Welcome to issue #332 February 6th, 2023


Cloud Security Command Center Official Blog

Introducing Security Command Center’s project-level, pay-as-you-go options - Google Cloud’s Security Command Center is now available on a project-level basis, with pay-as-you-go options. Here’s how this can help security teams making their digital transformations.

Data Analytics Dataplex Official Blog

Establish consistent business language and improve trust in your data - Learn how Dataplex business glossary helps establish consistent business language, improve trust, & enable self-serve data usage.

App Engine Cloud Run Official Blog Serverless

Improved gVisor file system performance for GKE, Cloud Run, App Engine and Cloud Functions - gVisor rolled out two file system performance improvements to GKE and Serverless: VFS2 and LISAFS. These bring gVisor performance closer to native.

Cloud Monitoring Cloud Run Official Blog Serverless

Verify Cloud Run service availability with new dedicated uptime checks - To get started, you can head to Monitoring > Uptime, select “+ Create Uptime Check”, then select the new Cloud Run Service option.

Official Blog Security

Mandiant now supports Attack Surface Management for Google Cloud - Mandiant now supports Attack Surface Management for Google Cloud. Read on for more about cloud security integrations between Google Cloud and Mandiant that are already underway.

Event Official Blog

Save the Date: Google Cloud Next ‘23 is back August 29 - 31 - For the first time since 2019, Google Cloud Next will be fully live and in person this year at San Francisco’s Moscone Center.


Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Bare Metal GCP Experience Official Blog SAP

Cardinal Health goes big with Google Cloud Bare Metal Solution for SAP - Cardinal Health uses the Google Cloud Bare Metal Solution for SAP to improve performance with minimal disruption.

CISO Official Blog Security

Cloud CISO Perspectives: January 2023 - In his January newsletter, Cloud CISO Phil Venables revisits two megatrends: the cloud as a digital immune system and software-defined infrastructure.

Cloud CDN Cloud Storage GCP Experience Networking Official Blog Serverless

How Meesho migrated a petabyte of data into Cloud CDN with zero downtime - Meesho used Storage Transfer Service, Cloud Storage and Cloud CDN to migrate over a petabyte of data to Google Cloud with no downtime.

Billing Official Blog

You get what you pay for: Principles for designing a chargeback process - As part of your Cloud FinOps implementation, here are best practices for designing effective chargeback processes in Google Cloud.

DevOps Google Kubernetes Engine Official Blog SRE

Scalability testing on Google Kubernetes Engine: Know before you go - Getting ready to scale up a Kubernetes-based workload? Learn about the benefits, how to set goals and best practices of scalability testing on GKE.

Google Kubernetes Engine Security Workload Identity

Access GCP resources from GKE via Workload Identity - This blog post shows how to use Workload Identity to access GCP services securely.

GKE Autopilot IAM Workload Identity

GKE Autopilot and Workload Identity - Workload Identity enables GKE workloads to impersonate IAM service accounts, allowing them to access Google Cloud services.

Google Kubernetes Engine gRPC Istio

GKE Multicluster architecture with gRPC, Istio, and GCP endpoint. - The purpose of this article is to show the integration of the gRPC application (with HTTP Transcoding) deployed multiple GKE clusters with Istio Framework and exposed externally using MultiClusterIngress and MultiClusterService.

Infrastructure Networking Terraform VPC

GCP- VPC Peering with Terraform! - Example of implementing VPC peering with Terraform.

Cloud CDN Cloud Storage

Private GCS bucket access through Google Cloud CDN - Google Cloud CDN recently added support for private origin authentication. This feature can now be leveraged to configure access to private GCS buckets.

Cloud Build DevOps Google Kubernetes Engine

Use Cloud Build Pools to build CI/CD Pipelines for private GKE cluster - Using Cloud Build for CI/CD and private GKE cluster as a target.

Infrastructure Networking

Latency ‘map’ for GCP performance dashboard - A visualization of network performance on a world map.

App Development, Serverless, Databases, DevOps

Infrastructure NoSQL Official Blog

Scaling Microservices Applications: From Open Source to Redis Enterprise on Google Cloud - Scale your microservices application from open source to Redis Enterprise on Google Cloud to achieve scalability and high availability.

GCP Experience Official Blog

How microservices and cloud IT helped a popular appointment booking service scale 200 percent - Learn how appointment scheduling platform Booksy uses Google Cloud and CockroachDB to power its global business.

Compute Engine Official Blog Prometheus

Monitor GCE instances with Prometheus and Ops Agent - Google Cloud Ops Agent now supports monitoring GCE instances with Prometheus.

Cloud Functions Serverless

Showdown at High Noon — Cloud Functions V1 Vs V2 - Comparing latency for Cloud Functions first and second generation.

Cloud CDN Cloud Run

Serving next generation images using Google Cloud CDN, Cloud Run and image proxy - Setting up required infrastructure and services on Google Cloud Platform to serve next-generation images using Cloud CDN and imgproxy.

Cloud Deploy Cloud Run DevOps Terraform

Deploying Cloud Run workloads with Google Cloud Deploy - Using Cloud Deploy to manage Cloud Run deployments.

Cloud Run Networking Serverless

Access Cloud Run with Internal Only Ingress Setting from Shared VPC - In this article, we will be discussing the ways to access cloud run service with internal only ingress setting from resources on shared VPC.

API Apigee

Handling Huge Payloads Using Apigee And Google Cloud Storage - Sometimes, it’s necessary to transmit large data sets as part of an API transaction. Typical use cases involve medical imaging, document….

Cloud Datastore Java

Storing Protocol Buffers data in GCP Datastore using the Datastore Java SDK - This article describes how to store data in protocols buffer format in Datastore.

Big Data, Analytics, ML&AI

BigQuery Data Analytics GCP Experience Official Blog

Built with BigQuery: How Oden provides actionable recommendations with network resiliency to optimize manufacturing processes - Oden uses BigQuery to provide real-time visibility, efficiency recommendations and resiliency in the face of network disruptions in manufacturing systems.

BigQuery Data Analytics GCP Experience Official Blog

How Arvind Fashions Ltd leads the fashion industry with powerful data analytics on BigQuery - Arvind Fashions Ltd digital transformation unlocks the value of existing applications, new insights, and build solid workflow through Google Cloud.

Data Analytics GCP Experience Official Blog

Built with BigQuery: Lytics launches secure data sharing and enrichment solution on Google Cloud - Lytics leverages Google BigQuery to offer data infrastructure as a service, and Google Cloud AI/ML stack to identify and create unique audience segments.

BI Engine Data Analytics Official Blog

Demystifying BigQuery BI Engine - In depth look at BigQuery BI Engine.

Data Analytics Official Blog

What Data Pipeline Architecture should I use? - There are numerous design patterns that can be implemented when processing data in the cloud; here is an overview of data pipeline architectures you can use today.

Apache Beam Cloud Dataflow Kotlin

Beam ❤️ Kotlin = Midgard library - Midgard is a new open source library for Apache Beam supporting Kotlin.

Apache Beam Billing Cloud Dataflow

Dataflow cost optimization for streaming and batch workloads - Tips for optimizing Dataflow workloads.

BigQuery Billing Data Science

FinOps: Four Ways to Reduce Your BigQuery Storage Cost - Don’t overlook the cloud storage cost.

BigQuery Billing

BigQuery pricing setup for a multinational company - Setting up and using BigQuery flat rate pricing model.

BigQuery Billing

How we cut ~95% cost for analytics reporting and what we have learned - Calculating and optimizing BigQuery costs.

Big Data BigQuery Billing Storage

How BigQuery Physical Storage works - Calculating which BigQuery billing model for storage to use.

BigQuery Infrastructure Official Blog Terraform

BigQuery authorized views permissions via Terraform, avoiding the chicken & egg problem - How IAM is implemented on BigQuery datasets via Terraform and how to correctly assign and preserve authorized view permissions without running into the chicken and egg problem.

BigQuery Data Studio

How to make your reports run faster in Looker Studio? - Tired of waiting minutes if not hours for your Looker Studio dashboards to load? Check our best advices to make them run faster !

Cloud Healthcare Official Blog Public Datasets

Advancing cancer research with public imaging datasets from the National Cancer Institute Imaging Data Commons - Students, engineers, and researchers alike can get started with the National Cancer Institute Imaging Data Commons data.

Data Analytics Earth Engine Machine Learning Official Blog

New study uses Google Earth Engine to tackle climate inequities in California cities - Researchers used Google Earth Engine to identify new targets for urban afforestation — planting new trees — in over 200 urban clusters in California.

BigQueryML Data Analytics Official Blog

How to use advance feature engineering to preprocess data in BigQuery ML - How to preprocess data using BigQuery ML.

Data Science Machine Learning

How we deployed a simple wildlife monitoring system on Google Cloud - Our journey in designing and building an ML system for Smart Parks.

BigQuery BigQueryML Machine Learning

openImage Data Classification Model with BigQuery ML (using SQL-only) - A use case of storing and analyzing images of Yoga Poses in BigQuery and implementing a classification model with BigQuery ML to label the poses using only SQL constructs.


BigQuery Optimization Strategies 3: Table Flattening - About Exploding Tables and Imploding Arrays.

Cloud Data Fusion

Cloud Data Fusion: Using RBAC to Enforce Data Access - TL;DR You can use a combination of RBAC and Pipeline Service Accounts to scope data access for teams/project to just the data required for teams/projects.


Google Cloud Dataplex Explore : Introduction to the “in-house” Exploration Workbench - An overview of Dataplex Exploration Workbench.


Google Cloud Platform Official Blog

Submit your entry now for our *new* Talent Transformation Google Cloud Customer Award - Submit your Talent Transformation Google Cloud Customer Award entry and share how you grow professional talent with cloud skills development.

Google Cloud Platform Official Blog

Black History Month: Celebrating the success of Black founders with Google Cloud: Valence Discovery - Learn how Valence Discovery uses Google Cloud to help pharmaceutical companies of all sizes develop innovative drug therapies and treatments for chronic conditions and diseases.

Slides, Videos, Audio

Security Podcast - #106 Beyond BeyondProd - How Do You Zero Trust Your Workloads?



Deep Learning VM - M103 Release Upgraded PyTorch to 1.13.1.

Cloud Deploy - As of November 30, 2022, Google Cloud Deploy has achieved the following compliance certifications: ISO/IEC 27001 ISO/IEC 27017 ISO/IEC 27018 ISO/IEC 27701. As of December 15, 2022, Google Cloud Deploy has achieved the following compliance certifications: SOC-1 SOC-2 SOC-3.

Dialogflow - The Dialogflow CX flow stack limit has been increased to 25.

Cloud Data Loss Prevention - The SSL_CERTIFICATE infoType detector is available in all regions.

Error Reporting - Error Reporting now reports recent application errors for Google Kubernetes Engine workloads of type Deployment or Pod.

Cloud Functions - We've added support dates for language runtimes that have reached end of support from their open source communities.

Google Kubernetes Engine - The POD_FINDER_IP_MISMATCH errors that caused Pods to fail to access Google Cloud APIs are fixed in the following GKE versions in the Rapid release channel: 1.22.17-gke.3100 or later 1.23.16-gke.200 or later 1.24.9-gke.3200 or later 1.25.6-gke.200 or later 1.26.1-gke.400 or later To fix the issue, upgrade your nodes to any of these versions. (2023-R03) Version updates GKE cluster versions have been updated.

GKE - (2023-R02) Version updates The following control plane and node versions are now available: 1.21.14-gke.15800 1.22.17-gke.3100 1.23.16-gke.200 1.24.9-gke.3200 1.25.6-gke.200 The following control plane versions are no longer available: 1.21.14-gke.4300 1.25.4-gke.2100 Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.5300 with this release.

Google Kubernetes Engine Rapid - The POD_FINDER_IP_MISMATCH errors that caused Pods to fail to access Google Cloud APIs are fixed in the following GKE versions in the Rapid release channel: 1.22.17-gke.3100 or later 1.23.16-gke.200 or later 1.24.9-gke.3200 or later 1.25.6-gke.200 or later 1.26.1-gke.400 or later To fix the issue, upgrade your nodes to any of these versions. (2023-R02) Version updates Version 1.25.5-gke.2000 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2023-R02) Version updates The following versions are now available in the Regular channel: 1.21.14-gke.14600 1.24.9-gke.2000 1.25.5-gke.2000 The following versions are no longer available in the Regular channel: 1.21.14-gke.5300 1.24.7-gke.900 1.25.4-gke.2100 Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.7100 with this release.

Google Kubernetes Engine Stable - (2023-R02) Version updates The following versions are now available in the Stable channel: 1.21.14-gke.14100 1.24.9-gke.1500 The following versions are no longer available in the Stable channel: 1.21.14-gke.4300 1.24.8-gke.401 Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.5300 with this release.

Load Balancing - The global external HTTP(S) load balancer now supports advanced traffic management using flexible pattern matching.

Cloud Logging - To help you manage your costs, the Logs Storage page now displays the billable storage for the current month for each log bucket.

Media CDN - The following Media CDN features are now Generally Available: Configuring Media CDN to follow origin redirects Manipulating headers on a per-origin basis For more information, see Failover and timeouts and Example: Failover with redirect following.

Cloud Natural Language API - Natural Language Content Classification v2 model is now Generally Available.

reCAPTCHA Enterprise - reCAPTCHA Enterprise Mobile SDK v18.1.0 is now available for Android and iOS.

Cloud Run - You can now deploy multi-architecture container images to Cloud Run if their manifest list includes amd64/linux.

Security Command Center - Project-level activation of Security Command Center The Security Command Center project-level activation feature is generally available.

Cloud Spanner - Table sizes statistics are now generally available. A monthly digest of client library updates from across the Cloud SDK.

Cloud SQL - Cloud SQL supports the preview version of the Underprovisioned instance recommender.

Cloud Storage - The Autoclass feature will stop managing Cloud Storage objects smaller than 128KiB after March 6, 2023. The issue for gsutil commands that use the -m global flag, which was documented on January 19, 2023, has been fixed in the most recent versions of the Cloud SDK and gsutil.

Cloud Tasks - v2. Support for resource location organization policies for Cloud Tasks is now at General Availability.

Vertex AI - M103 Release The M103 release of Vertex AI Workbench user-managed notebooks includes the following: Fixed a bug in which a warning tells the user to run jupyter lab build when creating a new instance.

Anthos clusters on Azure - You can now launch clusters with the following Kubernetes versions: 1.23.14-gke.1800 1.24.9-gke.1500 1.25.5-gke.1500. Upgraded containerd to version 1.6.12. This release fixes the following vulnerabilities: CVE-2022-23471 CVE-2021-46848 CVE-2022-42898.

Anthos clusters on VMware - Anthos clusters on VMware 1.14.1-gke.39 is now available. In the admin cluster configuration file, gkeadm now prepopulates caCertPath and the service account key paths with absolute paths instead of relative paths. Fixed a known issue where the calico-node Pod is unable to renew the auth token in the calico CNI kubeconfig file. Fixed the following vulnerabilities: Critical container vulnerabilities: CVE-2022-47629 High-severity container vulnerabilities: CVE-2022-23218 CVE-2022-23219 CVE-2021-3999 CVE-2019-25013 CVE-2021-33574 Container-optimized OS vulnerabilities: CVE-2022-32149 CVE-2022-40304 CVE-2022-40303 Ubuntu vulnerabilities: CVE-2022-3328.

Assured Workloads for Goverment - v1. The Israel Regions and Support compliance regime is now generally available.

Batch - Documentation has been updated to include new samples.

BeyondCorp Enterprise - The Cloud Run Hosted Login page for external Identities has been fixed to follow the Best practices for using signInWithRedirect on browsers that block third-party storage access.

BigQuery - The BigQuery Data Transfer Service can now transfer data from Azure Blob Storage into BigQuery. Azure workload identity federation is now generally available (GA) for BigQuery Omni connections. Cloud console updates: When you create datasets, select locations to run specific queries, or create exchanges in Analytics Hub, you now see separate options for multi-region and specific regions. You can search for BigQuery partners in the BigQuery Partner Center. A weekly digest of client library updates from across the Cloud SDK.

CDN - Cloud CDN supports advanced traffic management using flexible pattern matching with Global External HTTP(S) Load Balancer.

Channel Services - v1. Correlation ID is now available as a customer optional attribute.

Chronicle - The Alerts in Search feature is the newest addition to the UDM Search capability. The following supported default parsers have changed. Geolocation enrichment from an IP address Chronicle provides geolocation data enrichment (GeoIP data) for external IP addresses to enable more powerful rule detections and greater context for investigations. The Chronicle Curated Detections > Cloud Threats policy has been enhanced with the following changes: Admin Action rule set: added a new exclusion list, called gcti__cld__admin_action__network_http_user_agent__exclusion_list that enables you to exclude events based on the HTTP User Agent string. The following changes are available in the Unified Data Model: Added the following fields to the Software object: Software.description Software.vendor_name Deprecated the Location.region_latitude and Location.region_longitude fields.

Cloud Composer - Cloud Composer 1.20.5 and 2.1.5 release started on February 2, 2023. (Available without upgrading) Private IP Cloud Composer 1 environments no longer report paused DAGs as active in Cloud Console. Cloud Composer 1.20.5 and 2.1.5 images are available: composer-1.20.5-airflow-1.10.15 (default) composer-1.20.5-airflow-2.2.5 composer-1.20.5-airflow-2.3.4 composer-1.20.5-airflow-2.4.3 composer-2.1.5-airflow-2.2.5 composer-2.1.5-airflow-2.3.4 (default) composer-2.1.5-airflow-2.4.3.

Compute Engine - Generally available: You can now use an instance template to define the properties of a reservation and the VMs that can consume the reservation in the same place.

Dataplex - Dataplex business glossary is now available in Preview. Dataplex Attribute Store is now available in Preview.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]