Google Cloud Platform Newsletter

Check Archive for older issues

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

From “Config Fatigue” to Secure-by-Default: Introducing the GCP Hardening Toolkit - Google Cloud has released the open-source GCP Hardening Toolkit to combat "configuration fatigue" in cloud security. This initiative automates security baselines, accelerates compliance, and helps lock down Google Cloud environments securely without impeding development velocity.

Model Armor integration with Service Extension : introduction to runtime AI security without code changes - This article introduces Google Cloud's Model Armor, a runtime AI protection solution, and details its integration with Service Extensions. This specific integration enables AI security policies to be enforced directly at the load balancer level.

From Azure to GCP: A Practical Guide to Secure, Passwordless Authentication with AKS and Workload Identity Federation - This article details a practical guide for establishing secure, passwordless authentication between applications in Azure Kubernetes Service (AKS) and Google Cloud Platform (GCP) resources.

Migrating from Old Model Service Account to GKE Workload Identity - This article details the migration from traditional service account methods to GKE Workload Identity, the recommended and more secure way for applications on Google Kubernetes Engine to access Google Cloud services.

Secure Google SecOps Automations: The Definitive Guide to Workload Identity Federation - This guide outlines how to securely automate Google SecOps operations using Workload Identity Federation (WIF), a keyless authentication mechanism that addresses the "Secret Zero" problem. WIF enables external automation tools, such as GitHub Actions, to interact with Google SecOps APIs through granular, short-lived credentials, eliminating the need for vulnerable long-lived secrets.

Beyond Ingress: A Deep Dive into GKE Gateway API, NEGs, and Dataplane V2 - This article provides a comprehensive guide to modernizing traffic management in Google Kubernetes Engine (GKE) using the GKE Gateway API, moving beyond traditional Ingress resources. It details how to deploy a Global External Load Balancer, manage secure identities with Certificate Manager, and implement advanced traffic steering like canary and path-based routing.

App Development, Serverless, Databases, DevOps

What Is the Purpose of API Products in Apigee X? - In Apigee X, API Products are fundamental components that package APIs with specific rules and access limits, acting as gatekeepers to control how different applications and partners consume them. These products enable crucial functionalities such as rate limiting, security, and monetization, ensuring a controlled, secure, and scalable API ecosystem.

What’s new in PostgreSQL 18, now available in Cloud SQL - Google Cloud SQL now offers PostgreSQL 18, introducing significant advancements across performance, observability, developer experience, and tooling. Key improvements include asynchronous I/O for faster operations, parallel GIN index builds, enhanced monitoring views like `pg_stat_io`, and richer `EXPLAIN` output.

Converting Spot VMs to On-Demand on Google Cloud - Switch from Spot to On Demand without VM deletion on Google Cloud? yes it’s possible!

FireStore Development with MCP, PHP, and Gemini CLI - This article demonstrates how to build Model Context Protocol (MCP) AI applications using PHP, Google Cloud Firestore, and the Gemini CLI. It provides a detailed guide for setting up a local development environment, showcasing how to connect a PHP server to Firestore and integrate it with Gemini's LLM capabilities. This setup allows for extending PHP applications with MCP tools to perform AI-driven tasks and analysis, such as inventory management.

Big Data, Analytics, ML&AI

BigQuery Multi-Project Mesh: Cross-Domain Datasets with Centralized Guardrails - This article details the BigQuery Multi-Project Mesh approach, which enables secure and governed sharing of cross-domain datasets across an organization.

Building a €100/month Modern Data Stack with GCP, dbt & Dagster - Learn how I built a production-grade modern data stack for €100/month using self-hosted Airbyte, Dagster, dbt Core and BigQuery.

BigQuery Tag-Based Governance + Information Schema Audits: Enforce PII Boundaries in SQL - Use policy tags, resource tags, and metadata queries to stop accidental PII leaks — without turning analytics into a permission-ticket queue.

How to Track Every Cent of Your Gemini API Spend at Scale - This article details how to effectively track Gemini API spending in production by leveraging custom labels on API requests.

Google Cloud Pub/Sub: 5 Hard-Won Lessons from Load Testing - This article outlines five critical lessons for effectively using Google Cloud Pub/Sub at scale, derived from extensive load testing in production environments.

TPU vs GPU: Real-World Performance Testing for LLM Training on Google Cloud - This article provides a deep-dive technical analysis comparing NVIDIA H100 GPUs and Google Cloud's TPUs (v5p) for Large Language Model training.

Releases

GKE new features - Feature: New features in 1.35 In-place Pod Resize: In-place Pod Resize is now GA. This feature allows Pod CPU and memory requests and limits to be modified in-place without Pod or container restart. Writable cgroups: GKE Writable cgroups for containers is now GA. This feature allows workloads to manage resources for child processes using the Linux cgroups API, improving reliability for applications like Ray.