Welcome to issue #320 November 14th, 2022

News

Cloud Marketplace Official Blog

Announcing Private Marketplace, now in preview - Private Marketplace functionality is now available in preview for Google Cloud Marketplace to help organizations scale compliant product discovery.

Google Kubernetes Engine Official Blog

Google Kubernetes Engine Gateway controller is now GA for single cluster deployments - Google Cloud is excited to announce the General Availability of the GKE Gateway controller, Google Cloud’s implementation of the Kubernetes Gateway API, supporting single cluster deployments, in GKE 1.24+ clusters.

Apigee NoSQL Official Blog

Announcing MongoDB connector for Apigee Integration - Easily connect your data and applications using the MongoDB Connector for Apigee Integration.

Assured workloads Official Blog

Announcing Assured Workloads for Israel in Preview - Google Cloud is now offering Assured Workloads in Israel to help provide the confidence that when you use our services, you can have control, transparency, and can support your compliance and residency requirements.

Data Analytics Data Studio Official Blog

Access modeled data from Looker Studio, now in public preview - The integration between Looker and Looker Studio (Data Studio) is now available in public preview with additional functionality.

Google Maps Platform Official Blog

Address Validation API is now generally available

GCP Certification Official Blog

Upskill for in-demand cloud roles with no-cost training on Coursera - Access no-cost Google Cloud training on Coursera - grow in-demand cloud skills to stand out in the job market.

Google Cloud Platform Official Blog

Live from COP27, Egypt: A cloud’s eye view - Google Cloud experts and customers are weighing in daily on cloud and climate change during the United Nation’s COP27 conference in Egypt.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Official Blog Security

How data embassies can strengthen resiliency with sovereignty - Embassies have been foreign safe havens for generations. The concept has been extended to data in the digital world, made possible by the flexible, distributed nature of the cloud. Here’s how it works.

Google Kubernetes Engine Official Blog

4 low-effort, high-impact ways to cut your GKE costs (and your carbon footprint) - Trimming your Google Kubernetes Engine (GKE) costs is a simple matter of using built-in tools and following well-established best practices.

Google Kubernetes Engine Networking Official Blog Traffic Director

Traffic Director: TLS routing using Envoy gateway proxy on GKE - We share a sample architecture for using Traffic Director with TLS routing for workloads deployed on the GKE cluster.

CISO Official Blog Security

For a successful cloud transformation, change your culture first - Lessons from the computing virtualization era can help ease an organization’s cloud transformation. First, start with your culture. Here’s why.

Google Cloud Platform Infrastructure

Landing Zones on Google Cloud - An overview of using Landing Zones in your organization.

Cloud Load Balancing Compute Engine Networking

Load balancing with IPVS - Making work IP Virtual Server L4 Load Balancing on Google Cloud.

Anthos Official Blog

Here's how Anthos helps you do cluster lifecycle operations in your hybrid and multicloud environment - The Google Cloud console provides a consistent cluster management experience for Anthos clusters across hybrid, on-prem and multicloud environments.

Cloud Armor Official Blog

When should I use Cloud Armor? - This blog looks at a few examples where Cloud Armor might be a good fit.

App Development, Serverless, Databases, DevOps

Google Maps Platform Official Blog

Discover Elton and Los Angeles history using Google Maps Platform - Rocket Entertainment shares how they created an immersive map experience to celebrate Elton John’s final North American tour using Google Maps Platform.

Data Loss Prevention API Official Blog

Redacting PII data in Dialogflow CX with Google Cloud Data Loss Prevention (DLP) - This blog post will provide a walkthrough on redacting sensitive information.

.NET Cloud Run

.NET 7 on Cloud Run - .NET 7 was released a few days ago with new features and performance improvements and it’s already supported on Cloud Run on Google Cloud!

Cloud Run Official Blog Serverless

Migrate from Heroku Enterprise to Cloud Run while keeping devs and ops happy - Migrate Heroku apps to a private space like architecture on Google Cloud with Cloud Run.

Cloud Functions Cloud Run Official Blog Serverless

Cloud Functions vs. Cloud Run: when to use one over the other - When building on top of a serverless platform like Cloud Run or Cloud Functions, here’s a framework for deciding which to choose for a given workload.

Cloud Storage

Google Cloud Storage introduces Autoclass - Cloud Storage Autoclass automatically moves objects based on the last access time by policy to colder or warmer storage classes.

API Monitoring Official Blog

3 best practices to reduce application downtime with Google Cloud’s API monitoring tools - Maintain high uptime and performance for your APIs without any overheads using Google Cloud’s API monitoring tools.

Big Data, Analytics, ML&AI

BigQuery Billing

Reducing BigQuery Costs: How We Fixed A $1 Million Query - Tips from Shopify Engineers to lower costs in BigQuery.

Cloud Composer Cloud Dataproc Serverless

Use Composer for Dataproc Serverless workloads - Using Composer to run Dataproc jobs.

BigQuery Data Science dbt GCP Experience

BQ+DBT: 5 proven practices to scale you analytics infrastructure effectively without exploding your cloud costs - Sharing learnings and distilled techniques used to manage analytics infrastructure.

Document AI Official Blog

Document AI: A unified AI agent for your document processing needs - Learn how Document AI helps organizations understand and organize the data in their documents.

Cloud Dataflow Earth Engine Machine Learning Official Blog

Intro to deep learning to track deforestation in supply chains - What’s deep learning, how fully convolutional network work, and how it can help detect deforestation in supply chains or other environmental use cases.

Official Blog Vertex AI

Best Practices for managing Vertex Pipelines code - Best practices on how to manage the codebase for your ML pipelines.

Machine Learning Vertex AI

Monitoring ML models with Vertex AI - Monitoring ML Models in Vertex AI.

Various

Official Blog Public Sector

Veteran Transitioners Find Success at Google Public Sector - In celebration of Veterans Day, we spoke with five Googler Veterans who share their experiences and offer insights for others looking to make their way into tech after active-duty service.

GCP Experience Official Blog

Veterans Day: Q&A with Terradepth about mapping the ocean floor, the final frontier on Earth, with Google Cloud - Terradepth has built a revolutionary platform that stores and shares ocean floor data using Google Cloud, including Google Kubernetes Engine and Cloud SQL.

Google Cloud Platform Official Blog

Sarah Masotti has worked and traveled across 60 countries — here’s how she channels her own experiences to help customers transform their businesses - Sarah Masotti has worked and traveled across 60 countries and is currently a Digital Transformation Lead. See how she brings creativity to help customers embrace change and transform their businesses.

Slides, Videos, Audio

GCP Podcast - #327 ML/AI Data Science for Data Analytics with Jed Dougherty and Dan Darnell.

Kubernetes Podcast - #193 KubeCon NA 2022.

Security Podcast - #95 Cloud Security Talks Panel: Cloud Threats and Incidents.

The Digital Show Podcast - #55 The Transformation Debrief: How Botify is Transforming SEO with AI to deliver for its customers, Botify continues to reinvent how companies perform SEO.

 

Releases

Anthos clusters on AWS - Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node.

Anthos clusters on bare metal - 1.12. Release 1.12.4 Anthos clusters on bare metal 1.12.4 is now available for download. Fixes: Increased the CPU limit for the metrics-server Pod to prevent it from frequently restarting. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section. 1.11 & 1.12 & 1.13. Security bulletin (1.11, 1.12, and 1.13) A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh, that allows a malicious attacker to crash the control plane.

Anthos clusters on Azure - Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node.

Anthos clusters on VMware - Anthos clusters on VMware 1.11.5-gke.14 is now available. Fixed the issue where /var/log/audit/ is using up disk space on the admin workstation. Two new vulnerabilities, CVE-2022-2585 and CVE-2022-2588, have been discovered in the Linux kernel that can lead to a full container break out to root on the node. A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh, that allows a malicious attacker to crash the control plane.

Anthos GKE on AWS - Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node.

AppEngine Flexible - The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

Bare Metal Solution - Enhancements to Bare Metal Solution resource management–Adds the following self-service functionality: Manage networks–You can create, attach, detach, and delete networks.

BigQuery - You can now transfer data from Amazon S3 and Azure Blob Storage to BigQuery using the LOAD DATA statement. In the Explorer pane, you can now star your projects, datasets, and tables. In the Cloud console, the Add data feature lets you access popular ways to search for and ingest data sources that work with BigQuery.

Cloud Build - Users can now customize Slack notifications for their builds using notifier templates.

Chronicle - Chronicle Curated Detections has been enhanced with the following additional detection content: Windows-based threats: Security Posture Downgrade: detects activity attempting to disable or decrease the effectiveness of security tools. The following default parsers have changed. Chronicle Feed Management added support for the Sentinel One Alerts API. When downloading data to CSV file format from the Chronicle user interface, raw log data is now excluded unless you are using Raw Log Scan.

Cloud Composer - Cloud Composer 1.19.14 and 2.0.31 release started on November 7, 2022. Airflow triggerer and Deferrable Operators are available in Preview in Cloud Composer 2. Cloud Composer 1.19.14 and 2.0.31 images are available: composer-1.19.14-airflow-1.10.15 (default) composer-1.19.14-airflow-2.1.4 composer-1.19.14-airflow-2.2.5 composer-1.19.14-airflow-2.3.3 composer-2.0.31-airflow-2.1.4 composer-2.0.31-airflow-2.2.5 composer-2.0.31-airflow-2.3.3. Cloud Composer versions 1.17.4 and 2.0.0-preview.5 have reached their end of full support period.

Compute Engine - Per VM Tier_1 networking performance now includes up to 25 Gbps egress for traffic going to public IP addresses (increased from 7 Gbps). Generally available: Share sole-tenant node groups with other projects or with your entire organization. The quota limits displayed in the Cloud console might be incorrect in the asia-south1 region. Generally available: Memory-optimized M3 virtual machine instances are available in the following regions and zones: Frankfurt, Germany (europe-west3-a,b) Eemshaven, Netherlands (europe-west4-a,b) Council Bluffs, Iowa, USA (us-central1-a,b) Las Vegas, Nevada, USA (us-west4-a,b) See VM instance pricing for details.

Data Fusion - DNS Resolution is generally available (GA).

Dataproc Serverless - Dataproc Serverless for Spark runtime versions 1.0.22 and 2.0.2 will be deprecated on 11/11/2022.

Dataproc - Dataproc images 2.0.50 and preview 2.1.0-RC3 are deprecated and cluster creations based on these images will fail starting 11/11/2022. New sub-minor versions of Dataproc images: 1.5.76-debian10, 1.5.76-rocky8, 1.5.76-ubuntu18 2.0.50-debian10, 2.0.50-rocky8, 2.0.50-ubuntu18 preview 2.1.0-RC3-debian11, preview 2.1.0-RC3-rocky8, preview 2.1.0-RC3-ubuntu20,. Dataproc Serverless for Spark now now uses runtime version 1.0.22 and 2.0.2. If a Dataproc Metastore service uses the gRPC endpoint protocol, a Dataproc or self-managed cluster located in any region can attach to the service.

Deep Learning Containers - M100 Release Regular package updates.

Deep Learning VM - M100 Release Migrated the Docker proxy agent to use a systemctl service.

Dialogflow - The following languages are now GA (generally available) for Dialogflow CX: Bulgarian (bg) Catalan (ca) Croatian (hr) Czech (cs) Greek (el) Hebrew (iw) Hmong (hmn) Hungarian (hu) Serbian (sr) Slovak (sk) Somali (so).

Cloud Data Loss Prevention - The ExcludeByHotword type was added as a type of ExclusionRule.

Document AI - v1beta3. New stable W2 processor version with the following enhancements: Breaks down long entities such as addresses into fine-grained sub-entities: StreetAddressOrPostalBox, AdditionalStreetAddressOrPostalBox, City, State, and Zip. New stable Payslip processor version with the following enhancements: Bonus, commissions, holiday, overtime, regular pay and vacation are now part of earning_item/earning_this_period and earning_item/earning_ytd.

Cloud Functions - Cloud Functions has added support for the following new runtimes at the Preview release level: Go 1.18 Go 1.19.

IAM - You can use the Google Cloud console to view authentication activities, which indicate when your service accounts and keys were last used to call a Google API.

Google Kubernetes Engine - The Filestore CSI driver has patched the following CVEs for newly created clusters running GKE version 1.23 and later: CVE-2022-37434 CVE-2019-19126 CVE-2019-25013 CVE-2022-23219 CVE-2021-35942 CVE-2020-10029 CVE-2021-3326 CVE-2022-23218 CVE-2020-1752 CVE-2021-3999 CVE-2020-27618 CVE-2021-27645 CVE-2016-10228 CVE-2020-6096 CVE-2021-33574 CVE-2022-29458. You can now use use compact placement for node auto-provisioning in Standard clusters with GKE version 1.25 and later. GKE Gateway for Single Cluster is now generally available in GKE version 1.24 and later. A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh, that allows a malicious attacker to crash the control plane. When you create a LoadBalancer service in GKE, the Google Cloud controllers automatically create the following firewall rules and apply them to the GKE nodes to allow inbound connections on the Service port: Internal load balancer with GKE subsetting or external load balancer with regional backend services (RBS): k8s2-[cluster-id]-[namespace]-[service-name]-[suffixhash] Internal load balancer without GKE subsetting or external load balancer with target pool: k8s-fw-[loadbalancer-hash] These rules now include the load balancer IP address in the destination ranges field to further control the inbound connections to the nodes.

Cloud Logging - You can now dynamically include your log content in your alert notifications for easier troubleshooting.

Marketplace Partners - After your organization enrolls in Partner Advantage portal, you can start integrating your products with Google Cloud Marketplace and preparing to publish them at the same time that your organization completes the process of becoming an approved Google Cloud Build partner.

Migrate for Compute Engine - V.4.11.11 Security updates available.

Cloud Monitoring - Prometheus Query Language (PromQL) for creating charts and dashboards in Cloud Monitoring is now Generally Available. Cloud Monitoring now provides a GKE Clusters dashboard for enabling Managed Service for Prometheus on clusters in your project. You can now dynamically include your log content in your alert notifications for easier troubleshooting.

Network Connectivity Center - The Google Cloud console now lets you do all of the following: See a list of existing hubs Create multiple hubs Edit an existing hub's description and/or labels Previously, you could complete these actions only by using the Google Cloud CLI or the API.

Security Command Center - Security Command Center added the ability to export findings to a CSV file from the Google Cloud console. Security Command Center released two new error detectors: KTD blocked by admission controller KTD image pull failure These detectors report configuration errors that prevent the Container Threat Detection service from functioning properly.

Service Mesh - Managed Anthos Service Mesh. The rollout of version 1.15 for managed Anthos Service Mesh has completed in all regions.

Anthos Service Mesh - Managed Anthos Service Mesh. The rollout of version 1.15 for managed Anthos Service Mesh has completed in all regions.

SAP Solutions - New SAP certifications: M3 series of memory-optimized machine types For use with SAP HANA and SAP NetWeaver, SAP has now certified the Compute Engine memory-optimized M3 series machine types.

Cloud Spanner - Cloud Spanner now supports cross-region and cross-project backup use cases.

Cloud Speech-to-Text - Speech-to-Text has updated its pricing policy.

Cloud Storage - You can now use the Google Cloud console to get role recommendations and policy insights for buckets. Expanded Cloud Storage monitoring dashboards are now available in Preview. The Autoclass feature is now available. gcloud storage GA release 1.1 is now available.

Cloud Text-to-Speech - Text-to-Speech now offers these new voices.

Cloud Trace - The Trace scatterplot now indicates traces with error codes as red.

Transfer Appliance - 4.0. Users can now use SMB to transfer data by enabling SMB file share.

Vertex AI - AutoML Image Classification Error Analysis Error analysis allows you to examine error cases after training a model from within the model evaluation page. Feature Transform Engine is available in Preview. M100 Release The M100 release of Vertex AI Workbench includes the following: Fixed a bug that prevented an instance with a GPU from starting.

VPC Service Controls - Beta stage support for the following integration: Config Controller.

Virtual Private Cloud - Preview: You use the private.googleapis.com and restricted.googleapis.com VIPs to access Google APIs and services using IPv6 addresses.

Workflows - Workflows is available in the following additional regions: asia-east2 (Hong Kong, China) europe-central2 (Warsaw, Poland) europe-southwest1 (Madrid, Spain) europe-west9 (Paris, France) northamerica-northeast2 (Toronto, Canada) us-east5 (Columbus, United States) us-south1 (Dallas, United States) us-west2 (Los Angeles, United States) us-west3 (Salt Lake City, United States).

 

Latest Issues




Contact

Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]