Welcome to issue #290 April 18th, 2022


Document AI Official Blog

Automating income taxes with Document AI - In the United States, Tax Season descends upon the country every April, requiring millions of Americans to spend hours deciphering cryptic documents and performing complex math just to figure out what they owe. Lending Document AI from Google Cloud supports common document types used for Income Tax Filing, such as W-2s and 1099s. This article illustrates how to build a Tax Processing Pipeline using Document AI.

Cloud Dataproc Kubernetes Official Blog Serverless Spark

Running Spark on Kubernetes with Dataproc - Derive benefits from fully automated, most scalable and cost optimized Kubernetes service for your Spark and open source workloads.

BigQuery Data Analytics Data Loss Prevention API Official Blog

Automatic data risk management for BigQuery using DLP - Automatic DLP for BigQuery, a fully managed service that continuously scans your data to give visibility of data risk, is now generally available.

Cloud SQL Official Blog

Up for an update? Cloud SQL launches support for in-place upgrades - You can now upgrade your PostgreSQL and SQL Server instances in-place to the latest major version.

Data Analytics Official Blog

BigQuery Omni innovations enhance customer experience to combine data with cross cloud analytics - Use BigQuery Omni’s single-pane-of-glass to analyze data across clouds and build pipeless pipelines to drive advanced analytics.

Official Blog Optimization AI

Google Cloud launches Optimization AI: Cloud Fleet Routing API to help customers make route planning easier - Google Cloud Optimization AI: Cloud Fleet Routing API to improve last-mile fleet planning and management.

App Engine Cloud Operations Official Blog

Some beans and gems, some snakes and elephants, with Java 17, Ruby 3, Python 3.10 and PHP 8.1 in App Engine and Cloud Functions - New Java, Ruby, Python, and PHP runtimes for Google App Engine and Cloud Functions, with bundled services.


MongoDB Announces a Pay-As-You-Go Offering on Google Cloud - With this new pay-as-you-go MongoDB Atlas offering, customers only pay for the resources they use and can scale based on their needs, with no up-front commitments while using their Google accounts.

Official Blog SRE

Introducing the Google SRE Prodcast - Discover Prodcast, Google’s Site Reliability Engineering Podcast. This limited-edition series explores fundamental topics in reliability engineering from the perspective of experienced Google SREs.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Infrastructure Official Blog

The journey to the cloud mitigates enterprise risk - Learn how enterprises can mitigate risk by moving data to the public cloud and examining what does and doesn’t work when it comes to data security.

Official Blog Security

What's new with Cloud EKM - This blog post represents a roundup of major functionality that has been added to Cloud EKM since it was first launched to GA.

Kubernetes Security

Securing Containers With Google’s Container Optimized OS & Distroless Container Images - An overview of Container-Optimized OS.

Microsoft Tutorial

Google Cloud: Managed Microsoft Active Directory - Tutorial on creating Microsoft Active Directory.

DevOps Go Terraform

Deploy Infrastructure using CDK for Terraform with Go

App Development, Serverless, Databases, DevOps

Cloud Bigtable GCP Experience Official Blog

Moloco handles 5 million+ ad requests per second with Cloud Bigtable - Moloco uses Cloud Bigtable to build their ad tech platform and process 5+ million ad requests per second.

App Engine Cloud Run Official Blog Python

Follow the pink pony: A story of CSRF, managed services, and unicorns - One engineer's story into the depths of managed services, web server gateway interfaces, and magic strings.

Compute Engine Official Blog

Is there a limit to Cloud VMs? A conversation - In this week's "VM End to End,” Carter and Brian discuss cutting-edge technology, really pushing Cloud Compute machines to the limit.

Official Blog Storage

The definitive guide to databases on Google Cloud: Part 1 - Data modeling basics - In this blog we discuss the business attributes, technical aspects, design questions, considerations to keep in mind while “Designing the Database Model”.

Cloud Speech API Official Blog

Your ultimate guide to Speech on Google Cloud - From speech-to-text to natural language processing, from captions to chatbots, learn how to do more with Google Cloud Speech AI.

Cloud Memorystore Official Blog Python

Using Memorystore for Redis to cache your Django applications - With the release of Django 4.0, Redis is now a core supported caching backend. Learn how to implement caching for your Django deployments on Google Cloud.

Cloud Bigtable Official Blog

Easy CSV importing into Cloud Bigtable - Learn how to use Bigtable by importing data using the CSV import functionality in the Bigtable command line tool.

Cloud Functions Cloud Monitoring Python Stackdriver

GCP Operations Suite Alerts into Google Chat - Publishing Monitoring notifications to Google Chat using custom solution built with Pub/Sub and Cloud Functions.

Cloud Identity Aware Proxy Compute Engine

Login to GCP VM Instance without Public IP using Identity-Aware proxy (IAP) - This article explains how you can use Identity-Aware Proxy to login into GCE instance without public/external IP.

Cloud Functions Cloud Pub/Sub Typescript

GCP Cloud Functions (gen 2nd) Pub/Sub Development & Testing - Developing, deploying, and testing 2nd generation Cloud Function that receives Pub/Sub messages.

CI Cloud Functions DevOps Gitlab

Deploying Cloud Functions with GitLab CI/CD - End to end example of deploying Cloud Functions via Gitlab CI/CD.

Cloud SQL Database Migration Service Migration

Regain Cloud SQL disk space with Database Migration Service - Using Database Migration Service to lower DB disk size.

Cloud CDN DevOps

Serving Assets a CDN with Google Cloud - Serve static content via a Google Cloud CDN to improve load times. Fine-tune your load balancer and caching to match your app’s needs.

Cloud Firestore Cloud Run Python

Building a Mobility Dashboard with Cloud Run and Firestore - Monitoring data that is actively changing every second using a real-time dashboard using Cloud Run and Cloud Firestore.

Artifact Registry Cloud Functions Python

If you are using Python and Google Cloud Platform, this will Simplify Life for you (Part 1) - Manage your Private Packages with Artifact Registry And Import them in your Cloud Functions and Cloud Run Services.

CI Cloud Run Gitlab

CloudSeed: Let’s Make Cloud Apps Easier - Cloud Seed is a joint GitLab and Google Cloud open source project. The goal is to make deployments "ridiculously simple".

Big Data, Analytics, ML&AI

Big Data BigQuery Data Analytics Data Science

Google Data Cloud Summit 2022: Recap - An overview of the many new updates coming to Google Cloud Platform!

Data Analytics Official Blog

Top 5 Takeaways from Data Cloud Summit ‘22 - Data Cloud Summit 2022 was a great success thanks to all of our customers, partners, and members of the data community. Here’s what you missed.

Big Data Official Blog

Hands-on learning lab: Stream Google Cloud data into Splunk Cloud - Google Cloud and Splunk’s hands on lab takes you through core scenarios for data ingestion and data input in Google Cloud in 90 minutes or less.

BigLake BigQuery

GCP BigLake introduction - BigLake is the name given by Google to an underlying data access engine used to provide access to data stored in either BigQuery or in….

Cloud Dataproc Serverless Spark

Processing databricks Delta Lake data in Google Cloud Dataproc Serverless for Spark - Migrating from Dataproc to Serverless Spark.

Airflow Serverless Spark

Dataproc Serverless & Airflow 2 Powered Event Driven Pipelines - Event-driven pipeline built with Cloud Composer and Serverless Spark.


Google Cloud Platform Official Blog

Meet the people of Google Cloud: Grace Mollison, solutions architect and professional problem solver - Hear how Grace Mollison, a Google Cloud solutions architect, solves customer problems with empathy.

GCP Certification Official Blog

Introducing the Professional Cloud Database Engineer certification - Google Cloud announced the new Professional Cloud Database Engineer certification, to help database engineers be ready for today’s changing environment.

Certificate Manager Official Blog

On-demand training for Google Workspace—from beginner to advanced - Explore cloud-based productivity tools with online and in-person Google Workspace training for all experience levels.

GCP Certification

National Pet Day 2022 - Although it’s on 11th of April every year, if you are a pet owner, you know that there’s not a day that goes by that you don’t celebrate….

Slides, Videos, Audio

GCP Podcast - #300 GKE Gateway Controller with Bowei Du and Abdelfettah Sghiouar.

Kubernetes Podcast - #176 Language, Learning and Leadership, with Divya Mohan.

Security Podcast - #60 EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM?

SRE Podcast - #2 - Silvia Esparrachiari talks about the challenges of monitoring and the importance of understanding your users.



Anthos clusters on AWS - A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification.

Anthos clusters on Azure - Anthos Clusters on Azure now supports Kubernetes versions 1.22.8-gke.200 and 1.21.11-gke.100. Kubernetes 1.22 removes support for several deprecated v1beta1 APIs. When you create a new cluster using Kubernetes version 1.22, you can now configure custom logging parameters. As a preview feature, you can now choose Windows as your node pool image type when you create node pools with Kubernetes version 1.22.8. You can now set the autoscaler's minimum node count to zero. This release of Anthos Clusters on Azure adds the ability to update your control plane and node pool VM size cluster annotations Azure admin users control plane root volume size. You can now set the autoscaler's minimum node count to zero. You can now view most common asynchronous cluster and nodepool boot errors in the long running operation error field. This release fixes the following security issues: CVE-2021-22600 CVE-2022-23648 CVE-2022-23648 CVE-2022-0001 CVE-2022-0002 CVE-2022-23960 CVE-2022-0847. A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root. A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification.

Anthos clusters on VMware - A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root.

AppEngine Standard Go - The App Engine legacy bundled services for Go 1.12+ are now available at the General Availability release level.

AppEngine Standard Java - The App Engine legacy bundled services for Java 11/17 are now available at the General Availability release level.

AppEngine Standard PHP - The App Engine legacy bundled services for PHP 7+ are now available at the Preview release level.

AppEngine Standard Python3 - The App Engine legacy bundled services for Python 3 are now available at the General Availability release level.

BigQuery - Starting in July 2022, the projects.list API method will return results in unsorted order.

Cloud Build - Cloud Build default pools now support regional builds at the preview release stage. Cloud Build now supports regional build triggers at the preview release stage.

Certificate Authority Service - Learn how to get started with using the Cloud Client Libraries for the Certificate Authority Service API.


Access Transparency - Access Transparency supports Secret Manager in GA stage.

Cloud Composer - Cloud Composer 1.18.6 and 2.0.10 release started on April 13, 2022. Cloud Composer now supports CMEK encryption using keys stored in External Key Managers. (Cloud Composer 2) Airflow webserver and worker-scheduler images in multiregional repositories are now tagged with their image version (for example, composer-2.0.10-airflow-2.1.4). It is now possible to use upper case symbols in the names of PyPI packages. (Airflow 2) Exception traces from Airflow task executions are now properly annotated with labels in Cloud Logging. (Cloud Composer 2) Fixed a problem where some info log messages were logged as errors during environment operations. (Available without upgrading) DAG schedule intervals are now correctly displayed in the list of DAGs in Cloud Console. (Airflow 1.10.15) Backported the fix for KubernetesPodOperator. (Airflow 1.10.15) Airflow Upgrade Checker updated to version 1.4.0. (Airflow 1.10.15) Fixes in the apache-airflow-backport-providers-google package: DataprocCreateBatchOperator, Dataplex operators, YAML safe load. Cloud Composer 1.18.6 and 2.0.10 images are available: composer-1.18.6-airflow-1.10.15 (default) composer-1.18.6-airflow-2.1.4 composer-1.18.6-airflow-2.2.3 composer-2.0.10-airflow-2.1.4 composer-2.0.10-airflow-2.2.3. Cloud Composer 1.16.0 has reached its end of full support period.

Compute Engine - Generally available: NVIDIA A100 GPUs are now available in the following additional regions and zones: Tokyo, Japan, APAC: asia-northeast1-a,c For more information about using GPUs on Compute Engine, see GPU platforms. Tau T2D VMs are now available in the following regions and zones: Las Vegas, NV (us-west4-a,b) São Paulo, Chile, South America (southamerica-east1-a,b,c) St.

Config Connector - Config Connector version 1.81.0 is now available. Added support for ApigeeEnvironment resource. Added field spec.cluster[].autoscalingConfig to BigtableInstance resource. Added field spec.edgeSecurityPolicy to ComputeBackendBucket resource. Added field spec.type to ComputeSecurityPolicy resource. Added field spec.schedule.repeatInterval to StorageTransferJob resource. Fixed the bug introduced in version 1.62.0 that list fields can't be set to empty lists.

Dataproc - Announcing the General Availability (GA) release of Dataproc on GKE, which allows you to execute Big Data applications using the Dataproc jobs API on GKE clusters. The dataproc:dataproc.performance.metrics.listener.enabled cluster property, which is enabled by default, listens on port 8791 on all master nodes to extract performance-related telemetry Spark metrics. New sub-minor versions of Dataproc images: 1.5.62-debian10, 1.5.62-ubuntu18, and 1.5.62-rocky8 2.0.36-debian10, 2.0.36-ubuntu18, and 2.0.36-rocky8. Dataproc Serverless for Spark now uses runtime version 1.0.9. Changed the owner of /usr/lib/knox/conf/gateway-site.xml from root:root to knox:knox. Fixed and issue in which the Dataproc autoscaler would sometimes try to scale down a cluster by more than one thousand secondary worker nodes at one time. Fixed bugs that could cause Dataproc to delay marking a job cancelled.

Cloud Data Loss Prevention - The data profiler for BigQuery is generally available (GA).

Eventarc - Eventarc is now available in the following regions: australia-southeast2 (Melbourne, Australia) northamerica-northeast2 (Toronto, Ontario, North America) southamerica-west1 (Santiago, Chile, South America).

Cloud Filestore - You can now use customer-managed encryption keys (CMEK) to protect data at rest in Filestore's High Scale SSD Tier instances.

Google Kubernetes Engine - A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Egress NAT policy to configure IP masquerade is now generally available on GKE Autopilot clusters with Dataplane v2 in versions 1.22.7-gke.1500+ or 1.23.4-gke.1600+. (2022-R8) Version updates GKE cluster versions have been updated.

GKE - (2022-R8) Version updates The following control plane and node versions are now available: 1.19.16-gke.10800 1.20.15-gke.5000 1.21.11-gke.900 The following control plane versions are no longer available: 1.19.16-gke.6800 1.20.15-gke.300 Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to version 1.19.16-gke.8300 with this release.

Google Kubernetes Engine Rapid - (2022-R8) Version updates Version 1.22.8-gke.200 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2022-R8) Version updates Version 1.20.15-gke.3600 is now available in the Regular channel.

Google Kubernetes Engine Stable - (2022-R8) Version updates Version 1.20.15-gke.2500 is now the default version in the Stable channel.

Cloud Monitoring - You can now define template variables and permanent filters for your dashboards.

Anthos Service Mesh 1.5 - 1.13.x. 1.13.2-asm.2 is now available.

SAP Solutions - Storage Manager for SAP HANA Standby Nodes version 2.4 Version 2.4 adds support for HANA 2.0 SPS 05 revision 59 and later.

Cloud Spanner - You can now define a default value for a non-key table column when creating or altering a table. A new three-continent, nine-replica multi-region instance configuration is available for Cloud Spanner: nam-eur-asia3 (Iowa/South Carolina/Belgium/Netherlands/Taiwan/Oklahoma).

Cloud SQL - Customer-managed encryption key (CMEK) organization policy constraints are now available in Preview. Cloud SQL for PostgreSQL supports in-place major version upgrades in Preview.

Cloud Storage Transfer - Storage Transfer Service now offers a predefined role to simplify permission assignment to transfer agents.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]