Welcome to issue #278 January 24th, 2022

News

Google Cloud Platform Official Blog

Find products faster with the new All products page - Introducing the new Google Cloud All products page. Quickly navigate to products from one place. Explore products at a glance and save time.

Cloud Data Fusion Data Analytics Official Blog

Encrypt Data Fusion data and metadata using Customer Managed Encryption Keys (CMEK) - General availability of Customer Managed Encryption Keys (CMEK) for encrypting Cloud Data Fusion data and metadata at-rest.

Cloud Operations Official Blog

Webhook, Pub/Sub, and Slack Alerting notification channels launched - Announcing the general availability of the new Pub/Sub, Webhook, and Slack Notification channels.

Cloud SQL Official Blog

Keep tabs on your tables: Cloud SQL for MySQL launches database auditing - The Cloud SQL for MySQL Audit Plugin is an advanced enterprise-grade security plugin that offers advanced auditing features.

Infrastructure Official Blog VMware Engine

New in Google Cloud VMware Engine: Single nodes, certifications and more - The latest version of Google Cloud VMware Engine now supports single node clouds, compliance certs and Toronto availability.

AI BigQuery Machine Learning Official Blog

BigQuery Explainable AI now in GA to help you interpret your machine learning models - BigQuery Explainable AI allows you to interpret your ML models.

Cloud Firestore Official Blog

Understanding Firestore performance with Key Visualizer - Firestore Key Visualizer is now Generally Available! Try out the new interactive performance monitoring tool that helps you observe and maximize Firestore’s performance.

Official Blog Vertex AI

Bio-pharma organizations can now leverage the groundbreaking protein folding system, AlphaFold, with Vertex AI - How to run DeepMind’s AlphaFold on Google Cloud’s Vertex AI.

Apache Beam Event

Apache Beam conference call for speakers - Beam Summit is coming back on 18-20 July 2022 Austin, Texas and online.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud Healthcare Official Blog

Developing and securing a platform for healthcare innovation with Google Cloud - Highmark Health and Google are using a technique called “secure-by-design” to address the security, privacy, and compliance aspects of bringing Living Health to life.

Cloud DNS Networking Official Blog

How to publish applications to our users globally with Cloud DNS Routing policies? - Build and deploy high availability applications globally by using Cloud DNS routing policies.

Cloud Deployment Manager Terraform

Comparing Terraform and Cloud Deployment Manager - Comparison of Deployment Manager and Terraform.

Cloud Armor Security

Implement Cloud Armor Security Policy/s using Terraform - Implementing security policies through Terraform for 'Instance Groups as the backend service' and defining WAF Rules and consuming them through Security Policy.

Cloud Storage Secret Manager

Tutorial: Rotating Service Account Keys using Secret Manager - The Service Account Key Rotater is a pluginable solution that can easily be extended for other external services that require access to Service Account Keys.

Anthos DevOps

Google Cloud Anthos Series - Part1: Anthos Platform Introduction.

Google Kubernetes Engine IAM Kubernetes Security

GKE Authentication and Authorization Between Cloud IAM and RBAC - Learn how users are created in GKE & how Google Cloud IAM and RBAC work together to achieve better authentication & authorization.

Infrastructure

Resolving network connectivity issues between GCP Services - Learn how to connect to peered private clusters and manage services such as Cloud-SQL and GKE without public IP addresses.

Kubernetes

NGINX Ingress or GKE Ingress? - In this article, two popular Ingress options for Google Kubernetes Engine are described.

Google Kubernetes Engine Java Kubernetes Microservices Tutorial

Java Microservice on Google Kubernetes Engine (GKE) Cluster - In this article are described steps to create a Java Microservice, and deploy it to Google Kubernetes Engine.

Cloud Code Kubernetes Official Blog Skaffold

Develop and debug Kubernetes microservice applications fast with Cloud Code and Skaffold modules - With Skaffold and Cloud Code, Google Cloud makes it easy for you to quickly develop and debug your Kubernetes microservice applications.

App Development, Serverless, Databases, DevOps

Cloud SQL GCP Experience Official Blog

How Wayfair is modernizing, one database at a time - Wayfair migrated to Google Cloud database services because Cloud SQL and Cloud Spanner provided a clear path for shifting workloads to the cloud.

Cloud Monitoring Cloud Operations Cloud Run Official Blog

Creating custom notifications with Cloud Monitoring and Cloud Run - A tutorial for writing and deploying customized Cloud Monitoring alert notifications to third party services.

Official Blog Serverless

DevOps for tech companies and startups: Learn from over 32,000 professionals on how to drive success with Google Cloud’s DORA research - The 2021 State of DevOps Report is live and we want to help your organization continue to thrive with Google Cloud’s best DevOps practices.

Cloud Logging Cloud Operations Data Analytics Official Blog

Patterns for better insights and troubleshooting with hybrid cloud logs - Read this blog to discover how Google Cloud is helping customers improve cost and get better insights from their apps and services with cloud logs.

Cloud Logging Python

Enable feature-rich Logging for FastAPI on Google Cloud Logging - Set up Cloud Logging for FastAPI (Python framework).

Knative Serverless

The pitfalls of scaling on Serverless platforms - Some things you might want to consider, when you need to prepare for burst loads on serverless platforms.

Cloud Identity Aware Proxy Compute Engine Security

Connecting to MS SQL on Compute in GCP Using Cloud IAP - Connect to and manage MS SQL on GCP Compute using your preferred SQL management software via Cloud IAP.

Cloud Monitoring Cloud Operations

Cloud Monitoring, We Need to Chat - How to use Google Chat as a notification channel for Cloud Monitoring alerts.

Python Terraform

Deploy Cloud Functions on GCP with Terraform - In this tutorial you are going to deploy a simple Cloud Function triggered by a Cloud Storage event with Terraform.

Cloud Functions Go Terraform

Cloud Functions in Go with Terraform - Deploying a Cloud Function in Go using Terraform.

Cloud SQL

Automatic CloudSQL load balancing with PGPool-II and far too much bash scripting - Automatic CloudSQL Load Balancing for Kubernetes with Terraform, PGPool-II and Too Much Bash Scripting.

Big Data, Analytics, ML&AI

Data Analytics Infrastructure Official Blog Serverless

Data considerations for early-stage startups - Google Cloud technology stack considerations for early-stage startups.

Cloud Data Fusion Data Analytics Official Blog SAP

Data Fusion SAP Connectors - Unlock the value of your SAP data on Google Cloud with Data Fusion SAP connectors.

Cloud Data Fusion Data Analytics Official Blog SAP

Data Fusion SAP accelerator for Procure 2 Pay - Google Cloud Data Fusion accelerator for SAP Procure to Pay, consisting of SAP connector, pipeline templates, target BigQuery schemas and Looker block.

BigQuery Java

How to: BigQuery Protobuf Streaming Inserts using Java - An end-to-end example of how to create and push data to BigQuery in protobuf format.

BigQuery

BigQuery: Advanced SQL query hacks - This is a list of time-saving, cost-saving and life-saving SQL query hacks you need to know.

BigQuery Data Science

Levenshtein distance as a remedy for sequential data - Calculating Levenshtein distance in BigQuery.

BigQuery Data Science Kaggle Machine Learning

End-to-End BigQuery Machine Learning - Use Google Cloud BigQuery to compete in a Kaggle competition.

Official Blog Vertex AI

How can demand forecasting approach real time responsiveness? Vertex AI makes it possible - AI is making it possible for retailers to do forecasting with near-real-time insights from a wealth of sources. Get granular with Vertex AI Forecast.

Data Science Machine Learning Vertex AI

Tokenizing sensitive data to train models using VertexAI

Machine Learning Official Blog PyTorch

PyTorch/XLA: Performance debugging on Cloud TPU VM: Part III - In this blog post, we introduce concepts to generate and analyze traces to debug PyTorch training performance on TPU VM.

Various

Google Cloud Platform

A Co-author’s Take on ‘The Definitive Guide to Modernizing Applications on Google Cloud’​ - Thoughts and experiences on writing book (related to GCP).

Slides, Videos, Audio

GCP Podcast - #289 Cloud Security Megatrends with Phil Venables.

Security Podcast - #48 EP48 Confidentially Speaking 2: Cloudful of Secrets.

 

Releases

AppEngine Standard Java - Updated Java SDK to version 1.9.94.

AppEngine Standard Python3 - Users of the App Engine Bundled Services for Python 3 can now access Blobstore, Deferred, and Mail handlers in preview, through language-idiomatic libraries.

Compute Engine - Learn about the differences between multi-tenancy and sole-tenancy by reading the new About VM tenancy document. Generally available: You can now use the SSH troubleshooting tool to help you determine the cause of failed SSH connections. Generally Available: Configure commitments to renew automatically.

Config Connector - Config Connector version 1.71.0 is now available. Added support for LoggingLogMetric resource. Added support for NetworkConnectivitySpoke resource. Added regional support for ComputeTargetHTTP(S)Proxy resource(s). Added spec.build.availableSecrets to CloudBuildTrigger resource. Added spec.nodeConfig.nodeGroupRef and spec.nodeConfig.spot to ContainerCluster and ContainerNodePool resources. Added spec.readReplicaMode, spec.replicaCount and status.nodes to RedisInstance resources. Added spec.settings.ipConfiguration.allocatedIpRange to SQLInstance resource. Added spec.publicAccessPrevention to StorageBucket resource. Added spec.identityServiceConfig to ContainerCluster resource.

Config Controller - Config Connector version 1.71.0 is now available. Added support for LoggingLogMetric resource. Added support for NetworkConnectivitySpoke resource. Added regional support for ComputeTargetHTTP(S)Proxy resource(s). Added spec.build.availableSecrets to CloudBuildTrigger resource. Added spec.nodeConfig.nodeGroupRef and spec.nodeConfig.spot to ContainerCluster and ContainerNodePool resources. Added spec.readReplicaMode, spec.replicaCount and status.nodes to RedisInstance resources. Added spec.settings.ipConfiguration.allocatedIpRange to SQLInstance resource. Added spec.publicAccessPrevention to StorageBucket resource. Added spec.identityServiceConfig to ContainerCluster resource.

Data Catalog - Public preview: Creating rich-text overview and adding data stewards to your data entries is rolled out to all Data Catalog regions with minimal disruption and in a controlled way.

Dataproc - Announcing the General Availability (GA) release of Dataproc Serverless for Spark, which allows you to run your Spark jobs on Dataproc without having to spin up and manage your own cluster. Added support for Dataproc Metastore's beta NetworkConfig field. Dataproc extracts the warehouse directory from the Dataproc Metastore service for the cluster-local warehouse directory. New sub-minor versions of Dataproc images: 1.4.79-debian10 and 1.4.79-ubuntu18 1.5.55-debian10, 1.5.55-ubuntu18, and 1.5.55-centos8 2.0.29-debian10, 2.0.29-ubuntu18, and 2.0.29-centos8. Migrated to Eclipse Temurin JDK in image versions 1.4, 1.5, and 2.0. Upgraded Log4j version to 2.17.1 in image versions 1.4, 1.5, and 2.0. The Cloud Storage connector jar is installed on the Solr server (even if dataproc:solr.gcs.path property is not set). Fixed a bug where cluster restart disabled Solr and Ranger services even if the components are selected. YARN-8865: RMStateStore contains large number of expired RMDelegationToken. RANGER-3324: Make optimized db schema script idempotent for MySQL DB.

Cloud Deploy - Google Cloud Deploy support for Skaffold version 1.35.1 has been updated to version 1.35.2, which is now the default Skaffold version. Google Cloud Deploy is generally available (GA). Google Cloud Deploy now has beta stage support for VPC Service Controls. You can now roll back targets from the delivery pipeline visualization in Google Cloud Console. Google Cloud Deploy now automatically applies provenance labels to deployed resources.

Dialogflow Enterprise - Dialogflow CX now provides an IDENTITY system function, which is useful to copy a composite parameter object in a parameter preset field. The Dialogflow CX QueryResult.match.event field previously only populated custom events.

Dialogflow - Dialogflow CX now provides an IDENTITY system function, which is useful to copy a composite parameter object in a parameter preset field. The Dialogflow CX QueryResult.match.event field previously only populated custom events.

Cloud Data Loss Prevention - The SOUTH_AFRICA_ID_NUMBER infoType detector is available in all regions.

Cloud Networking Products - Managing routing policies in Cloud DNS is available in GA.

Document AI - The Intelligent Document Quality Processor is now publicly accessible and now supports 3 more defect types: quality/defect_document_cutoff quality/defect_text_cutoff quality/defect_glare.

Google Kubernetes Engine - (2022-R01) Version updates GKE cluster versions have been updated. 1.23 is now available in the Rapid channel Kubernetes 1.23 is now available in the Rapid channel. Notable features Beta: PodSecurity admission PodSecurity replaces the deprecated PodSecurityPolicy admission controller (which will be removed in 1.25). Notable changes and bug fixes Kubernetes 1.23 is built with go1.17, which requires aggregated API servers, admission webhooks, and custom resource conversion webhooks to use TLS certificates that include the service DNS name as a subjectAltName. New API versions flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration autoscaling/v2 HorizontalPodAutoscaler. Deprecated API versions These APIs are still served in version 1.23 but are in a deprecation period: PodSecurityPolicy policy/v1beta1 PodSecurityPolicy Deprecated in 1.21 with removal targeted for version 1.25. Clusters running GKE node versions 1.19.16-gke.1500 and 1.19.16-gke.3600 will be unstable if Container Threat Detection (KTD) is enabled. VPC-scoped DNS for GKE using Cloud DNS is now generally available for GKE versions 1.21 and later. A new kubernetes metric, Network policy event count (kubernetes.io/pod/network/policy_event_count), is available (beta) for GKE Dataplane V2 clusters in GKE versions 1.22.3-gke.700 and later. Now available in Preview: Use a compact placement policy to specify that nodes within the node pool should be placed in closer physical proximity to each other within a zone.

GKE - (2022-R01) Version updates Version 1.21.6-gke.1500 is now the default version.

Google Kubernetes Engine Rapid - (2022-R01) Version updates Version 1.22.3-gke.1500 is now the default version in the Rapid channel. 1.23 is now available in the Rapid channel Kubernetes 1.23 is now available in the Rapid channel. Notable features Beta: PodSecurity admission PodSecurity replaces the deprecated PodSecurityPolicy admission controller (which will be removed in 1.25). Notable changes and bug fixes Kubernetes 1.23 is built with go1.17, which requires aggregated API servers, admission webhooks, and custom resource conversion webhooks to use TLS certificates that include the service DNS name as a subjectAltName. New API versions flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration autoscaling/v2 HorizontalPodAutoscaler. Deprecated API versions These APIs are still served in version 1.23 but are in a deprecation period: PodSecurityPolicy policy/v1beta1 PodSecurityPolicy Deprecated in 1.21 with removal targeted for version 1.25.

Google Kubernetes Engine Regular - (2022-R01) Version updates Version 1.21.6-gke.1500 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2022-R01) Version updates Version 1.20.12-gke.1500 is now the default version in the Stable channel.

Load Balancing - The default behavior for HTTP/3 and Google QUIC is changing for global external HTTP(S) load balancers.

Cloud Monitoring - Private uptime checks are now available in Preview. When you click on an entry in the Instances table on the Monitoring VM Instances dashboard, a sliding panel now appears with the instance details, replacing the VM Instance Details page.

Network Intelligence Center - Overly permissive rule insights are now generally available.

reCAPTCHA Enterprise - You can now use reCAPTCHA Enterprise account defender to detect and prevent account-related fraudulent activities.

Retail Recommendations AI - The Retail console is now available to all Recommendations AI users.

Anthos Service Mesh - 1.10.x. 1.10.6-asm.0 is now available. 1.12.x. 1.12.2-asm.0 is now available. Managed Anthos Service Mesh. Version 1.12 is now available for managed Anthos Service Mesh and is rolling out into the Rapid Release Channel. Managed Anthos Service Mesh now supports GKE Autopilot in the Regular and Rapid channels. Managed Anthos Service Mesh control plane now displays its provisioning status in the ControlPlaneRevision API. Managed Anthos Service Mesh now supports deploying a proxy built on the distroless base image.

SAP Solutions - Google Cloud Connector for SAP Landscape Management version 2.3.0 Version 2.3.0 of the Google Cloud Connector for SAP Landscape Management is now available.

VPC Service Controls - Preview support for the following integration: Image streaming for container images stored in Artifact Registry.

Workflows - Workflows is now certified as SOC 1 compliant.

 

Latest Issues




Contact

Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]