Google Cloud Platform Newsletter

Check Archive for older issues

News

Simplify VM OS agent management at scale: Introducing VM Extensions Manager - The new VM Extensions Manager simplifies installing and managing Google-provided extensions when adopting new Google Cloud services.

Build data analytics agents faster with BigQuery’s fully managed, remote MCP server - The new fully managed remote BigQuery MCP server makes it easier to build intelligent data AI agents.

Instant insights: Gemini CLI's New Pre-Configured Monitoring Dashboards - Get instant insights into Gemini CLI usage with pre-configured Google Cloud Monitoring dashboards. Leverage OpenTelemetry for advanced tracking of adoption, performance, and tokens.

A smart investment: FINRA builds a culture of improvement with DORA - By adopting DORA, FINRA is driving a cultural shift toward continuous improvement and building a multi-million-dollar, multi-year business case to fundamentally modernize.

Supercharge your Cloud SQL for MySQL write performance with new optimized writes - Cloud SQL for MySQL Enterprise Plus edition’s optimized writes boost performance by adjusting configurations based on real-time workload.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

How Hackensack Meridian Health de-risked network migration using VPC Flow Logs - How Hackensack Meridian Health used VPC Flow Logs for Cloud Interconnect and Flow Analyzer to de-risk network migration.

The Stateful Worker problem: Architecting a Scalable GKE Autopilot host for your LiveKit Agent - This article details the transition of a real-time voice agent from a local setup to a production-grade hosting environment on Google Cloud. It explains why Google Kubernetes Engine (GKE) Autopilot is the ideal platform for these "stateful worker" applications, contrasting its benefits against the limitations of Cloud Run for long-lived sessions. The piece outlines an architecture designed for guaranteed resource allocation, graceful shutdowns, and intelligent autoscaling to ensure a robust and reliable user experience.

Securing the stream: Elevating media delivery with Google Network Threat Intelligence and ASN Filtering - Google Cloud's Media CDN, built on the same massive-scale infrastructure as YouTube, is enhancing its edge security policies. It now integrates Google Network Threat Intelligence (NTI) and Autonomous System Number (ASN) matching, offering proactive, intelligence-led defense.

Secret Management on GKE using Terraform, GCP Secret Manager, Workload Identity, External Secrets Operator, and Argo CD - This article outlines a secure secret management strategy for Google Kubernetes Engine (GKE), integrating Terraform, GCP Secret Manager, Workload Identity, External Secrets Operator, and Argo CD.

Kueue for AI: The Power of Atomic Admission & Topology Awareness - This article demonstrates how Kueue significantly improves Kubernetes scheduling for high-performance AI workloads by introducing crucial capabilities.

Managing Timezones within GKE: The Definitive Guide - This guide offers comprehensive strategies for managing timezones within Google Kubernetes Engine (GKE), highlighting that GKE's immutable and ephemeral nature requires a fundamentally different approach than traditional virtual machines.

The only Terraform pipeline you will ever need: GitHub Actions for Multi-Environment Deployments - Learn how to build a Terraform CI/CD pipeline that auto-detects changed environments, runs security scanning and scales without code change.

GKE Upgrades: How Rollout Sequencing Makes Upgrades Predictable and Safe - GKE Rollout Sequencing automates and structures Kubernetes upgrades across large fleets of clusters, addressing the complexities and risks associated with frequent updates.

Beyond Ingress Part II: Securing East-West Traffic with GKE Internal Gateway - A Deep Dive into GKE Gateway API, NEGs, and Dataplane V2.

The Authentication Mystery: Why ArgoCD Image Updater Failed with GCP Workload Identity (And How We Solved It) - Solving GCP Artifact Registry Auth for ArgoCD Image Updater: A Complete Guide.

App Development, Serverless, Databases, DevOps

Elastic Microservices, Rigid Databases ? Connection exhaustion? - Bridge the Scale Gap with AlloyDB Managed Connection Pooling & Multiplexing strategy.

Lessons from a Year of Cache Platform Modernization: Redis to GCP Memorystore - This article details the modernization of a caching platform, migrating from a Redis marketplace offering to Google Cloud Memorystore to enhance scalability and operational simplicity.

From 161s to 17s: How I Reduced GCP Cloud Build Time by 89% - A production-ready CI optimization that cut build time, cost, and developer pain.

Spring Boot, Cloud Run, DDD, Domain Driven Design, Clean Architecture, GraalVM, Serverless, Java - This article details building high-performance Spring Boot applications on Google Cloud Run, emphasizing Clean Architecture and Domain-Driven Design for maintainability and testability.

Secure Private Access for Cloud Run with Private Service Connect - This article outlines a secure architecture for Google Cloud Run services, addressing the need for private access in enterprise environments. It demonstrates how to combine Serverless VPC Access with Private Service Connect to expose Cloud Run services as private IP endpoints within a consumer's VPC. This approach ensures all service-to-service traffic remains on Google's private backbone, never touching the public internet, ideal for highly regulated industries.

Firestore MCP Development with Kotlin, Cloud Run, and Gemini CLI - Leveraging Gemini CLI and the underlying Gemini LLM to build Model Context Protocol (MCP) AI applications with Kotlin deployed to Google Cloud Run.

Faster Python Deployments on Cloud Run with uv Package Manager - Google Cloud has adopted the `uv` package manager as the default for Python 3.14 deployments on Cloud Run and Cloud Functions, significantly speeding up dependency installation and overall deployment times.

Big Data, Analytics, ML&AI

Datastream Now Supports Native BigQuery Partitioning and Clustering - Google Cloud's Datastream now supports native BigQuery partitioning and clustering, allowing users to define these optimizations directly within the replication workflow.

Building Collaborative AI Agent Ecosystems: A Deep Dive into ADK, MCP & A2A with Pokemon

The Road to the Golden State: How We Optimized 70B Model Training by Focusing on MFU to Save Millions - This article details how optimizing a 70B model's training on Google Cloud's A3 Ultra machines significantly boosted efficiency and led to millions in cost savings.

Introducing Adaptive Benchmarks for Evaluating Your RAG Systems on Vertex AI - Organizations deploying Retrieval-Augmented Generation (RAG) systems often face a significant "Evaluation Gap" due to the complexity and unreliability of traditional benchmarking methods. To solve this, Google Cloud introduces auto-rag-eval, an open-source framework built on Vertex AI. This solution automates the generation of high-quality, unbiased benchmarks directly from an organization's document corpus, enabling objective and consistent measurement of RAG system performance through advanced techniques like Parallel Context Distillation and multi-agent review.

A Developer's Guide to Debugging JAX on Cloud TPUs: Essential Tools and Techniques - A practical guide to debugging and profiling JAX on Cloud TPUs. It outlines core components (libtpu, JAX/jaxlib) and essential techniques. Tools covered include: Verbose Logging (via libtpu env vars), TPU Monitoring Library for performance metrics, tpu-info for real-time utilization, XLA HLO Dumps for compiler debugging, and the XProf suite for in-depth performance analysis.

Migrate Apache Iceberg tables from Hive Metastore to BigLake Iceberg REST catalog - This article outlines a metadata-only migration process for Apache Iceberg tables, moving them from a Hive Metastore to Google Cloud's BigLake Iceberg REST catalog using serverless Spark in BigQuery Notebooks.

Improving Cost Visibility for Gemini ADK Agents: Labels and Token Tracking - This article demonstrates how to improve cost visibility for Google's Gemini ADK agents by implementing custom labels and integrating token usage tracking directly within the model class.

Under the Hood: Universal Commerce Protocol (UCP) - The Universal Commerce Protocol (UCP) is a new, open-source standard for agentic commerce, co-developed by Google and industry leaders. It establishes a common, secure language to connect consumer surfaces (like Gemini and AI Mode in Search) with business backends, enabling seamless shopping from product discovery to purchase. UCP simplifies integration for businesses, supports various payment providers, and is designed to power the next generation of conversational commerce experiences.

The Modern Forecasting Stack: From ARIMA to Foundation Models on Google Cloud - A hands-on guide to benchmarking TimesFM, ARIMAX, TiDE, TFT and AutoML across BigQuery and Vertex AI.

Various

Reflecting on a year of transformation and mission impact together - Karen Dahut reflects on 2025 milestones: accelerating government AI with Gemini, achieving IL6/FedRAMP authorization, and mission success.

Auto-ISAC and Google partner to boost automotive sector cybersecurity - Google Cloud is proud to join Auto-ISAC as an Innovator Partner to significantly deepen our commitment to the automotive and transportation sectors.

Slides, Videos, Audio

Security Podcast - #257 Beyond the 'Kaboom': What Actually Breaks When OT Meets the Cloud?

Releases

Dataproc Serverless - Announcement: New Serverless for Apache Spark runtime versions: 1.2.66 2.2.66 2.3.19 3.0.1

Dataproc - Announcement: New Dataproc on Compute Engine subminor image versions: 2.0.156-debian10, 2.0.156-ubuntu18, 2.0.156-rocky8 2.1.105-debian11, 2.1.105-ubuntu20, 2.1.105-ubuntu20-arm, 2.1.105-rocky8 2.2.73-debian12, 2.2.73-ubuntu22, 2.2.73-ubuntu22-arm, 2.2.73-rocky9 2.3.20-debian12, 2.3.20-ml-ubuntu22, 2.3.20-rocky9, 2.3.20-ubuntu22, 2.3.20-ubuntu22-arm Feature: Added a new property dataproc:pypi.repository to customize the PyPI repository used for pip. The value can be a URL, or google to use a Google-hosted cache of PyPI, accessible without public internet connectivity. Starting in image version 3.1, google will be the default; to opt out and return to public PyPI, use the value pypi. Change: Removed use of deprecated Hadoop configuration properties fs.default.name and yarn.resourcemanager.system-metrics-publisher.enabled. Fixed: Fixed the spark.driver.extraClassPath delimiter for the Jupyter SparkMonitor Listener.

Cloud Functions - Feature: You can now configure Direct VPC egress for 2nd gen functions. This support is at the Preview release level.

GKE new features - Feature: NodeLocal DNSCache is enabled by default on new Standard GKE clusters which are created running version 1.34.1-gke.3720000 or later. NodeLocal DNSCache is a GKE add-on that improves DNS performance by running a DNS cache directly on each cluster node as a DaemonSet. To learn more, see Set up NodeLocal DNSCache.

Looker - See the product release URL for the full information.

Migration Center - Announcement: The discovery client 6.3.11 is available with new features and bug fixes. Feature: The Migration Center discovery client CLI ( mcdc CLI) now uses remote WMI collections by default for Windows guest host collections to improve efficiency. This method replaces the use of local collection scripts. If script-based collection is required for earlier Windows versions (such as Windows Server 2008), you can deactivate this functionality with the --script flag. For more information, see Collect data remotely over WMI. Fixed: Fixed a bug that caused the discovery client not to use the provided proxy when connecting to Migration Center. Fixed: Fixed an issue where adding vCenter credentials in the Migration Center discovery client UI redirected users to the dashboard instead of opening the credentials pane. Fixed: Fixed an issue in the Migration Center discovery client CLI where region filtering for S3 assets during AWS inventory discovery failed, resulting in asset collection from all regions instead of only specified regions.

Sensitive Data Protection - Feature: General infoType functionality and the following infoTypes are now available in all regions: CREDIT_CARD_DATA DEMOGRAPHIC_DATA DRIVERS_LICENSE_NUMBER FINANCIAL_ID GEOGRAPHIC_DATA GOVERNMENT_ID MEDICAL_DATA MEDICAL_ID SECURITY_DATA TECHNICAL_ID For more information about all built-in infoTypes, see the InfoType detector reference.

Cloud Spanner - Feature: You can use SQL views to create a graph. For requirements, considerations, and the benefits of using SQL views to create a graph, see Overview of graphs created from SQL views. To learn how to create a graph from views, see Create a property graph from SQL views.

Cloud Trace - Feature: You can now collect, view, and analyze multimodal prompts and responses from your agentic applications that use the LangGraph or Agent Development Kit (ADK) frameworks. This feature is in Public Preview. To learn more, see the following documents: Collect and view multimodal prompts and responses Instrument generative AI applications

VMware Engine - Feature: VMware Engine introduces enhancements to simplify using external NFS datastores. External NFS datastores let you scale storage independently of compute resources for your VMware workloads. You can use Filestore or Google Cloud NetApp Volumes as external NFS datastores for ESXi hosts in Google Cloud VMware Engine. For more information, see NFS datastores overview.

VPC Service Controls - Feature: General availability support for the following integration: Model Armor

Agent Assist - Change: Agent Assist offers a best practices guide for summarization automatic evaluation.

Cloud Asset Inventory - Feature: The following resource types are publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, SearchAllResources, and SearchAllIamPolicies APIs. Network Connectivity networkconnectivity.googleapis.com/InternalRange Network Security Integration networksecurity.googleapis.com/InterceptDeploymentGroup networksecurity.googleapis.com/InterceptDeployment networksecurity.googleapis.com/InterceptEndpointGroup networksecurity.googleapis.com/InterceptEndpointGroupAssociation

Backup and DR Service - Announcement: Protection summary is now generally available for Backup and DR Service. Use Protection summary to identify and fix data protection gaps across your projects. Feature: You can now use cost reports to view resource-specific Backup and DR billing costs to gain granular insights into service spending and to take actions to optimize resource allocation.

BigQuery - Feature: You can now use the Google-developed, open source Java Database Connectivity (JDBC) driver for BigQuery to connect your Java applications to BigQuery. This feature is in Preview. Feature: The CREATE EXTERNAL TABLE and LOAD DATA statements now support the following options: time_zone: specify a time zone to use when loading data date_format, datetime_format, time_format, and timestamp_format: define how date and time values are formatted in your source files null_markers: define the strings that represent NULL values in CSV files. source_column_match: specify how loaded columns are matched to the schema. You can match columns by position or by name. These features are generally available (GA).

Capacity Planner - Feature: Preview: You can use client libraries to access the Capacity Planner API using C#, Go, Java, Node.js, PHP, Python, or Ruby. For more information, see Capacity Planner client libraries.

Chronicle - Change: Expanded capabilities for Gemini in SecOps You can now use the Gemini assistant in Google SecOps to answer questions beyond the scope of security or the product. You can integrate the full power of Gemini (for example, general knowledge, coding, and data analysis) without switching tabs or leaving your workflow. For more information, see Gemini in Google SecOps.

Chronicle SOAR - Announcement: Release 6.3.71 is being rolled out to the first phase of regions as listed here. This release contains the following changes: Feature: Custom Transformers and Logical Operators This feature is currently in Preview. Playbook engineers can now extend platform capabilities by creating custom Python-based transformation functions and logical operators as part of Extension Packs directly within the IDE. For more information, see Custom transformation functions and logical operators. Change: Increased iteration and step limits for Playbook Loops To support larger automation requirements, the maximum number of iterations for a single loop has been increased to 1,000, and the number of supported steps within a loop has been increased to 100. Change: Terminate Playbook capability You can now manually terminate a running playbook directly from the Playbook Viewer in the Case Overview. This provides a mechanism to immediately end execution if a loop encounters unwanted or excessive iterations. Announcement: Playbook Loops This feature is now in General Availability (GA). For more information, see Automate tasks with Playbook Loops. Announcement: Release 6.3.70 is now available for all regions.

Compute Engine - Feature: Generally available: You can view future resource availability before you create a future reservation request in calendar mode. This action helps increase the likelihood that Google Cloud approves your request. For more information, see View resource future availability.