Welcome to issue #339 March 27th, 2023

News

Infrastructure Official Blog

The new Google Cloud region in Turin Italy is now open - The new Turin region provides low-latency, highly available services with international security and data protection standards.

Google Distributed Cloud Hosted Official Blog Public Sector

Your cloud, your way: Google Distributed Cloud Hosted is generally available - Google Distributed Cloud (GDC) Hosted is an air-gapped cloud solution for customers with stringent data management and sovereignty requirements.

Official Blog Security

Announcing Google Cloud’s new Digital Sovereignty Explorer - Google Cloud’s Digital Sovereignty Explorer is designed to help you make progress on complex digital sovereignty requirements.

Compute Engine GPU Official Blog

Introducing G2 VMs with NVIDIA L4 GPUs — a cloud-industry first - The G2 VM powered by the NVIDIA L4 GPU delivers technological advancements for AI workloads such as generative AI.

Cloud Armor Networking Official Blog

Expanding Cloud Armor DDoS protection to Network Load Balancing and VMs with Public IP addresses - Our Cloud Armor advanced network DDoS protection can provide always-on attack detection and mitigation to defend against volumetric DDoS attacks.

Cloud Spanner Official Blog

Boost your development on Cloud Spanner change streams with a new tail tool - You can automate reading changes, or visualizing them, with Spanner's new open source tooling.

Data Analytics Official Blog PubSub

Pub/Sub schema evolution is now GA - With the GA launch of Cloud Pub/Sub’s schema evolution feature, Pub/Sub now supports safe and convenient modifications to Pub/Sub schemas.

Document AI Official Blog

Document AI introduces powerful new Custom Document Classifier to automate document processing - With Document AI Workbench’s latest GA feature, Custom Document Classifier, train state of the art machine learning models to classify document types to automate processes.

Official Blog Security

Google is named a Leader in Forrester Data Security Platforms Wave - Forrester Research has ranked Google Cloud a Leader in the The Forrester Wave™ Data Security Platforms Q1 2023 for the third consecutive wave.

Data Analytics Event Official Blog

Solving for what’s next in Data and AI at this year’s Gartner Data & Analytics Summit - We’re gearing up for the 2023 Gartner Data & Analytics Summit March 20 - 22nd in Orlando, Florida to highlight our unified and intelligent Data Cloud.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud Security Command Center Official Blog Security

Why (and how) Google Cloud is adding attack path simulation to Security Command Center - Google Cloud is adding attack path simulation technology to Security Command Center. Here’s why, and how it can help security teams.

Cloud Armor Networking Official Blog Security

How Project Shield helped protect U.S. midterm elections from DDoS attacks - Learn how Project Shield powered by Google Cloud protects elections from DDoS attacks.

Anthos Google Kubernetes Engine Official Blog

Kubernetes k8s.gcr.io redirect: what you need to know as an Anthos or GKE user - Learn about how to switch to registry.k8s.io to mitigate future issues for GKE and Anthos environments.

Anthos Google Kubernetes Engine Official Blog

Anthos Service Mesh: Working with external services - Metrics and Traces - Anthos Service Mesh allows integration and communication between on-prem, cloud, VM and GKE workloads.

AI Official Blog Security

How AI can improve digital security - AI can have a major impact for good, but it needs to be deployed intelligently and responsibly. Here’s how Google is approaching AI and security.

Cloud Logging Official Blog Security

Gleaning security insights from audit logs with Log Analytics - Cloud Audit logs can help customers meet their compliance and security requirements. Here’s how to derive actionable insights from Log Analytics.

Google Kubernetes Engine GPU Machine Learning Official Blog

Getting started with JAX multi-node applications with NVIDIA GPUs on Google Kubernetes Engine - You can attach multiple GPUs to GKE clusters to help with Python apps doing high performance computing and ML.

Google Kubernetes Engine Official Blog

Using GKE workload rightsizing to find — and fix — resource utilization - Optimize GKE workloads with right sizing at scale using GKE built-in Vertical Pod Autoscaler VPA recommendations and active idle dashboards.

GKE Autopilot Official Blog

Run your game infrastructure on GKE Autopilot to focus on player experience - GKE Autopilot can automate provisioning and right-sizing your pods to make your games run smoothly on Google Cloud.

Cloud SQL Google Kubernetes Engine

Scaling your GKE applications using external metrics - An example of scaling GKE workloads using external metrics that reside on a Cloud SQL database.

AWS Azure Kubernetes Networking

Kubernetes and container networking in multi-cloud environments: Why you need Sparta like skills - As the world of technology continues to evolve, containerization has become a popular choice for deploying applications. Kubernetes is an….

Certificate Manager Kubernetes Security

Certificate Management for GKE Gateway with Certificate Manager - This blog demonstrates how to manage multiple certificates for Gateway with the Certificate Manager.

Cloud SQL Google Kubernetes Engine Kubernetes

Auth Proxy Operator — The Secure way of connecting GKE to Cloud SQL - Connecting from GKE to Cloud SQL using Auth Proxy Operator.

App Development, Serverless, Databases, DevOps

DevOps Official Blog

2022 State of DevOps Report data deep dive: good team culture - What makes good team culture? Find out what the DORA Research says.

Cloud Bigtable Monitoring Official Blog

Bigtable Monitoring: Client-side metrics - Learn about the client-side metrics for Bigtable and how they can help you troubleshoot and debug your requests.

Cloud SQL Go Official Blog

How to Connect your Go Application to Cloud SQL - GitHub documentation helps you integrate multiple types of databases into your Go code.

Cloud Spanner Official Blog

Build a multiplayer game with Cloud Spanner - What Cloud tools do you need to host a fantasy sports game with cloud backends? Google Spanner, and more.

Cloud SQL Database Migration Service SRE

Upgrade Your MySQL Version with Minimal Downtime: Our Journey with Google Cloud’s Data Migration Service - Google Cloud provides a reliable and efficient tool for upgrading your MySQL instance using its Data Migration Service (DMS).

Monitoring Prometheus SRE

Scaling Observability Reliably and Frugally at Magicpin - A process of creating an observability platform on GCP.

Cloud SQL Contact Center AI Dialogflow Python

Python Webhook for integrating Dialogflow CX chatbot with CloudSQL database - This article is about Building a Hotel booking Chatbot in Dialogflow CX and integrating it with MySQL backend database which is hosted on Google Cloud SQL using Python webhooks.

Cloud SQL

Simplify Your Database Scaling with Cloud SQL’s Smaller Read Replicas - Cloud SQL for PostgreSQL now offers smaller read replicas that do not necessarily require the same or higher CPU and RAM capacity as their primary instances.

Big Data, Analytics, ML&AI

Data Analytics Official Blog

Effective strategies to closing the data-value gap - Learn how to maximize the ROI from your data and AI investments with data strategy, models, tools, technology and talent best practices.

Billing Cloud Composer

Reduce your Cloud Composer bills - Using Environment Snapshots to reduce Cloud Composer billing.

BigQuery Data Science

BigQuery Schema Design 101 — And What To Watch Out For - Understand these BigQuery SQL nuances to create table schemas that result in less errors and less headaches.

BigQuery

Hidden gems of BigQuery — Part 3 - In this post: Data Lineage, Routines and Authorized routines.

BigLake BigQuery Cloud Storage

Extend Cloud Storage filtering with BigQuery Object Table - Using BigQuery to query files in Cloud Storage.

BigQuery Datastream

A review of the Google Datastream Service - Cloud SQL (PostgreSQL) to BigQuery - An in-depth exploration of Datastream from Cloud SQL to BigQuery.

Cloud Composer Dataplex

Automating Data Quality Workflow in Google Cloud using Dataplex and Composer - A data quality pipeline for monitoring, detection, and alerting.

Airflow IAM

Postgres Automatic IAM Database Authentication in Airflow - Goal : To connect to Postgres using Automatic IAM db authentication in Airflow (Cloud Composer).

Machine Learning Monitoring Security Vertex AI

Monitor and Secure Vertex AI Pipeline - This blog post focuses on how to set proper Vertex AI foundations for future machine learning operations (MLOps) and ML/AI use cases.

Various

Data Analytics Official Blog

Meet our Data Champions: Jan Riehle, at the intersection of beauty and data with Beauty for All (B4A) - How Brazil’s B4A uses Google Cloud to bring a data-driven mind to “beauty-tech” innovation.

GCP Certification Official Blog

How to transition your career into an in-demand cloud role with suggested job paths - To build a cloud career, pick from a role like database engineer or cloud developer, and choose the training materials to help you build those skills.

Slides, Videos, Audio

Security Podcast - #113 Love it or Hate it, Network Security is Coming to the Cloud.

GCP Life Podcast - #36 In this episode we discuss; Broadcom & VMWARE, Fastest Growing Cloud Vendors, Bidens Cloud Security, Meta Cuts Jobs, Google AI in Workspaces, MS Announces CoPilot, Google Cloud Offer.

 

Releases

Access Approval - Access Approval supports Certificate Authority Service in the GA stage. Access Approval supports Firestore in the Preview stage.

Anthos Config Management - 1.14.3. Alpha release of AssignImage mutator, which allows mutation of Docker image paths. The constraint template library includes a new template: VerifyDeprecatedAPI. The constraint template library's K8sPodsRequireSecurityContext template now supports an exempt-list of Images using the new exemptImages parameter. The constraint template library's K8sRequireCosNodeImage template now supports an exempt-list of OS images using the new exemptOsImages parameter. Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: 8170c5f). Stopped exposing the "unable to load /repo/source/error.json" transient error in the RootSync and RepoSync API. Fixed an issue in the nomos CLI so that it works for standalone Config Sync. Fixed an issue causing a Kubernetes Service object not syncing without the .spec.ports field being specified. Fixed an issue of accidental deletion of resources caused by a race condition between *-sync, hydration-controller and reconciler containers.

Anthos clusters on bare metal - 1.14. Release 1.14.3 Anthos clusters on bare metal 1.14.3 is now available for download. Fixes: Improved maintenance mode operation by ignoring non-running pods on nodes. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section. 1.13. Release 1.13.6 Anthos clusters on bare metal 1.13.6 is now available for download. Fixes: The following container image security vulnerabilities have been fixed: CVE-2021-3449 CVE-2021-3711 CVE-2021-3712 CVE-2021-40528 CVE-2022-0778 CVE-2022-1292 CVE-2022-2068 CVE-2022-45142 CVE-2023-0215 CVE-2023-0286. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.

Apigee X - On March 23, 2023, we released an updated version of Apigee. Public preview release of Advanced API Security abuse detection Advanced API Security's new abuse detection feature lets you view security incidents involving your APIs. The two new detection rules, Advanced Anomaly Detection and Advanced API Scraper, are not available for organizations with VPC Service Controls. On March 22, we released an updated version of Apigee X. Customize SSL certs for access routing when provisioning Apigee Pay-as-you-go organizations. Receive Cloud console notifications when Pay-as-you-go provisioning completes.

AppEngine Flexible Go - Go 1.18 and 1.19 are now generally available.

Google Cloud Armor - Preview mode is now Generally Available for advanced network DDoS protection, allowing you to receive all the logging and telemetry about the detected attack without enforcing the mitigation.

Artifact Registry - The immutable tags setting is now in Preview for Docker repositories.

Bare Metal Solution - You can now provision multiple storage volumes to attach to the existing servers in a single configuration request through Google Cloud console intake form.

BigQuery ML - The following AutoML Tables model features are now generally available: Availability in additional regions. CMEK support in available regions except multi-regions US and EU. OPTIMIZATION_OBJECTIVE now accepts two additional options: MAXIMIZE_PRECISION_AT_RECALL and MAXIMIZE_RECALL_AT_PRECISION.

BigQuery - BigQuery now supports Unicode column naming using international character sets, alphanumeric and special characters.

BigTable - Cloud Bigtable is now available in the europe-west12 (Turin) region.

Cloud Build - You now have the option to use default logs buckets stored within your own project in the same region as your build.

Certificate Authority Service - General Availability: You can create resources such as certificate authorities (CA) and certificate authority pools with X.509 name constraints.

Key Access Justifications - Access Approval supports Certificate Authority Service in the GA stage. Access Approval supports Firestore in the Preview stage.

Access Transparency - Access Transparency supports Certificate Authority Service in the GA stage.

Compute Engine - Generally available: Turin, Italy, Europe europe-west12-a,b,c has launched with E2, N2, N2D, and T2D VMs available in all three zones. Your automated processes might fail if they use API response data about your resource-based commitment quotas.

Data Fusion - In Cloud Data Fusion versions 6.8.0 and 6.8.1, there's a known issue that may cause the following error: Unsupported program type: Spark. Salesforce plugins version 1.4.4 is available in all supported Cloud Data Fusion versions with the following changes: In the Salesforce Sink, added the Concurrency Mode property to let you configure the plugin for parallel or serial concurrency.

Dataflow - Dataflow is now available in Turin (europe-west12).

Dataproc - Dataproc is now available in the europe-west12 region (Turin).

Datastore - OR queries now available in Preview.

Dialogflow - Dialogflow CX sentiment analysis now supports all regions supported by Dialogflow CX and over 70 new languages.

Cloud Data Loss Prevention - The STREET_ADDRESS infoType detection model that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType.

Cloud Endpoints - As of March 21, 2023, the Cloud Endpoints Portal is no longer available.

Eventarc - Support for triggering a workflow within a service perimeter using VPC Service Controls is generally available (GA).

Cloud Firestore - OR queries now available in Preview.

Cloud Healthcare API - Viewing FHIR store metrics is generally available (GA).

Networking Interconnect - Dedicated Cloud Interconnect support is available in the following colocation facilities: Telecom Italia Cebrosa Campus, Turin For more information, see the Locations table. In addition to the existing values of 1440 and 1500, Cloud Interconnect now lets you configure your VLAN attachments with an MTU value of 1460. Dataplane v2 for Cloud Interconnect is fully available for customers using Dedicated Interconnect or Partner Interconnect in the following regions: asia-east2 (Hong Kong) asia-northeast3 (Seoul) All new VLAN attachments that you create in these regions are automatically provisioned on Dataplane v2.

KMS - Cloud KMS is available in the following region: europe-west12 For more information, see Cloud KMS locations.

Google Kubernetes Engine - The europe-west12 region in Turin, Italy is now available. (2023-R07) Version updates GKE cluster versions have been updated. Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.

GKE - (2023-R07) Version updates The following control plane and node versions are now available: 1.21.14-gke.18800 1.22.17-gke.6100 1.23.17-gke.300 1.24.11-gke.1000 1.25.7-gke.1000 The following control plane versions are no longer available: 1.21.14-gke.14100 1.22.17-gke.3100 1.25.6-gke.200 Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.21.14-gke.14600 with this release.

Google Kubernetes Engine Rapid - (2023-R07) Version updates The following versions are now available in the Rapid channel: 1.21.14-gke.18100 1.22.17-gke.6100 1.23.17-gke.300 1.24.11-gke.1000 1.25.7-gke.1000 1.26.2-gke.1000 The following versions are no longer available in the Rapid channel: 1.21.14-gke.18100 1.22.17-gke.4300 1.24.10-gke.2300 1.25.6-gke.200 Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.14-gke.18800 with this release.

Google Kubernetes Engine Regular - (2023-R07) Version updates The following versions are now available in the Regular channel: 1.21.14-gke.18100 1.22.17-gke.5400 1.23.16-gke.2500 1.24.10-gke.2300 The following versions are no longer available in the Regular channel: 1.21.14-gke.15800 1.22.17-gke.4000 1.23.16-gke.1100 Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.14-gke.18100 with this release.

Google Kubernetes Engine Stable - (2023-R07) Version updates The following versions are now available in the Stable channel: 1.22.17-gke.4000 1.23.16-gke.1400 1.24.10-gke.2300 The following versions are no longer available in the Stable channel: 1.22.17-gke.3100 1.23.16-gke.1100 Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.22.17-gke.4000 with this release.

Load Balancing - Network Load Balancing now supports user-specified weights on the backend service.

Cloud Logging - Log buckets in the following regions can now be upgraded to use Log Analytics: asia-northeast1 australia-southeast1 europe-west1 europe-west2 northamerica-northeast1 us-east1 us-west2 For more information, see Supported regions.

Cloud Monitoring - Google Cloud Managed Service for Prometheus: You can use the OpenTelemetry Collector to scrape standard Prometheus metrics and report them to Managed Service for Prometheus.

Cloud Interconnect - Dedicated Cloud Interconnect support is available in the following colocation facilities: Telecom Italia Cebrosa Campus, Turin For more information, see the Locations table. In addition to the existing values of 1440 and 1500, Cloud Interconnect now lets you configure your VLAN attachments with an MTU value of 1460. Dataplane v2 for Cloud Interconnect is fully available for customers using Dedicated Interconnect or Partner Interconnect in the following regions: asia-east2 (Hong Kong) asia-northeast3 (Seoul) All new VLAN attachments that you create in these regions are automatically provisioned on Dataplane v2.

Cloud VPN - Cloud VPN is now available in region europe-west12 (Turin, Italy).

Cloud PubSub - Pub/Sub is now available in Turin, Italy (europe-west12). Generally available: In projects protected by a service perimeter, and if using Eventarc to route events to Workflows destinations, you can create a new push subscription through Eventarc where the endpoint is set to a Workflows execution. A weekly digest of client library updates from across the Cloud SDK.

reCAPTCHA Enterprise - reCAPTCHA WAF express protection is now available in Preview.

Recommender - The ability to dismiss a recommendation is generally available via Recommender API. The export to BigQuery feature now supports custom pricing and non-project scoped recommendations. The global Recommender Viewer role is now available to get view access to all insights and recommendations available.

Cloud Run - The following new region is now available: europe-west12.

Secret Manager - Cloud Secret Manager is now available in the following region: europe-west12 For more information, see Secret Manager locations.

Security Command Center - The March 20, 2023 release of the Google Cloud SCC content pack for sending Security Command Center data to Cortex XSOAR is generally available. The version 3.0 release of the Google SCC App for QRadar, which lets you send Security Command Center data to QRadar v7.4.1FP2+, is generally available. The version 3.0 release of the Google SCC App for ELK, which lets you send Security Command Center data to Elastic Stack, is generally available. The version 2.0 release of the Google SCC Add-on For Splunk and the Google SCC App For Splunk, which let you send Security Command Center data to Splunk, is generally available.

Anthos Service Mesh - Managed Anthos Service Mesh & 1.14.x & 1.15.x & 1.16.x. In April 2023, enabling mesh.googleapis.com will automatically enable trafficdirector.googleapis.com, networkservices.googleapis.com, and networksecurity.googleapis.com. 1.16.x. Configuring Certificate Authority connectivity through a HTTP CONNECT-based proxy is now generally available (GA). 1.14.x & 1.15.x & 1.16.x. With Envoy versions 1.22 and later, the default minimal TLS version for servers changed from 1.0 to 1.2. In Anthos Service Mesh versions 1.9 and earlier, the server-side minimum TLS version for Anthos Service Mesh workloads was 1.0. Anthos clusters on AWS (previous generation) will be deprecated as of April 1, 2023.

Cloud Spanner - You can create Cloud Spanner regional instances in Turin, Italy (europe-west12). The following functions and expressions have been added to the GoogleSQL dialect: ARRAY_FILTER function ARRAY_TRANSFORM function Lambda expressions. You can now use Google Cloud tags to group and organize your Cloud Spanner instances, and to condition Identity and Access Management (IAM) policies based on whether an instance has a specific tag.

Cloud SQL MySQL - Cloud SQL for MySQL now supports minor version 8.0.32. Support for europe-west12 (Turin) region. The changes listed in the June 10 Release Notes entry for faster machine type changes have been postponed for Cloud SQL for MySQL.

Cloud SQL Postgres - Support for europe-west12 (Turin) region. Smaller read replicas are now available for Cloud SQL.

Cloud SQL SQL Server - Support for europe-west12 (Turin) region.

Cloud Storage - Cloud Storage is now available in Turin, Italy (europe-west12 region). Objects smaller than 128KiB stored in buckets with Autoclass enabled are no longer managed by Autoclass. The following US regions are now available for dual-region storage: Los Angeles (us-west2) Salt Lake City (us-west3). The following EU regions are now available for dual-region storage: Warsaw (europe-central2) Madrid (europe-southwest1) Frankfurt (europe-west3) Milan (europe-west8) Paris (europe-west9).

Cloud TPU - Cloud TPUs now support the PyTorch 2.0 release, via PyTorch/XLA integration.

Vertex AI - Vertex AI supports running Explainable AI on certain types of BQML models when they are added to the Vertex AI Model Registry (GA). Vertex AI Feature Store The ability to delete feature values from an entity type is now generally available (GA). Vertex AI Prediction You can now use N2, N2D, C2, and C2D machine types to serve predictions.

Video Stitcher API - Slates and CDN keys are now created using long-running operations.

VPC Service Controls - Preview stage support for the following integration: Resource Manager tags API.

Virtual Private Cloud - For auto mode VPC networks, added a new subnet 10.210.0.0/20 for the Turin europe-west12 region. Managing Shared VPC with the Shared VPC Admin role at the folder level is available in General Availability.

Workflows - Support for triggering a workflow using Eventarc within a VPC Service Controls perimeter is generally available (GA).

 

Latest Issues




Contact

Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]