Welcome to issue #265 October 25th, 2021


Anthos BigQuery Data Analytics Official Blog

Here’s what you missed at Next ’21 - Too much to take in at Google Cloud Next 2021? No worries - here’s a breakdown of the biggest announcements at the 3-day event.

AI Official Blog

ICYMI - Top AI Announcements and Sessions from Google Cloud Next ‘21 - Making AI more accessible, more focused on business outcomes, and fast-tracking the time-to-value for customers.

Data Loss Prevention API Official Blog

Cloud Data Loss Prevention is now automatic! - Google Cloud DLP is now automatic and can help you gain visibility into sensitive data across your entire BigQuery footprint.

Cloud Dataproc Data Analytics Official Blog

Spark on Google Cloud: Serverless Spark jobs made seamless for all data users - Spark on Google Cloud allows data users of all levels to write and run Spark jobs that autoscale, from the interface of their choice, in 2 clicks.

Official Blog Security

Trust Google Cloud more with ubiquitous data encryption - Ubiquitous data encryption on Google Cloud provides unified control over data at-rest, in-use, and in-transit, with keys under customer control.

NetApp Official Blog

Expanding our partnership with NetApp to make cloud migration easier - Google Cloud grows its partnership with NetApp to make cloud migration faster, simpler, and easier for enterprise customers.

AI Event Machine Learning

ML Summit 21 - Virtual Machine Learning Summit on October 27, 2021 - latest Google Machine Learning and Artificial Intelligence technologies with specific emphasis on ML Fairness.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Google Cloud Platform Official Blog

Supercharge your Google Cloud workloads with up-to-date best practices from Architecture Framework - Google Cloud best practices have been updated to version 2.0, enabling better security, compliance, reliability, operations, and cost- and performance-optimization.

HPC Networking Official Blog

Accelerating MPI applications using Google Virtual NIC (gVNIC) - Using gVNIC improves MPI communication performance, which is a critical element of delivering high HPC application performance and scalability.

BigQuery Networking Security VPC

ODBC, Private Service Connect and Proxies - Connecting to BigQuery via Private Service Connect.

Networking VPC

Understand and automate the GCP’s Network Cost Intelligence - An overview of VPC Flow logs and how to analyze them.

DevOps Google Kubernetes Engine Kubernetes Terraform

Kubernetes Engine And Terraform In Google Cloud - Basics on deploying your application in a regional Google Kubernetes Engine Cluster using Terraform.

DevOps Kubernetes SRE

Google Cloud DevOps Series - Google Cloud Compute options for Kubernetes.

App Development, Serverless, Databases, DevOps

AppSheet Official Blog

Bring no-code apps to your Gmail inbox. Here’s how. - Use Appsheet to create dynamic emails in Gmail, no coding required.

Compute Engine Official Blog

Tau T2D VMs now in Preview: Independent testing validates market-leading price-performance - T2D VMs powered by 3rd Generation AMD EPYC processors (code-named Milan) are now available for the Compute Engine Tau family in preview.

Cloud Spanner Official Blog

Cloud Spanner connectivity using JetBrains IDEs - You can now browse the database schema and query data stored in Cloud Spanner directly from your JetBrains IDE. This post shows how to connect to a Cloud Spanner instance using IntelliJ IDEA.

Cloud Functions Official Blog

Avoiding GCF anti-patterns part 1: How to write event-driven Cloud Functions properly by coding with idempotency in mind - First post in a series on how to avoid anti-patterns in Google Cloud Functions as seen by the Support team. This post explores what idempotent functions are and how this design pattern is important for background-triggered functions.

Cloud Functions Official Blog Serverless

Functions, events, triggers oh my! How to build event-driven app - Demonstration on how to use events and triggers in Cloud Functions to build event-driven apps in Google Cloud.

Cloud Operations Monitoring Official Blog

Google Cloud Monitoring 101: Understanding metric types - Metrics is a term used for many types of data. Read about what metrics are collected and how, plus which are charged and which are no cost.

Apigee Official Blog

Best practices for securing your applications and APIs using Apigee - Best practices for API Security from Google Cloud.

GCP Experience Official Blog Storage

SenseData’s journey with Google Cloud’s managed database services - Learn how SenseData helps Brazilian companies embrace customer success, rapidly evolving their products on Google Cloud and Google managed database services.

GCP Experience Microservices

How loveholidays used a Cloud Native event-driven system to cut hotel content publishing time - Change of the architecture to improve user experience.

Cloud Run Official Blog

Trying out source-based deployment in Cloud Run - Now you can finally go from source code to a running Cloud Run service with a single command and without having to worry about the complexities of creating a container image. It’s nice to finally see the Cloud Run deployment experience on par with Cloud Functions and App Engine.

Firebase Official Blog

Pinpointing API performance issues with Custom URL Patterns - Using Firebase Performance Monitoring to understand app’s performance from the user’s perspective in near real time.

DevOps Firebase

Migrate a Firebase project from one organization to another - A better guide for no-downtime Firebase project migrations.


Personalised contextual customer experiences for Retail, a practical example using Google Cloud - An example of a retail consumer application that handles personalized contextual customer experience.

Cloud SQL Security

The Speckle Umbrella story — part 2 - Exploring vulnerabilities in Cloud SQL.

Genomics Life Sciences

GROMACS on Google Cloud - Running GROMACS (an open source software for molecular dynamics) on Google Cloud.

Big Data, Analytics, ML&AI

GCP Experience Official Blog Vertex AI

Coca-Cola Bottlers Japan collects insights from 700,000 vending machines with Vertex AI - Coca-Cola Bottlers Japan built a MLOps platform with Vertex AI for a large scale data analytics for 700K vending machines. Learn how it helped extracting the business insights.

Vertex AI

How to deploy a YOLOv4 Darknet model to Vertex AI - Deploying a YOLOv4 model that was trained using Darknet to Google’s new Vertex AI platform and get predictions from it.


Google Cloud Platform

Google gets boring - Next 21 reflection: Joining the ranks of the predictable, dependable software companies, Google Cloud focuses its strategy on broader enterprise issues.

Cloud Run

Cloud Run eBook - Free ebook via Cockroach Labs.

Slides, Videos, Audio

GCP Podcast - #281 Google Cloud Next Data, Analytics, and AI Launches with Eric Schmidt and Bruno Aziza.

Kubernetes Podcast - #165 Engineering Effectiveness and KubeCon NA 2021, with Jasmine James.

Security Podcast - #39 EP39 From False Positives to Karl Popper: Rationalizing Cloud Threat Detection.



Anthos clusters on bare metal - 1.8. Release 1.8.5 Anthos clusters on bare metal 1.8.5 is now available for download. Fixes: The following container image security vulnerabilities have been fixed: CVE-2021-3712 CVE-2021-22946 CVE-2021-22947 CVE-2021-33910 CVE-2021-40528. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section. 1.7. Release 1.7.5 Anthos clusters on bare metal 1.7.5 is now available for download. Fixes: The following container image security vulnerabilities have been fixed: CVE-2021-3712 CVE-2021-22946 CVE-2021-22947 CVE-2021-40528. Known issues: When you upgrade Anthos clusters on bare metal from a version with a security patch to the next minor release, we recommend you upgrade to the highest patch version to ensure you have the latest security fixes.

Anthos clusters on VMware 1.7 - A security issue was discovered in the Kubernetes ingress-nginx controller, CVE-2021-25742. Anthos clusters on VMware 1.9.1-gke.6 is now available. In version 1.9.0, there was a known issue with restoring an admin cluster using a backup when using a private registry.

Bigtable - Cloud Bigtable app profile cluster groups let you route an app profile's traffic to a subset of an instance's clusters.

Cloud Composer - Cloud Composer 2 supports Airflow web server plugins. Cloud Composer is now available in Oregon (us-west1). Added the google-cloud-aiplatform package to Cloud Composer images with Airflow versions 2.1.2, 2.0.2, and 1.10.15. (New environments only) Cloud Composer 2 environments create Autopilot clusters using the Regular release channel. Fixed an issue with the Airflow web server availability in Cloud Composer 2. (New environments only) Shielded Nodes and Secure Boot features are enabled for Cloud Composer 1 environment clusters. (New environments only) Cloud Composer 1 environment creation no longer fails when the constraints/compute.requireShieldedVm policy is turned on. (Available without upgrading) Fixed a problem with Airflow 2 configuration changes not propagating to Airflow workers. Fixed a bug that caused the __pycache__ folder to sometimes appear in an environment's bucket. New versions of Cloud Composer images: composer-1.17.3-airflow-2.1.2 composer-1.17.3-airflow-2.0.2 composer-1.17.3-airflow-1.10.15 (default) composer-1.17.3-airflow-1.10.14 composer-1.17.3-airflow-1.10.12 composer-2.0.0-preview.4-airflow-2.1.2 composer-2.0.0-preview.4-airflow-2.0.2. Cloud Composer versions 1.12.2 and 1.12.3 have reached their end of full support period.

Compute Engine - Preview: You can now configure up to 48 vCPUs and 312 GB memory on virtual machine (VM) instances that have a single T4 GPU attached.

Dataproc - The dataproc:dataproc.cluster-ttl.consider-yarn-activity cluster property is now set to true by default for image versions 1.4.64+, 1.5.39+, and 2.0.13+.

Dialogflow - Dialogflow ES V2 API now supports regionalization. Dialogflow CX change history is now available from the API. Dialogflow CX now provides a continuous testing and deployment preview feature.

Cloud Data Loss Prevention - The IMSI_ID infoType detector is available in all regions.

Cloud Domains - Cloud Domains is available in GA.

IAM - The IAM page of the Cloud Console now lists lateral movement insights in addition to policy insights.

Google Kubernetes Engine - For GKE Autopilot clusters, CMEK for boot disks and CMEK for application-layer encryption is now generally available. For GKE Autopilot clusters, Google Groups for RBAC is now generally available. A security issue was discovered in the Kubernetes ingress-nginx controller, CVE-2021-25742.

Cloud Logging - You can now collect MySQL logs from the Ops Agent, starting with version 2.5.0. You can now collect Redis logs from the Ops Agent, starting with version 2.5.0. You can now collect Cassandra logs from the Ops Agent, starting with version 2.5.0.

KF - 2.6. Anthos clusters on VMware (GKE on-prem) support promoted to GA. Anthos clusters on bare metal support promoted to GA. New wrap-v2-buildpack experimental command available. Added support for kubectl explain to inspect Kf CRDs. Fixed condition where CLI may not always show build logs. Fixed issue where kf doctor expects the ASM ingress gateway deployment to be in the kf namespace. Addressed scenario where the Kf operator could overwrite ASM Gateway customization. Config Connector dependency updated to v1.60. Tekton dependency updated to v0.26.0.

Network Connectivity Center - Network Connectivity Center is now generally available. It is now possible to add or remove router appliance instances from an existing spoke, as long as you don't try to add instances that belong to a different VPC network.

Traffic Director - Traffic Director with internet NEGs of the type INTERNET_FQDN_PORT is now in General Availability. Traffic Director security service with GKE is now in General Availability for gRPC proxyless services.

VPC Service Controls - General availability for the following integration: reCAPTCHA Enterprise. General availability for the following integration: Network Connectivity Center.

Virtual Private Cloud - This issue is now fixed: Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access published services might not establish for some existing Cloud VPN connections.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]