As this is the last issue in 2022, I want to thank you all for sticking with this newsletter, your feedback, and your support, and wish you all the best in 2023.
News
AI Document AI Official BlogDocument AI adds three new capabilities to its OCR engine - Announcing three new features for Document AI OCR, including intelligent document quality metrics, digital PDF support, and OCR model versioning.
Google Kubernetes Engine Networking Official BlogNew control plane connectivity and isolation options for your GKE clusters - New GKE networking options enable cluster isolation for the control plane and node pools, for more scalable, secure, and cost-effective GKE clusters.
Cloud Filestore Google Kubernetes Engine Official BlogFilestore Enterprise Multishares for GKE now generally available - Using Filestore Enterprise multishare with your GKE environment can improve storage efficiency.
SponsorArticles, Tutorials
Infrastructure, Networking, Security, Kubernetes
CISO Official Blog SecurityCloud CISO Perspectives: December 2022 - Which security lessons of the past year were the most important? We look back at 2022 with members of GCAT and Google Cloud’s Office of the CISO.
Cloud Load Balancing Networking Official BlogUnderstanding Cloud Load Balancing for hybrid and multicloud environments - Cloud Load Balancing supports hybrid and multicloud with universal traffic management policies, and tools for high performance and reliability.
Networking Official BlogAn Introduction to IPv6 on Google Cloud - Google Cloud now supports IPv6 addressing on ‘dual-stack’ VM instances running both IPv4 and IPv6, as well as dual-stack GKE nodes and pods.
Cloud Armor Google Kubernetes Engine Kubernetes SecurityProtecting GKE Ingress default backend with Cloud Armor - Learn how to protect the GKE Ingress default backend with Cloud Armor Policies.
Anthos Kubernetes NetworkingThe Benefits of Using MetalLB for Load Balancing in Google Anthos - Benefits of using Metal Load Balancer with Anthos.
Cloud Identity Infrastructure NetworkingSetup SSO for OpenVPN Access Server with Google Cloud Identity using SAML - With OpenVPN Access Server 2.11 or above, you can set up SSO using SAML, this blog post describes setting up SSO with Google Cloud Identity.
ChronicleThe Chronicle CLI - Chronicle SIEM recently released the Chronicle CLI onto GitHub. In this post I’ll explore what it is, and how to start using it.
App Development, Serverless, Databases, DevOps
Cloud Build DevOps Official Blog ServerlessThe Squire’s guide to automated deployments with Cloud Build - Getting started with your first automated deployment pipeline using open source project Emblem featuring Google Cloud Serverless products like Cloud Run, Cloud Build, Artifact Registry, and Pub/Sub.
Cloud Memorystore Official BlogGoogle Cloud Memorystore for Redis Best Practices - Tips for a highly performant and worry-free deployment - Memorystore for Redis on Google Cloud is a fully managed, highly available, highly performing, scalable and secure service for Redis. Best practices & features that will accelerate your deployment.
BigQuery Cloud SQL DatastreamConfiguring Google Cloud Datastream private connectivity with Cloud SQL for PostgreSQL - Running Datastream replicating data from a Cloud SQL PostgreSQL from another project with a private IP to BigQuery.
API ApigeeBest practices for architecting cost-effective and scalable Apigee-X PayG Organisation in GCP - A checklist for crucial decision areas that need to be planned before provisioning an Apigee X organization.
Apigee Monitoring PrometheusBYOP — Bring your own Prometheus (and Grafana) to monitor Apigee hybrid - This article describes the deployment of a custom end-to-end metrics path based on the popular open-source tool Prometheus and Grafana for hybrid Apigee deployment.
Apigee NetworkingHow to globally expose Apigee for internal traffic - This article provides a step-by-step guide on how to leverage the “global-access” feature of the Internal Load Balancer to expose different API services within your organisation with a single entry point over multiple regions.
Cloud SQL TerraformGCP Cloud SQL Users in Terraform - Setting users for Cloud SQL via Terraform.
Cloud Run Secret ManagerCloud Run: Hot reload your Secret Manager secrets - Keep the latest secret version in Cloud Run with Secret Manager integration can be a challenge or even a blocker. But not anymore!
DevOps SREDisaster Recovery — locality-restricted workloads on GCP - This post discusses how you can use Google Cloud to architect for disaster recovery (DR) to meet location-specific requirements.
Big Data, Analytics, ML&AI
Apache Beam Cloud DataflowDead letter queue for errors with Beam, Asgarde, Dataflow and alerting in real time - The goal of this article is showing a use case with a Beam pipeline containing a dead letter queue for errors applied with Asgarde library.
BigQueryData augmentation with BigQuery and Google Knowledge Graph - Example of using data from Google Knowledge Graph to enrich data in BigQuery.
Big Data BigQuery Data ScienceHow I use BigQuery Analytic Functions as a Data Scientist - Practical examples on how to use advanced SQL to do analyses in BigQuery.
BigQuery Data Science GISLoading Geographic Multiband Raster Data in BigQuery - Goal: Load Raster Data in BigQuery using Dataflow with GeoBeam or GDAL core libraries.
Data Analytics Official Blog R Vertex AIPerform hyperparameter tuning using R and caret on Vertex AI - How to perform hyperparameter tuning on Vertex AI using custom containers for models written in R.
BigQuery Machine LearningBigQuery View Table for Machine Learning Feature Store - Organizing data in BigQuery for Machine Learning.
Various
Google Cloud Platform Official Blog2022 was a year spent turning sustainable ambitions into action - Enabling Google Cloud customers to make sustainability-minded decisions contributes to reversing climate change in a big way.
Google Cloud Platform Official BlogThe top 8 products startups use on Google Cloud - Discover the 8 top products that startups use on Google Cloud to innovate and grow.
Google Cloud Platform Official BlogA motorcycle accident left Googler Yariv Adan with chronic pain—it’s made him an advocate for empathy and equity - Product Lead for Cloud Conversational AI, Yariv Adan shares how he’s breaking stigmas and advocating for disabled colleagues in the workplace.
Google Cloud Platform Official BlogGoogle Cloud wrapped: Top 22 news stories of 2022, according to you - We ran the numbers to find this year’s top Google Cloud news stories, by readership.
GCP CertificationPassing all the 12 Google Cloud certifications efficiently - Comparing GCP certification exams.
Slides, Videos, Audio
GCP Podcast - #331 2022 Year End Wrap Up.
Security Podcast - #102 Sunil Potti on Building Cloud Security at Google.
Releases
Anthos clusters on AWS - A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code.
Anthos clusters on bare metal - 1.13 & 1.14. Anthos clusters on bare metal release 1.14.0 is now available for download. 1.13. Release 1.13.3 Anthos clusters on bare metal 1.13.3 is now available for download. The following container image security vulnerabilities have been fixed: CVE-2022-35737 CVE-2022-42311 CVE-2022-33745 CVE-2022-42309 CVE-2022-42320 CVE-2022-42323 CVE-2022-33748 CVE-2022-42321 CVE-2022-33746 CVE-2022-42310 CVE-2022-42316 CVE-2022-42322 CVE-2022-42319 CVE-2022-42325 CVE-2022-42315 CVE-2022-42324 CVE-2022-42314 CVE-2022-42317 CVE-2022-42312 CVE-2022-42318 CVE-2022-42313 CVE-2022-42326. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
Anthos clusters on Azure - A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code.
Anthos clusters on VMware - A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code. Anthos clusters on VMware 1.14.0-gke.430 is now available. Support for user cluster creation with Controlplane V2 enabled is now generally available. Upgraded Kubernetes from 1.24 to 1.25: Migrated PDB API version from policy/v1beta1 to policy/v1. Fixed an issue where anet-operator could be scheduled to a Windows node with enableControlplaneV2: true. Anthos clusters on VMware 1.12.4-gke.42 is now available. Changed the relative file path fields in the admin cluster configuration file to use absolute paths. Increased memory limit of monitoring-operator- Pods to 1 GB to avoid potential OOM events under certain configurations.
Anthos GKE on AWS - A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code.
AppEngine Standard - The option to update a Serverless VPC Access connector is now available in preview.
Batch - Documentation has been updated to include new samples.
BigQuery - The Lineage tab in the table properties page lets you track how your data moves and transforms through BigQuery. BigQuery now blocks saving query results to Google Drive from projects inside a VPC Service Controls protected perimeter.
Cloud Composer - (Available without upgrading) Fixed an issue where upgrading a Private IP environment with VPC peerings to Cloud Composer 2.0.31 and later versions resulted in intermittent issues with database connections. Cloud Composer 1.20.2 and 2.1.2 are versions with an extended upgrade timeline.
Compute Engine - Generally available: N2 VMs with 64 or more vCPUs now support up to 4 GB/s (read) and 3 GB/s (write) throughput per instance with Extreme persistent disks (pd-extreme).
Dataproc Serverless - New sub-minor versions of Dataproc images: 1.5.79-debian10, 1.5.79-rocky8, 1.5.79-ubuntu18 2.0.53-debian10, 2.0.53-rocky8, 2.0.53-ubuntu18 2.1.1-debian11, 2.1.1-rocky8, 2.1.1-ubuntu20. New Dataproc Serverless for Spark runtime versions: 1.0.25 2.0.5. Backported Spark patch in Dataproc Serverless for Spark runtime 1.0 and 2.0: SPARK-40481: Ignore stage fetch failure caused by decommissioned executor.
Dataproc - New sub-minor versions of Dataproc images: 1.5.79-debian10, 1.5.79-rocky8, 1.5.79-ubuntu18 2.0.53-debian10, 2.0.53-rocky8, 2.0.53-ubuntu18 2.1.1-debian11, 2.1.1-rocky8, 2.1.1-ubuntu20. New Dataproc Serverless for Spark runtime versions: 1.0.25 2.0.5. Backported Spark patch in Dataproc Serverless for Spark runtime 1.0 and 2.0: SPARK-40481: Ignore stage fetch failure caused by decommissioned executor.
Datastore - Support for the australia-southeast2 (Melbourne) region.
Terraform on Google Cloud - Published an update to the Terraform blueprints page.
Document AI - v1.3. We are launching a public preview version of the Purchase Order (PO) processor, pretrained-purchase-order-v1.1-2022-06-17, with the following new features: Support for uptraining to improve, add, and remove entities in the schema Support for uptraining to add support for unsupported languages Improvements to overall performance. v1beta3. The Document AI OCR Processor has the following new features: The OCR Processor now supports extracting embedded text from digital PDFs in public preview. Known issues with the digital PDF feature of the Document AI OCR Processor: On a small number of documents, the word ordering within lines of text as reported by native text extraction might be wrong.
Cloud Firestore - Support for the australia-southeast2 (Melbourne) region.
Cloud Functions - The option to update a Serverless VPC Access connector is now available in preview.
Google Kubernetes Engine - Dual-stack clusters in GKE are now generally available. A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code. You can now enable NCCL Fast Socket on your multi-GPU workloads. CVE-2022-37434, CVE-2022-40674, CVE-2022-1586, CVE-2022-1587 have been patched in the PD CSI driver in 1.22, 1.23, 1.24 for newly created clusters.
Cloud Logging - Cloud Logging now supports the following regions: US EU For more information, see Data regionality for Cloud Logging.
Pub/Sub Lite - Pub/Sub Lite now supports export subscriptions.
Retail Recommendations AI - Recommendations AI now provides the On-sale model.
Cloud Run - The option to update a Serverless VPC Access connector is now available in preview.
Security Command Center - The userName attribute was added to the Finding object of the Security Command Center API.
Cloud Spanner - The new Cloud Spanner Kafka connector publishes change streams records to Kafka for application integration and event triggering. You can now use the ALTER INDEX statement to add columns into an index or drop non-key columns.
Cloud SQL MySQL - Cloud SQL for MySQL now supports using the lower_case_table_names flag for MySQL 8.0.
Cloud Storage Transfer - Storage Transfer Service now offers Preview support for tracking progress of a Transfer Job using Cloud Monitoring, allowing you to monitor the number of objects and amount of data copied by Storage Transfer Service in near real-time.
Cloud TPU - Cloud TPU now supports TensorFlow patches: 2.8.4, 2.9.3, and 2.10.1.
Vertex AI - Vertex AI TensorFlow Profiler Vertex AI TensorFlow Profiler is generally available GA. Vertex AI Matching Engine Vertex AI Matching Engine now offers General Availability support for updating your indices using Streaming Update, which is real-time indexing for the Approximate Nearest Neighbor (ANN) service. Vertex AI Feature Store streaming ingestion is now generally available (GA). You can now override the default data retention limit of 4000 days for the online store and the offline store in Vertex AI Feature Store.
VMware Engine - VMware Engine nodes are now available in the following additional region: Milan, Italy, Europe (europe-west8).
Virtual Private Cloud - Preview: You can use geo-location objects in firewall policy rules to filter external IPv4 and external IPv6 traffic based on specific geographic locations or regions. Preview: You can use Threat Intelligence for firewall policy rules to secure your network by allowing or blocking traffic based on threat intelligence data. Preview: You can use address groups to combine multiple IP addresses and IP ranges into a single named logical unit. Preview: You can use fully qualified domain name (FQDN) objects in firewall policy rules to filter incoming or outgoing traffic from specific domain names.