Welcome to issue #281 February 14th, 2022


Compute Engine HPC Official Blog

Introducing Compute Optimized VMs powered by AMD EPYC processors - We’ve increased your Compute Engine choices with new C2D Compute Optimized VMs with the 3rd Generation AMD EPYC Processor (code-named Milan).

Official Blog Vertex AI

Build, deploy, and scale ML models faster with Vertex AI’s new training features - How Local Mode and Auto-Container Packaging in Google Cloud’s Vertex AI help you to train machine learning models faster.

Anthos GKE Autopilot Official Blog

Managed Istio-based service mesh on our managed GKE clusters: Anthos Service Mesh comes to GKE Autopilot - GKE Autopilot with Istio-powered Anthos Service mesh provides a fully managed service mesh and Kubernetes cluster for your microservices deployments.

Cloud Scheduler Official Blog Serverless

Cloud Scheduler: Now available across 23 GCP Regions - Launch announcement for Google Cloud Scheduler service availability in 23 new GCP Regions.

Cloud Storage Official Blog

Improving the availability of your Cloud Storage: Automatic retries in client libraries - An overview of automatic retries in Cloud Storage client libraries and some background on how they work.

Business Google Cloud Platform Official Blog

Expanding resources and teams for customer success - Google Cloud continues to deepen its commitment to customer success by expanding consulting services through Global Delivery Centers.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud Healthcare Official Blog Security

How healthcare can strengthen its own cybersecurity resilience - Building resilience in healthcare cybersecurity may feel daunting, but lessons from exposure therapy and using core concepts can lead to big wins.

Official Blog Security SRE

Achieving Autonomic Security Operations: Automation as a Force Multiplier - Your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of the series, we plan to extract the lessons for your SOC centered on another SRE principle - automation as a force multiplier.

Cloud Run GKE Autopilot Google Kubernetes Engine Official Blog

How tech companies and startups get to market faster with containers on Google Cloud - Google Cloud’s whitepaper explores how startups and tech companies can move faster with a managed container platform.

Anthos Official Blog

Learn why and how to migrate monolithic workloads to containers - This article describes reasons for shifting monolithic VMs to lightweight containers and how to get started using Migrate for Anthos and GKE.

Cloud Security Command Center Official Blog

Protecting customers against cryptomining threats with VM Threat Detection in Security Command Center - Extending threat detection in Security Command Center with Virtual Machine Threat Detection.

Google Kubernetes Engine Official Blog

Here's what to know about changes to kubectl authentication coming in GKE v1.25 - Starting with GKE v1.25, you will need to download and use a new kubectl plugin called “gke-gcloud-auth-plugin” to authenticate to GKE.

Billing Google Kubernetes Engine Official Blog

Know more, spend less: how GKE cost optimization insights help you optimize Kubernetes - Using the GKE cost optimization insights feature can help you discover optimization opportunities across your Google Kubernetes Engine environment.

Official Blog reCAPTCHA Security

Five ways to stop automated website attacks with reCAPTCHA Enterprise - Bots threaten daily online activity for government agencies, costing billions. Reduce or eliminate the risk of automated website attacks with reCAPTCHA Enterprise.

DevOps Google Cloud Platform

Managing GCP projects at scale — part 3 - What have we learned using the GCP Project Factory?

Istio Security

How to configure mTLS between two Istio meshes - configuring mTLS between two meshes.

CI DevOps Gitlab

Secure Deployments from Gitlab to Google Cloud Platform - Deploying and using Gitlab Runner on GCP to increase security for CI/CD pipelines.

Anthos Kubernetes

Google Cloud Anthos Series-Part3 - Part-3: Getting started with Anthos Platform.

Google Kubernetes Engine Kubernetes

Near Real Time Data Replication using Debezium on GKE - Using Debezium deployed on GKE to stream real-time data from a Postgres Instance to Cloud Pub/Sub.

Cloud DNS Security

Protecting from DNS exfiltration in GCP - Use Cloud DNS in GCP to protect against DNS exfiltration threats.

App Development, Serverless, Databases, DevOps

Cloud Filestore Official Blog SAP

Filestore Enterprise: File-sharing done right for SAP customers - Learn how Filestore Enterprise gives SAP customers a high-availability regional file-sharing service with a 99.99% SLA.

GCP Experience Official Blog

Lift and shift: Lessons for video media applications - Google Cloud partners with media software Vizrt to unlock the full power of cloud for broadcasting. Here’s what they learned.

NodeJS Official Blog

Google Cloud moves Cloud Client Libraries for Node.js support for version 10 to Maintenance - Google Cloud: Cloud Client Libraries for Node.js moves support for Node.js version 10 to maintenance mode.

Official Blog Storage

Yugabyte Cloud offers database scale AND transactional consistency - Yugabyte Cloud brings the best of both cloud and RDBMS database architectures to businesses and developers worldwide.

Cloud SQL Official Blog

Scaling read-only workloads on Cloud SQL for PostgreSQL with HAProxy - Use Cloud SQL for PostgreSQL with HAProxy to deploy a load balancing solution for read queries, with automatic configuration and replica detection.

Cloud Firestore Firebase Official Blog

Accept Payments with Cloud Firestore and Google Pay - Firebase extension for an app to accept payments from Google Pay users using one or more of the many supported Payment Service Providers, without the need to invoke their individual APIs.

Cloud Functions Workflows

Retry automatically with Exponential Backoff in Cloud Workflows - An example of implementing exponential backoff for HTTP requests in Cloud Workflows.

Compute Engine Official Blog Workflows

Long-running containers with Workflows and Compute Engine - Long-running containers with Workflows and Compute Engine.

Serverless Workflows

Deep dive into Cloud Workflows - A list of resources for Cloud Workflows.

Cloud Spanner Monitoring Official Blog

Troubleshooting application performance on Cloud Spanner with OpenCensus - Debugging Cloud Spanner with client-side OpenCensus metrics including round-trip latency and gfe_latency.

Cloud Operations Java Security

Learning from “Log4j 2” Vulnerability - Part 1: Using Google Cloud Operations suite - How to detect & alert on threats with Cloud Operations Suite.

API Cloud Functions Serverless

Building APIs with Cloud Functions and API Gateway - Using API Gateway with Cloud Functions.

Cloud Pub/Sub Cloud Run Kubernetes PubSub Python

Pub/sub adventures: From Pull to Push with Cloud Run - Sample application on Cloud Run that is triggered by Pub Sub message and switching from Pull to Push delivery.

Big Data, Analytics, ML&AI

Data Analytics Official Blog

Measure and maximize the value of Data Science and AI teams - Suggestions to measure and maximize the value of artificial intelligence teams. Learn from customer cases and how they delivered and measured value.

Cloud Dataflow Data Analytics Official Blog

3 ways Dataflow is delivering 50%+ productivity boost and cost savings to customers - Deliver 50% + productivity boost and cost savings with less than 6 month payback with Dataflow’s unified batch and streaming ETL platform.

Data Analytics Official Blog

Why you should be using Flex templates for your Dataflow deployments - This blog describes best security, CI/CD and development practices when using Dataflow Flex Templates.

BigQuery Data Analytics GCP Experience Official Blog

How Wayfair says yes with BigQuery—without breaking the bank - BigQuery’s performance and cost optimization have transformed Wayfair’s internal analytics to create an environment of "yes".

BI Engine BigQuery Billing Workflows

Reduce your BigQuery bills with BI Engine capacity orchestration - Orchestrating BI Engine reservations by dynamically changing allocation size based on usage using Cloud Workflows to lower BigQuery costs.

BigQuery Monitoring

Slack notification for BigQuery results using GitHub Actions - A Github action that executes BigQuery query and post results to Slack channel.

BigQuery Security

Learning from “Log4j 2” Vulnerability - Part 2: Using BigQuery - How to detect & investigate threats with BigQuery.

BigQuery Data Analytics Official Blog Vertex AI

Unified data and ML: 5 ways to use BigQuery and Vertex AI together - Vertex AI is a single platform with every tool you need to build, deploy, and scale ML models. Get started quickly with five easy integrations between Vertex AI and BigQuery.

Machine Learning Official Blog Vertex AI

Celebrating National Muffin Day with machine learning - Using machine learning and Vertex AI to develop a muffin recipe to celebrate National Muffin Day.

Slides, Videos, Audio

GCP Podcast - #292 Pulumi and Kubernetes Releases with Kat Cosgrove.

Security Podcast - #51 EP51 Policy Intelligence: More Fun and Useful than It Sounds!



Anthos clusters on Azure - A security vulnerability, CVE-2021-43527, has been discovered in any binary that links to the vulnerable versions of libnss3 found in NSS (Network Security Services) versions prior to 3.73 or 3.68.1.

Anthos clusters on VMware - A security vulnerability, CVE-2021-43527, has been discovered in any binary that links to the vulnerable versions of libnss3 found in NSS (Network Security Services) versions prior to 3.73 or 3.68.1. Anthos clusters on VMware 1.10.1-gke.19 is now available. Removed unintentional infrastructure log lines from the cluster snapshot. If your admin cluster failed to register with the provided gkeConnect spec during creation, upgrading to a later 1.9 or 1.10 release will fail with the following error: failed to migrate to first admin trust chain: failed to parse current version "": invalid version: "" failed to migrate to first admin trust chain: failed to parse current version "": invalid version: "" If you have experienced this issue, follow these instructions to fix the gkeConnect registration issue before you upgrade your admin cluster. A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack.

Google Cloud Armor - Google Cloud Armor Rate Limiting is now in General Availability.


Billing - Starting in February 2022, if you have committed use discounts (CUDs), Google Cloud Billing calculates the attribution for your fees and credits every hour, to help you track costs faster and more accurately.

Cloud Build - Cloud Build's Bitbucket Server and Bitbucket Data Center integration is now generally available.

Cloud Composer - Airflow 2.2.3 is available in Cloud Composer images. Cloud Composer 1.17.10 and 2.0.3 images are available: composer-2.0.3-airflow-2.2.3 composer-2.0.3-airflow-2.1.4 composer-2.0.3-airflow-2.0.2 composer-1.17.10-airflow-2.2.3 composer-1.17.10-airflow-2.1.4 composer-1.17.10-airflow-2.0.2 composer-1.17.10-airflow-1.10.15 (default). Cloud Composer versions 1.14.0, 1.14.1, and 1.14.2 have reached their end of full support period.

Compute Engine - Generally available: Compute-optimized C2D machine types are now generally available. Public Preview: You can now use the security keys registered for 2-Step Verification in your Google account to connect to VMs that use OS Login.

Config Connector - Config Connector version 1.73.0 is now available. Added support for ComputeFirewallPolicyAssociation resource. Added support in IAMPartialPolicy and IAMPolicy to cover Organization and BillingAccount resources. Fixed spec.target.targetHTTPProxyRef issue in ComputeForwardingRule (Issue #596). CRD go clients (alpha) have moved to pkg/clients/generated/client/clientset/versioned/ package.

Dataproc - Dataproc Serverless for Spark now uses runtime version 1.0.3. Added cluster_type field to job and operation metrics in Cloud Monitoring.

Eventarc - Eventarc is now Payment Card Industry Data Security Standard (PCI DSS)-compliant.

Google Kubernetes Engine - A security vulnerability, CVE-2021-43527, has been discovered in any binary that links to the vulnerable versions of libnss3 found in NSS (Network Security Services) versions prior to 3.73 or 3.68.1. Versions 1.21.9-gke.300, 1.22.6-gke.300, and 1.23.2-gke.300 contain a fix for a race condition which could result in erroneously detaching all endpoints from network endpoint groups for a short period.

GKE - Versions 1.21.9-gke.300, 1.22.6-gke.300, and 1.23.2-gke.300 contain a fix for a race condition which could result in erroneously detaching all endpoints from network endpoint groups for a short period.

Load Balancing - Network Load Balancing now supports load-balancing ESP (Encapsulating Security Payload) and ICMP (Internet Control Message Protocol) traffic. External TCP/UDP Network Load Balancing now allows you to configure a connection tracking policy. Network Load Balancing introduces a new monitoring resource type loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule that lets you monitor all the supported protocols including TCP, UDP, ESP, and ICMP.

Cloud Logging - Your regional preferences, including date and time formatting, are now supported in the Logs Explorer. Compute Engine resource names, alongside their corresponding resource IDs, are now supported in the Logs Explorer.

Marketplace Partners - The deprecated product field on the provider Entitlement resource has been updated.

Cloud Memorystore - Added support for upgrading the Redis version of an instance to any higher version.

Cloud Monitoring - You can now view information about your user-defined metrics by using the Diagnostics tab located on the Metrics Explorer page. You can now configure private uptime checks by using the Cloud Console. Using the new Integrations page in the Google Cloud Console, you can now configure third-party application integrations that the Ops Agent supports.

Cloud Router - Bidirectional Forwarding Detection (BFD) for Cloud Router is Generally Available (GA).

Cloud Run - The configured container arguments are now correctly overriding arguments defined inside the container image.

Cloud Scheduler - Cloud Scheduler jobs for HTTP or Pub/Sub Targets can be deployed in multiple GCP Regions around the world and no longer require that an App Engine application be deployed.

Security Command Center - Access-related details are now available as finding attributes for all Security Command Center services. Previously, the following Event Threat Detection rules were made temporarily unavailable because they were generating extraneous findings: Persistence: New API Method Persistence: New Geography The underlying issue has been resolved. Security Health Analytics, a built-in service of Security Command Center, released the OPEN_GROUP_IAM_MEMBER detector to General Availability.

SAP Solutions - SAP NetWeaver certifications: AMD-based compute-optimized machine types For SAP NetWeaver, SAP now certifies Compute Engine compute-optimized C2D series machine types with the AMD EPYC Milan CPU platform. SAP NetWeaver certifications: N2D series Compute Engine VMs on the AMD EPYC Milan CPU platform For SAP NetWeaver, SAP now certifies Compute Engine N2D series machine types with the AMD EPYC Milan CPU platform.

Cloud Spanner - Cloud Spanner now optimizes the way it processes groups of similar statements in DML batches, significantly improving the speed at which it performs batched data writes under certain conditions. Query statistics now cover DML statements, including inserts, updates, and deletes. Cloud Spanner's CPU Utilization metrics now provide grouping by all task priorities: low, medium, and high.

Cloud SQL Postgres - Cloud SQL supports the max_parallel_maintenance_workers, max_parallel_workers, max_parallel_workers_per_gather, and max_pred_locks_per_transaction flags: max_parallel_maintenance_workers sets the maximum number of parallel workers that can be started by a single utility command. Cloud SQL supports the wal_receiver_timeout and wal_sender_timeout flags: The wal_receiver_timeout flag ends replication connections that are inactive for the specified time.

Cloud SQL SQL Server - Cross-region replication is now generally available in Cloud SQL for SQL Server. SQL Server 2019 is now the default version.

Cloud Storage Transfer - Support for agent pools is now generally available (GA).


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]