Welcome to issue #288 April 4th, 2022


Google Distributed Cloud Edge Official Blog

It’s official—Google Distributed Cloud Edge is generally available - New, fully managed Google Distributed Cloud Edge hardware enables new workloads at edge locations.

BigQuery Data Analytics Official Blog

Introducing Active Assist recommendations for BigQuery capacity planning - Optimize BigQuery usage and capacity planning with insights and recommendations powered by Active Assist, part of Google Cloud’s AIOps solution.

Eventarc Official Blog Workflows

Introducing Eventarc triggers for Workflows - Introducing Eventarc triggers for Workflows.

BigQuery Data Analytics Official Blog Public Datasets

Enhance your analysis with new international Google Trends datasets in BigQuery - International Google Trends datasets now available in BigQuery to accelerate business insights.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

DevOps Official Blog Skaffold

Simplify your DevOps using Skaffold - How Google Cloud teams use Skaffold to simplify development process with Kubernetes.

Compute Engine Official Blog Terraform

Force Terraform resource recreation - Automatically refresh a Terraform resource within Terraform.

Official Blog Security

Cloud CISO Perspectives: March 2022 - Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.

Networking Official Blog

IP addressing options in Google Cloud: Networking basics - In this blog we’ll be visiting the topics of IP addresses and subnetting on Google Cloud. IP addressing and subnetting can be confusing to many, but addressing is a very important requirement in your network.

Certificate Authority Service Networking Official Blog

Automate Public Certificates Lifecycle Management via RFC 8555 (ACME) - ACME API lets our users automate their Public Certificate Lifecycle Management.

Networking Official Blog

Voice trading in the cloud — digital transformation of private wires - Learn how Google Cloud’s network and Network Connectivity Center can transform the private wires used for voice trading.

Terraform VPC Service Controls

VPC Service Controls — Secured Data Sharing - This article covers securing the resources and data in Google Cloud Platform, using context based security — VPC Service Controls.

Cloud DNS Google Kubernetes Engine Kubernetes NoSQL

Set up Multi-Datacenter Cassandra Clusters in GKE with K8ssandra and Cloud DNS - Step by step setup of a multi-data center Cassandra cluster working on Kubernetes clusters in multiple regions using GKE and Cloud DNS instead of hardcoded IPs for higher scalability and ease-of-use.

Anthos DevOps Kubernetes

Google Cloud Anthos Series - Part8 - Part-8: Migrate for Anthos and GKE.

DevOps Google Kubernetes Engine Kubernetes

Dealing with a Google Kubernetes Engine Cluster Outage - GKE outage caused by miss configured OPA Gatekeeper.

App Development, Serverless, Databases, DevOps

Compute Engine Official Blog

What type of authentication is best for VMs? A conversation - Another episode of “VM End to End,” which is a series of curated conversations between a “VM skeptic” and a “VM enthusiast”. In this episode Carter need to know about identity, and about access. He wants to know why he can't just SSH into everything, or if he can. Brian and Emanuel Burgess have answers!

Cloud SQL Official Blog

Bi-directional replication for Cloud SQL for PostgreSQL using logical replication - The blog post describes how to set up bidirectional replication on Cloud SQL for PostgreSQL using logical replication to serve multi-regional database read/write workloads.

Compute Engine Infrastructure Official Blog

Confidential VMs - a security breakthrough for medical device software - Idea Evolver and AstraZeneca built a medical device software product using Google Cloud Confidential VMs to enable encryption of data while in use.

Cloud SQL Official Blog

Using the local timezone with Cloud SQL for SQL Server - Ensure data consistency for datetime data when migrating to Cloud SQL for SQL Server.

DevOps Monitoring Official Blog SRE

Add severity levels to your alert policies in Cloud Monitoring - Add static and dynamic severity levels to your alert policies for easier triaging and include these in notifications when sent to 3rd party services.

HPC Official Blog

Clouds in the cloud: Weather forecasting in Google Cloud - Learn to easily run the Weather Research and Forecast (WRF) model, how well it performs, and key optimizations on Google Cloud’s HPC platform.

Cloud Run Official Blog Serverless

Use Cloud Run "always-on" CPU allocation for background work - Feature launch post demonstrating use of Cloud Run "always-on" CPU allocation for background work.


Demystifying Firebase — Part 1 - An overview of Firebase.

Cloud Functions Cloud Storage Python

Secret Sauce — Google Cloud Functions For Autonomous Global Storage Synchronization - Code samples to replicate files in Cloud Storage buckets.

Cloud Run Go Knative

Pre-Heating Cloud Run Apps for crisp UX - Learn how and why to scale your Cloud Run apps to provide a great user experience.

DevOps Javascript

How to schedule tasks in more than 30 days in Google Cloud Tasks API? - A workaround to bypass 30 days limit for scheduling Cloud Tasks.


Verba volant, scripta manent. Experimenting with Dialogflow Messenger and BigQuery - Analyzing pros and cons of voice vs text in the context of conversational interface and providing example of a chatbot based on Dialogflow.

Big Data, Analytics, ML&AI

BigQuery Billing Cloud Dataflow

FinOps for data pipelines on Google Cloud Platform - Keeping costs of the streaming and batch pipelines on Google Cloud Platform under control.

BigQuery Data Analytics Official Blog Serverless Spark

Ingesting Google Cloud Storage files to BigQuery using Cloud Functions and Serverless Spark - Ingesting Google Cloud Storage files to BigQuery using Cloud Functions and Serverless Spark.

Cloud Dataproc Cloud Spanner Serverless Spark

Cloud Spanner export query results using Dataproc Serverless - Exporting data for a Spanner Table or SQL Query using Dataproc Serverless.

Official Blog TensorFlow Vertex AI

Add preprocessing functions to Tensorflow models and deploy on Vertex AI - Learn how to productionalize a TensorFlow image model on Vertex AI.

Machine Learning Vertex AI

VertexAI’s Feature Store for dummies - The process of creating an end-to-end VertexAI Feature Store with automated data ingestion.

BigQuery Data Science Machine Learning

Rapid Batch Inference in Google Cloud - How we tweaked Google’s new SQL-based ML Framework to scale our inference stack and accelerate our product roadmap.

Cloud Dataproc

Dataproc and Apache Spark tuning - When you migrate Spark jobs from on-premise Hadoop cluster to the Cloud Dataproc ephemeral clusters you should not lift and shift spark.properties. It is much easier to use Spark dynamic allocation to fill the allocated Dataproc cluster capacity.


Cloud Dataflow Event

Serverless Toronto Meetup - Learn how to build unified Batch & Streaming Pipelines with Apache Beam and Dataflow from Patrick Lecuyer - Head of Specialist Customer Engineering at Google Canada.

Slides, Videos, Audio

GCP Podcast - #298 Celebrating Women's History Month with Vidya Nagarajan Raman.

Kubernetes Podcast - #174 in-toto, with Santiago Torres-Arias.

Security Podcast - #58 SOC is Not Dead: How to Grow and Develop Your SOC for Cloud and Beyond.

GCP Life Podcast - #11 - “GCVE Is about to explode!” - Google News Blocked in Russia, VMWare Licencing, Cloud Armor, Diagramming Tool, Google Layoffs, VM Suspending, North Korean Chrome Exploit, Chrome Flaw, GCP Prices.



Anthos clusters on bare metal - 1.11. Release 1.11.0 Anthos clusters on bare metal 1.11.0 is now available for download. Containerd is the default runtime in Anthos clusters on bare metal. The structure of the Anthos clusters on bare metal documentation is substantially different from previous versions. Kubernetes 1.22 has deprecated certain APIs, and a list of these deprecated APIs can be found in Kubernetes 1.22 deprecated APIs. On January 31, 2022, CentOS 8 reached its end of life (EOL). Improved cluster lifecycle functionalities: Upgraded Anthos clusters on bare metal to use Kubernetes version 1.22. Known issues: Deprecated metrics Several Anthos metrics have been deprecated and, starting with this release, data is no longer collected for these deprecated metrics. 1.10. Release 1.10.3 Anthos clusters on bare metal 1.10.3 is now available for download. Fixes: The following container image security vulnerabilities have been fixed: CVE-2022-24407 CVE-2022-23648. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Google Cloud Armor - Google Cloud Armor now supports TCP Proxy load balancers and SSL proxy load balancers in public preview.

Cloud Asset Inventory - The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API: Dataplex dataplex.googleapis.com/Lake dataplex.googleapis.com/Task dataplex.googleapis.com/Zone dataplex.googleapis.com/Asset.

BigQuery ML - BigQuery ML and Vertex AI Model Registry integration is available in preview. The Wide-and-Deep model is now generally available (GA).

BigQuery - The international public dataset for Data Signals for Google Search Trends is now available in Preview and available in the Google Cloud Marketplace and Analytics Hub.

Billing - Cost analysis by project ancestry, including folder-level costs, now available in BigQuery Export and Reports Viewing your costs by project ancestry helps you do things like analyze costs by folder or organization.

Cloud Composer - Cloud Composer 1.18.4 and 2.0.8 release started on March 28, 2022. If the /dags, /data, /logs, or /plugins folder is deleted in an environment's bucket, Cloud Composer re-creates this folder. New version aliases for Cloud Composer images. (Cloud Composer 2) Increased the safe interval for tasks executed during maintenance windows. The description of Composer Compute CPU SKUs was changed from "CPU" to "mCPU", to simplify the invoice interpretation. Improved the validation of custom IP ranges that are specified when an environment is created. (Cloud Composer 2) Fixed a problem when an unhealthy web server is not restarted. (Cloud Composer 1) In-cluster builds for PyPI package installations no longer fail when the constraints/compute.requireShieldedVm policy is turned on. (New Cloud Composer 1 environments) The minimum disk size for environment nodes is changed from 20 GB to 30 GB. (Cloud Composer 1) Fixed problems with upgrading to Cloud Composer 1.18.* from earlier versions of Cloud Composer. Fixed a problem with "Environment health" and "Worker Pod eviction" metrics occasionally not reporting new time-series points. Cloud Composer 1.18.4 and 2.0.8 images are available: composer-2.0.8-airflow-2.2.3 composer-2.0.8-airflow-2.1.4 composer-1.18.4-airflow-2.2.3 composer-1.18.4-airflow-2.1.4 composer-1.18.4-airflow-1.10.15 (default). Cloud Composer 1.15.1 has reached its end of full support period.

Data Fusion - Cloud Data Fusion version 6.6.0 is generally available (GA). The SAP SLT Replication plugin is generally available (GA).

Error Reporting - Error Reporting now supports Webhooks and Slack as notification channels.

Eventarc - Support for creating an Eventarc trigger for a Workflows destination on the Eventarc page in the Cloud Console is now available in Preview.

Cloud Functions - Cloud Functions (1st gen) has added support for Google-managed Artifact Registry at the Preview release level. Cloud Functions (1st gen) support for customer-managed encryption keys (CMEK) is now at the General Availability release level.

Cloud Healthcare API - You can now specify PATCH requests in a FHIR bundle.The Cloud Healthcare API offers single-region support in the us-east1 (South Carolina) region. The Cloud Healthcare API offers single-region support in the us-west1 (Oregon) region. The Cloud Healthcare API offers single-region support in the us-west3 (Salt Lake City) region.

KMS - Two new organization policy constraints are now available in Preview to help ensure CMEK usage across an organization: constraints/gcp.restrictNonCmekServices requires CMEK protection.

Google Kubernetes Engine - (2022-R7) Version updates GKE cluster versions have been updated.

Google Kubernetes Engine Rapid - (2022-R07) Version updates Version 1.22.7-gke.1500 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2022-R07) Version updates Version 1.21.6-gke.1503 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2022-R07) Version updates The following versions are now available in the Stable channel: 1.19.16-gke.8300.

Memorystore for Memcached - Maintenance Windows are now Generally Available for Memorystore for Memcached.

Cloud Monitoring - User-defined labels are now included in PagerDuty, Pub/Sub, Webhooks, and email notifications, and you can also view these labels on the details pages of alerting policies and incidents.

Cloud Run - Cloud Run reports a new Cloud Monitoring metric: Container Startup Latency, measuring the startup time of container instances.

Service Mesh - 1.13.x. 1.13.1-asm.1 is now available. Managed Anthos Service Mesh isn't rolling out to the rapid release channel at this time. Anthos Service Mesh now supports GKE on GCP and On-premise combined in a hybrid mesh as a public preview feature. Anthos Service Mesh now supports GKE on GCP and Amazon EKS combined in a multi-cloud mesh as a public preview feature. Enabled a single Cloud API (mesh.googleapis.com), which automatically enables all required Cloud APIs for Anthos Service Mesh. In general, the Service dashboards support all current versions of Anthos Service Mesh. 1.10.x. Anthos Service Mesh 1.10 is no longer supported.

Cloud SQL MySQL - Cloud SQL for MySQL now supports minor versions 8.0.27 and 8.0.28.

Cloud Storage Transfer - Creating and managing data transfers with the gcloud command-line tool is now generally available (GA).

Vertex AI - Vertex AI Model Registry is available in Preview.

Workflows - Support for creating an Eventarc trigger on the Workflows page in the Cloud Console is now available in Preview.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]