Google Cloud Platform Newsletter

Check Archive for older issues

News

Gemini, Google’s most capable model, is now available on Vertex AI

Ensure website reliability with Synthetic Monitoring broken link checker - Google Cloud Monitoring's synthetic monitoring offering helps organizations achieve application reliability by proactively monitoring the performance of their web applications, APIs, and key business workflows from the perspective of a real user.

Cross-cloud materialized views in BigQuery Omni enable multi-cloud analytics at scale - The public preview of BigQuery Omni cross-cloud materialized views (aka cross-cloud MVs).

Build apps faster with new Duet AI in Google Cloud training content - Today we’re launching new training on Duet AI in Google Cloud that can help you get the most out of the new product features so that you can build customer experiences quickly, more securely, and like never before.

Imagen 2 on Vertex AI is now generally available - Imagen 2 is the most advanced text-to-image technology, generally available for Vertex AI customers on the allowlist.

Announcing General Availability of Duet AI for Developers and Duet AI in Security Operations - Today, we are announcing that Duet AI for Developers and Duet AI in Security Operations are now generally available.

MedLM: generative AI fine-tuned for the healthcare industry - MedLM — a family of foundation models fine-tuned for healthcare industry use cases.

Bringing Gemini to organizations everywhere - Today, we are introducing a number of important new capabilities across our AI stack in support of Gemini, our most capable and general model yet.

Next-generation of Cloud-based maps styling now generally available, with new zoom level customization and usability improvements

Google Maps Platform SDKs for iOS now available through Swift Package Manager - Announcing new dependency management support through Swift Package Manager for the Maps, Places, and Navigation SDKs for iOS.

Get ready for 2024 with Google Cloud Security Talks - To help prepare you for 2024, we are offering the final installment of this year’s Google Cloud Security Talks on Dec. 19.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Simplified storage using policy management with Google Distributed Cloud Virtual - This blog post discusses discussed the integration of GDCV with VMware’s SPBM framework.

Reflections from COP28: To drive meaningful climate solutions, it’s all tech on deck - A summary of topics covered during COP28 conference.

Climate as a software product KPI

Cloud CISO Perspectives: How the AI megatrend can help manage threats, reduce toil, and scale talent

Advanced Networking Demos Cloud Firewall Plus, NCC VPC spokes & NFO edition - This blog post dives into the world of enhanced networking in Google Cloud.

How Google Cloud is helping companies decarbonize their cloud footprints

Live streaming with Media CDN and Google Cloud Load Balancer - In this blog, we look at how live-streaming providers can utilize Media CDN infrastructure to better serve video content.

FinOps Sketchnotes 2 - Meet the FinOps team

Finops Sketchnote 3 - Cost and value optimization on Google Cloud

Securing Google Cloud Super Admins - Best practices to secure privileged user accounts (super admins) in Google Cloud.

The curious case of the Rule that started working… - Yes, you read that right. Why did a long dormant rule suddenly spring back to life in Chronicle SIEM?

Is Google Cloud down? - Exploration of the new Personalized Service Health Dashboard and API.

Optimizing Your Google Kubernetes Engine Costs — Part 1: Basic Tweaks - Cut down on your Google Kubernetes Engine bills with these simple tips.

App Development, Serverless, Databases, DevOps

Have the AI build your app for you! - Let Duet AI help you by speeding up the process of developing and deploying sample apps.

Benchmarking Spanner’s price-performance for key-value workloads - This blog post demonstrates benchmarking key-value workloads, using the industry-standard Yahoo! Cloud Serving Benchmark (YCSB) benchmark.

How Pinecone leverages Spanner to store metadata for its free tier on Google Cloud

How Stairwell uses Bigtable for cybersecurity

Guide to GCP’s Logging Query Language - Demystify Logging Query Language and making it accessible for both beginners and experienced users.

Beyond Read and Write: The ABAP Way to Cloud Storage - Using Cloud Storage in SAP.

Streamlining Maven Jar Distribution: A Guide to Pushing Artifacts to Google Cloud Artifact Registry - This tutorial goes through the process of pushing Maven JAR artifacts to the Google Cloud Artifact Registry.

The bumpy road of Java apps to the cloud - How to approach Java application modernization in the context of migration to the cloud? What to look at? Where are bumps and bottlenecks?

Big Data, Analytics, ML&AI

BigQuery Meets LLM: Unlocking New Frontiers in AI-Driven Data Analytics - Unlocking a level of understanding that was previously unimaginable.

Enhancing Duet AI for Developers through our partner ecosystem - Duet AI for Developers and Duet AI in Security Operations are the first two Duet AI in Google Cloud offerings to go GA.

Elevate Your Data Game: A Practical Tutorial on Building and Running Pipelines with Data Fusion 2.5 - Navigating through the process of constructing and executing pipeline graphs, unraveling the key steps that will empower you to streamline your data integration tasks with precision.

Connecting verifiable queries to smart contracts with Proof of SQL on BigQuery - Today we hear from Space and Time, whose decentralized data warehouse and novel zero-knowledge (ZK) proof for SQL operations was recently integrated into BigQuery.

BigQuery and MotherDuck - Connecting MotherDuck with BigQuery.

Avoid partition skew on BigQuery - Data skew can significantly impact the performance and cost of processing large datasets in BigQuery.

Using ANY_VALUE() in BigQUERY - Have you ever used ANY_VALUE in BigQuery?

Be Careful When Using “NOT IN” in SQL - + 3 simple solutions to make sure you’re not caught out.

AI-driven growth: AppLovin's journey amplified by Google Cloud - AppLovin journey with Google Cloud.

Google Imagen (through GCP Vertex AI Studio) as fashion design assistant - In this article, we will explore how generative AI can assist fashion designers in generating new ideas and designs using Google’s suite of generative models for text and image generation.

Use Generative AI to Enhance your Product Catalog using only SQL - Using Vertex AI LLM natively in Google Cloud Spanner.

C# library and samples for GenAI in Vertex AI - These samples show how to invoke GenAI from C# for different use cases such as text classification, extraction, summarization, sentiment analysis and more using the C# client library.

Fine Tuning of LLM’S in GCP Vertex AI - This article delves into fine-tuning of LLM’S why it is required, how to fine-tune it, and the results that can be achieved through fine-tuning.

Various

How to prep for the New Google Certified Professional: MLE Exam - Is it the Professional ML Engineer Certification you’re working towards? Then surely — if you’re reading this in late 2023 or early 2024 —….

Slides, Videos, Audio

Kubernetes Podcast - #215 Kubernetes 1.29, with Priyanka Saggu.

Security Podcast - #152 Trust, Security and Google's Annual Transparency Report.

GCP Life Podcast - #55 “We are done!“ – In this episode we discuss; Autoclass, Unisuper, Google Deleting Accounts, Google Cloud All Stars, Google Trolls AWS, Lost Drive Data, Unions Getting Worried, Top 3 Hacks Of The Year, Xmas Security Tips, NDIA Data Breach, AI Training, GCP & Macdonalds, Gemini, Favourite Advancements of AI during the year.

Releases

AlloyDB - AlloyDB for PostgreSQL now lets you monitor your AlloyDB instances using the AlloyDB System Insights dashboard or by using the Cloud Monitoring dashboard. AlloyDB now supports up to 64TiB storage per cluster in the following regions: us-west1 us-central1 us-east1 us-east4 europe-west1 asia-east1 asia-southwest1. Terraform support for AlloyDB is now generally available (GA).

Anthos Config Management - 1.17.0. The nomos command-line tool now requires the kubectl plugin gke-gcloud-auth-plugin to be installed to interact with GKE, and your KUBECONFIG must be configured to use it by calling gcloud container clusters get-credentials. Upgraded git-sync (Config Sync dependency for pulling from git) from v3.6.9 to v4.0.0 to pick up enhancements, such as improved efficiency and race condition fixes. Added a new field spec.mode in the NamespaceSelector CRD as a preview feature to support selecting namespace-scoped resources matching both statically-declared Namespaces in the source of truth and those dynamically present on the cluster. Added a new field spec.override.namespaceStrategy in the RootSync API to control whether Namespaces should be created implicitly or not if Namespace configs are missing from the source of truth. Added a new field spec.override.roleRefs in the RootSync API to customize root reconciler permissions other than cluster-admin. Added known_hosts support for Git connection over SSH in RootSync and RepoSync APIs. The constraint template library includes a new template: K8sRequireAdmissionController. Policy Controller bundles have been updated to the following versions: asm-policy-v0.0.1: 202311.0, cis-k8s-v1.5.1: 202311.0, cost-reliability-v2023: 202311.0, nist-sp-800-190: 202311.0, nist-sp-800-53-r5: 202311.0, nsa-cisa-k8s-v1.2: 202311.0, pci-dss-v3.2.1: 202311.0, policy-essentials-v2022: 202311.0, psp-v2022: 202311.0, pss-baseline-v2022: 202311.0, pss-restricted-v2022: 202311.0. The constraint template library's K8sNoExternalServices template now supports the "networking.gke.io/load-balancer-type": "Internal" annotation. Reduced Config Sync reconciler default CPU and memory requests on GKE Standard clusters. Fixed an issue with the nomos CLI not authenticating correctly when run inside a Kubernetes Pod.

Anthos clusters on bare metal - 1.28. Release 1.28.0-gke.435 Anthos clusters on bare metal 1.28.0-gke.435 is now available for download. Version alignment For easier identification of the Kubernetes version for a given release, we are aligning Anthos clusters on bare metal version numbering with GKE version numbering. Preview: Added support for skews of up to two minor versions for selective node pool upgrades. Functionality changes: Configured the local volume provisioner DaemonSet to tolerate all taints. Supported node pool versions: If you use selective worker node pool upgrades to upgrade a cluster to version 1.28.0-gke.435, see Node pool versioning rules for a list of the versions that are supported for the worker node pools. Fixes: Fixed an issue where the node-problem-detector systemd service doesn't restart after the node reboots. The following container image security vulnerabilities have been fixed in version 1.28.0-gke-435: Critical container vulnerabilities: CVE-2022-1996 CVE-2023-38408 CVE-2023-45871 High-severity container vulnerabilities: CVE-2017-11468 CVE-2019-11253 CVE-2019-13509 CVE-2020-7919 CVE-2020-8558 CVE-2020-9283 CVE-2021-3121 CVE-2020-16845 CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 CVE-2021-20206 CVE-2021-27918 CVE-2022-39189 CVE-2022-41721 CVE-2023-1380 CVE-2023-1989 CVE-2023-2007 CVE-2023-2124 CVE-2023-2253 CVE-2023-3090 CVE-2023-3111 CVE-2023-3268 CVE-2023-3390 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208 CVE-2023-4244 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 CVE-2023-21255 CVE-2023-27561 CVE-2023-28840 CVE-2023-29002 CVE-2023-34319 CVE-2023-35001 CVE-2023-35788 CVE-2023-40283 CVE-2023-42753 GHSA-74fp-r6jw-h4mp Medium-severity container vulnerabilities: CVE-2015-3627 CVE-2019-11250 CVE-2019-11251 CVE-2019-11254 CVE-2019-19794 CVE-2020-8554 CVE-2020-8555 CVE-2020-8561 CVE-2020-8564 CVE-2020-8565 CVE-2020-8569 CVE-2020-8911 CVE-2020-14039 CVE-2020-14040 CVE-2020-15586 CVE-2020-21047 CVE-2020-24553 CVE-2020-29510 CVE-2021-3114 CVE-2021-3507 CVE-2021-3930 CVE-2021-20196 CVE-2021-20329 CVE-2021-25735 CVE-2021-25736 CVE-2022-0216 CVE-2022-2582 CVE-2022-4269 CVE-2022-40982 CVE-2022-46146 CVE-2023-0330 CVE-2023-1206 CVE-2023-2002 CVE-2023-2269 CVE-2023-3180 CVE-2023-3212 CVE-2023-3338 CVE-2023-3772 CVE-2023-3863 CVE-2023-4132 CVE-2023-4194 CVE-2023-4273 CVE-2023-20569 CVE-2023-20593 CVE-2023-27593 CVE-2023-27594 CVE-2023-27595 CVE-2023-28841 CVE-2023-28842 CVE-2023-30851 CVE-2023-31084 CVE-2023-37453 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-39347 CVE-2023-40577 CVE-2023-41333 CVE-2023-41913 CVE-2023-42754 CVE-2023-42755 GHSA-2w8w-qhg4-f78j GHSA-76wf-9vgp-pj7w Low-severity container vulnerabilities: CVE-2017-16516 CVE-2020-8562 CVE-2020-8912 CVE-2020-14394 CVE-2021-20203 CVE-2021-25740 CVE-2021-32292 CVE-2022-24795 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2022-48554 CVE-2023-1544 CVE-2023-2156 CVE-2023-2898 CVE-2023-3141 CVE-2023-3301 CVE-2023-3354 CVE-2023-3389 CVE-2023-3610 CVE-2023-3773 CVE-2023-3777 CVE-2023-4004 CVE-2023-4147 CVE-2023-6176 CVE-2023-21400 CVE-2023-31248 CVE-2023-33460 CVE-2023-34242 CVE-2023-34256 CVE-2023-35823 CVE-2023-35824 CVE-2023-35828 CVE-2023-35829 CVE-2023-41332 CVE-2023-42756 GHSA-qq97-vm5h-rrhg. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section. 1.16. Release 1.16.4 Anthos clusters on bare metal 1.16.4 is now available for download. Functionality changes: Changed upgrade preflight checks behavior to skip kubeadm job creation check to improve upgrade reliability. Supported node pool versions: If you use selective worker node pool upgrades to upgrade a cluster to version 1.16.4, see Node pool versioning rules for a list of the versions that are supported for the worker node pools. Fixes: Fixed an issue where the network check ConfigMap wasn't being updated when nodes were added or removed. Fixes: The following container image security vulnerabilities have been fixed in 1.16.4: Medium-severity container vulnerabilities: CVE-2021-3507 CVE-2021-3930 CVE-2021-20196 CVE-2022-0216 CVE-2023-0330 CVE-2023-3180 CVE-2023-34969 CVE-2023-41913 GHSA-rm8v-mxj3-5rmq Low-severity container vulnerabilities: CVE-2017-16516 CVE-2020-14394 CVE-2021-20203 CVE-2022-24795 CVE-2023-1544 CVE-2023-3301 CVE-2023-3354 CVE-2023-33460. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section. 1.15. Release 1.15.8 Anthos clusters on bare metal 1.15.8 is now available for download. Functionality changes: Changed upgrade preflight checks behavior to skip kubeadm job creation check to improve upgrade reliability. Fixes: Fixed an issue where the network check ConfigMap wasn't being updated when nodes were added or removed. Fixes: The following container image security vulnerabilities have been fixed in 1.15.8: High-severity container vulnerabilities: CVE-2022-41721 Medium-severity container vulnerabilities: CVE-2021-3507 CVE-2021-3930 CVE-2021-20196 CVE-2022-0216 CVE-2023-0330 CVE-2023-3180 CVE-2023-34969 CVE-2023-41913 GHSA-rm8v-mxj3-5rmq Low-severity container vulnerabilities: CVE-2017-16516 CVE-2020-14394 CVE-2021-20203 CVE-2022-24795 CVE-2023-1544 CVE-2023-3301 CVE-2023-3354 CVE-2023-33460. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.

Anthos clusters on Azure - You can now launch clusters with the following Kubernetes versions.

Anthos clusters on VMware - Anthos clusters on VMware 1.15.7-gke.40 is now available. The following issues are fixed in 1.15.7-gke.40: Fixed the etcd hostname mismatch issue when using a FQDN.

Apigee X - On December 15, 2023, we released an updated version of Apigee. Update Pay-as-you-go environment types with Apigee APIs. Apigee Advanced API Security add-on for Pay-as-you-go organizations is generally available (GA). On December 13, 2023, we released an updated version of Apigee. You can now restrict the creation of Apigee location based resources (Organization, Instances and EndpointAttachments) to specific locations using an Organization Policy Service constraint. Apigee now supports data residency. Apigee now supports Forward Proxying. Apigee now supports CMEK for the control plane.

Google Cloud Armor - You can now enroll your projects into Managed Protection Plus through a pay-as-you-go option (Preview) instead of subscribing for a one year term.

Cloud Asset Inventory - The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

BeyondCorp Enterprise - General Availability: You can now use certificate-based access to secure access from trusted devices to enterprise web applications running on Google Cloud.

BigQuery - The BigQuery Data Transfer Service now supports federated workforce identities when creating a data transfer from most data sources. The Apache Hive connector is now generally available (GA) for data analytics pipeline migration. The following BigQuery cross-cloud features are now in preview: You can now take advantage of the benefits of materialized views over Amazon S3 metadata cache-enabled BigLake tables.

Carbon Footprint - Fixed bugs for Scope 1 and Scope 3 (non-electricity sources) emissions apportionment for September 2023 and October 2023 and Scope 2 location-based emissions for October 2023. Improved data consistency on BigQuery exports, particularly on the project_id field.

Chronicle - The following supported default parsers have changed. Duet AI in Security Operations You can now use Duet AI to search your event data using natural language.

Compute Engine - Generally available: NVIDIA L4 GPUs are now available in the following additional regions and zones: Seoul, South Korea (asia-northeast3-a) Moncks Corner, South Carolina (us-east1-c) For more information about using GPUs on Compute Engine, see GPU platforms. Preview: The following quotas and metrics are now available to help you monitor the usage and limits for Compute Engine concurrent operation quotas: Quotas for global concurrent operations (metric - compute.googleapis.com/global_concurrent_operations): Concurrent global operations per project Concurrent global operations per project operation type Quotas for regional concurrent operations (metric: compute.googleapis.com/regional_concurrent_operations): Concurrent regional operations per project Concurrent regional operations per project operation type For more information, see Concurrent operation quotas.

Data Fusion - The Cloud Data Fusion version 6.9.2.2 patch revision is generally available (GA).

Database Migration Service - You can now migrate MySQL and PostgreSQL databases to Cloud SQL instances or AlloyDB clusters created outside Database Migration Service. Database Migration Service now supports selecting PostgreSQL version 15 when migrating to AlloyDB for PostgreSQL. Database Migration Service now supports MySQL minor versions.

Dataflow - You can now run a job graph validation check to verify whether a replacement job is valid before you launch the new job.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.42 2.0.50 2.1.29 2.2.0-RC2. Added the google-cloud-secret-manager Python package in the latest Dataproc Serverless for Spark runtimes. Announcing the GA release of Dataproc on Compute Engine image version 2.2 : 2.2.0-debian12, 2.2.0-rocky9, 2.2.0-ubuntu22 The 2.2.0 release includes the following components: Debian-12 / Ubuntu-2204 / RockyLinux 9 Apache Hadoop 3.3.6 Apache Spark 3.5.0 Cloud Storage Connector 3.0.0 Trino 432 Apache Flink 1.17.0 Apache Ranger 2.4.0 Apache Solr 9.2.1 R 4.2 Hue 4.11.0 JupyterLab Notebook 3.6. Monitoring-agent-defaults metrics are not available in Dataproc on Compute Engine image version 2.2 clusters unless the Ops Agent is installed. Blocklisted the following Dataproc on Compute Engine Images due to issue with increase in startup time: 2.0.86-debian10, 2.0.86-rocky8, 2.0.86-ubuntu18 2.1.34-debian11, 2.1.34-rocky8, 2.1.34-ubuntu20, 2.1.34-ubuntu20-arm.

Dataproc - New Dataproc Serverless for Spark runtime versions: 1.1.42 2.0.50 2.1.29 2.2.0-RC2. Added the google-cloud-secret-manager Python package in the latest Dataproc Serverless for Spark runtimes. Announcing the GA release of Dataproc on Compute Engine image version 2.2 : 2.2.0-debian12, 2.2.0-rocky9, 2.2.0-ubuntu22 The 2.2.0 release includes the following components: Debian-12 / Ubuntu-2204 / RockyLinux 9 Apache Hadoop 3.3.6 Apache Spark 3.5.0 Cloud Storage Connector 3.0.0 Trino 432 Apache Flink 1.17.0 Apache Ranger 2.4.0 Apache Solr 9.2.1 R 4.2 Hue 4.11.0 JupyterLab Notebook 3.6. Monitoring-agent-defaults metrics are not available in Dataproc on Compute Engine image version 2.2 clusters unless the Ops Agent is installed. Blocklisted the following Dataproc on Compute Engine Images due to issue with increase in startup time: 2.0.86-debian10, 2.0.86-rocky8, 2.0.86-ubuntu18 2.1.34-debian11, 2.1.34-rocky8, 2.1.34-ubuntu20, 2.1.34-ubuntu20-arm.

Datastore - You can now create and delete non-default databases in the Google Cloud console.

Deep Learning Containers - M114 release Starting with this release, Python 3.7 is no longer available.

Deep Learning VM - M114 release Starting with this release, Debian 10 Python 3.7 images are no longer available.

Dialogflow - From January 23 to February 13, 2024, for certain language tag and speech setting combinations, the Dialogflow CX and Dialogflow ES traffic with audio will gradually route away from the classic Speech-to-Text models behind the command_and_search, default, phone_call, and video model identifiers to the new conformer-based speech models. Three new Dialogflow CX generative prebuilt agents are now available. To restore an agent with data store handlers, you now need to associate the target agent with a Vertex AI Conversation app and create data store references in the target agent prior to the restore operation. Dialogflow CX and data store agents now support Customer-Managed Encryption Keys (CMEK) in GA.

Eventarc - Trigger updates are applied to events generated after the update.

Cloud Firestore - You can now assemble and execute sum() and avg() queries in the Google Cloud console. You can now create and delete non-default databases in the Google Cloud console.

Cloud Functions - The new region me-west1 is now available.

IAM - You can use identities from workforce and workload identity pools in IAM deny policies.

Google Kubernetes Engine - The Observability tab in the cluster details page for each cluster and in the GKE cluster list page now shows GPU metrics if the cluster has GPU nodes. An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to escalate privileges in the cluster. We've identified an issue with configuring TLS for Gateways in clusters running GKE version 1.28.4-gke.1083000. (2023-R26) Version updates GKE cluster versions have been updated.

GKE - (2023-R26) Version updates The following control plane versions are now available: 1.24.17-gke.2230000 1.24.17-gke.2364000 1.25.16-gke.1041000 1.26.10-gke.1073000 1.26.11-gke.1055000 1.27.7-gke.1056000 1.27.8-gke.1067000 1.28.3-gke.1118000 1.28.4-gke.1083000 The following node versions are now available: 1.24.17-gke.2364000 1.25.16-gke.1041000 1.26.11-gke.1055000 1.27.8-gke.1067000 1.28.3-gke.1118000 1.28.4-gke.1083000 The following control plane versions are no longer available: 1.27.3-gke.1700 Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.17-gke.2230000 with this release.

Google Kubernetes Engine Rapid - (2023-R26) Version updates The following versions are now available in the Rapid channel: 1.24.17-gke.2364000 1.25.16-gke.1041000 1.26.11-gke.1055000 1.27.8-gke.1067000 1.28.4-gke.1083000 The following versions are no longer available in the Rapid channel: 1.24.17-gke.2266000 1.25.15-gke.1115000 1.26.10-gke.1101000 1.27.7-gke.1121000 Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.17-gke.2347000 with this release.

Google Kubernetes Engine Regular - (2023-R26) Version updates The following versions are now available in the Regular channel: 1.24.17-gke.2230000 1.26.10-gke.1073000 1.27.7-gke.1056000 1.28.3-gke.1118000 The following versions are no longer available in the Regular channel: 1.24.17-gke.200 1.27.3-gke.1700 1.27.5-gke.200 Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.17-gke.2230000 with this release.

Google Kubernetes Engine Stable - (2023-R26) Version updates There are no new releases in the Stable channel.

Cloud Logging - Charting in the Log Analytics page is now generally available (GA).

Cloud Monitoring - You can now collect Prometheus metrics from Cloud Run services by using the Managed Service for Prometheus sidecar for Cloud Run. Starting with Ops Agent version 2.45.0, you can configure the Ops Agent to exclude individual metrics and metrics from third-party integrations. You can now configure the severity of your alerting policies. Support for pie charts on your custom dashboards is now GA. The new query interface for creating charts is now GA.

reCAPTCHA Enterprise - reCAPTCHA Enterprise Mobile SDK v18.4.0 is now available for Android. reCAPTCHA Enterprise account defender for mobile applications is available in Preview.

Resource Manager - Organization Policy custom constraints allow you to configure customizable organization policies to prevent the misconfiguration of resources and help you meet your security and compliance goals.

Retail Recommendations AI - Retail API: Export analytics metrics to BigQuery You can export Retail analytics metrics into BigQuery. Retail Search: Retail Search with LLM public preview Retail Search with LLM is in public preview.

Cloud Run - You can now collect Prometheus metrics from Cloud Run services by using the Managed Service for Prometheus sidecar for Cloud Run.

Security Command Center - The custom modules feature for Event Threat Detection is now in General Availability. Custom roles will require new permissions for custom modules On or after January 22, 2024, new Identity and Access Management (IAM) permissions will be required to work with custom modules for both Event Threat Detection and Security Health Analytics. New Container Threat Detection service account with new activations For activations of Security Command Center after December 7, 2023, Container Threat Detection uses a new service account for Identity and Access Management (IAM) permissions.

Service Mesh - 1.16.x. Google has ended support for in-cluster Anthos Service Mesh 1.16 following the official policy. 1.19.x. 1.19.5-asm.4 is now available for in-cluster Anthos Service Mesh. 1.18.x. 1.18.6-asm.2 is now available for in-cluster Anthos Service Mesh. 1.17.x. 1.17.8-asm.8 is now available for in-cluster Anthos Service Mesh. Managed Anthos Service Mesh. The asmcli --channel option is no longer supported and your managed Anthos Service Mesh release channel is determined based on your cluster's Google Kubernetes Engine (GKE) release channel.

Cloud Spanner - Data Catalog support in Cloud Spanner is now generally available.

Cloud SQL Postgres - You can now use Database Migration Service to migrate data to an existing Cloud SQL instance that was created using Terraform or other Infrastructure-As-Code (IaC) Tools. The following flags are generally available: autovacuum_vacuum_insert_scale_factor: specify a fraction of the size of a database table to add to the autovacuum_vacuum_insert_threshold flag. The pgvector extension, version 0.5.1 is generally available.

Cloud Translation - Adaptive translation, which leverages Google LLMs to tailor translations, is in Preview.

Vertex AI - Vertex AI Prediction You can now use Cloud TPU v5e to serve online predictions. M114 release The M114 release of Vertex AI Workbench user-managed notebooks includes the following: Starting with this release, Python 3.7 is no longer available. The M114 release of Vertex AI Workbench managed notebooks includes the following: Starting with this release, Python 3.7 is no longer available. Vertex AI Gemini models Vertex AI Gemini Pro and Gemini Pro Vision multimodal language models are available in Preview. Imagen 2 General Availability The 005 version of Imagen's image generation model (imagegeneration@005) is now generally available for image generation tasks. Text embedding model 003 (textembedding-gecko@003) available The updated stable version of the text embedding foundation model, textembedding-gecko@003, is available.

VMware Engine - Specific Google Cloud VMware Engine resources have been onboarded to Cloud Asset Inventory and Search (CAIS) and are now available through the CloudAsset APIs.

Virtual Private Cloud - Accessing supported global Google APIs through Private Service Connect backends is available in Preview.

Workflows - v1. Support to view the history of a workflow execution as a list of step entries is generally available (GA).