Welcome to issue #354 July 10th, 2023


Cloud Firestore Official Blog Serverless

Manage multiple Firestore databases in a project - Firestore adds feature support for creating multiple FIrestore databases in a Google Cloud project.

Cloud NAT GCP Experience Networking Official Blog

How Google Cloud NAT helped strengthen Macy’s security - Macy’s needed a way to perform network address translation to ensure its clusters could create outbound connections to the internet without needing public IP addresses. Here’s why they chose Google Cloud NAT.

Official Blog Public Sector

Google Workspace earns Dutch government's stamp of approval - The Dutch government affirms Google Workspace for the Netherlands public sector and education institutions.

BigQuery Earth Engine GIS Official Blog

A connector to bring Earth Engine and BigQuery closer together for geospatial analytics - Earth Engine and BigQuery share the goal of making large-scale data processing accessible and usable by a wider range of people and applications.

Google Cloud Platform Official Blog

Expanding 24/7 multilingual support: Now in Mandarin Chinese and Korean - 24/7 technical support is now available in Korean, and we’re extending 24/7 Mandarin Chinese support to Enhanced Support customers.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes


Recovering a Deleted Default Service Account in Google Cloud Platform - Operation type start failed error message often indicates that the default service account for Compute Engine has been deleted.

Infrastructure Security

Google Cloud Platform Security Checklist : Part 6/7 — Data Security - Best practices for securing Google Cloud Platform in the context of data products.

Gitlab Official Blog Terraform

Configuring Workload Identity Federation for GitHub actions and Terraform Cloud - Workload Identity Federation can be integrated with external providers, such as Gitlab, GitHub actions and Terraform Cloud.

GCP Experience Official Blog

Modernizing telecommunications and keeping the UK connected - Virgin Media and O2 migrated to Google Cloud to transform from a traditional telecommunications business to the 21st-century tech company.

Official Blog Security

Securing software supply chain with Endor Labs Dependency Management on Google Cloud - With Endor Labs’ Dependency Lifecycle Management solution on Google Cloud, Endor Labs helps security and development teams accelerate development by safely maximizing software reuse.

Anthos GCP Experience Official Blog

Banco BV modernizes its banking apps with GKE and Anthos - Using GKE and Anthos for multicluster management, Banco BV modernized its banking applications, making them more efficient, scalable, and reliable.


Cloud Custodian integration with GCP for Auto-Remediation and Compliance - The blog is intended to be a starting point for readers who are interested in learning more about GCP Custodian integration, an open source project that allows you to manage your cloud resources by filtering, tagging, and then applying actions to them.

BeyondCorp GCP Certification

Using Google’s BeyondCorp to secure on-premises web applications - An overview of deployment options for BeyondCorp Enterprise and highlight why a customer would choose some over the others while thinking about securing of on-premises applications with BCE.

Cloud Monitoring Google Kubernetes Engine

Kubernetes HPA using Google Cloud Monitoring metrics - This blog post explores the utilization of metrics available in Google Cloud Monitoring to configure the Horizontal Pod Autoscaler object for autoscaling Kubernetes workloads.

Google Kubernetes Engine Kubernetes

On the state of cost optimization in Kubernetes - Explanation of the importance of setting resource requests.


The unexpected permissions in the Viewer role on Google Cloud - Viewer basic role is convenient because it’s harmless, only view resources. But are you really sure? Let’s check that!


Exploring Eclipse IDE Attack Vectors: Unveiling Google Cloud Tools Plugin Vulnerabilities - This blog post describes a security research journey for Google Cloud Tools Eclipse plugin.

App Development, Serverless, Databases, DevOps

Apigee Cloud Run Official Blog Serverless

Access private serverless services from an API platform using Private Service Connect - Learn how to access your serverless application using private connectivity and API’s.

Official Blog Workflows

Workflows executing other parallel workflows: A practical guide - Explore how you can configure Google Cloud Workflows to run parallel tasks by using parent and child workflows.

Cloud SQL Official Blog

Cloud SQL for PostgreSQL - A deep dive into VACUUM FAQs - Learn about VACUUM, a garbage collector for PostgreSQL, and how it helps maintain database performance.

Monitoring Official Blog

End-to-end monitoring for web and mobile applications with Sentry - Sentry performance monitoring identifies errors, and tracks metrics such as CPU and memory usage to find performance problems in your applications.


Use Google Palm with Golang - Generative AI is very trending and useful tool to add in applications but Golang does not benefit of any client library. Here a solution!

Cloud Run Serverless

Google Cloud Serverless Platform Highlights Series — Episode 9: Cloud Run Websockets Triggering - Hello Everyone,.

Big Data, Analytics, ML&AI

BigQuery Billing

Calculating Spend for Autoscaling Reservations in BigQuery Editions - This blog post will walk through understanding your BigQuery autoscaling slot usage to determine how much is being spent on extra slots.

BigQuery Data Science Machine Learning

5 Useful Tips To Change Your BigQuery Experience - Sharing the game-changing tips I wish someone told me 5 years ago..

AI Official Blog Vertex AI

Formulating a more effective way to identify vehicle damage with Explainable AI - KBTG Labs improves the automobile insurance claims validation and settlement process using Vertex AI, AutoML, and Explainable AI to detect vehicle damages.

BigQuery Terraform

Create BigQuery Datasets and Tables with Terraform in an elegant and scalable way - This article shows a use case with the creation of BigQuery Datasets with Tables using Terraform in an elegant and scalable way.

BigQuery Python

Transferring software into open-source space - BQuest is a library for running unit test for BigQuery.

Big Data BigQuery GIS

Blueprints to BigQuery: A Deep Dive into Large-Scale Spatial Joins for Building Footprints - Improving data processing efficiency for Geo data in BigQuery.

Big Data BigQuery Storage

BigQuery Storage Billing Models - Can you save on your BigQuery Storage costs? Let’s see by exploring the different pricing models and how to use the information available.

Machine Learning Python Vertex AI

Vertex AI Feature Store - Feature ingestion and serving pipeline on GCP with Python.

Data Science Kubeflow Machine Learning

Kubeflow Pipelines: Orchestrating Machine Learning Workflows With Ease - Everything you need to know about Kubeflow Pipelines for Machine Learning Pipelines.

AI Cloud Run Vertex AI

Running Large Language Models on Google Cloud Platform via Cloud Run, VertexAI and PubSub - LLMOps on GCP - Running LLMs on Google Cloud.

Slides, Videos, Audio

Security Podcast - #128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why.



Google Kubernetes Engine Stable - (2023-R15) Version updates Version 1.26.5-gke.1200 is now the default version in the Stable channel.

Load Balancing - The Cloud Load Balancing Console now allows you to see the equivalent API code for actions you take in the Console.

Cloud Monitoring - You can now troubleshoot common GKE issues like unschedulable pods and crashlooping containers by using the new "interactive playbook" dashboards in Cloud Monitoring. The Google Cloud console can now automatically install the Ops Agent for you when you create a VM instance.

Policy Intelligence - You can use Policy Troubleshooter to troubleshoot deny policies.

reCAPTCHA Enterprise - reCAPTCHA Enterprise Mobile SDK v18.2.2 is now available for iOS.

Cloud Run - Long running jobs greater than 1 hour are now supported (in Preview).

Cloud SQL - Cloud SQL now supports non-RFC 1918 IP address ranges, including privately used public IP addresses.

Cloud Storage - Custom audit logging for Cloud Storage is now generally available (GA).

Vertex AI - Vertex AI model evaluation is now generally available (GA) with the following new Preview features: Model evaluation with sliced metrics.

Virtual Private Cloud - Moving a reserved external IPv4 address from one project to another is available in General Availability.

Workflows - Support to define environment variables at deployment time is available in Preview.

AlloyDB - The extension pgvector has been added to the extensions supported by AlloyDB.

Anthos clusters on VMware - The following issues are fixed in 1.14.6-gke.23: Fixed a known issue where $ in the private registry username caused admin control plane machine startup failure. The following vulnerabilities are fixed in 1.14.6-gke.23: High-severity container vulnerabilities: CVE-2023-2454 CVE-2023-27561 CVE-2022-29154.

Apigee X - On July 6, 2023, we released an updated version of Apigee X. Preview release of Pay-as-you-go pricing with updated attributes Apigee is updating its Pay-as-you-go pricing model, making it possible to start using Apigee at a significantly reduced initial cost and right-size ongoing expenses to match precise usage. Preview release of new environment types Apigee announces the Preview release of three distinct environment types: Base, Intermediate, and Comprehensive. Preview release of standard and extensible API proxies Apigee announces the Preview release of standard and extensible API proxies, available for use with preview organizations using Pay-as-you-go (updated attributes) pricing. Preview release of new HTTPModifier and ReadPropertySet policies and templating support for messageelements Apigee announces the Preview release of the HTTPModifier and ReadPropertySet policies.

Cloud Asset Inventory - The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning). The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies). The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

Batch - Documentation has been added to explain how to apply labels to a Batch job and its resources. Batch is available in the following regions: asia-northeast2 (Osaka) asia-northeast3 (Seoul) australia-southeast1 (Sydney) europe-west1 (Belgium) europe-west9 (Paris) For more information, see Locations. Samples in C++ are available for Batch.

BigQuery - Spanner Data Boost lets you execute analytics queries and data exports with near-zero impact to existing workloads on your provisioned Spanner instance. BigQuery is now available in the Turin (europe-west12) and Doha (me-central1) regions. You can use the LOAD DATA SQL statement to load data from Avro, CSV, newline delimited JSON, JSON, ORC, or Parquet files into a table. The slot estimator now provides cost-optimal commitment and autoscale recommendations based on editions pricing and historical performance metrics. The fail-safe period is now generally available (GA). The ability to use physical bytes for storage billing is now generally available (GA). The ability to configure the time travel window is now generally available (GA). BigQuery capacity commitments have changed as follows: Annual commitments are now only available in Enterprise or Enterprise Plus edition. You can now restrict data egress on Analytics Hub listings.

Certificate Authority Service - v1. Certificate Authority Service now supports Workforce identity federation.

Chronicle - Enhancements to outcome section in rules: Outcome variables can be used to derive the value of another outcome variable.

Compute Engine - Generally available: You can now use a regional Persistent Disk as a VM boot disk.

Dataproc Serverless - Dataproc Serverless Spark 1.1 and 2.0 runtime subminor versions can now be used 365 days after their release (instead of 90 days). The goog-dataproc-batch-id, goog-dataproc-batch-uuid and goog-dataproc-location labels are now automatically applied to Dataproc Serverless batch resources. Dataproc Serverless for Spark now supports updating the BigQuery connector using the dataproc.sparkBqConnector.version and dataproc.sparkBqConnector.uri properties see Use the BigQuery connector with Dataproc Serverless for Spark. New Dataproc Serverless for Spark runtime versions: 1.1.22 2.0.30 2.1.9.

Datastore - Multiple databases now available in Preview.

Dialogflow - Dialogflow CX conversation history has been promoted from Preview to GA (generally available). Dialogflow CX minimum voice session duration for pricing has been decreased from 1 minute to 1 second. Dialogflow CX now provides prebuilt components, which are prebuilt flows that handle common scenarios and accelerate agent development. The following Dialogflow CX features have been promoted from Preview to GA (generally available): GitHub export/restore Interaction logging export to BigQuery.

Cloud Firestore - Multiple databases now available in Preview.

Google Kubernetes Engine - (2023-R15) Version updates GKE cluster versions have been updated.

GKE - (2023-R15) Version updates The following control plane and node versions are now available: 1.22.17-gke.14100 1.23.17-gke.8400 1.24.14-gke.2700 1.25.10-gke.2700 1.26.5-gke.2700 1.27.3-gke.100 The following control plane versions are no longer available: 1.22.17-gke.8000 1.22.17-gke.11400 1.23.17-gke.5600 1.24.12-gke.500 1.24.12-gke.1000 1.24.13-gke.500 1.26.3-gke.1000 Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.17-gke.6800 with this release.

Google Kubernetes Engine Rapid - (2023-R15) Version updates Version 1.27.2-gke.2100 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2023-R15) Version updates The following versions are now available in the Regular channel: 1.23.17-gke.7000 1.24.14-gke.1400 1.25.10-gke.1400 1.26.5-gke.1400 The following versions are no longer available in the Regular channel: 1.23.17-gke.6800 1.24.13-gke.2500 1.25.9-gke.2300 1.26.3-gke.1000 Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.7000 with this release.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]