Welcome to issue #359 August 14th, 2023


Cloud NAT Networking Official Blog

Announcing general availability of Cloud NAT support for network services Standard Tier - We are excited to announce general availability of Cloud NAT support for Standard Tier Egress, which can help customers benefit from Cloud NAT with additional cost savings.

Cloud Monitoring Official Blog

Create PromQL alerts in Cloud Monitoring now in Public Preview - You can now create globally scoped alerting policies based on PromQL queries alongside yourtheir Cloud Monitoring metrics and dashboards.

Cloud Memorystore Official Blog

Memorystore adds version support for Redis 7.0 - Memorystore now supports Redis 7.0, including support for Redis Functions, and improved in-transit encryption (TLS) performance.

BigQuery Official Blog

BigQuery now supports manifest files for querying open table formats - Read about how BigQuery now allows you to use manifest files for querying open table formats.

Official Blog SAP

Future-proofing your SAP HANA deployment on Google Cloud with SUSE for scale-out high availability - Partnering with SUSE, we’ve streamlined the process of rolling out an SAP HANA Scale-out high availability deployment, for increased efficiency.

Google Maps Platform Official Blog

New ISO 27001 and SOC Security Certifications for Google Maps Platform

Official Blog Speech to Text

Cloud Speech-to-Text V2 API and Chirp are now Generally Available with new lower pricing tier - Google Cloud’s Speech-to-Text V2 API is now GA, including Chirp and new pricing.

Official Blog Workload Identity Federation

Introducing new capabilities in Workforce Identity Federation to help you effectively manage identity and access to Google Cloud - New capabilities and services in Workforce Identity Federation can make it easier to manage your identity and access across multiple Google Cloud services.

Assured workloads Official Blog Public Sector

Additional IL5 services available for the DoD with Google Assured Workloads

Google Maps Platform Official Blog

Ensuring fast, reliable deliveries for customers with Google Maps Platform - The Skroutz team shares how they were able to automate its routing at scale and handle its deliveries in a more robust and agile manner, improving efficiencies and increasing delivery fulfillment rates with Google Maps Platform.

BigQuery Official Blog

Introducing new SQL functions to manipulate your JSON data in BigQuery - Learn how new SQL functions for BigQuery JSON give you more capabilities in dealing with JSON data.

Billing Official Blog Prometheus

Improved cost visibility and 60 percent price drop for Managed Service for Prometheus - We’ve dropped pricing for samples ingested into Managed Service for Prometheus by 60%, and improved our metrics management interface.

HPC Official Blog

Introducing H3 compute-optimized VMs for high performance computing (HPC) - New H3 VMs are optimized for high performance computing and offer improved price/performance compared to C2 instances.


Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Chronicle Official Blog

Chronicle CyberShield - Google Cloud’s Approach to Strengthen Nation-wide Cyber Defense - Chronicle CyberShield can provide governments agencies with a platform that integrates threat intelligence, detection, and response.

Official Blog Public Sector

CyberShield: helping governments stand united against cyber attacks

Cloud Interconnect Networking Official Blog

Advanced Networking Demo videos — Cross-Cloud Interconnect edition - Two new additions to the Advanced Networking video series showcase Cross-Cloud Interconnect and how to configure connections to other cloud providers.

Google Kubernetes Engine Official Blog

Maximizing Reliability, Minimizing Costs: Right-Sizing Kubernetes Workloads - Easily optimize your Kubernetes workloads with GKE's Workloads At Risk dashboard; detect and address risk before performance.

Google Kubernetes Engine Kubernetes Security

Strengthening GKE Security and Observability - A deep dive into the realms of GKE security and observability, exploring essential considerations, industry best practices, and powerful tools that can fortify your GCP environment.

Monitoring Security

Setting Alerts for SSL certificate Expiry in a GCP Project - This article explains how to set alerts for SSL certificate expiry in a GCP project.

Google Kubernetes Engine Kubernetes Security

Securing Your Software Supply Chain: Exploring Binary Authorization in GKE - Part 1 - An overview of Binary Authorization in GKE.

Google Kubernetes Engine Infrastructure Networking

Navigating Scalability and Efficiency with GCP Multi-Cluster Ingress - This article explores the benefits and practical information of Multi-Cluster Ingress.

Security VPC Service Controls

Should I use VPC Service Controls? - VPC-SC is a technical security capability in Google Cloud that helps to protect against data exfiltration and unauthorised access to data.

Cloud Interconnect Monitoring Network Intelligence Center Networking

3 Simple Steps to Monitor Your GCP Interconnect - Get real-time insight into GCP Interconnect availability and performance.

Networking Official Blog

Networking and security at Google Cloud Next: A guide to must-attend sessions - We curated a list of the top sessions for networking and networking security professionals at Google Cloud Next ‘23.

App Development, Serverless, Databases, DevOps

Google Maps Platform Official Blog

Commonly asked questions about our recently launched Photorealistic 3D Tiles - Since the launch of our Experimental Photorealistic 3D Tiles at I/O in May, we’ve been thrilled to see all of the developer excitement and demos featuring the product. We’ve also received a lot of questions from developers. Together with Lisa Bos, Senior Product Manager at Cesium, we’re highlighting the most commonly asked questions we’ve received from developers.

Official Blog Sustainability

How to sustainably transform while minimizing risk - Sustainable transformation means adapting to the global community landscape, sustainable product design, and mitigating physical climate risk.

GCP Experience Official Blog

How DeNA developed a live streaming app in just 2 months with Live Stream API - To develop a live-streaming platform within a short time frame of two months, DeNa has leveraged Live Stream API and a host of Google Cloud.

Billing Official Blog

Using Google Cloud’s new Pricing API - Now in public preview, the new Google Cloud Pricing API builds on the Catalog API and opens up multiple possibilities for pricing and cost analysis.

Official Blog Speech to Text

Making social robot conversations more natural with Speech-to-Text - Mixi has turned to Speech-to-Text by Google Cloud to improve the speech recognition of its social robot, Romi, while keeping costs low.

Apigee Cloud Run DevOps Eventarc

Trigger a Cloud Run service starting from an (Apigee) audit log event with EventArc - This article provides a step-by-step guide on how to build the necessary architecture to trigger a Cloud Run service from an Audit Log Event with Eventarc.

API API Gateway Cloud Functions

Securing Cloud Functions with GCP API Keys and “x-api-key” Header. - An article following up on “Integrating API gateway with cloud functions”.


GCP Monitoring with Graphite and Grafana - Using Graphite and Graphana for monitoring on GCP.

Compute Engine IAM

Exploring the Google Cloud OS Login feature and Service Accounts - Providing additional convenience and governance within your Google Cloud Organization.

Billing Data Science GCP Experience Python

Taking 5 Minutes To Make These Tweaks Reduced My GCP VM Costs From $110 to $30 A Month - Understand Google Cloud Platform pricing, VM configurations and virtual environments to save > $700 a year.

Cloud SQL Database Migration Service Migration

Homogeneous Migration of Large PostgreSQL Databases to Cloud SQL using Native Replication - Database setup and migration steps for PostgreSQL to Cloud SQL.

Cloud Logging

Utilizing GCP Logs for Performance Improvement on Pinhome Mobile Website - Using Cloud Logging logs to detect slow pages and improve speed.

Compute Engine Migration

Disk Migration: A Strategic Transition - An overview of Migrating VM disks.

Big Data, Analytics, ML&AI

AI Official Blog

4 key learnings to kickstart your startup's generative AI journey - Learn about the latest AI technologies on Google Cloud during our ‘Generative AI for Startups’ webinar on-demand.

Data Analytics GCP Experience Official Blog

How Asahi Group fostered a culture of innovation by building a data analysis platform - Through a data analysis platform built on Google Cloud, Asahi Group can accelerate its pace of innovation and improve how it uses data across the organization.

Airflow Cloud Composer Official Blog

Reduce Airflow DAG parse times in Cloud Composer - A low DAG parse time serves as a reliable indicator of a healthy Cloud Composer / Airflow environment.

Cloud Dataproc Scala

Spark Scala job with Dataproc Serverless - 1. Explanation of the use case presented in this article.

Official Blog

Building Generative AI applications made easy with Vertex AI PaLM API and LangChain - Augmenting LLMs with external systems is key to building GenAI apps. Learn how you can easily build such apps using Vertex AI PaLM API & LangChain.

Ensuring data localization compliance on data movement between BigQuery regions - This blog post introduces some opinionated best practices to facilitate cross-border transfers in a privacy-safe and compliant way in BigQuery.

BigQuery BigQueryML Machine Learning Vertex AI

Scaling your SQL-only ML models to production - Take your BQML models to production with Vertex AI.

AI GCP Experience

Hear from One AI, a fast-growing seed-stage startup on what to consider when selecting a cloud provider - At the 2023 Google Cloud Startup Summit, One AI and MongoDB discussed key insights startups should consider when integrating AI into their products.

Machine Learning Vertex AI

The Advantages of the Vizier’s Black Box Approach - Vertex AI Vizier description.

Generative AI Vertex AI

Performing Semantic Searches for Images with Vertex AI - Harnessing the capabilities of Vertex AI’s Multimodal embeddings model and Vertex AI Matching Engine to build a solution that can do free-form text searches on your own images.

Jupyter Notebook Python Serverless

Schedule and Invoke Notebooks as Web Services using Jupyter API - This article explains how to run Jupyter Notebook with serverless GCP products.


Event Google Cloud Platform

Ten tips on how to learn the new way to cloud at Google Cloud Next ‘23 - Google Cloud Next 2023 in San Francisco will feature training workshops, certification renewals, demos and learning challenges, to name a few.

Google Cloud Platform

The ultimate guide to Google Cloud Next 2023 - Tips that help you to make Cloud Next 2023 an unforgettable event! Bonus: tourist spots in SF.

Slides, Videos, Audio

Security Podcast - #133 The Shared Problem of Alerting: More SRE Lessons for Security.

GCP Life Podcast - #46 In this episode we discuss; Attack Paths, Application Integration, Credentials Risk, HWL Ebsworth, Kasna Heralded as Whiz, Ramsay Health, ANZ Cloud Migrations, Capgemini AI, TAL Australia AI, Google Cloud Partners AI, Google Duet.



Compute Engine - Generally available: You can use Cloud Monitoring to monitor the consumption of your reservations and set custom alerts. Generally available: If a host error occurs on a VM, you can control how much time Compute Engine spends recovering Local SSD data with the Local SSD recovery timeout setting. Generally available: Use the new distribution shape ANY SINGLE ZONE in a regional Managed Instance Group (MIG) to automatically select a single zone that has available resources within your quota.

Container Registry - Container Registry storage buckets can no longer be set to public from the Google Cloud Console.

Data Fusion - In the SAP Table Batch Source plugin version 0.10.0, fixed an issue causing failed data pipeline runs when you clicked the Take a snapshot toggle because the FIELDS parameters weren't exported.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.27 2.0.35 2.1.14. Added new Dataproc Serverless Templates for batch workload creation: Cloud Spanner to Cloud Storage Cloud Storage to JDBC Cloud Storage to Cloud Storage Hive to BigQuery JDBC to Cloud Spanner JDBC to JDBC Pub/Sub to Cloud Storage. Improved the reliability of Dataproc Serverless compute node initialization with a Premium disk tier option.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.73-debian10, 2.0.73-rocky8, 2.0.73-ubuntu18 2.1.21-debian11, 2.1.21-rocky8, 2.1.21-ubuntu20, 2.1.21-ubuntu20-arm. Added a dataproc:dataproc.cluster.caching.enabled flag to enable and disable Dataproc on Compute Engine cluster caching.

Datastore - A weekly digest of client library updates from across the Cloud SDK. You can now visualize heatmap pattern for entity keys and make better workload pattern predictions.

Deep Learning Containers - M110 release Added support for TensorFlow 2.13 with Python 3.10 on Debian 11. TensorFlow 2.9 container images are deprecated.

Cloud Deploy - You can now specify custom actions to perform before and/or after deploying, using deploy hooks, supported in preview.

Dialogflow - Google has open sourced the following Dialogflow CX integrations: Azure Bot Service & Microsoft Teams Discord Google Chat ServiceNow Slack Spark Telegram Twilio Twitter Viber. Dialogflow CX conversation history has added two new views: flow analysis table and flow analysis graph. Dialogflow CX analytics has been reimplemented to provide all new views and metrics. Dialogflow CX now provides intent suggestions. Dialogflow CX now provides a split intents feature. Dialogflow CX now provides a compare and merge intents feature. Dialogflow CX now provides a timeout-based end of speech sensitivity setting.

Cloud Networking Products - You can now select internal Application Load Balancers as a health checked target for DNS routing policies.

Error Reporting - In the Error Reporting page's resource filter, you can now filter GKE resources by location, cluster, namespace, and container or pod.

Cloud Filestore - The zonal service tier with options for a higher or lower capacity band is now available in Preview.

Cloud Firestore - You can now visualize heatmap pattern for index keys and make better workload pattern predictions.

Cloud Functions - Accessing a service that's prohibited by the Internal or Internal and Cloud Load Balancing ingress setting now results in a 404 rather than 403 error code.

Google Kubernetes Engine - Public clusters upgraded to GKE versions 1.24 and later will eventually be migrated to use Private Service Connect (PSC) for private control plane communication. The Filestore CSI driver now supports smaller share sizes (10Gi) for Filestore multishares for GKE for enterprise instances starting in version 1.27. CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, and CVE-2023-2650 have been patched in Filestore CSI driver in GKE versions 1.23 and 1.24, for newly created clusters. (2023-R17) Version updates GKE cluster versions have been updated.

GKE - (2023-R17) Version updates Version 1.27.3-gke.100 is now the default version.

Google Kubernetes Engine Rapid - (2023-R17) Version updates Version 1.27.3-gke.1700 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2023-R17) Version updates Version 1.27.3-gke.100 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2023-R17) Version updates Version 1.27.3-gke.100 is now the default version in the Stable channel.

Cloud Logging - Cloud Logging now supports the following regions: europe-west10 europe-west12 me-central2 For more information, see Supported regions.

Cloud Monitoring - PromQL alerting for Cloud Monitoring is in Public Preview. The price of Managed Service for Prometheus samples ingested into Cloud Monitoring has dropped by 60 percent. The Metrics management page in Cloud Monitoring replaces the Metrics diagnostics page, extending the information available about the chargeable metrics in your Google Cloud projects.

Network Connectivity Center - The AcceptSpoke and RejectSpoke API methods and the network-connectivity spokes accept and network-connectivity spokes reject CLI commands have the following usability issue: As the user, if you do not have the networkconnectivity.operations.get IAM permission in a spoke project, you cannot get the status of a long-running operation for that spoke.

Network Intelligence Center - Network Topology now shows the infrastructure of your GKE deployments - clusters, namespaces, workloads, and pods, and their associated metrics.

Cloud PubSub - A weekly digest of client library updates from across the Cloud SDK.

Cloud Run - You can now override the arguments, environment variables, number of tasks, and task timeout already configured for a job when you execute a job.

Service Mesh - Managed Anthos Service Mesh. The rollout of managed Anthos Service Mesh version 1.15 to the stable channel has completed.

Anthos Service Mesh - Managed Anthos Service Mesh. The rollout of managed Anthos Service Mesh version 1.15 to the stable channel has completed.

SAP Solutions - Cloud Storage Backint agent for SAP HANA version 1.0.27 Version 1.0.27 of the Cloud Storage Backint agent for SAP HANA is available. Google Cloud's Agent for SAP version 2.4 Version 2.4 of Google Cloud's Agent for SAP is generally available (GA).

Cloud Spanner - Cloud Spanner database deletion protection is now generally available.

Cloud SQL Postgres - Cloud SQL Enterprise Plus edition now supports the asia-northeast3 (Seoul) region. You can now use point-in-time recovery to recover a Cloud SQL instance that isn't available. You can now upgrade a Cloud SQL for PostgreSQL instance to Cloud SQL Enterprise Plus edition by using IP allowlists and VPC Peering.

Vertex AI - Generative AI Support for Vertex AI complies with HIPAA, is certified with ISO and PCI DSS, and has achieved FedRAMP authorization. M110 release The M110 release of Vertex AI Workbench user-managed notebooks includes the following: Added support for TensorFlow 2.13 with Python 3.10 on Debian 11. TensorFlow 2.9 user-managed instances are deprecated. The M110 release of Vertex AI Workbench managed notebooks includes the following: Increased shared memory size to available memory capacity. Imagen Multimodal embeddings available in GA Imagen on Vertex AI now offers the following GA feature: Multimodal embeddings This feature incurs different pricing based on if you use image input or text input.

VPC Service Controls - Preview stage support for the following integration: Generative AI App Builder - Enterprise Search. General availability support for the following integration: Certificate Manager.

AlloyDB - AlloyDB Omni version alloydb-omni-0.3.0-preview-postgresql-15.2 is available.

Anthos clusters on VMware - Anthos clusters on VMware 1.15.3-gke.47 is now available. Anthos clusters on VMware 1.15.3 supports adding the gkeOnPremAPI section to your admin cluster configuration file and user cluster configuration file to enroll the clusters in the Anthos On-Prem API. Upgraded VMware vSphere Container Storage Plug-in from 3.0 to 3.0.2. The following issues are fixed in 1.15.3-gke.47: Fixed a known issue. The following vulnerabilities are fixed in 1.15.3-gke.47: High-severity container vulnerabilities: CVE-2023-2454 CVE-2022-29154 CVE-2023-27561 CVE-2023-2828 CVE-2023-3138 Container-optimized OS vulnerabilities: CVE-2023-35001 CVE-2023-24329 CVE-2023-3389 CVE-2022-37454 CVE-2023-31248 CVE-2023-3090 CVE-2023-3268 Ubuntu vulnerabilities: CVE-2023-35788 Windows vulnerabilities: CVE-2022-41723 CVE-2022-41725.

Apigee X - The Apigee documentation site navigation has been updated to be more consistent with other Google Cloud product documentation sites. On August 7, 2023, we released an updated version of Apigee X (1-10-0-apigee-7). Bug ID Description N/A Upgraded infrastructure and libraries.

AppEngine Flexible - .NET - Accessing a service that's prohibited by the Internal or Internal and Cloud Load Balancing ingress setting now results in a 404 rather than 403 error code.

AppEngine - Accessing a service that's prohibited by the Internal or Internal and Cloud Load Balancing ingress setting now results in a 404 rather than 403 error code.

BeyondCorp Enterprise - Cross-org authorization for device attributes in access levels is generally available (GA).

BigQuery - You can now see query performance insights about high cardinality joins. The September 14, 2022 release notes announced that you could configure the connector to authenticate the connection using an external account with workload identity federation for ODBC driver update release 2.5.0 1001, but workload identity federation is not supported. You can now use user-defined functions to export BigQuery data as Protocol Buffer (Protobuf) columns. The following features are now generally available (GA) in queries and materialized views: HAVING MAX and HAVING MIN clauses for the ANY_VALUE function. The quantitive LIKE operator is now in preview. The following JSON functions are now generally available (GA). BigQuery now supports the ability to deny access to principals via deny policies for the following IAM permissions : Managing reservations and capacity commitments: bigquery.googleapis.com/capacityCommitments.*, bigquery.googleapis.com/bireservations.*, bigquery.googleapis.com/reservationAssignments.*, bigquery.googleapis.com/reservations.* Resource Deletion: bigquery.googleapis.com/[datasets, tables, models, routines, jobs, connections].delete Dataset tag bindings: bigquery.googleapis.com/datasets.[createTagBinding, listTagBinding] Row Access Policies: bigquery.rowAccessPolicies.[create, delete, update, setIamPolicy]. A weekly digest of client library updates from across the Cloud SDK. Analytics Hub now supports the use of routines in linked datasets.

Chronicle - UDM Search includes a new feature, called UDM Lookup, that enables you to quickly find a UDM field if you do not know which to include in a UDM Search query. When viewing an event using Event Viewer, each UDM field is labeled with an icon (U or E) that identifies whether the field stores enriched or unenriched data. UDM Search behavior has been enhanced. The following supported default parsers have changed.

Cloud Composer - Airflow CLI commands no longer require access to the control plane of your environment's cluster. The composer.environments.executeAirflowCommand permission is now required to run Airflow CLI commands through the gcloud environments run command: The composer.user and composer.environmentAndStorageObjectViewer roles do not have this permission and are not permitted to run Airflow CLI commands. You can run Airflow CLI commands through Cloud Composer API. Fixed the cause of failures when creating Qwiklabs environments in some scenarios. GCSFuse version updated to 1.01. Cloud Composer 2.4.0 images are available: composer-2.4.0-airflow-2.5.3 (default) composer-2.4.0-airflow-2.4.3. Cloud Composer versions 2.0.22 and 1.19.5 have reached their end of full support period.


Latest Issues


Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]