Welcome to issue #334 February 20th, 2023


Billing Official Blog

Introducing new cloud services and pricing for ultimate flexibility - We’re offering new ways for customers to consume and pay for Google Cloud services that remove barriers to entry and provide contractual flexibility.

Data Analytics Looker Official Blog

Connected Sheets for Looker is now generally available - Connected Sheets for Looker allows you to access centrally defined metrics and data relationships from Looker’s semantic layer through Google Sheets.

Google Kubernetes Engine Official Blog

Confidential GKE Nodes are now available on Compute Optimized C2D VMs - Confidential Google Kubernetes Engine (GKE) Nodes can help organizations achieve security and performance in one product, and they’re now available on Compute Optimized C2D VMs.

Cloud Logging Official Blog

Better troubleshooting with a new Cloud Logging plugin for Grafana - You can now use the Cloud Logging datasource plugin to view your logs in Grafana.

Book Data Analytics Official Blog

8 ways to cut costs and drive profits using data and AI - Google Cloud’s new ebook, “Make Data Work for You,” distills the strategies and actions you can use to pare costs, increase profitability, and monetize your data.

Official Blog Public Sector Workspace

Introducing Google Workspace security guidance to address Canadian data security requirements - The newly-released Google Workspace security guidance can help government agencies reach compliance by providing steps they can follow to introduce Google Workspace tools while adhering to the Government of Canada standards.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Official Blog Security

How Google Cloud is preparing for NIS2 and supporting a stronger European cyber ecosystem - Here’s how Google Cloud is helping its EU customers and partners prepare for NIS2, which comes with complex cybersecurity compliance requirements.

Networking Official Blog

Planning an IPv6 network on Google Cloud - Learn how to plan an IPv6 addressing in Google Cloud using the GUA and ULA address spaces.

Infrastructure Networking Security

GCP and Palo-Alto together : Solving for client to site VPN - The purpose of this blog is to showcase how a customer can use the same 3rd party firewall for client-to-site VPN functionality as well.

Google Kubernetes Engine Official Blog

Local SSD for high-performance storage on Google Kubernetes Engine - For applications that need to rapidly download and process data, e.g., AI/ML, analytics, batch, and in-memory caches, GKE now supports Local SSDs.

Config Connector Kubernetes

Infrastructure as Code using Kubernetes - The purpose of this article is to install ConfigConnector as an Add-On and create and import resources to manage your infrastructure from one place.

Kubernetes Security

Security with Kubernetes Gateway API - An overview of the Gateway API.

Google Kubernetes Engine Kubernetes Security

Security best practices in GKE — Part 3 - Using Binary Authorization in Google Kubernetes Engine.

Cloud Identity Aware Proxy Google Kubernetes Engine

Authentication through IAP for GKE Workload - This snippet is a story around enabling IAP for GKE Workloads for authentication purposes.

Google Kubernetes Engine Kubernetes Networking

Accessing a Private GKE Cluster Using Bastion Host and Service Account Impersonation - Troubleshooting accessing a private cluster while impersonating a service account.


Google Cloud Security — Attack Surface Management by Mandiant - What is Attack surface in GCP?


Watch out for that Cloud spend! - 5 steps to establish a FinOps practice.

App Development, Serverless, Databases, DevOps

Official Blog Serverless

Securing Cloud Run Deployments with Least Privilege Access - Learn how to protect your Cloud Run deployments by implementing least privilege access for Cloud Run services and service consumers.

Cloud Bigtable Data Science

A Crash Course in Google Bigtable - An overview of Bigtable.

Cloud Functions Cloud Run Python

Tutorial: Connecting Cloudrun and Cloudfunctions to Redis and other Private Services using Goblet - This tutorial will walk you through the steps of deploying a Cloud Run service that privately connects to a Redis Instance using a VPC Connector.

Cloud IoT IoT

Migrating from Google Core IoT to ClearBlade IoT - Experience in migrating from Cloud IoT to ClearBlade IoT.

Cloud Storage

How to restrict public access to buckets in Google Cloud Storage - Three ways to locate buckets that are publicly accessible and apply policies so they are not public.

Cloud Firestore Go

Marshalling/Unmarshalling custom structs in Go for Firestore Native.

Big Data, Analytics, ML&AI

BigQuery Data Analytics GCP Experience Official Blog

Built with BigQuery: Aible's serverless journey to challenge the cost vs. performance paradigm - Built with BigQuery: Aible's Serverless Journey to challenge the Cost vs. Performance Paradigm.

BigQuery Data Analytics Official Blog

Built with BigQuery: How BigQuery helps Leverege deliver business-critical enterprise IoT solutions at scale - Leverege uses BigQuery as a key component of its data and analytics pipeline to deliver innovative IoT solutions at scale.

Machine Learning Official Blog PyTorch Vertex AI

Serving PyTorch models with prebuilt containers on Vertex AI - How Google Cloud makes it easier for PyTorch users to deploy models in the cloud using Vertex AI.

BigQuery Data Analytics Machine Learning Official Blog Serverless

Building your own private knowledge graph on Google Cloud - Building a private knowledge graph using the Enterprise Knowledge Graph and querying entities in the Google Knowledge Graph Search API.

BigQuery Cloud Storage Eventarc Python

Event Driven Cloud Function : Load GCS file to BigQuery with Event Arc - The goal of this article is to showing a complete example to trigger a Cloud Function with Event Arc, when a file is uploaded to Cloud Storage.

Data Analytics Official Blog

Optimizing the retail experience and developing customer loyalty with advanced analytics - Canadian Tire uses BigQuery and Quantum Metric to power a massive and successful loyalty program.

Airflow Cloud Composer Terraform

Managing Airflow Resources The IaC Way With Terraform - Using Airflow Terraform provider to manage data pipelines and associated metadata as code.

Airflow Cloud Composer

DAG-Dependency Patterns in Composer Multi-cluster environment - The architectural patterns discussed in this guide can assist Google Cloud developers in implementing cross-cluster DAG dependencies in situations when the interdependent upstream and downstream DAGs are located in distinct Composer environments.

Airflow Cloud Composer

Triggering Google Cloud Composer Airflow DAGs via the REST API - This article explains how to set set Cloud Composer to trigger DAGs via API.

Machine Learning Vertex AI

Streamline Model Deployment on Vertex AI using ONNX - Making Vertex AI even a more open platform to serve your models.


Data Analytics Official Blog

Meet our Data Champions: Emily Bobis, driving road intelligence in Australia - Join Emily Bobis from Compass IoT, an Australian road intelligence company, as she shares her career journey, lessons, and advice to Data/AI leaders.

Data Analytics Official Blog

Meet our Data Champions: Di Mayze, calling creative brains to draw stories from data - Join Di Mayze, Global Head of Data & AI at WPP, creative transformation company, as she shares her career journey, lessons, and advice to Data/AI leaders.

Google Cloud Platform Official Blog

Black History Month: Celebrating the success of Black founders with Google Cloud: Innovare - Learn how Innovare uses Google Cloud to empower educators and help students learn more effectively, bolster social skillsets, and build thriving communities.

GCP Certification Official Blog

What would you build with $500 in Google Cloud credits included with Innovators Plus? - An Innovators Plus subscription gives you $500 in Google Cloud credits to build whatever you want — here are a few ideas to get you started.

GCP Certification Official Blog

Spreading a whole lot of developer love with a little help from Innovators Plus - Giving all the love to the Google Cloud developer and technical practitioner community this Valentine’s Day. Save on Innovators Plus annual subscription with great benefits for developers.

GCP Certification

How I Keep Myself Up-to-Date on Google Cloud Platform: A Personal Journey - Sources on internet to keep you updated about Google Cloud.

Slides, Videos, Audio

Kubernetes Podcast - #196 Kubernetes Registry, with Benjamin Elder.

Security Podcast - #108 How to Hunt the Cloud: Lessons and Experiences from Years of Threat Hunting.

GCP Life Podcast - #33 “You’re Fired!” – In this episode we discuss; CRN Article, VMWARE Ransom, Mass Tech Layoffs, Google Q4 Results, AI Wars, Google DOJ Anti-Trust, Google Bug Bounties.



Access Approval - Access Approval supports Artifact Registry in the GA stage.

Access Context Manager - The ability to add individual VPC networks to a perimeter is generally available (GA).

AlloyDB - Continuous backup and recovery is in Preview.

Anthos clusters on VMware - Anthos clusters on VMware 1.13.5-gke.27 is now available. Updated the Ubuntu image to ubuntu-gke-op-2004-1-13-v20230201 using node kernel version During preflight checks and cluster diagnosis, we now skip PVs and PVCs that use non-vSphere drivers. Fixed the following vulnerabilities: Critical container vulnerabilities: CVE-2022-41903 CVE-2022-23521 High-severity container vulnerabilities: CVE-2022-42898 CVE-2022-39260 Ubuntu vulnerabilities: CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934.

AppEngine Standard Go - The Go 1.20 runtime for App Engine standard environment is now available in preview.

Artifact Registry - Artifact Registry remote repositories and virtual repositories are now in Preview.

Batch - The documentation for how to create and run a job has been split into the following pages: Job creation and execution overview Create and run a basic job Create and run advanced jobs Define job resources using a VM instance template Control access for a job using a custom service account Configure task communication using an MPI library Create and run a job that uses GPUs Create and run a job that uses storage volumes.

BigQuery - You can now make a dataset and the tables in that dataset case-insensitive when you create a dataset or alter a dataset. You can now run bq commands using service account impersonation. In the Explorer pane, the resource corresponding to the focused tab is now selected. In the Explorer pane, you can now see all the resources in the searched resource's level by clicking Show more. You can now create materialized views over BigLake metadata cache-enabled tables to reference structured data stored in Cloud Storage.

Chronicle - The following supported default parsers have changed (more info in release page).

Key Access Justifications - Access Approval supports Artifact Registry in the GA stage.

Cloud Composer - Cloud Composer 1.20.6 and 2.1.6 release started on February 14, 2023. (Cloud Composer 2) The default version of Airflow is changed to 2.4.3. (Cloud Composer 2) Fixed the problem where the Composer Agent Kubernetes workload generated warnings about failed pods during the environment creation. Fixed environment upgrade checks that were failing for environments in some Cloud Composer 2 versions. Cloud Composer 2.1.6 and 1.20.6 images are available: composer-2.1.6-airflow-2.4.3 (default) composer-2.1.6-airflow-2.3.4 composer-2.1.6-airflow-2.2.5 composer-1.20.6-airflow-1.10.15 (default) composer-1.20.6-airflow-2.4.3 composer-1.20.6-airflow-2.3.4 composer-1.20.6-airflow-2.2.5. Cloud Composer versions 2.0.3 and 1.17.10 have reached their end of full support period.

Compute Engine - Preview: C3 VMs are now available in the following regions: Council Bluffs, Iowa, North America : us-central1 Ashburn, Virginia, North America: us-east4 Eemshaven, Netherlands, Europe : europe-west4. Preview: You can now use a GPU-enabled Ops Agent to track GPU utilization and GPU memory usage rates for Linux virtual machine instances that have attached GPUs. Tau T2A VMs now support secure boot.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.3 2.0.11.

Cloud Deploy - Google Cloud Deploy now uses Skaffold 2.0 as the default Skaffold version for all target types.

Dialogflow - Dialogflow CX added regional support for some system entities.

Cloud Functions - Cloud Functions has added support for a new runtime, Go 1.20, at the Preview release level.

Networking Interconnect - Dataplane v2 for Cloud Interconnect is fully available for customers using Dedicated Interconnect or Partner Interconnect in the following regions: us-west1 (Oregon) europe-west4 (Netherlands) All new VLAN attachments that you create in these regions are automatically provisioned on Dataplane v2.

Google Kubernetes Engine - In Standard clusters with GKE version 1.26 and later, you can now audit workloads to validate if they are compatible with Autopilot clusters.

Cloud Logging - You can create log buckets that use Log Analytics and upgrade existing log buckets to use Log Analytics by using the Logging API. Version 2.25.1 of the Ops Agent introduces health checks.

StratoZone - StratoProbe - updated Google Cloud fit recommendations scripts to version 1.14.0. StratoProbe - changed VM age to use CreateDate for vSphere collection. StratoProbe - moved local log files to %PROGRAMDATA%\Google\DiscoveryClient folder.

Cloud Monitoring - You can now install pre-defined alerting policies for services integrated with Cloud Monitoring from the Monitoring Integrations page and from the Observability tab on the pages for Kubernetes Engine clusters and workloads. To view details of your user-defined metrics, use the Metrics diagnostics page, which can now be accessed through the navigation pane of Cloud Monitoring. Version 2.25.1 of the Ops Agent introduces health checks. The Ops Agent now provides Preview support for NVIDIA GPU metrics, including metrics reported from the NVIDIA Management Library (NVML) and the Data Center GPU Manager (DCGM). You can now configure uptime checks to include a user-defined content-type header.

Cloud Interconnect - Dataplane v2 for Cloud Interconnect is fully available for customers using Dedicated Interconnect or Partner Interconnect in the following regions: us-west1 (Oregon) europe-west4 (Netherlands) All new VLAN attachments that you create in these regions are automatically provisioned on Dataplane v2.

Network Intelligence Center - Connectivity Tests now include dual-stack instances with both IPv4 and IPv6 addresses, including instances with multiple network interfaces.

reCAPTCHA Enterprise - reCAPTCHA Enterprise Fraud Prevention is available in Preview. reCAPTCHA Enterprise account defender is now generally available (GA).

Resource Manager - The organization restrictions feature has entered General Availability.

Cloud Run - You can now deploy public container images from Docker Hub to Cloud Run.

SAP Solutions - Google Cloud's Agent for SAP is now generally available (GA) To simplify agent installation and operation, while also enabling access to new products, Google Cloud's Agent for SAP v1.0 combines Google Cloud's monitoring agent for SAP NetWeaver with new Process Monitoring and Workload Manager Validation functionalities.

Cloud Spanner - The Cloud Spanner regional endpoints feature has been moved to a future release. As of today, the list compute price for the following 9-replica Spanner multi-region configurations has been reduced: nam-eur-asia1 and nam-eur-asia3.

Transcoder API - Validation checks added for segmentDuration and gopDuration for all video codecs as outlined in the documentation.

Cloud Translation - Glossaries are now supported for the recently added 24 languages.

Vertex AI - Vertex AI Prediction Pre-built PyTorch containers for serving predictions from PyTorch models is generally available (GA). Vertex AI Matching Engine now supports Private Service Connect in Preview. Support for resource-level IAM policies for Vertex AI featurestore and entityType resources is generally available (GA).

Video Stitcher API - Video Stitcher API can now insert ads served by Google Ad Manager (GAM) into live streams and VOD assets.

VPC Service Controls - The ability to add individual VPC networks to a perimeter is generally available (GA).


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]