Welcome to issue #318 October 31st, 2022

News

Blockchain Node Engine Official Blog

Introducing Blockchain Node Engine: fully managed node-hosting for Web3 development

BigQuery Data Analytics Official Blog

Improved text analytics in BigQuery: search features now GA - General availability of text indexes and search functions in BigQuery. This enables you to perform scalable text searches.

Assured workloads Official Blog

Introducing Assured Workloads in Canada and Australia, and new features for all - Google Cloud now offers Assured Workloads for Canada and Australia, and we’ve made it easier to get started by automating the onboarding process and offering new compliance checking tools.

Data Analytics Dataplex Official Blog

Accelerate speed to insights with data exploration in Dataplex - Dataplex announces Data Exploration Workbench providing a Spark-powered serverless data exploration experience.

AI Machine Learning Official Blog Vertex AI

Improved TabNet on Vertex AI: High-performance, scalable Tabular Deep Learning - TabNet in Vertex AI provides a convenient way for superior accuracy and explainability on your tabular data tasks.

Google Kubernetes Engine Official Blog

Announcing new GKE functionality for streamlined security management - The new interface for the Google Kubernetes Engine can streamline security workflows and can help make it easier to follow up on security alerts.

Cloud Spanner Official Blog

NHibernate Dialect for Cloud Spanner is now Generally Available - .NET Developers can now use NHibernate with Google Cloud Spanner. The dialect supports both standard NHibernate features and Spanner-specific features like Interleaved Tables, Mutations and Read-only transactions.

Official Blog Workspace

Bringing Google Meet to more meeting rooms and shared spaces - Zoom-Meet interop and Meet on Poly/Logitech Android platforms will give customers more flexibility to call people outside their corporate networks.

Cloud DNS Networking Official Blog

Introducing automated failover for private workloads using Cloud DNS routing policies with health checks - Build and deploy high availability applications globally by using Cloud DNS routing policies with health checks.

Official Blog Terraform

Google Cloud and HashiCorp deliver a more efficient approach for Cloud Support Services - Google Cloud and Hashicorp partner to deliver cloud support solutions to enterprise customers.

Official Blog Public Sector

Explore over 30 sessions at the Google Government Summit and earn CPE credits - There are only a few weeks left to register for Google Government Summit 2022!

Business Infrastructure Networking Official Blog

Google is a Leader in Gartner Magic Quadrant for Cloud Infrastructure and Platform Services - For the fifth consecutive year, Google Cloud is a leader in Gartner Cloud Infrastructure and Platform Services Magic Quadrant.

Data Analytics Event Official Blog

Join the Google Cloud BI Hackathon - Join the Google Cloud BI Hackathon and collaborate and build new innovative applications, tools, and data experiences on Looker and Looker Studio.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

DevOps Official Blog Skaffold SRE

Skaffold v2 GA: Further enhancing developer productivity - With Skaffold V2, you can now build and manage container images on Cloud Run and on ARM architectures.

Istio Kubernetes

Take control of your Kubernetes networking with Istio and Kiali - Istio integrates natively with Kubernetes as a service mesh and gateway while providing flexibility for service-to-service communication.

Cloud Functions Cloud Scheduler Google Kubernetes Engine

Scale GKE with Cloud function - Using Cloud Scheduler and Cloud Function to regularly resize GKE cluster in order to save cost.

Terraform Workload Identity

Terraform Cloud/Enterprise and GCP Workload Identity Federation - Connect from Google Cloud to Terraform Cloud via Workload Identity.

Cloud SDK IAM Security

Debugging Google Application Default Credentials - Inspecting gcloud application default credentials, Google access tokens, and ID tokens through the refresh token grant & token introspection.

IAM Security

Using IAM Conditions in Google Cloud - Example of using IAM Conditions.

Cloud SDK IAM Security

Authenticating to Workspace APIs locally, the right way - Connecting from local computer to Google Cloud services.

Infrastructure

Growing your Google Cloud Landing zone with data - How can data can enrich a landing zone and set you up for a modern, scalable, future proof and user centric solution?

App Development, Serverless, Databases, DevOps

Cloud Run Official Blog

Securing Cloud Run Deployments with Binary Authorization - Demonstrate how Google Cloud Users can Secure their Cloud Run Deployments using Approved Artifact Registry repositories and Binary Authorization.

Cloud Firestore Firebase

Experience bytes : New Firebase feature lets you set an expiry on documents for deletion ! - Setting auto-delete functionality for Firestore documents.

Cloud Build Workspace

Access to Google Workspace documents from Cloud Build - With Cloud Build you can require access to Google Sheet to customize your pipeline for instance. It’s not so easy but there is a solution!

Infrastructure SAP

SAP on Google Cloud series: The fundamentals - SAP on Google Cloud series exploring fundamentals, architecture, security and best practices.

NodeJS Serverless

Running multiple Google Cloud functions locally with the functions-framework - This article explains how to run locally multiple Cloud Functions by writing Express app.

Big Data, Analytics, ML&AI

Data Analytics Official Blog

An annual roundup of Google Data Analytics innovations - Data Analytics product innovations in 2022. Innovations for an open data ecosystem, unified business intelligence, continuous intelligence, and data management and governance.

Data Analytics GCP Experience Official Blog

UKG Ready, People Insights on Google Cloud - Entity standardization is a complex problem to solve. This is UKG’s solution to help their small and medium business get realtime insights with Google Cloud and Machine Learning. UKG discusses the steps they took and the solution architecture in Google Cloud.

Cloud Dataproc Data Analytics Official Blog

Best practices for migrating Hadoop to Dataproc by LiveRamp - Liveramp sharing best practices for migrating apache hadoop from on-prem to Google Cloud Dataproc.

Data Analytics Official Blog

Unlocking the power of connected vehicle data and advanced analytics with BigQuery - Sibros’ Connected Vehicle Platform on Google Cloud delivers OTA data updates, collection, and commands with the flexibility and scale of the cloud.

BigQuery Data Analytics GCP Experience Official Blog

BigQuery’s performance and scale means that everyone gets to play - Today, we’re hearing from telematics solutions company Geotab about how Google BigQuery enables them to democratize data across their entire organization and reduce the complexity of their data pipelines.

Dataplex

An overview of GCP Dataplex - The aim of this article is to give readers an objective overview of GCP’s Dataplex solution.

BigQuery Cloud Dataflow Cloud Natural Language API Cloud Pub/Sub

How to build a streaming pipeline for Twitter Sentiment Analysis with GCE, Pub/Sub, Dataflow, BigQuery and the Natural Language API - End-to-end pipeline to get data from Twitter to BigQuery.

Official Blog Vertex AI

Machine Learning Experiments in Gaming and Why it Matters - In this blog, we will showcase how Vertex AI Experiments can help gaming companies better manage, interpret, and extract value from their ML experiments.

Document AI Official Blog

Document AI adds one-click model training with ML Workbench - Train custom document machine learning models with the click of a button with Document AI Workbench.

Official Blog Vertex AI

Vertex AI Vision: Easily build and deploy computer vision applications at scale - Build, deploy, and manage computer vision applications with Vertex AI Vision.

BigQuery Data Analytics Machine Learning Official Blog Vertex AI

Accelerate your data to AI journey with new features in BigQuery ML - BigQuery ML reduces data to AI barrier by making it easy to manage the end-to-end lifecycle from exploration to operationalizing ML models using SQL.

Machine Learning

Install MLFlow on GCP for Your Team: The Simplest Way - A process of installing MLflow on Google Cloud.

Various

GCP Certification Official Blog Public Sector

Google Cloud joins BlueSky Tennessee Institute to train students for high-demand tech jobs - Google Cloud joins Bluesky Tennessee Institute and Blue Cross Blue Shield of Tennessee to provide content and mentorship for in-demand jobs and technology.

Official Blog Public Sector

Collegis partners with Google Cloud to unlock value in higher education data - Collegis Education is partnering with Google Cloud to provide managed services to collect, connect, and activate data and allow it to drive value.

Official Blog Public Sector

Partnering with Malaysia's Universities to prepare students for a cloud-first world - Google Malaysia's Gemilang combined Google Career Certificates and Google Cloud skills programs into a single national program launch for the first time.

Google Cloud Platform Official Blog

How UX researchers make Google Cloud better with user feedback - Learn how UX researchers make Google Cloud better with user feedback. Find out how you can join the Google User Experience Research program.

GCP Certification Official Blog

How Deutsche Bank is building cloud skills at scale - Deutsche Bank’s strategic partnership with Google Cloud enabled them to develop a new learning program that targets employees’ skill gaps at scale.

Slides, Videos, Audio

GCP Podcast - #325 Digital Sovereignty with Archana Ramamoorthy and Julien Blanchez.

Security Podcast - #93 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Is My Data Secure?

GCP Life Podcast - #26 In this episode we discuss; Hitchhikers Guide To Google Cloud, Medibank Hack, H.264 and i486 going away, Google Next.

 

Releases

Anthos Config Management - 1.13.1. Changed the default Helm release namespace from config-management-system to default, if spec.helm.namespace isn't specified. Added the spec.helm.values field in RootSync and RepoSync to allow overriding the default values that accompany the Helm chart. The constraint template library includes a new template: K8sBlockLoadBalancer. The constraint template library's K8sHttpsOnly template now supports Ingress blocks which do not include tls: using the new tlsOptional: true parameter. Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: 600a68d). Config Sync now handles exporting metrics correctly with the right permissions and resource names after the update to Open Telemetry v0.54.0 which was introduced in ACM 1.12.2. Fixed a Prometheus exporter error in the otel-collector by resolving a discrepancy between components regarding the description of the pipeline_error_observed metric. Config Sync is not compatible with Autopilot starting from GKE version 1.23.

Anthos clusters on bare metal - 1.11. Anthos clusters on bare metal 1.11.7 is now available for download. Fixes: The following container image security vulnerabilities have been fixed: CVE-2022-40674 CVE-2022-2509 CVE-2021-46828 CVE-2022-3172 CVE-2022-39278 CVE-2020-35527 CVE-2021-20223 CVE-2020-35525 CVE-2022-40617 CVE-2022-2526. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Anthos clusters on VMware - A new vulnerability, CVE-2022-20409, has been discovered in the Linux kernel that could allow an unprivileged user to escalate to system execution privilege. A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. Anthos clusters on VMware 1.12.3-gke.23 is now available. Fixed the issue of a race condition that blocks the deletion of an old machine object during cluster upgrade or update.

Anthos GKE on AWS - A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation.

Apigee X - On October 27, 2022 we released an updated version of Apigee X. This release contains the General Acceptance (GA) release of Advanced API Security, which: Detects unwanted requests sent to your APIs, including attacks by bots or other malicious agents. On October 24, 2022, we released an updated version of Apigee X (1-9-0-apigee-5). Bug ID Description 218567150 X-request-id headers modified at 14th character.

Google Cloud Armor - Default security policies are now Generally Available.

BigQuery - Search indexes and the SEARCH() function are now generally available (GA). The following geography functions are now generally available (GA): ST_ISCLOSED: Returns TRUE for a non-empty geography, where each element in the geography has an empty boundary. You can now view BI Engine Top Tables Cached Bytes, BI Engine Query Fallback Count, and Query Execution Count as dashboard metrics for BigQuery.

Chronicle - Chronicle Feed Management added support for the CrowdStrike Detection API.

Compute Engine - Generally available: Compute Engine flexible committed use discounts (flexible CUDs) are spend-based discounts that add flexibility to your spending capabilities by eliminating the need to restrict your commitments to a single project, region, or machine series.

Data Fusion - Cloud Data Fusion version 6.7.2 is generally available (GA). In Cloud Data Fusion version 6.7.2, the default machine type changed from N2 to E2. Fixed in 6.7.2: In the BigQuery Sink plugin (version 0.20.3), fixed an issue that caused a NullPointerException error when table metrics were updated or when the output schema was not defined.

Dataproc - The following preview Dataproc image versions are available: 2.1.0-RC2-debian11 2.1.0-RC2-rocky8 2.1.0-RC2-ubuntu20 The following component versions are available for use with the 2.1.0-RC2 images (the HBase and Druid components are not supported in 2.1 image versions): Apache Atlas 2.2.0 Apache Flink 1.15.0 Apache Hadoop 3.3.3 Apache Hive 3.1.3 Apache Hive WebHCat 3.1.3 Apache Kafka 3.1.0 Apache Pig 0.18.0-SNAPSHOT Apache Spark 3.3.0 Apache Sqoop v1 1.5.0-SNAPSHOT Apache Sqoop v2 1.99.6 Apache Tez 0.10.1 Cloud Storage Connector hadoop3-2.2.8 Conscrypt 2.5.2 Docker 20.10 Hue 4.10.0 Java temurin-11-jdk JupyterLab Notebook 3.4 Oozie 5.2.1 Presto 376 Python 3.10 R 4.1 Ranger 2.2.0 Scala 2.12.14 Solr 9.0.0 Zeppelin Notebook 0.10.1 Zookeeper 3.8.0. Dataproc Serverless for Spark now now uses runtime version 1.0.21 and 2.0.1. Dataproc Serverless for Spark runtime version 2.0.1 upgrades Apache Commons Text to 1.10.0, addressing CVE-2022-42889. Dataproc Serverless for Spark runtime version 2.0.1 upgrades the following components: Spark to 3.3.1 SLF4J to 2.0.3. All Dataproc Serverless for Spark runtime versions prior to 1.0.21 and 2.0.1 will be deprecated on November 2, 2022. Dataproc Serverless for Spark runtime version 2.0 will become the default Dataproc Serverless for Spark runtime version on December 13, 2022. Dataproc Serverless for Spark now supports spark.dataproc.diagnostics.enabled property that enables auto diagnostics on Batch failure.

Cloud Functions - Cloud Functions now supports the .NET Core 6.0 runtime at the General Availability release level.

IAM - Deny policies are generally available (GA).

Google Kubernetes Engine - A new vulnerability, CVE-2022-20409, has been discovered in the Linux kernel that could allow an unprivileged user to escalate to system execution privilege. A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation.

Cloud Logging - You can now instrument gRPC applications to use Microservices observability.

Cloud Monitoring - You can now instrument gRPC applications to use Microservices observability. A new version of Managed Service for Prometheus is now available.

Retail Recommendations AI - Recording Google Analytics 4 user events to the Retail API is available in GA. A/B experiment traffic monitoring for Retail Search is available in private preview.

Service Mesh - 1.15.x. 1.15.2-asm.6 is now available. Docker images for Anthos Service Mesh v1.15 and later now also support the Arm architecture. Anthos Service Mesh now supports configuring Mesh CA and Google CA Service connectivity through an HTTPS proxy when direct connectivity from the sidecar-injected workloads is not available (for example, due to firewalls or other restrictive features). 1.12.x. Anthos Service Mesh 1.12 is no longer supported. Managed Anthos Service Mesh. Managed Anthos Service Mesh 1.15 isn't rolling out to the rapid release channel at this time. 1.14.x. 1.14.5-asm.3 is now available. 1.13.x. 1.13.9-asm.1 is now available.

SAP Solutions - New SAP certification for operating systems SAP has certified the operating system SUSE Linux Enterprise Server (SLES) 15 SP4 for SAP HANA and SAP NetWeaver on Google Cloud.

Cloud Spanner - A weekly digest of client library updates from across the Cloud SDK.

Cloud Storage - Bucket tags are now generally available (GA).

Cloud Text-to-Speech - Text-to-Speech improved the quality of these voices.

Cloud Trace - You can now instrument gRPC applications to use Microservices observability.

Traffic Director - Traffic Director deployment with automatic Envoy injection for Google Kubernetes Engine Pods currently installs Envoy version 1.20.0.

AutoML Translation - The following language translation pairs have been added: Language Pair Language Codes Javanese -> English jv -> en Khmer -> English km -> en Myanmar (Burmese) -> English my -> en Nepali -> English ne -> en Pashto -> English ps -> en Tagalog (Filipino) -> English tl -> en Tamil -> English ta -> en Telugu -> English te -> en Uzbek -> English uz -> en Zulu -> English zu -> en.

Vertex AI - Vertex AI Prediction You can now use E2 machine types to serve predictions. The v1beta1 version of the Notebooks API is scheduled for removal no earlier than January 16, 2023.

VPC Service Controls - General availability for the following integration: Organization Policy Service.

Workflows - Eventarc event-triggered requests are limited by the execution API write request on workflows. Support for limiting the maximum number of concurrent branches or iterations within a parallel step is available in Preview.

 

Latest Issues




Contact

Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]