Welcome to issue #335 February 27th, 2023


Document AI Official Blog

Document AI Workbench is now Generally Available to train document extraction models for your production use cases - Google Cloud Document AI Workbench leverages machine learning to make document extraction training easier and more powerful.


Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud Armor Official Blog Security

How Google Cloud Armor helps Broadcom block DDoS Attacks - Technology leader Broadcom migrated from AWS to Google Cloud, in part to take advantage of Cloud Armor. Here’s what Cloud Armor does to help secure Broadcom’s systems.

Official Blog Security

What you can do to protect your software supply chain today - A new whitepaper explores high-profile software supply chain security incidents, and how to help protect your organization from similar attacks.


Data Encryption techniques in Google Cloud (GMEK/CMEK/CSEK) - Encryption in Google Cloud.

Chronicle Cloud Monitoring

Chronicle Forwarder Telemetry via Google Cloud Monitoring - Ever wanted an alert when a Log Source in your Chronicle SIEM goes silent? The new GCP Operations preview does exactly that.

Google Kubernetes Engine Kubernetes

Regional Persistent Disks for HA in MultiZone GKE Stateful Workload - Exploring Regional Persistent Disks for HA in GKE Stateful Workload.

Compute Engine Terraform

Terraform Remote Exec on Google Compute Engine VM Instance - This article demonstrates a simple straight forward way to remotely execute scripts on a Linux-based VM Instance on Google Compute via Terraform.

Cloud Armor Cloud Load Balancing GCP Experience

The Power of Cloud Load Balancing - Run and scale your services behind a single external IP address, example of redesigning architecture.


Open Policy Agent Evaluate Infrastructure Score - This article demonstrates how to use Score based evaluation approach to enhance the Cloud Infrastructure security during pre-provisioning stage.

Cloud VPN Networking

Google Cloud HA VPN with pfSense - Creating a site to site HA VPN.

DevOps Kubernetes

GKE Cluster Optimization: 13 Tactics For A Smoother K8s Deployment - 13 optimization tactics for GKE clusters in areas of Resource management, Security, and Networking.

VMware Engine

Create VMware NSX Networks with PowerCLI on Google Cloud VMware Engine - By using PowerCLI, VMware administrators can get a new private cloud up and running with one or more network segments without ever signing in to the NSX admin web interface.

App Development, Serverless, Databases, DevOps

Official Blog

Why retailers should switch to Google Cloud Retail Search - Cloud Retail Search begins with relevancy based on intent, leverage personalization from the start, continuously learns and uses AI to build context from the most complex of queries, strives to improve revenue optimization, all while being fully managed.

Cloud Run Docker

Fix Cloud run resource locations constraint error (HTTPError 412)

Cloud Functions

Cloud Functions Best Practices (4/4): Monitor and log the executions - Follow carefully what is happening.

Cloud Logging

Log names, buckets and scopes - Few insights into log buckets, log names and log scopes of Cloud Logging in GCP.

Cloud Logging Cloud Monitoring DevOps

How to create a custom log-based metric and alert in GCP - A walkthrough to create a set log based alerts.

Cloud Pub/Sub Cloud Run Python Serverless

Build a serverless Telegram bot on GCP with Cloud Run - Or “A praise for streaming architectures and Cloud Pub/Sub”.

Compute Engine SAP

Tips and tricks for OS registration & patching maintenance on SUSE Linux Enterprise Server for SAP - How to Guide for OS registration, SMT configuration maintenance and troubleshooting on Google Cloud SLES images for SAP.

Cloud SQL

Securing Cloud SQL on GCP: Best Practices and Tips - This blog post explores the security features and best practices for Cloud SQL and how they can help organizations to protect their databases and comply with regulatory requirements.

Compute Engine Docker

Stopping a Docker Container on COS

Cloud Run Monitoring Terraform

Provisioning a secured Grafana instance in Google Cloud thanks to Terraform - Provisioning Grafana on Google Cloud using Terraform.

Big Data, Analytics, ML&AI

Data Analytics Official Blog Serverless

Getting started with Terraform and Datastream: Replicating Postgres data to BigQuery - Datastream, a serverless database replication service, has integrated with Terraform to enhance app modernization, data analytics and ML pipelines.

BigQuery Cloud Pub/Sub Cloud Run Data Analytics Official Blog

Building streaming data pipelines on Google Cloud - This article reviews three approaches to building a streaming data pipeline on Google Cloud, using Pub/Sub and BigQuery.

BigQuery Machine Learning Vertex AI Workflows

Automating table backups in VertexAI training tasks — through BigQuery - Using Cloud Workflows to retain the BigQuery tables used in a Vertex AI training task.

Data Analytics Official Blog

The Denodo Platform meets BigQuery - How Denodo Platform’s data integration and data management capabilities work seamlessly with BigQuery.

BigQuery GIS

Subdivide and conquer any geometry - Writing a geospatial function that BigQuery does not currently provide: ST_Subdivide, using SQL UDF.

CI Cloud Build Cloud Composer

Implementing CI/CD in Cloud Composer Using Cloud Build and GitHub — Part 2 - Implementation of CI/CD pipeline for Cloud Composer using Cloud Build.

Batch Machine Learning

Creating a long running job in GCP’s new Batch service - Example of using Cloud Batch for long running jobs.

BigQuery Cloud SQL

Implementing change data capture with Data Masking using STRIIM (SQLServer(CloudSQL) to BigQuery) - This blog post gives a brief overview of Striim, creating and deploying a pipeline that continuously replicates changed data from a Google Cloud CloudSQL database to a BigQuery.

Data Analytics Official Blog

The top five global data and AI trends in 2023 - Refresh your data strategy with the top 5 data and AI trends for 2023, as seen by Google experts and research from IDC.

AI Machine Learning Official Blog

Orange: Three unexpected lessons about AI in business - Orange has worked with Google Cloud to deploy its data in new and effective ways, using real AI on concrete business challenges.

Machine Learning Vertex AI

Real Time Deep Learning Vector Similarity Search - A production scale vector similarity search with only 100 lines of code.

BigQuery Data Science Dataform

Time series anomaly detection with BigQuery ML and Dataform - For the time series data, let’s see how you can check for anomalies without actually looking into the data.


GCP Certification Official Blog

Career tips and no-cost training for the next generation of cloud technology - As we move into the next generation of cloud computing, consider these career tips and training opportunities to help you grow your skills.

DevOps Google Cloud Platform Official Blog

Three new Specializations help partners digitally transform customers - We’ve rolled out new specializations for Google Cloud partners around Data Center Modernization, DevOps, and Contact Center AI.

Slides, Videos, Audio

Security Podcast - #109 How Google Does Vulnerability Management: The Not So Secret Secrets!



Access Approval - Access Approval supports Cloud Composer in the Preview stage.

Anthos Config Management - 1.14.2. Increased the helm-sync container CPU request to 50m. Updated the spec.override.resources field on RootSync and RepoSync objects to let you override the default resource amounts (for example, CPU or memory) requested by the helm-sync container.

Anthos clusters on bare metal - 1.13. Release 1.13.5 Anthos clusters on bare metal 1.13.5 is now available for download. Fixes: Updated Anthos Identity service to better handle concurrent authentication webhook requests. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.

AppEngine Flexible Go - The Go runtime versions 1.18 and 1.19 are now available in preview and are built on a modern and secure operating system (Ubuntu 22).

AppEngine Flexible Python - The Python runtime versions 3.8, 3.9, 3.10, and 3.11 are now available in preview and are built on modern and secure operating systems (Ubuntu 18 and 22).

BigQuery - Authorized stored procedures are now in preview. Fixed linked datasets querying shared dataset that has data ingested through streaming inserts or the BigQuery Storage Write API. Primary and foreign key table constraints are now available in preview. The ALTER TABLE RENAME COLUMN statement and the ALTER TABLE DROP COLUMN statement are now generally available (GA).

Key Access Justifications - Access Approval supports Cloud Composer in the Preview stage.

Cloud Composer - Cloud Composer 1.20.7 and 2.1.7 release started on February 24, 2023.

Compute Engine - Generally available: You can upgrade the term of your 1-year commitments and convert them into 3-year commitments to get a higher discount percentage for your committed resources and continue receiving the discounts for a longer time period. Generally available: NVIDIA® T4 GPUs are now available in the following region and zones: Warsaw, Poland, Europe: europe-central2-b,c For more information about using GPUs on Compute Engine, see GPU platforms. Generally available: The image import tool now supports importing SUSE Linux Enterprise Server 15 SP4 and SUSE Linux Enterprise Server 15 SP4 for SAP images to Google Cloud. Regional metrics for Compute Engine API limits are now available. Preview: You can autoscale a regional managed instance group with a BALANCED target distribution shape.

Datastream - You can now set the number of maximum concurrent backfill tasks for a stream using the Datastream API.

Cloud Data Loss Prevention - Data profiles generated at the column level include the following metrics: Estimated null proportion: an approximate proportion of null values in a column, categorized as high, medium, low, or very low.

Cloud Networking Products - Health checks for internal load balancers and automatic failovers in Cloud DNS routing policies are now available in GA.

Terraform on Google Cloud - Published a new page that lists all of the Terraform resource samples.

Document AI - v1.4. This launch upgrades the lifecycle stage of the Custom Document Extractor (CDE) component of the DocAI Workbench from Public Preview to Generally Available (GA). Notable new Generally Available Custom Document Extractor (CDE) features include: Public APIs Automatic schema label creation from pre-labeled documents Schema label data type and occurrence editable pre-training New DocAI Toolkit with a labeled document converter The following features have been upgraded: Processor Gallery Schema editor Labeling UI Training pipeline Manage versions table.

Networking Interconnect - HA VPN over Cloud Interconnect is generally available.

Google Kubernetes Engine - (2023-R05) Version updates GKE cluster versions have been updated.

GKE - (2023-R05) Version updates Version 1.24.9-gke.3200 is now the default version.

Google Kubernetes Engine Rapid - (2023-R05) Version updates Version 1.25.6-gke.1000 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2023-R05) Version updates Version 1.24.9-gke.3200 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2023-R05) Version updates The following versions are now available in the Stable channel: 1.22.17-gke.3100 1.24.9-gke.3200 The following versions are no longer available in the Stable channel: 1.22.16-gke.2000 1.24.9-gke.1500 Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.17-gke.3100 with this release.

Live Stream API - Added content encryption support. Added new channel events: mute, unmute, return to program, and switch input. Added audio loudness normalization and audio gain control. Added the timecode feature which supports synchronizing media workflows with live stream content.

Load Balancing - Network Load Balancing logging and Internal TCP/UDP Load Balancing logging are now available in General availability.

Migrate for Compute Engine 4.8 - 5.0. Preview: Migrate to Virtual Machines from an Azure source lets you migrate Azure VM instances to Compute Engine.

Cloud VPN - HA VPN over Cloud Interconnect is generally available.

Anthos Service Mesh - 1.15.x. 1.15.5-asm.2 is now available for in-cluster Anthos Service Mesh. 1.16.x. 1.16.2-asm.2 is now available for in-cluster Anthos Service Mesh. Anthos Service Mesh now supports multi-cluster meshes on Amazon EKS and Microsoft AKS. Anthos Service Mesh now supports Mesh CA on all supported platforms. Anthos Service Mesh now supports Anthos Clusters on Azure as a preview feature. 1.13.x. Anthos Service Mesh 1.13 is no longer supported.

Cloud Storage - You can now attach a maximum of 50 tag bindings to a storage bucket.

Vertex AI - M104 Update This update of the M104 release of Vertex AI Workbench managed notebooks includes the following: Fixed a bug where local and remote kernels are not displayed.

VMware Engine - VMware Engine private clouds support the addition of a Trusted Platform Module (TPM) 2.0 virtual cryptoprocessor to a virtual machine.

VPC Service Controls - Preview stage support for the following integration: Visual Inspection AI.

Workflows - An issue where one shared variable in a subworkflow overwrote another in a calling subworkflow during a workflow's execution is resolved.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]