Welcome to issue #341 April 10th, 2023


Cloud Deploy DevOps Official Blog

Google Cloud Deploy adds canary and parallel deployment support - With support for canary and parallel deployment, Google Cloud Deploy provides advanced deployment capabilities to GKE, Cloud Run, and Anthos.

Cloud SQL Official Blog

Data Cloud & AI Summit round-up: What’s new in Cloud SQL - A round-up of new launches for Cloud SQL, a relational database management system that works for you.

Cloud Dataflow Data Analytics Official Blog

Introducing vertical autoscaling for batch Dataflow Prime jobs - The new vertical autoscaling feature reduces the incidence of out-of-memory (OOM) errors in Dataflow Prime jobs.

BigQuery Data Analytics Official Blog

Bring analytics to your data: What’s new with BigQuery federated queries - BigQuery federated queries gets SQL pushdown, private IP access, priority queues for Spanner federation, and Spanner-to-BigQuery JSON type mapping.

BigQuery Datastream Official Blog Serverless

Datastream’s PostgreSQL source and BigQuery destination now generally available - Seamless and low-latency replication from operational databases, including PostgreSQL, directly to BigQuery, enabling near real-time insights.

Networking Official Blog Security

Announcing Firewall Insights support for firewall policies and trend-based analysis - Firewall Insights introduces enhancements to offer support for firewall policies and trend-based analysis. Here’s what’s new, and how it can help optimize your firewall configuration.

Cloud Load Balancing Cloud Run Networking Official Blog Serverless

Cloud Load Balancing: A comprehensive solution for secure and private access to Cloud Run services - Now, you can configure Cloud Run services as backends to internal and regional external HTTP(S) Google Cloud load balancers.

Compute Engine Official Blog SRE

Monitor the health of your VM fleets in the Compute Engine console - The new Observability tab in the Compute Engine console provides insights into CPU, memory, network, disk, live processes, and system events.

Data Analytics Official Blog SAP

Accelerate Procure-to-Pay insights with Google Cloud Cortex Framework - Leverage Cortex Framework to accelerate Procure-to-Pay operational reporting on vendor performance, spend analysis and accounts payable.

Data Analytics Official Blog SAP

Accelerate Inventory Management insights with Google Cloud Cortex Framework - Now, you can leverage Cortex for Supply Chain operational reporting on inventory management.

GCP Certification Official Blog

Expand your multicloud resume with new courses and skill badges - New on-demand courses on Google Cloud Skills Boost and Coursera and skill badges.

Official Blog Security

Google named a 2023 Strong Performer in the Gartner Peer Insights™ Voice of the Customer for Security Information and Event Management - Reviewers from Gartner Peer Insights Customers’ Choice rated Chronicle SIEM a 4.8/5 star rating, with 91% saying they would recommend Chronicle SIEM.


Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

GKE Autopilot Official Blog

Autopilot is now GKE’s default mode of operation — here’s what that means for you - GKE Autopilot provides faster time-to-market, always-on reliability, an improved security posture, and lower TCO for managed Kubernetes.

Confidential Computing Official Blog

How to secure digital assets with multi-party computation and Confidential Space - To help customers use multi-party computation and Confidential Space, we’ve described a reference architecture for implementing MPC-compliant blockchain signing.

Google Kubernetes Engine Official Blog

Building multiplayer Google Doodle games with GKE, Open Match and Agones - Google makes its own games for the Search homepage using Kubernetes, managed game services and open source software.

Billing Official Blog

Framing up Cloud FinOps: 3 questions, answered - Common questions about Cloud FinOps include what is it, how do you scale it, and how to get started in your organization.

Config Connector Infrastructure Kubernetes

Are Terraform’s days numbered? - An exploration of Kubernetes Resource Manager and the Google Config Connector.

Google Kubernetes Engine Kubernetes NodeJS

Running Node.js Database Migration Scripts in a Kubernetes Pod on Google Cloud Platform - In this article, we will demonstrate how to run Node.js database migration scripts in a Kubernetes pod on Google Cloud Platform.

DevOps Official Blog Security

Realize policy-as-code with Pulumi through CrossGuard on Google Cloud - Learn how to use Pulumi’s CrossGuard with Google Cloud to set guardrails on infrastructure to be provisioned that comply with your organization’s security policies.

App Development, Serverless, Databases, DevOps

Cloud Deploy Cloud Run Official Blog Serverless

Promoting pre-prod to production in Cloud Run with Google Cloud Deploy - Best practices for Cloud Run and Cloud Deploy make it smooth to separate and promote between pre-prod and prod.


CloudEvents Basics - An overview of CloudEvents.

Cloud Spanner Official Blog

Spanner under the hood: Understanding strict serializability and external consistency - Spanner transaction scheduling provides "Strict Serializability" and "External Consistency" which is considered perfect isolation and consistency.

Cloud Spanner Official Blog

Cloud Spanner performance gains by using storing clause in indexes - Improving performance of Spanner queries with a secondary index and extra columns.

Cloud SQL Official Blog

Active Directory Diagnosis Tool for Cloud SQL - Introducing a tool for Cloud SQL for SQL Server customers to quickly troubleshoot Active Directory setup issues for their on-premises environment.

Apigee Official Blog Public Sector

Unifying government platforms with API management - API management can help government agencies centralize their digital services securely and easily.

AlloyDB Cloud Functions

Connect to AlloyDB for PostgreSQL using Cloud Functions - This blog post explains how to connect to AlloyDB using Cloud Functions.

Cloud SQL Official Blog Terraform

Terraform support for enabling Cloud SQL Query Insights - Terraform allows quick and easy setup of Cloud SQL database insights to help monitor telemetry and solve latency.

Big Data, Analytics, ML&AI

Official Blog Vertex AI

How you can automate ML experiment tracking with Vertex AI Experiments autologging - Use autologging to track experiments, artifacts, metrics and more, with just one command.

Data Analytics GCP Experience Official Blog

Why next-gen analytics needs comprehensive data quality monitoring with Anomalo - How Anomalo, a Google Cloud Ready - BigQuery partner, helps solve the need for deep data observability in Google BigQuery.

AI Official Blog TPU

Google’s Cloud TPU v4 provides exaFLOPS-scale ML with industry-leading efficiency - A new paper describes how Google’s Cloud TPU v4 outperforms TPU v3 by 2.1x on a per-chip basis, and improves performance/Watt by 2.7x.

Google Cloud Platform Official Blog

Meet the Data Champions: How Goodcall is bringing the power of AI to Main Street Businesses - Startup Goodcall leverages Google Cloud machine learning technologies to bring the power of Speech AI to small businesses.

Data Analytics Official Blog

Unify your data assets with an open analytics lakehouse - An analytics lakehouse on Google Cloud is designed to address the data needs for all users including data analysts, data engineers, and data scientists.

Cloud Dataproc

Understanding CPU Oversubscription in Dataproc/Hadoop - This post explains the what, how and the why about CPU oversubscription in Hadoop clusters. It attempts to clear general misconceptions.

Data Science Python

Creating a Google Looker Studio Dashboard — Populating it with data - A step-by-step guide on building an automated process to update a Looker Studio dashboard.

Data Analytics Dataplex Official Blog

How Dataplex can improve data auditing, security, and access management - Data is one of the most important assets of any enterprise. Here’s how you can use Google Cloud’s Dataplex to improve data auditing, security, and access management.

BigQuery Billing

Some Things to Know About BigQuery Editions - An overview of new BigQuery pricing options.

BigQuery Billing

Let’s cost optimization with new BigQuery pricing - Example of estimating new BigQuery costs on existing data.

BigQuery Billing Cloud Storage

How we mapped out USD 15K+ cost reduction per Month for our Cloud Data Platform - Tracking and monitoring BigQuery costs.

BigQuery Billing Data Analytics Visualization

How to Monitor BigQuery Usage and Costs on GCP with Interactive Visualizations in Looker Studio - Five visualizations that provide comprehensive insights into BigQuery usage and costs.

Machine Learning PyTorch Vertex AI

Training and serving PyTorch models in the Google Cloud with Vertex AI pipelines - Using PyTorch with Vertex AI.


Business Official Blog

Maximize your startup investment with Cloud Operations, Cloud Billing and Customer Care - Startups can make the most of their investment in Google Cloud by learning about the operations suite, Cloud Billing, and Cloud Customer Care.

GCP Certification Official Blog

Innovators Plus subscribers on fast track to Google Cloud certification - An Innovators Plus subscription now provides access to 1-to-1 consultations with Google Cloud experts, and access to Google Cloud Trainer Talks.

Slides, Videos, Audio

Security Podcast - #115 How to Approach Cloud in a Cloudy Way, not As Somebody Else’s Computer?



AlloyDB - AlloyDB for PostgreSQL is available in us-west2 (Los Angeles).

Anthos clusters on Azure - You can now launch clusters with the following Kubernetes versions: 1.23.16-gke.2800 1.24.10-gke.1200 1.25.6-gke.1600. Fixed an issue that could cause cluster upgrades to fail if certain types of validating admission webhooks are registered. This release fixes the following vulnerabilities: CVE-2023-25153 CVE-2023-25173 CVE-2023-0286 CVE-2022-4450 CVE-2023-0215 CVE-2022-2097 CVE-2022-4304.

Anthos clusters on VMware - Anthos clusters on VMware 1.14.3-gke.25 is now available. We now allow storage DRS to be enabled in manual mode. We now backfill the OnPremAdminCluster OSImageType field to prevent an unexpected diff during cluster update. Fixed the following vulnerabilities: Critical container vulnerabilities: CVE-2022-32221 High-severity container vulnerabilities: CVE-2021-3449 CVE-2022-3970 Container-optimized OS vulnerabilities: CVE-2022-27239 CVE-2019-18276 CVE-2022-46663 CVE-2022-48303 CVE-2020-17437 CVE-2022-1304.

AppEngine Standard NodeJS - The Node.js runtime now supports the use of Yarn 2 for configuring private modules hosted in Artifact Registry.

AppEngine Standard PHP7 - The PHP 8.2 runtime for App Engine standard environment is now available in preview.

BigQuery - The add data demo guide walks you through the process of adding data to BigQuery through popular sources and is now in preview. Non-incremental materialized views support most SQL queries, including OUTER JOIN, UNION, and HAVING clauses, as well as analytic functions. BigQuery is now available in the Israel (me-west1) region.

BigTable - The Cloud Bigtable documentation has been updated to include guidance on using regional endpoints.

Cloud Build - Users can generate Supply chain Levels for Software Artifacts (SLSA) build provenance information for standalone Maven and Python packages when they upload artifacts to Artifact Registry using new fields available in the Cloud Build config file.

Chronicle - Google has added Australia (Sydney) as a new region for Chronicle customers.

Compute Engine - Preview: Accelerator-optimized (G2) machine types are now available on Compute Engine.

Database Migration Service - You can now set up cascading read replicas after you migrate data to a Cloud SQL destination instance using Database Migration Service.

Dataproc - Announcing the General Availability (GA) release of Key Access Justifications for Dataproc.

Datastream - Datastream support for BigQuery as destination is now generally available (GA). Datastream support for PostgreSQL as source is now generally available (GA).

Deep Learning VM - M106 Release Rolled back a previous change in which Jupyter dependencies were located in a separate Conda environment.

Cloud Deploy - Google Cloud Deploy now provides the ability to use a canary deployment strategy, supported in preview.

Cloud Data Loss Prevention - To help you understand and test the discovery service, Cloud DLP has made it easier for you to test profiling on a single table.

Eventarc - Support for specifying the encoding of the event payload data as either application/json or application/protobuf through an eventDataContentType field is available.

Cloud Functions - Cloud Functions now supports the use of the Yarn 2 package manager with private node.js modules. You can now use uppercase letters and underscores in the function name you specify for a 2nd gen function when you deploy the function. Cloud Functions has added support for a new runtime, PHP 8.2, at the Preview release level.

IAM - Workforce identity federation and workload identity federation can now accept encrypted SAML assertions.

Identity-Aware Proxy - Support for Identity-aware Proxy (IAP) with Cloud Run to use identity and context to guard access to your applications is now at general availability (GA).

Google Kubernetes Engine - The g2-standard machine family with NVIDIA L4 is available in Preview for node pools in clusters running GKE version 1.22 and later. GKE now supports a streamlined Fleet registration process, allowing users to register their clusters to a Fleet directly when clusters are created using the gcloud command.

Load Balancing - Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. Forwarding rules for external TCP/UDP network load balancers can now be configured to direct traffic coming from a specific range of source IP addresses to a specific backend service (or target instance). Internal HTTP(S) load balancers and internal TCP proxy load balancers now support global access.

Cloud Logging - Cloud Logging now uses one service account and writer identity for all the sinks in a resource container that route logs to an external resource.

StratoZone - Added Microsoft License Assessment Report that provides total cost of ownership (TCO) estimates for Microsoft workloads, highlighting potential opportunities to optimize cost. Updated AWS collection script to support Amazon RDS for SQL Server. Updated Oracle assessment to support AlloyDB for PostgreSQL as a target. StratoProbe - added support for additional SSH MAC algorithms. StratoProbe - changed the default de-duplication logic to use fingerprints instead of FQDN. Fixed a display issue with number of cores/threads on the Database Results page. Fixed an issue with filtering cloud services using assessment names. Fixed a display issue with pricing details on Sole Tenant pricing page. Fixed in issue where in some cases the minimum GCVE cluster size was getting set to four nodes instead of three. StratoProbe - fixed an issue with Google Cloud fit recommendation collection to handle various credential formats.

Cloud Monitoring - A new interface for creating charts with Metrics Explorer is in Public Preview. The time-range selector in select Cloud Monitoring pages has been updated to support a larger set of time range options, such as preset times, custom start and end times, and relative time ranges. You can now configure metric-based alerting policies to send repeated notifications for open and acknowledged incidents.

reCAPTCHA Enterprise - reCAPTCHA Enterprise Mobile SDK v18.1.2 is now available for Android.

Cloud Run - Support for Identity-aware Proxy (IAP) with Cloud Run to use identity and context to guard access to your applications is now at general availability (GA). Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer.

Secret Manager - Secret Manager support for zone separation is now generally available.

Anthos Service Mesh - 1.17.x. 1.17.2-asm.1 is now available for in-cluster Anthos Service Mesh. The Envoy projects recently disclosed a series of CVEs that can expose Anthos Service Mesh to remotely exploitable vulnerabilities. Anthos Service Mesh now supports multi-cluster, multi-network meshes on Anthos clusters on Azure. The asmcli flag --option vm used by the now deprecated Compute Engine virtual machine feature has been removed. 1.14.x. 1.14.6-asm.11 is now available for in-cluster Anthos Service Mesh. 1.15.x. 1.15.7-asm.1 is now available for in-cluster Anthos Service Mesh. 1.16.x. 1.16.4-asm.2 is now available for in-cluster Anthos Service Mesh. 1.14.x & 1.15.x & 1.16.x. Anthos clusters on AWS (previous generation) is deprecated as of April 1, 2023.

Cloud SQL - Cascading Replicas is now generally available when migrating from external servers.

Cloud Storage Transfer - Support for Manifest in Storage Transfer Service is now generally available (GA).

Cloud Storage - Cloud Storage FUSE is now available in Preview.

Transcoder API - Overlays can now be created using PNG images (with or without transparency). Batch mode is now supported.

Vertex AI - M106 Release The M106 release of Vertex AI Workbench user-managed notebooks includes the following: Rolled back a previous change in which Jupyter dependencies were located in a separate Conda environment. The Vertex AI Matching Engine service now offers Preview support for deploying an index to a public endpoint. Vertex AI Prediction You can now view logs for Vertex AI Batch Prediction jobs in Cloud Logging. The Vertex AI Model Registry now offers Preview support for model copy between regions.

Virtual Private Cloud - General Availability: Private Service Connect endpoints with consumer HTTP(S) controls support accessing regional Google APIs and published services using the following load balancers: Regional internal HTTP(S) load balancer Regional external HTTP(S) load balancer.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]