Welcome to issue #295 May 23rd, 2022

News

Official Blog Security

Introducing Google Cloud’s new Assured Open Source Software service - Announcing Google Cloud’s new Assured Open Source Software Service, which can help organizations add the same software that Google uses into their own workflows.

Official Blog Security

Introducing Autonomic Security Operations for the U.S. public sector - Google Cloud announces U.S. government-focused Autonomic Security Operations for better cybersecurity analytics.

Infrastructure Networking Official Blog

Announcing PSP's cryptographic hardware offload at scale is now open source - We’re making the PSP Security Protocol for offloading encryption to network interface cards open source today. Here’s why.

Compute Engine Infrastructure Official Blog

Run your fault-tolerant workloads cost-effectively with Google Cloud Spot VMs, now GA - Google Cloud Spot VMs allow you to run your fault tolerant workloads at the lower cost per VM, and are now generally available.

Official Blog Workload Identity Federation

Announcing federating workloads to Google Cloud with SAML - Customers can now strengthen their security posture with federated workloads to Google Cloud with SAML.

Google Kubernetes Engine Official Blog

GKE workload rightsizing — from recommendations to action - With new workload rightsizing capabilities, you get recommendations about your Kubernetes Pod resource requests, and apply them in the GKE console.

Cloud SDK Official Blog Terraform

Announcing policy guardrails for Terraform on Google Cloud CLI preview - Learn more about how gcloud terraform vet allows you to apply pre-deployment checks and guardrails to your Terraform infrastructure configurations.

HPC Infrastructure Official Blog

Introducing the latest Slurm on Google Cloud scripts - Announcing the latest Slurm on Google Cloud scripts, which help customers quickly and easily manage their hybrid and cloud-native HPC environments to run HPC, MPI, and AI/ML workloads on Google Cloud.

Google Kubernetes Engine Kubernetes Official Blog

Google Cloud at KubeCon EU: New projects, updated services, and how to connect - Engage with experts and learn more about Google Kubernetes Engine at KubeCon EU.

Cloud SQL Official Blog

Maintenance made flexible: Cloud SQL launches self-service maintenance - Cloud SQL self-service maintenance is now generally available, allowing you to upgrade your database’s maintenance version to the latest on your own.

Monitoring Official Blog Prometheus

Introducing a high-usage tier for Managed Service for Prometheus - New pricing tier for our managed Prometheus service users with over 500 billion metric samples per month. Pricing for existing tiers reduced 25%.

Event Official Blog Security

Charting a safer future starts at Google Cloud’s Security Summit - At this year’s Security Summit, we are sharing how we’re making government and enterprises safer with Google Cloud.

Sponsor

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Official Blog VMware Engine

Google Cloud VMware Engine: Optimize application licensing costs with custom core counts - Learn about Custom Core Counts and how you can use this to manage your application licensing costs effectively on Google Cloud VMware Engine.

Official Blog reCAPTCHA

Humans or bots: a guidebook to protect from a range of digital fraud - Google Cloud reCAPTCHA Enterprise protects websites by distinguishing between humans and bots. Full-scale implementation of reCAPTCHA Enterprise solution expands on bot detection to protect public sector websites from a broad range of digital fraud. Highlights from our new reCAPTCHA Enterprise guidebook details functional enhancements and ways for government agencies to take advantage of enterprise capabilities.

Official Blog Security

Security Roundup - stories and launches from first quarter 2022 - What's new in the Google Cloud Security world, highlighting and summarizing some key stories and new content.

Official Blog Security

How Google Cloud helps government agencies stay ahead of security threats - At the annual Google Cloud Security Summit today, we’re excited to share updates on how we’re helping governments around the world address their pressing security challenges and meet the demands of new and evolving cybersecurity mandates.

Anthos Official Blog

Standardization, security, and governance across environments with Anthos Multi-Cloud - Anthos Configuration Management, Policy Controller, and Service Mesh help you to form a design for standardization, security, and governance across Kubernetes environments.

DevOps Official Blog

Join us in evolving the usability of GitOps - The kpt.dev open-source project is building a UI and backend to generate and edit configuration that can be deployed via GitOps. Contributors welcome.

App Development, Serverless, Databases, DevOps

Cloud Bigtable GCP Experience Official Blog

Equifax data fabric uses Google Cloud to spin faster innovation - Bigtable supports the Equifax Cloud data fabric by ingesting and organizing data and then serving it to users so they can build new products.

Cloud Logging NodeJS Official Blog

Get more insights with the new version of the Node.js library - Wire your application logs with more information and insights with the new version of the Node.js library.

Cloud SQL Error Reporting Official Blog

Alerting on error log messages in Cloud SQL for SQL Server - An overview on how to use Google Cloud Operations Suite to monitor Cloud SQL Error Logs.

GCP Experience Official Blog Prometheus

Maisons du Monde’s journey to a managed service for Prometheus - Maisons du Monde adopted Google Cloud Managed Service for Prometheus for easier Kubernetes application metrics.

Cloud Storage Compute Engine Networking

Improve Data Transfer speeds between your VM and Google Cloud Storage - Using s5cmd as a faster alternative to gsutil for copying files from VM instance to Cloud Storage.

Serverless

Google Cloud Serverless technology never sleep - Architecture choice can definitely change the money spend, the performance and the footprint of your workload !

Cloud Logging Cloud Monitoring Terraform

Create Log-Based Metrics in Google Cloud and Gain Valuable Insights - Use Terraform to create your metrics and deepen the understanding of your system.

Big Data, Analytics, ML&AI

Data Analytics GCP Experience Official Blog

Built with BigQuery: Material Security’s novel approach to protecting email - Material Security’s novel approach to protecting email depends on Google Cloud’s BigQuery. Here’s why.

Data Analytics Official Blog

Twitter takes data activation to new heights with Google Cloud - Twitter transformed its approach to data processing using Google Cloud services. In this blog, Pradip Thachile, cloud adoption lead at Twitter, shares how BigQuery and Dataflow helped the team modernize the way they process data, uncover insights, and develop offerings that delight advertisers and customers.

BigQuery Data Analytics Official Blog

Unlock real-time insights from your Oracle data in BigQuery - A tutorial on how to replicate operational data from an Oracle database into BigQuery so that you can keep multiple systems in sync real-time.

BigQuery Cloud Data Fusion

Cloud Data Fusion: Reverse ETL from BigQuery to CloudSQL - Using Cloud Fusion to load data from BigQuery to Cloud SQL.

BigQuery Data Analytics

How to Modify BigQuery Table Definition at No Costs - Cost efficient way how to change structure of BigQuery tables like partition key and type, ….

BigQuery

Exactly once delivery in BigQuery’s Storage Write API - Making data pipelines faster with exactly-once semantics.

Airflow Cloud Composer

How to Connect to Airflow Workers on Cloud Composer - Connecting to Airflow workers on Google Cloud Platform.

BigQuery Data Science Machine Learning

Predict Transactions On Your Website Using Big Query ML - Train a model on Google Analytics data.

Machine Learning TensorFlow Vertex AI

Online prediction using GCP’s Vertex AI - Serve and process real-time data with a Tensorflow model using Pub-Sub, Cloud Dataflow, BigQuery and Vertex AI.

Various

GCP Certification Official Blog

New Research shows Google Cloud Skill Badges build in-demand expertise - To better understand the value that skills badges have had on holders’ career goals, we commissioned a third-party research firm, Gallup, to take an in-depth look. Download the new, free Google Cloud skills badge impact report for more insight.

Slides, Videos, Audio

GCP Podcast - #304 AlloyDB with Sandy Ghai and Gurmeet "GG" Goindi.

Kubernetes Podcast - #180 KubeCon EU 2022, with Ricardo Rocha.

Security Podcast - #65 EP65 Is Your Healthcare Security Healthy? Mandiant Incident Response Insights.

SRE Podcast - #7 - On-Call Rotations with Andrew Widdowson.

 

Releases

Anthos Config Management - 1.11.2. Fixed metrics to use correct reconciler Pod name for multiple RootSync and RepoSync objects.

Anthos clusters on VMware - Anthos clusters on VMware 1.9.6-gke.1 is now available. Secret encryption key rotation does not fail when the cluster has more than 1000 secrets. Fixed the following vulnerabilities CVE-2022-1055, CVE-2022-27666 , CVE-2022-0492 CVE-2021-3999, CVE-2021-4160, CVE-2022-27666, CVE-2018-25032, CVE-2022-0778, CVE-2022-1271 Changed scope of certain RBAC permissions We have scoped down the over-privileged RBAC permissions for the following components in this release: clusterdns-controller: Scope down clusterdns permissions to 'default' resource name.

AppEngine - Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Google Cloud Armor - The rule source for Cloud Armor preconfigured rules now includes ModSecurity Core Rule Set (CRS) 3.3 in public preview.

Cloud Asset Inventory - The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the Feed API, and the Search APIs (SearchAllResources and SearchAllIamPolicies): Cloud Firestore firestore.googleapis.com/Database. The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning): Datastream datastream.googleapis.com/Stream datastream.googleapis.com/ConnectionProfile datastream.googleapis.com/PrivateConnection. The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the Feed API, and the Search APIs (SearchAllResources and SearchAllIamPolicies): Cloud KMS cloudkms.googleapis.com/EkmConnection.

BigQuery - Updated versions of ODBC and JDBC drivers for BigQuery are now available that include enhancements.

Cloud Build - Users can view build logs directly in GitHub or GitHub Enterprise without logging into Cloud Build.

Cloud Composer - Cloud Composer 1.18.9 and 2.0.13 release started on May 19, 2022. Airflow 2.2.5 is available in Cloud Composer images. (Cloud Composer 2) You can now assign permissions for an environment's service account on the service account level instead of the project level. (Cloud Composer 2) Increased the memory limit for the Redis queue and made it scale with the environment's size. New Airflow metrics for pools, smart sensor, and SLA email notifications are available for Cloud Composer environments. If it is not possible to create an environment because of CMEK-related organization policies constraints/gcp.restrictCmekCryptoKeyProjects and constraints/gcp.restrictNonCmekServices, then such attempts fail with an error immediately. It is now possible to use upper-case symbols in the versions of PyPI packages. If it is not possible to create an environment because of constraints/compute.vmCanIpForward and compute.vmExternalIpAccessorganization policies, then such attempts fail with an error immediately. (Airflow 1) If your DAGs use the google-ads package version 14.0.0 or earlier, please upgrade your environment to Cloud Composer version 1.18.9 so that your environment uses Google Ads API v10. Cloud Composer 1.18.9 and 2.0.13 images are available: composer-1.18.9-airflow-1.10.15 (default) composer-1.18.9-airflow-2.1.4 composer-1.18.9-airflow-2.2.3 composer-1.18.9-airflow-2.2.5 composer-2.0.13-airflow-2.1.4 composer-2.0.13-airflow-2.2.3 composer-2.0.13-airflow-2.2.5.

Confidential VM - Support for 3rd generation AMD EPYC Milan processors on general purpose N2D machine types is now available in Preview. Support for compute-optimized C2D machine types is now available in Preview, featuring: 3rd generation AMD EPYC Milan processors AMD Secure Encrypted Virtualization (SEV) which can encrypt the memory of the VM to protect data in-use The largest VM sizes and are best-suited for high-performance computing (HPC).

Compute Engine - N2D VMs are now available in Paris, France europe-west9-a,b,c.

Config Connector - Config Connector version 1.85.0 is now available. Fixed spec.topics in SecretManagerSecret (Issue #655). Added support for PrivateCACertificate resource. Fixed the reference configs for AccessContextManagerServicePerimeter. Added spec.subsetting field to ComputeBackendService. Added spec.secondaryIpRange field to RedisInstance. Changed spec.readReplicasMode in RedisInstance from immutable to optional.

Cloud Debugger - Cloud Debugger is deprecated and is scheduled for shutdown on May 31 2023.

Deep Learning Containers - M92 Release TensorFlow Enterprise 2.9 is now available.

Cloud Deploy - Google Cloud Deploy support for VPC Service Controls is now generally available (GA).

Eventarc - Eventarc is now available in the following regions: europe-west8 (Milan, Italy) europe-west9 (Paris, France).

Cloud Healthcare API - A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Google Kubernetes Engine - (2022-R12) Version updates GKE cluster versions have been updated.

GKE - (2022-R12) Version updates Version 1.21.11-gke.1100 is now the default version.

Google Kubernetes Engine Rapid - (2022-R12) Version updates The following versions are now available in the Rapid channel: 1.21.12-gke.1500 1.22.8-gke.201 1.22.9-gke.1300 1.23.6-gke.1500 The following versions are no longer available in the Rapid channel: 1.21.11-gke.1100 1.22.7-gke.1500 1.22.8-gke.200 1.23.5-gke.1500 Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.11-gke.1900 with this release.

Google Kubernetes Engine Regular - (2022-R12) Version updates Version 1.21.11-gke.1100 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2022-R12) Version updates Version 1.21.11-gke.900 is now the default version in the Stable channel.

Cloud Logging - You can now see more log entries in the Logs Explorer as a result of several style changes.

Cloud Monitoring - The pricing for Google Cloud Managed Service for Prometheus has been reduced by 25-50%, depending on volume and usage.

Cloud Run - You can now tag services using Resource Manager tags for fine-grained access control.

Security Command Center - Updates were made to the applications that let you send Security Command Center data to to the following SIEM and SOAR platforms: Cortex XSOAR—see Sending Security Command Center data to Cortex XSOAR.

Service Mesh - Managed Anthos Service Mesh. Enabling endpoint discovery multi-cluster installations with declarative API is now available as a preview feature in all release channels.

Tensorflow Enterprise - TensorFlow Enterprise 2.9 is now available.

Traffic Director - Traffic Director for GKE now supports using the Kubernetes Gateway APIs to create a service mesh.

Vertex AI - The ability to configure Vertex AI private endpoints is now general available (GA).

Cloud Vision API - OCR model migration The TEXT_DETECTION and DOCUMENT_TEXT_DETECTION models have been upgraded to newer versions.

VMware Engine - Beginning on May 30 2022, the VMware Engine operations team will continue performing essential maintenance of the network infrastructure to improve equipment robustness and apply security patches.

VPC Service Controls - General availability for the following integration: Google Cloud Deploy.

Workflows - Workflows using callbacks that were deployed on or before January 11, 2022 must be redeployed to continue executing workflows without failures.

 

Latest Issues




Contact

Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]