Welcome to issue #388 March 4th, 2024

News

BigQuery Official Blog Vertex AI

Unleash the power of generative AI with BigQuery and Vertex AI - New innovations for BigQuery and Vertex AI.

AlloyDB BigQuery Official Blog

BigQuery and AlloyDB hit major milestone with AI-enabled updates - New AI-enabled product innovations for both BigQuery and AlloyDB for PostgreSQL.

Official Blog Security Vertex AI

Introducing Security Command Center protection for Vertex AI - Security Command Center Premium, now works with organization policies to provide near real-time detection of changes to policies and to AI resource configurations; either of which could increase cloud risk.

Networking Official Blog

Introducing internal range API: simplify IP address management in Google Cloud - This blog post give and overview and shows how to use the new internal range API.

API Official Blog

New service exposes telco capabilities through APIs to third-party developers

Event Official Blog

MWC’24: Unlocking the AI-enabled Telco with Google Cloud

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Google Kubernetes Engine Networking Official Blog Private Service Connect

Modernize Apigee-GKE Connectivity with Private Service Connect and GKE Gateway - Private Service Connect improves how Apigee interacts with GKE workloads, delivering enhanced security, better performance, and increased operational efficiency.

Official Blog

Cloud CISO Perspectives: Building better cyber defenses with AI

Official Blog

How to prevent lateral movement techniques on Google Cloud

Networking Official Blog

Cross-Cloud Network: Private, customizable and flexible networking

FinOps Google Kubernetes Engine Kubernetes

Scaling GKE Standard Clusters to Zero - Scaling the size of the GKE cluster to zero nodes in various ways.

DevOps Networking

Design your Landing Zone — Design Considerations Part 1 (Google Cloud Adoption Series) - What is a Landing Zone and What are the Main Design Decisions? Identity, resource hierarchy, org policy, hybrid connectivity, network.

Cloud Armor Cloud Load Balancing

Best Practice — Deploying Google Cloud Armor WAF Rules - Apply a basic WAF policy on a Google Application Load Balancer.

DevOps GKE Autopilot Google Kubernetes Engine Kubernetes

Kubernetes on Google Kubernetes Engine (GKE): Standard vs Autopilot - Comparison of GKE Standard and GKE Autopilot.

Cloud SQL Terraform

Time-travelling with Terraform - The article describes a way to improve Terraform module design by using outputs to configure a provider in the root module instead of within the submodule itself.

App Development, Serverless, Databases, DevOps

AI AlloyDB Cloud Spanner Cloud SQL Data Analytics Machine Learning Official Blog

Google Cloud databases stand ready to power your gen AI apps with new capabilities - Recent AI improvements for GCP databases.

Cloud Bigtable GCP Experience Official Blog

Symphony handles millions of messages with Bigtable, saving 40% on database costs & increasing resiliency

Cloud SQL GCP Experience Official Blog

The story of Google Nest’s migration to Cloud SQL on Google Cloud

Contact Center AI Generative AI Official Blog

Transforming the contact center with generative AI

Cloud Logging

Navigating Log Router Settings in Google Cloud for Optimal Efficiency - Exploring filtering methods for the Log Router in Google Cloud, focusing on the use of filter and exclusion parameters.

API Gateway Python

Bridging the Gap: Converting FastAPI OpenAPI to Swagger 2.0 for GCP API Gateway compatibility - This guide helps convert FastAPI’s OpenAPI 3.0 to 2.0 for GCP API Gateway deployment, covering core concepts and step by step instructions.

Duet AI Gemini

Using Duet AI to generate a Starter App from an OpenAPI Specification - Using Duet AI for Developers to generate an OpenAPI Specification and then use that to generate a starter application.

Cloud Identity Security

[Google OAuth] Resolving “Unverified App” Issue on Google Cloud OAuth Consent Screen - Fixing an issue with Google OAuth consent screen.

AlloyDB

Connect AlloyDB to Oracle using Oracle FDW - Using Oracle FDW to query AlloyDB.

Cloud SQL

GCP — Extracting data in CloudSQL to Cloud Storage - This article demonstrates export capability of Cloud SQL as a part of ETL process.

Cloud Bigtable

Explore your Bigtable data with the new Bigtable Studio query builder - The new Bigtable Studio query builder provides a simple, interactive way to review or explore Bigtable data.

Big Data, Analytics, ML&AI

BigQuery Dataform Javascript

How to grant access to specific BigQuery tables using Dataform - If it’s necessary to provide user access to a specific BigQuery table or views rather than using the IAM policy for all BigQuery data, this article can help to do it using Dataform.

BigQuery Data Science

Google made Cubes generally available for BigQuery - Combining classical Data Structures with Column based Data Warehouses.

BigQuery Data Science

Google just launched Time Series and Range Functions for BigQuery - How to perform Time Series Analysis with GoogleSQL.

Cloud Data Fusion

Cloud Data Fusion: Using Spark SQL for Column Transformations - Using Scala plugin to write custom SQL transformations if Data Fusion.

Generative AI Official Blog

Code samples to get started building generative AI apps on Google Cloud - Code samples for different categories to help organizations quickly get started on Google Cloud.

Gemini Vertex AI

Vertex AI Gemini generateContent (non-streaming) API - Using generateContent Vertex AI REST API (non-streaming) to generate content.

Machine Learning Vertex AI

Gemma is born! - A brief tutorial on how to start with using Gemma in Vertex AI Model Garden.

Slides, Videos, Audio

Security Podcast - #161 Cloud Compliance: A Lawyer - Turned Technologist! - Perspective on Navigating the Cloud.

 

Releases

AlloyDB - AlloyDB AI is now generally available (GA). AlloyDB Omni version 15.5.0 is now available. The return value of the embedding() function of google_ml_integration has changed. A revised quickstart helps you install and run AlloyDB Omni on a Debian or Ubuntu system using a handful of commands. AlloyDB now supports the use of Google Cloud tags on cluster and backup resources. You can now use Automatic IAM Authentication with the AlloyDB Language Connectors (Preview) to connect to your cluster.

Anthos clusters on Azure - The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2023-3776 For more information, see the GCP-2024-014 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-0193 For more information, see the GCP-2024-013 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2023-6932 For more information, see the GCP-2024-011 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

Anthos clusters on VMware - GKE on VMware 1.16.6-gke.40 is now available. The following issues are fixed in1.16.6-gke.40: Fixed the known issue that caused kubelet to be flooded with logs stating that /etc/kubernetes/manifests does not exist on the worker nodes. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2023-3776 For more information, see the GCP-2024-014 security bulletin. GKE on VMware 1.15.9-gke.20 is now available. The following vulnerabilities are fixed in 1.15.9-gke.20: High-severity container vulnerabilities: CVE-2023-5517 CVE-2023-50387 CVE-2023-4408 CVE-2024-26147 CVE-2023-29499 Container-optimized OS vulnerabilities: CVE-2024-0567 CVE-2023-6531 CVE-2024-1085 CVE-2024-0646 CVE-2023-6915 CVE-2023-40551 CVE-2023-46838 CVE-2023-6040 CVE-2024-0553 CVE-2023-40548 CVE-2023-40547 Ubuntu vulnerabilities: CVE-2024-21626 CVE-2023-6040 CVE-2023-6606 CVE-2023-6817 CVE-2023-6931 CVE-2023-6932 CVE-2024-0193. GKE on VMware 1.28.200-gke.111 is now available. The following issues are fixed in 1.28.200-gke.111: Fixed the known issue that caused a preflight check to fail when the hostname isn't in the IP block file.

AppEngine Flexible Go - Go 1.22 is now available in preview.

AppEngine Flexible Java - Java 21 is now generally available.

AppEngine Flexible PHP - PHP 8.3 is now generally available.

AppEngine Standard Go - Go 1.22 is now available in preview.

AppEngine Standard PHP7 - PHP 8.3 is now generally available.

Cloud Asset Inventory - The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs: GKE Hub gkehub.googleapis.com/Fleet, gkehub.googleapis.com/Scope, gkehub.googleapis.com/Namespace, gkehub.googleapis.com/MembershipBinding, gkehub.googleapis.com/RBACRoleBinding. AI Platform: aiplatform.googleapis.com/NotebookRuntime, aiplatform.googleapis.com/NotebookRuntimeTemplate.

BigQuery ML - The ability to perform anomaly detection with BigQuery ML multivariate time series (ARIMA_PLUS_XREG) models is now in preview.

BigQuery - The following BigQuery cross-cloud features are now generally available (GA): You can take advantage of the benefits of materialized views over Amazon S3 metadata cache-enabled BigLake tables. The consolidated SQL translator API combines the interactive and batch translator into a single workflow, improving the efficiency and stability of your translation jobs created using the API. Materialized views can now reference logical views. The following statements are now generally available (GA) with billing enabled: CREATE TABLE AS SELECT CREATE TABLE IF NOT EXISTS AS SELECT CREATE OR REPLACE TABLE AS SELECT INSERT INTO SELECT These statements let you filter data from files in Amazon S3 and Azure Blob Storage before transferring results into BigQuery tables. You can now use time series and range functions to support time series analysis. You can now use data manipulation language (DML) statements to efficiently delete entire partitions. The BigQuery Data Transfer Service can now transfer data from the following data sources: Facebook Ads Oracle Salesforce Salesforce Marketing Cloud ServiceNow Transfers from these data sources are supported in preview. The following SQL features are now generally available (GA): GROUP BY GROUPING SETS clause: Produces aggregated data for one or more grouping sets. The GROUP BY ALL clause, which groups rows by inferring grouping keys from the SELECT items, is now in preview.

Cloud Composer - Cloud Composer 2.6.3 release started on February 28, 2024. (Cloud Composer 2 in select regions) Cloud Composer shows the account selection and consent screens when opening Airflow UI for an environment. (Cloud Composer 2 in select regions) Reduced the propagation time of the revoked Cloud IAM permission that blocks access to Airflow UI. In new environments with Airflow 2.6.3, the default values of the following Airflow configuration options are changed to provide more optimized Cloud Composer environments: [scheduler]job_heartbeat_sec to 30 [scheduler]scheduler_heartbeat_sec to 15. Fixed a problem where the IAM policy of a custom environment's bucket is replaced when an environment is created. The apache-airflow-providers-google package is upgraded to version 10.15.0 in images with Airflow 2.6.3. Cloud Composer 2.6.3 images are available: composer-2.6.3-airflow-2.6.3 (default) composer-2.6.3-airflow-2.5.3. Starting February 27, 2024, in the us-central1, europe-west1, europe-west2, europe-west3, europe-west6, us-east1, and us-east4 regions it is possible to create new Cloud Composer 1 environments only in projects that already have Cloud Composer 1 environments.

Confidential VM - Live migration is now available on new Confidential VM instances that meet the following configuration criteria: An N2D machine type with AMD EPYC Milan CPU platform AMD SEV Confidential Computing technology An operating system image that supports live migration.

Data Catalog - Data Catalog is now available in the Frankfurt (aws-eu-central-1), Sydney (aws-ap-southeast-2) and Washington (azure-westus2) regions.

Data Catalog Resources - v1. Data Catalog is now available in the Frankfurt (aws-eu-central-1), Sydney (aws-ap-southeast-2) and Washington (azure-westus2) regions.

Dataflow - Dataflow now supports at-least-once streaming mode.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.52 2.0.60 2.1.39 2.2.0-RC12.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.93-debian10, 2.0.93-rocky8, 2.0.93-ubuntu18 2.1.41-debian11, 2.1.41-rocky8, 2.1.41-ubuntu20, 2.1.41-ubuntu20-arm 2.2.7-debian12, 2.2.7-rocky9, 2.2.7-ubuntu22. Dataproc on Compute Engine: Upgraded Zookeeper to 3.8.3 for Dataproc 2.2. Dataproc on Compute Engine: Fixed ZooKeeper startup failures in image 2.2 HA (High Availability) clusters that use fully qualified hostnames.

Deep Learning VM - M117 release Added the CUDA version (CUDA 11.8) to the TensorFlow 2.12, 2.13, and 2.14 image names and image family names.

Cloud Data Loss Prevention - An improvement was made in the way Sensitive Data Protection calculates the predicted infoType of the data that it profiles.

Document AI - The Custom Extractor supports three levels of nesting so you can easily extract structured data from complex documents and tables (earnings reports, tax forms, invoices, resumes, etc.). The Custom Extractor with generative AI is now available in the asia-southeast1 (Singapore) regions. See the model type, generative or custom, powering a Custom Extractor processor version by getting the model type from the processorVersions API.

Eventarc - Eventarc is available in the us-west8 (Phoenix, Arizona, North America) region.

Cloud Functions - Cloud Functions now supports the PHP 8.3 and Java 21 runtimes at the General Availability release level for 2nd gen functions. Cloud Functions now supports the Go 1.22 runtime at the Preview release level.

Google Kubernetes Engine - The Performance Compute Class, designed for running whole-machine CPU workloads, is available in Autopilot mode from versions 1.28.6-gke.1369000 and 1.29.1-gke.1575000 and later. GKE now supports Gemma (2B, 7B), Google's new state-of-the-art open models. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2023-3776 For more information, see the GCP-2024-014 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-0193 For more information, see the GCP-2024-013 security bulletin.

Cloud Memorystore - Added support for vector store and vector search capabilities (Preview).

Migrate for Compute Engine - Generally available: Migrate to Virtual Machines lets you migrate virtual machine (VM) disks to Persistent Disk volumes on Google Cloud.

Policy Intelligence - The IAM recommender offers role recommendations for BigQuery datasets.

Security Command Center - Security Command Center API v2 released to Preview The Security Command Center API v2, which enables data residency control and includes the /locations/LOCATION field in resource names, is released to Preview. Data residency for Security Command Center release to Preview Security Command Center data residency control is released to Preview. Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, has launched a new detector, Defense Evasion: Rootkit, in Preview.

SAP Solutions - Disk snapshot based backup and recovery for SAP HANA From version 3.0, you can use the disk snapshot feature of Google Cloud's Agent for SAP to perform backup and recovery operations for SAP HANA systems running on Google Cloud.

Cloud Spanner - Spanner regional endpoint is now available in me-central2. The following GoogleSQL JSON functions are now generally available (GA): LAX_BOOL: Attempts to convert a JSON value to a SQL BOOL value.

Cloud Text-to-Speech - Studio voices are now GA. Casual voices are now in preview.

Vertex AI - Vector Search feature launch Update streaming index metadata: With this launch, you can directly update restricts and numeric restricts of data points inside StreamUpdate indexes without the compaction cost of a full update. M117 release The M117 release of Vertex AI Workbench instances includes the following: Removed the Cloud Storage browser in the left side pane in favor of the existing Mount shared storage button. VPC Service Controls has general availability support in Colab Enterprise. Ground Multimodal Models Model grounding for gemini-pro is available in Preview.

VMware Engine - Beginning on March 12, 2024, the VMware Engine operations team will perform essential maintenance of the network infrastructure to improve equipment robustness and apply security patches. Generally available: Purchasing commitments for VMware Engine nodes.

VPC Service Controls - General availability support for the following integration: Colab Enterprise.

Virtual Private Cloud - The VPC documentation has been updated with a new page that describes which services in Google Cloud include support for IPv6.

 

Latest Issues




Contact

Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]