News
Google Cloud Platform Official BlogGoogle Cloud is officially a FinOps Certified Service Provider - Google Cloud is presenting at the FinOps X Conference in San Diego from June 27-30, 2023 in our capacity as a FinOps Certified Service Provider.
Monitoring Official Blog PrometheusTrace exemplars now available in Managed Service for Prometheus - Connect your metrics to your traces with exemplars to quickly troubleshoot and resolve latency issues.
Assured workloads Official BlogWhat’s new in Assured Workloads: Region expansion, TLS version restrictions, new supported services - New features and services come to Assured Workloads, which can help organizations achieve and maintain compliance around the world without refactoring.
Cloud Marketplace Official BlogMarketplace Exchange: Partnership perks with Google Cloud - Learn how to position your partner solution on Google Cloud Marketplace.
SponsorMeet DoiT |
The true promise of the cloud with ease, not cost. DoiT provides technology and cloud expertise to reduce cloud costs and boost engineer productivity. All from a Google Cloud Partner. |
Articles, Tutorials
Infrastructure, Networking, Security, Kubernetes
GKE Autopilot Google Kubernetes Engine KubernetesAre Kubernetes days numbered? - …and if so — what is the future for containers?
Cloud Asset Inventory InfrastructureEvaluating your existing GCP resources - How to build a service to validate existing GCP resources from a CAI export.
Google Kubernetes Engine Istio KubernetesFight The Hidden Cost of Regional Kubernetes Clusters — Cross Zonal Egress — Part 2 - Using Istio for advanced traffic management to ensure that traffic doesn't cross zonal boundaries.
Google Kubernetes Engine Istio KubernetesCentrally manage the scope of Istio resources in a multi-tenant Kubernetes cluster
Google Kubernetes Engine KubernetesCert-manager for GKE Multi Cluster Ingress - This blog post will show you how to set up Multi cluster ingress in GKE and integrate cert-manager to automate the certificate management process.
Infrastructure TerraformIaC CI/CD integration for Terraform Vet - This article describes how to integrate gcloud beta terraform vet with your CI/CD pipeline.
GKE Autopilot Istio KubernetesInstalling Istio (Not Anthos Service Mesh) on GKE Autopilot - GKE Autopilot now supports the deployment of custom service meshes and provides the option to enable the NET_ADMIN capability on Autopilot clusters. This allows for the utilization of service meshes and other opt-in use cases.
Billing Official BlogBuild better budgets using folders and organizations - Your cloud resource hierarchy, and associated budgets for cost management, enable you to track and control how much you spend.
Kubernetes VPCPublish Service to external VPC through Private Service Connect - Exploring Private Service Connect to create publisher-consumer service between VPC in GCP.
Infrastructure NetworkingGCP Network Design (Part-1) Things to Consider Before Starting GCP Network Design
Infrastructure TerraformPolicy Validation — Preventive Control with Terraform Vet - Preventive controls are realized through policy. Policy is defined as a series of programmatic constraints that protect GCP resources.
Cloud DomainsRIP Google Domains & Cloud Domains - A personal opinion on Google selling Google Domains to Squarespace.
App Development, Serverless, Databases, DevOps
Apigee GCP Experience Official BlogFrom B2C to B2B: Picsart's Apigee-powered pivot - When a social media site asked Picsart to offer its editing tools to their users via APIs, Picsart turned to Apigee to help out with API management.
Cloud Run gRPCgRPC Service to Service on Cloud Run and Private Networking - Three part blog posts on using gRPC in Cloud Run.
CI Cloud Run DevOps GitHubHow To Build a Simple CI/CD Pipeline using Docker, Github Actions, and Google Cloud Run - Learn how to build a simple CI/CD pipeline using Docker, GitHub Actions, and Google Cloud Run for seamless software delivery.
Cloud Run Docker ServerlessCloud run jobs, your parallel tasks solution - An overview of Cloud Run tasks.
BillingGCP — small things — big savings - A few things to lower your GCP bill.
Cloud SQLBi-directional logical replication for CloudSQL using ‘Private IP’ - Step-by-step instructions on how you can configure and implement Bi-directional logical Cloud SQL replication over Private IP.
Big Data, Analytics, ML&AI
GCP Experience Official BlogArpeely disrupts digital advertising with ML-based demand generation platform on Google Cloud - Arpeely transforms digital advertising with innovative machine learning and algorithm engine powered by Google Cloud, including BigQuery and GKE.
BigLake BigQuery Official BlogAccelerate BigLake performance to run large-scale analytics workloads - BigLake accelerates query performance through a combination of its scalable metadata system, efficient query plans and materialized views.
BigLake Official BlogTransform your Apache Iceberg lakehouse with BigLake - You can now use Apache Iceberg as the data management layer for building lakehouses with BigLake, and query the data with BigQuery.
Airflow WorkflowsGoogle Workflows: A Potential Replacement for Simple ETL? - An example of using Cloud Workflows.
Cloud Dataproc SecurityAccess Control on Dataproc for Hive and Spark jobs - What are the basics of access control? What options do we have on Dataproc for properly handling access control?
BigQuery Dataform dbtDataform, what’s the story? - Just exactly what is Google Cloud’s Dataform service and how easy is it to implement.
LookerSimplifying SAML Authentication in Looker: A Step-by-Step Guide - Integrating Looker and Okta with SAML: A Simplified Guide.
Kubeflow Vertex AIVertex AI Tips and Tricks: Using Exit Handlers to Create Robust ML Pipelines in Production - Example of using Exit Handler in Kubeflow Vertex AI pipelines.
AI Machine Learning TensorFlow Vertex AIWhat you can expect from Vertex TensorBoard - How Google integrates TensorBoard into its Vertex exosystem, where it differs from its open source sibling and how you make the most of it.
AI Machine Learning Recommendations AIProvide a Personalized Experience to Your Customers Using Google Cloud Recommendation AI - Implement a highly advanced recommender system using Google Cloud Recommendation AI.
BigQuery Machine Learning Official Blog Vertex AIRNA-Seq and protein structure prediction with BigQuery and Vertex AI - We’ve developed an end-to-end pipeline for RNA-Seq and protein structure prediction using BigQuery and Vertex AI that processes terabyte-scale data.
Data Science Vertex AIGoogle PaLM API: Generative Models for Code Generation - VertexAI API for GenAI.
AI Vertex AISentiment analysis with generative AI: a data-driven PaLM 2 prompt evaluation - A simple overview of how to evaluate the quality of a sentiment analysis prompt.
Slides, Videos, Audio
Kubernetes Podcast - #203 Docker & WASM with Justin Cormack.
Security Podcast - #126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment?
Releases
AlloyDB - AlloyDB cross-region replication is generally available (GA). The extension anon has been added to extensions supported by AlloyDB.
Anthos clusters on bare metal - 1.14. Release 1.14.6 Anthos clusters on bare metal 1.14.6 is now available for download. Functionality changes: Upgraded etcd version to v3.4.26-0-gke.0. Fixes: The following container image security vulnerabilities have been fixed: CVE-2019-17594 CVE-2019-17595 CVE-2021-20206 CVE-2022-3821 CVE-2022-4415 CVE-2022-29458 CVE-2022-32190 CVE-2023-2454 CVE-2023-2455. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section. 1.15. Release 1.15.2 Anthos clusters on bare metal 1.15.2 is now available for download. Functionality changes: Added preflight check to make sure control plane and load balancer nodes aren't in maintenance mode before an upgrade. Fixes: Fixed an issue where containerd didn't restart when there was a version mismatch. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.
Anthos clusters on VMware - Security bulletin A new vulnerability, CVE-2023-0468, has been discovered in the Linux kernel that could allow an unprivileged user to escalate privileges to root when io_poll_get_ownership will keep increasing req->poll_refs on every io_poll_wake then overflow to 0 which will fput req->file twice and cause a struct file refcount issue.
Apigee X - On June 20, 2023, we released an updated version of Apigee X (1-10-0-apigee-3). Bug ID Description 284114575 Implemented fix to prevent the execution of untrusted code in Apigee policies. Bug ID Description 273801301 Security fix for apigee-diagnostics-collector, apigee-mart-server, apigee-runtime, and apigee-synchronizer.
AppEngine Flexible Java - The Java runtime now supports using Maven wrappers for managing your project's dependency on Maven.
Google Cloud Armor - DDoS attack visibility is now available in public preview.
Bare Metal Solution - You can now view storage volume and LUN metrics in the Google Cloud console. You can now rename your Bare Metal Solution resources, including servers, networks, storage volumes, and NFS shares.
Batch - Cloud Client Libraries for C++ are available for the Batch API.
BigQuery - TRUNCATE TABLE is now supported for multi-statement transactions. Metadata caching is now generally available (GA). BigQuery now supports querying Apache Iceberg tables that are created by open source engines.
Cloud Build - The Cloud Build Security insights panel that displays security metrics such as Supply-chain Levels for Software Artifacts (SLSA) level for built artifacts, vulnerabilities, and build details is now generally available. Cloud Build now provides the ability to upload npm packages to Artifact Registry automatically and generate Supply-chain Levels for Software Artifacts (SLSA) Level 3 build provenance.
Chronicle - The Chronicle Data in BigQuery feature, including the export pipeline and events table, has been improved. You can now share a dashboard file between instances or within an instance between different users. The predefined reference lists for Curated Detections have been replaced by rule exclusions.
Cloud Composer - Cloud Composer 2.3.2 release started on June 20, 2023. (Airflow 2.5.1 only) Logs produced in Airflow DAG callbacks are now visible in Cloud Logging in the "DAG processor manager" logs section. DataprocSubmitJobOperator now supports data lineage for Hive, SparkSQL, Presto, and Trino jobs. Changed the severity of triggerer watchdog messages from error to warning and updated the message's content to be more informative. Cloud Composer 2.3.2 images are available: composer-2.3.2-airflow-2.5.1 (default) composer-2.3.2-airflow-2.4.3.
Compute Engine - Preview: You can now use custom constraints to provide more granular and customizable control over specific fields for some Compute resources.
Database Migration Service - Database Migration Service support for PostgreSQL to AlloyDB for PostgreSQL migrations is now generally available (GA).
Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.20 2.0.28 2.1.7.
Dataproc - New Dataproc Serverless for Spark runtime versions: 1.1.20 2.0.28 2.1.7.
Datastore - OR queries are now supported at the General Availability level.
Cloud Deploy - You can now prevent Cloud Deploy from overprovisioning GKE and Anthos pods during a canary deployment.
Cloud Firestore - OR queries now supported at the General Availability level.
Cloud Functions - The Java runtime now supports projects that use Maven wrappers.
Google Kubernetes Engine - Automatic GPU driver installation is available in version 1.27.2-gke.1200 and later, which enables you to install NVIDIA GPU drivers on nodes without manually applying a DaemonSet. GKE Autopilot now supports the ability to deploy your own service mesh. A new vulnerability, CVE-2023-0468, has been discovered in the Linux kernel that could allow an unprivileged user to escalate privileges to root when io_poll_get_ownership will keep increasing req->poll_refs on every io_poll_wake then overflow to 0 which will fput req->file twice and cause a struct file refcount issue. GKE support for Hyperdisk Throughput and Hyperdisk Extreme as an attached persistent disk option is now generally available.
Live Stream API - You can now use VPC Service Controls to secure your live streams.
Load Balancing - We're announcing the rebranding of Cloud Load Balancing into two main types of load balancers: Application Load Balancers and Network Load Balancers.
Cloud Logging - Log buckets in the following regions can now be upgraded to use Log Analytics: asia-east1 europe-north1 northamerica-northeast2 us-east4 For more information, see Supported regions.
Security Command Center - Only the Security Center Service Agent (roles/securitycenter.serviceAgent) role is required by the Security Command Center service account. Event Threat Detection, a built-in service of Security Command Center, released the following new rules to General Availability.
Cloud Spanner - Spanner Vertex AI integration is now generally available.
Cloud Storage - Objects created using XML API multipart uploads can now be copied and rewritten normally.
Vertex AI - A100 80GB accelerators are now generally available (GA) for custom training jobs in the following regions: asia-southeast1 europe-west4 us-central1 us-east4 For more information, see Locations.
VMware Engine - Stretched Private Clouds are now available in the following region: London, England, Europe (europe-west2) Stretched Private Clouds allow you to stretch your vSphere/vSAN clusters across Google Cloud zones and protect against zone-level failures.
VPC Service Controls - Preview stage support for the following integration: Cloud Customer Care. General availability for the following integration: Live Stream API.
Virtual Private Cloud - The connection preference for a Private Service Connect published service can be configured on the VPC network level in addition to project level. Service consumers can use organization policies with the compute.restrictPrivateServiceConnectProducer list constraint to block Private Service Connect endpoints and backends from connecting to service attachments in other organizations.
Workflows - An issue with how Workflows handles HTTP headers with duplicate keys is resolved.