Welcome to issue #307 August 15th, 2022


Infrastructure Official Blog

New Google Cloud regions are coming to Asia Pacific - The new Google Cloud regions coming to Malaysia, Thailand, and New Zealand will join our 11 existing regions in Asia Pacific.

Cloud Functions Official Blog Serverless

Cloud Functions 2nd gen is GA, delivering more events, compute and control - With Cloud Functions 2nd gen, developers can write more powerful functions that integrate with more services, and satisfy enterprise requirements.

Official Blog

Introducing Google Cloud and Google Workspace support for multiple Identity providers with Single Sign-On - Google Cloud now supports Single Sign On with multiple third-party identity providers, giving customers more flexibility when signing in.

Cloud Storage Data Analytics Official Blog

Introducing easier de-identification of Cloud Storage data - Many organizations require effective processes and techniques for removing or obfuscating certain sensitive information in the data they store. An important tool to achieve this goal is de-identification, which can reduce the privacy risk associated with collecting, processing, archiving, distributing or publishing information.

Cloud Deploy Official Blog

Google Cloud Deploy gets continuous delivery productivity enhancements - In this latest release, Google Cloud Deploy got improved onboarding, delivery pipeline management and additional enterprise features.

Google Maps Platform Official Blog

Announcing version history support for Cloud-based maps styling - Today we are launching version history for Cloud-based maps styling to make it easier to prototype and experiment with styles. This new feature is available to all developers in the Map Style Editor under the ‘Settings’ menu.

Cloud Filestore Google Kubernetes Engine Official Blog

Filestore Enterprise for fully managed, fault tolerant persistent storage on GKE - With FIlestore Enterprise on GKE, customers get the best of both worlds - fully managed compute for their containers and fully managed and highly available storage for data.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Anthos Official Blog Security

Securing apps for Googlers using Anthos Service Mesh - In this blog post, David and Anthony from SRE and DevRel discuss how Google internally uses Anthos Service Mesh to secure first and third party applications that Googlers uses every day.

Official Blog Security Terraform

Building security guardrails for developers with Google Cloud - For many organizations with security top of mind, their concern is “How do I balance security and innovation?” This blog explores commonly used to configure security guardrails for developers.

Official Blog Security

Welcome to Security Voices - This living blog is authored by a diverse group of people across multiple security teams at Google. Our voices reflect the diverse world that we help secure.

Official Blog Security

Zero Trust and BeyondCorp Google Cloud - Zero Trust and BeyondCorp Google Cloud.

Migration Official Blog

Accelerating migrations to Google Cloud with migVisor by EPAM - Ready to move your applications and databases to the Cloud? Start with a comprehensive assessment of your workload using the MigVisor assessment tool.

Anthos Migration

To containerize or not — check if you are ready! - Google Cloud brings you a free tool to determine how ‘fit’ your application is to move to containers.

Google Kubernetes Engine Workload Identity

How to implement Workload Identity on Google Kubernetes Engine clusters - Hello everyone. If you’re looking for enhance your infrastructure on Google Cloud Platform, this is your article.

Security SRE

Gremlin Chaos Engineering On Google Cloud - This Article is based on how to implement Chaos Engineering Experiments Using Gremlin on Google Cloud.

Cloud CDN Networking

Performance improvement & cost reduction with GCP Cloud CDN Dynamic compression - Using dynamic compression in Google Cloud CDN.


Burn a Physical Security Key to Access Your Google Accounts Securely - This article explains how to build your own physical security key using an nRF 52840 Dongle from Nordic to securely access your Google/Google Cloud accounts.

Cloud Armor

Oh Sh*t, I’m Getting Attacked, Now What… - Using Google Cloud Armor to mitigate a denial of service attack.

App Development, Serverless, Databases, DevOps

Cloud Logging Official Blog

Accelerate your developer productivity with Query Library - Query Library enables users to use templates to build queries. This allows users with minimal querying skill to use Cloud Logging effectively for troubleshooting purposes.

Cloud Monitoring DevOps Official Blog SRE

Snooze your alert policies in Cloud Monitoring - Snooze alert policies to prevent the creation of alerts and notifications. This is useful during maintenance windows, non-business hours, and more.

API Official Blog

Utilizing Cloud Support API to Programmatically Update Support Cases - See how to leverage Google Cloud Support API to update the email addresses of all active support cases at once.

GCP Experience Official Blog Serverless

How NTUC FairPrice delivers a seamless shopping and payment experience through Google Cloud - NTUC FairPrice launched a new app payment solution, allowing customers with a seamless shopping and payment experience using Google Cloud tools.

Cloud Spanner Go Official Blog

Debugging cloud spanner latency using OpenCensus and Go client library - This article describes a client side latency issue caused by session pool exhaustion and how users can diagnose the situation by using OpenCensus features and Cloud Spanner client library for Go.

Cloud Spanner Cloud SQL

Modernizing with Cloud Spanner — Google Cloud’s SQL Database with Global Scale - When to choose Spanner over Cloud SQL… and how Spanner could be a more cost-effective option!

Compute Engine Monitoring Windows

Using any Windows Performance Metric in Google Cloud and Managed Instance Groups - Automated scaling of Windows Terminal Services based upon load.

Cloud SQL Cloud Storage Terraform Workflows

Easily backup MySQL GCP instances to GCP Storage using terraform - Google Cloud SQL Instances native backup has a problem where if you delete the instance, all those instance backups will be deleted too.

Dialogflow Machine Learning

Comparing Language Understanding on Dialogflow and NeuralSpace - We evaluate the Language Understanding services of Google Cloud’s Dialogflow ES and NeuralSpace.

Big Data, Analytics, ML&AI

Data Analytics

Batch processing options on GCP through a practitioner’s lens - his posts covers a different tools and technologies you can use on GCP to run batch processing workloads.

BigQuery Cloud Pub/Sub

Streaming from Google Cloud Pub/Sub to Bigquery without the Middlemen - Implementing CDC pipeline for Cloud SQL to BigQuery via Pub/Sub.

BigQuery Cloud SQL Virtual Private Cloud

Extend your Datalake with CloudSQL and BigQuery connections - Querying data from a private CloudSQL instance from BigQuery.

AI Machine Learning Official Blog

Google Cloud and Apollo24|7: Building Clinical Decision Support System (CDSS) together - Discover the Google Cloud AI technologies supporting Apollo 24|7’s CDSS solution.

Official Blog Vertex AI

Building a scalable MLOps system with Vertex AI AutoML and Pipeline - This blog post shows how to build a MLOps system with Vertex AI platform. In Particular, you could learn a way to build an ML pipeline to manage a dataset, train an AutoML model based on previously the best one, emit Vertex AI aware artifacts along with how to trigger such a pipeline with Cloud Functions and GCS.

Slides, Videos, Audio

GCP Podcast - #315 Cloud Functions (2nd gen) with Jaisen Mathai and Sara Ford.

Security Podcast - #78 Classic SOC Meets Cloud: What Changes? What Stays the Same?

GCP Life Podcast - #20 - In this episode we discuss; Empty Epsilon, Rocky Linux, GCVE Frontend, Google Cloud VMWare Engine, Solution Series Talk.



Anthos clusters on AWS - Anthos clusters on AWS (previous generation) aws-1.12.1-gke.0 is now available. You can now launch clusters with the following Kubernetes versions: 1.23.8-gke.2000 1.22.12-gke.300 1.21.14-gke.2100. This release fixes the following vulnerabilities: CVE-2022-1292 CVE-2022-2068 CVE-2022-1271 CVE-2018-25032 CVE-2022-1271 CVE-2022-31030 CVE-2022-2327.

Anthos clusters on VMware - Anthos clusters on VMware 1.10.6-gke.36 is now available. Fixed the issue where mounting emptyDir volume with exec option on Container-Optimized OS (COS) nodes fails with permission error.

BigQuery - You can now set default configurations at a project or organization level. You can now manage query execution priority for Cloud Spanner federated queries. Querying Google Cloud Bigtable external data sources is now generally available (GA). A weekly digest of client library updates from across the Cloud SDK.

BigTable - Cloud Bigtable-BigQuery federation is now generally available (GA). New tooling is available to help you migrate to Cloud Bigtable from HBase clusters that are hosted on another Google Cloud service. A weekly digest of client library updates from across the Cloud SDK.

Chronicle - The following changes are available in the Unified Data Model: The File.ashash field was deprecated and replaced with the File.authentihash field.

Cloud Composer - Cloud Composer 1.19.6 and 2.0.23 release started on August 10, 2022. Starting with Cloud Composer 1.19.6, it is no longer possible to use any operators that call Python 2. Logs that are generated when processing individual DAG files are no longer written to the Airflow scheduler's disk. Improved DAG UI reliability in Private IP environments. (Cloud Composer 2) When creating environments with Private Service Connect, Cloud Composer no longer checks for networking range conflicts that are not relevant for this type of connectivity. Cloud Composer 1.19.6 and 2.0.23 images are available: composer-1.19.6-airflow-1.10.15 (default) composer-1.19.6-airflow-2.1.4 composer-1.19.6-airflow-2.2.5 composer-2.0.23-airflow-2.1.4 composer-2.0.23-airflow-2.2.5. Cloud Composer versions 1.16.12, 1.16.13, 1.17.0.preview.8, and 1.17.0.preview.9 have reached their end of full support period.

Compute Engine - Generally Available: Internal and external IPv6 addresses for Google Compute Engine instances are available in all regions.

Deep Learning VM - M95 Release Tensorflow has been updated to 2.9.1, 2.8.1, and 2.6.5 to include upstream changes. n1-standard-1 Compute instances that use the tensorflow-gpu family fail to boot if they were created with a single disk and no accelerator.

Cloud Domains - Importing a domain from Google Domains to Cloud Domains is available in Preview.

Google Kubernetes Engine - Newly created GKE Clusters on version 1.24 or later using Services without .spec.ports field defined will cause a crash-loop of the ingress-gce controller (l7lbcontroller pod).

Load Balancing - Network Load Balancing logging and Internal TCP/UDP Load Balancing logging are now available in Preview. External TCP/UDP network load balancers can now be configured to handle IPv6 traffic from clients.

Cloud Monitoring - You can now prevent Cloud Monitoring from sending notifications or creating incidents during specific time periods. You can now update older versions of the Ops Agent from the Cloud Monitoring VM Instances page and from the Details panel for a selected Compute Engine instance. The Cloud Monitoring Integrations page now provides information about integrations with other Google Cloud services, enhanced filtering, and additional information about available third-party integrations. You can now create uptime checks for Cloud Run public endpoints by using the Monitoring API and specifying the Cloud Run Revision monitored-resource type. The organization of the SLO monitoring Services Overview page has been improved.

Network Intelligence Center - Connectivity Tests now includes a feature that performs live data plane analysis by testing connectivity between a VM and a Google network edge location.

Cloud PubSub - A weekly digest of client library updates from across the Cloud SDK.

Security Command Center - Event Threat Detection, a built-in service of Security Command Center, launched the following rules to Preview.

Service Mesh - 1.14.x. 1.14.3-asm.1 is now available. 1.14.x. 1.14.3-asm.0 is now available. 1.12.x. 1.12.9-asm.0 is now available.

Cloud Storage Transfer - Storage Transfer Service now supports transfers from AWS S3 using self-hosted transfer agents.

Transfer Appliance - You can now place your Transfer Appliance into suspend mode before moving it to a new location.

VMware Engine - Removed ability to create stateless firewall rules for new projects and projects that have not yet created stateless rules. Removed ability to create point-to-site (P2S) VPN gateways for new projects and projects that have not yet created P2S VPN gateways.

VPC Service Controls - General availability for the following integration: Web Risk. Beta stage support for the following integration: Service Account Credentials API.

Virtual Private Cloud - Internal and external IPv6 addresses are available in all regions in General Availability: Subnets: Dual-stack subnets that have both IPv4 and IPv6 subnet ranges.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]