to the /hana/data volume from 1.5x memory to 1.2x memory.

Cloud Storage - XML API multipart uploads is now in GA. List object V2 for the XML APIPreview launched.

Traffic Director - Traffic Director can now use internet NEGs of the type INTERNET_FQDN_PORT to route traffic to private services that are reachable using hybrid connectivity, including named on-premises, multi-cloud, and internet services.

Transcoder API - v1beta1 & v1. Transcoder v1 API is now available. The Transcoder v1beta1 API is deprecated and will be turned down. The API outputs CEA-608 captions instead of CEA-708.

Vertex AI - You can now use the gcloud beta ai custom-jobs create command to build a Docker image based on local training code, push the image to Container Registry, and create a CustomJob resource.

VMware Engine - Changed MTU recommendation for private cloud-to-private cloud external communications to 1500 bytes.

Virtual Private Cloud - Private Service Connect service attachment details now correctly shows the status for consumer endpoints. If you're creating a Private Service Connect endpoint in a Shared VPC network, the endpoint no longer needs to be in the same project that contains the virtual machines (VMs) that send requests to the endpoint.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]