Google Cloud Platform Newsletter

Check Archive for older issues

News

So long data silos: Announcing BigQuery Omni cross-cloud joins

Introducing Advanced Vulnerability Insights for GKE - Advanced Vulnerability Insights provides scanning and vulnerability detection in Java, Go, Javascript, and Python language packages.

Expanding GKE posture: Policy Controller violations now in Security Command Center - Policy Controller enforces programmable policies for GKE to help customers with security, governance, and compliance guardrails for their workloads.

New custom security posture controls and threat detections in Security Command Center - Security Command Center now allows organizations to design their own customized security controls and threat detectors for their Google Cloud environment.

Announcing Log Analytics charts and dashboards in Cloud Logging in public preview - With this launch, you can now create a chart for your Log Analytics query results and then save that chart to a Cloud Monitoring dashboard.

What’s new with Google Cloud VMware Engine: New node type, networking, automation and more

Announcing Cloud SQL Node.js connector general availability - Cloud SQL Node.js connector is the most convenient way to securely connect your application to your database in NodeJS.

Google is a Leader in the 2023 Gartner® Magic Quadrant™ for Container Management

Meet Nuvem, a cable to connect Portugal, Bermuda, and the U.S. - Today, we’re announcing Nuvem, a new transatlantic subsea cable system to connect Portugal, Bermuda, and the United States.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Data on Kubernetes has crossed the chasm: the case for running stateful apps on GKE - Today, Kubernetes is increasingly used to run stateful and data applications such as databases, big data, data analytics, and machine learning.

How CoreLogic modernized its application platform and saved costs in Google Cloud - CoreLogic is a leading provider of global property information, analytics, and data-enabled solutions, and runs over 25,000 business-critical application instances on Google Cloud using container runtimes.

A deeper look into retail use cases with Google Distributed Cloud Edge - In this blog post, a deeper look at some of the key retail use cases at the edge is discussed.

Cloud CISO Perspectives: Late September 2023 - Guest columnist Eric Brewer, Google Fellow and VP for infrastructure, explains Google Cloud’s approach to open source and why securing it is one of the most crucial tasks we face.

Five quick ways to optimize your cloud spend with Google Cloud FinOps - A quick look at a few essential cloud cost optimization methods that you can easily implement using Google Cloud, along with many other FinOps strategies.

How to highly secure your GKE cluster setup - This blog post helps you improve your GKE cluster's security posture.

Bot prevention using reCAPTCHA v3 & Cloud Armor - This blog post explains how to use reCAPTCHA Action Tokens with Cloud Armor.

App Development, Serverless, Databases, DevOps

Static IP for Google Cloud Cloud Functions internet access (Serverless VPC access + Cloud NAT) - Deploying Cloud Functions that are connected to Serverless VPC connector and Cloud NAR.

FLUIDEFI nets 3X gains in processing speed with AlloyDB to address DeFi industry challenges

TCS SAP Cloudify enables single touch automation for SAP deployments on Google Cloud

Deploy to Cloud Run with GitHub Actions - This blog post discusses how to deploy Google Cloud Run from GitHub Actions with a declarative service YAML to multiple environments.

Navigating Google Cloud: a decision tree for storage workloads - A guide to help you research and select the storage services that best match your specific workload needs.

Cloud Storage announcements at Next ‘23: a recap - Here is a concise recap of all the new features and capabilities that were announced regarding Cloud Storage.

First Look at Firestore Multiple Databases - A brief overview of using new functionality of multiple Cloud Firestore databases.

How to find number of objects in GCS buckets? - Track the number of objects in Cloud Storage with Cloud Monitoring.

Spring Boot, a persistent ORM and a consistent Database! - Spring Boot on Google Cloud: Part 4!

Big Data, Analytics, ML&AI

Google Cloud Cortex Framework brings Packaged Analytics to the Modern Data Stack - Google Cloud Cortex Framework is a new packaged analytics initiative from Google Cloud Platform that provides pre-build data extractors, data transformations and interactive dashboards for SAP, Salesforce and a number of marketing and advertising data sources.

Mobilize your unstructured data with generative AI - With Custom Extractor, Summarizer, and Warehouse Search, Document AI is now powered by generative AI to structure document data faster.

Troubleshoot and optimize your BigQuery analytics queries with query execution graph - General availability of the query execution graph.

Manage dynamic query concurrency with BigQuery query queues - General availability of query queues in BigQuery.

Compare Analytical Queries Performance of AlloyDB with BigQuery - This experiment focuses on an analytical query performance comparison between AlloyDB and BigQuery.

The power of BigQuery INFORMATION_SCHEMA views - A brief overview of BigQuery INFORMATION_SCHEMA views.

The Haversine Formula: A Must-Have for Geospatial Reporting - Determining the Distance from Point A to Point B using SQL.

Discovering LangChain4J, the Generative AI orchestration library for Java developers - Using Java/Grrovy in a Generative AI world.

Duet Triple Threat - Using Duet AI to automate tasks.

Various

Public Sector Innovation at Google Cloud Next'23

Top 10 Google Cloud Resources to bookmark for learning - 10 Google Cloud Resources to bookmark as you navigate and build your skills on Google Cloud.

Slides, Videos, Audio

Security Podcast - #140 System Hardening at Google Scale: New Challenges, New Solutions.

Releases

Advisory Notifications - Advisory Notifications lets you opt in to or out of optional notification types.

Anthos Config Management - Config Controller now uses the following versions of its included products: Config Connector v1.109.0, release notes.

Anthos clusters on bare metal - 1.14. Release 1.14.9 Anthos clusters on bare metal 1.14.9 is now available for download. Fixes: Fixed an issue to prevent cluster upgrades from starting on a node before either all Pods have been drained or the Pod draining timeout has been reached. Fixes: The following container image security vulnerabilities have been fixed in version 1.14.9: High-severity container vulnerabilities: CVE-2019-13509 CVE-2020-8558 CVE-2022-39189 CVE-2023-1380 CVE-2023-2007 CVE-2023-2124 CVE-2023-3090 CVE-2023-3111 CVE-2023-3268 CVE-2023-3390 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-4128 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208 CVE-2023-21255 CVE-2023-27561 CVE-2023-29002 CVE-2023-34319 CVE-2023-35001 CVE-2023-35788 CVE-2023-40283 Medium-severity container vulnerabilities: CVE-2015-3627 CVE-2019-11251 CVE-2020-8555 CVE-2020-8564 CVE-2020-8569 CVE-2021-25735 CVE-2022-4269 CVE-2022-40982 CVE-2023-1206 CVE-2023-2002 CVE-2023-2269 CVE-2023-3212 CVE-2023-3338 CVE-2023-3863 CVE-2023-4132 CVE-2023-4194 CVE-2023-4273 CVE-2023-20569 CVE-2023-20593 CVE-2023-27593 CVE-2023-27594 CVE-2023-27595 CVE-2023-30851 CVE-2023-31084 Low-severity container vulnerabilities: CVE-2020-8562 CVE-2022-48554 CVE-2023-2156 CVE-2023-2898 CVE-2023-3141 CVE-2023-3389 CVE-2023-3610 CVE-2023-3777 CVE-2023-4004 CVE-2023-4147 CVE-2023-21400 CVE-2023-31248 CVE-2023-34256 CVE-2023-35823 CVE-2023-35824 CVE-2023-35828 CVE-2023-35829. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section. 1.15. Release 1.15.5 Anthos clusters on bare metal 1.15.5 is now available for download. Fixed an issue to prevent cluster upgrades from starting on a node before either all Pods have been drained or the Pod draining timeout has been reached. The following container image security vulnerabilities have been fixed in 1.15.5: High-severity container vulnerabilities: CVE-2019-13509 CVE-2023-27561 CVE-2023-29002 Medium-severity container vulnerabilities: CVE-2015-3627 CVE-2020-8569 CVE-2022-48554 CVE-2023-27593 CVE-2023-27594 CVE-2023-27595 CVE-2023-30851. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.

Anthos clusters on VMware - Anthos clusters on VMware 1.16.1-gke.45 is now available. The Prometheus and Grafana add-ons field, loadBalancer.vips.addonsVIP is deprecated in 1.16 and later. The following issues are fixed in 1.16.1-gke.45: Fixed the known issue that gkectl repair admin-master returns kubeconfig unmarshall error. Anthos clusters on VMware 1.14.8-gke.37 is now available. The following issues are fixed in 1.14.8-gke.37: Fixed the disk full known issue on Seesaw VM due to no log rotation for fluent-bit.

Apigee X - On September 29, 2023, we released an updated version of Apigee. New attributes for Pay-as-you-go pricing are generally available (GA). Standard and extensible API proxies are generally available (GA). HTTPModifier and ReadPropertySet policies and templating support for message elements are generally available (GA). New environment types are generally available (GA). Apigee API Analytics add-on for Pay-as-you-go organizations is generally available (GA). One click provisioning for Apigee Pay-as-you-go organizations is generally available (GA). Updated pricing attributes in Subscription plans are available.

AppEngine Standard Java - If you need to re-enable deployments for Java 8 apps past the legacy runtime end of support date (starting January 30, 2024), you can define a new organization policy with constraints/appengine.runtimeDeploymentExemption.

AppEngine Standard PHP - If you need to re-enable deployments for PHP 5.5 apps during the legacy runtime end of support period (starting January 30, 2024), you can define a new organization policy with constraints/appengine.runtimeDeploymentExemption.

AppEngine Standard Python - If you need to re-enable deployments for Python 2.7 apps during the legacy runtime end of support period (starting January 30, 2024), you can define a new organization policy with constraints/appengine.runtimeDeploymentExemption.

Assured Workloads for Goverment - v1. The IL2 compliance program is now generally available.

BigQuery ML - The BigQuery ML point-in-time lookup functions are now in preview.

BigQuery - As a BigQuery administrator, to monitor your organization's slots utilization and BigQuery jobs' performance over time, use can now use administrative query inspector. You can now use IAM conditions to control access to BigQuery resources. Materialized views over BigLake metadata cache-enabled tables can reference structured data stored in Cloud Storage. Authorized stored procedures are now generally available (GA). Support for Google AdWords is now deprecated by the BigQuery Data Transfer Service.

Certificate Manager - Certificate Manager supports Mutual TLS (mTLS) authentication.

Cloud Composer - Cloud Composer 2.4.4 release started on September 29, 2023.

Compute Engine - Creating a reservation or future reservation request by using an instance template that specifies an A2, C3, or G2 machine type causes errors or problems with consumption. Preview: c3d-standard, c3d-highmem, c3d-highcpu, and c3d-standard-lssd virtual machines are available in the following regions: Council Bluffs, Iowa, North America, us-central1 Moncks Corner, South Carolina, North America, us-east1 Ashburn, Virginia, North America , us-east4 St.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.78-debian10, 2.0.78-rocky8, 2.0.78-ubuntu18 2.1.26-debian11, 2.1.26-rocky8, 2.1.26-ubuntu20, 2.1.26-ubuntu20-arm. Upgraded the Cloud Storage connector version to 2.2.17 in the latest 2.0 and 2.1 Dataproc on Compute Engine image versions. Upgraded Hive version from 3.1.2 to 3.1.3 in the latest Dataproc on Compute Engine 2.0 image version.

Datastore - Support for europe-west9 (Paris), me-central1 (Doha), and me-west1 (Tel Aviv).

Cloud Deploy - When you create a release using the gcloud CLI version 445, 446, or 447, you might encounter an error where gcloud requires the clouddeploy.config.get permission.

Dialogflow - Dialogflow CX launched two new integrations in preview: Google Chat Slack. Dialogflow CX now provides the call companion feature in preview, which provides a mobile-based user interface that supplements a phone call with an agent.

Document AI - v1. We are launching an RC version of the pretrained-invoice-v1.5-2023-09-15 invoice processor.

Cloud Firestore - Support for europe-west9 (Paris), me-central1 (Doha), and me-west1 (Tel Aviv).

Networking Interconnect - Dedicated Cloud Interconnect support is available in the following colocation facilities: Cologix MTL10-H - Montréal For more information, see the Locations table.

Google Kubernetes Engine - This is a follow-up message to the release note regarding blue-green upgrades from September 18, 2023. You can now resume upgrading clusters with the blue-green upgrade strategy as the issue with rollback functionality has been fixed. GKE is no longer blocking automatic upgrades due to this issue.

Load Balancing - Cloud Load Balancing introduces the global external Proxy Network Load Balancer. Typically with HTTPS communication, the authentication works only one way: the client verifies the identity of the server.

Cloud Logging - Ops Agent versions 2.39.0 and 2.40.0 crash if you use them on Compute Engine VMs with attached GPUs.

Marketplace Partners - Your Customer Insights reports contain a new field, transaction_type.

Migrate for Compute Engine 4.8 - 5.0. Preview: Migrate to Virtual Machines lets you migrate the disks of source virtual machine (VM) instances to Persistent Disk volumes on Google Cloud with the following options: Migrate the Persistent Disk volumes without attaching them to a VM instance Create a new VM instance and attach the migrated Persistent Disk volumes to it.

Cloud Monitoring - Ops Agent versions 2.39.0 and 2.40.0 crash if you use them on Compute Engine VMs with attached GPUs. You can now configure your alerting policy documentation with custom subject lines.

Cloud Interconnect - Dedicated Cloud Interconnect support is available in the following colocation facilities: Cologix MTL10-H - Montréal For more information, see the Locations table.

Policy Intelligence - After January 15, 2024, some Policy Intelligence features will only be available for customers with organization-level activations of Security Command Center. Using Policy Troubleshooter to troubleshoot deny policies is generally available.

Cloud Run - Long running jobs greater than 1 hour are at general availability (GA).

Security Command Center - containsOnly() function released to General Availability.

SAP Solutions - SAP HANA Fast Restart enabled using Terraform SAP HANA Fast Restart is enabled when you deploy SAP HANA on Google Cloud using the sap_hana or sap_hana_ha Terraform module, version 202309280828 or later.

Cloud SQL MySQL - Cloud SQL supports the preview version of the enable-high-availability recommender. All Cloud SQL for MySQL Enterprise Plus edition instances now support up to 35 days of retained transaction logs for point-in-time recovery. The rollout of the following minor version is currently underway: MySQL 5.7.42 is upgraded to MySQL 5.7.43.

Cloud SQL Postgres - The following pg_wait_sampling and rdkit flags are generally available: pg_wait_sampling flags cloudsql.enable_pg_wait_sampling: enable the pg_wait_sampling extension for Cloud SQL for PostgreSQL instances. Cloud SQL supports the preview version of the enable-high-availability recommender.

Cloud Storage - Beginning Oct 30, 2023, Cloud Storage will change how it enforces egress bandwidth quotas. You can now control the mounting behavior of Cloud Storage FUSE by using a configuration file instead of global options. Cloud Storage FUSE is now available for use on ARM64-based machines.

Cloud TPU - Cloud TPU now supports TensorFlow 2.14.0.

Vertex AI - Vertex AI Workbench instances are now generally available (GA).

VMware Engine - VMware Engine nodes are now available in the following additional region: Tel Aviv (me-west1-b).

VPC Service Controls - Preview stage supported for the following integration: Infrastructure Manager.

Virtual Private Cloud - Private Service Connect backends support using an external regional TCP proxy load balancer or an internal regional TCP proxy load balancer to access published services.