Welcome to issue #398 May 13th, 2024

News

Official Blog Security Threat Intelligence

Introducing Google Threat Intelligence: Actionable threat intelligence at Google scale

Official Blog Security

Introducing Google Security Operations: Intel-driven, AI-powered SecOps

LLM Official Blog Translation API

LLMs, AI Studio, higher quality, oh my! Our latest Translation AI advancements - Announcing new generative model for Google Cloud’s Translation API.

BigQuery Official Blog

Maintain business continuity across regions with BigQuery managed disaster recovery

Chrome Enterprise Official Blog

Chrome Enterprise expands ecosystem to strengthen endpoint security and Zero Trust access

Sponsor

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Official Blog Security

Advancing the art of AI-driven security with Google Cloud - Recent improvements in security area.

Google Kubernetes Engine Official Blog

The surprising economics of Horizontal Pod Autoscaling tuning - This blog post describes fundamental Horizontal Pod Autoscaler optimization strategies for GKE.

DevOps Kubernetes Paywall

Enable secure websocket connection through NGINX Ingress on GKE Kubernetes - Step-by-Step Guide: Enabling Secure WebSockets on GKE with NGINX Ingress Kubernetes.

Docker Kubernetes

Deploying GitHub Action Runners on GKE with dind-rootless - TLDR: This article describes the steps to configure and deploy self-hosted GitHub Action Runners using docker:dind-rootless to Google….

Security

Setup Temporary elevated access for Google Cloud with PAM - Privileged Access Manager (PAM) is a security solution designed to manage, monitor, and secure access to privileged accounts within an organization’s IT infrastructure.

App Development, Serverless, Databases, DevOps

AlloyDB Cloud SQL Databases Official Blog

AlloyDB vs. self-managed PostgreSQL: a price-performance comparison

Cloud Spanner Databases Official Blog

How chaos testing adds extra reliability to Spanner’s fault-tolerant design

GCP Experience Official Blog

Paramount+: A streaming powerhouse with limitless entertainment

Official Blog Prometheus

Controlling metric ingestion with Google Cloud Managed Service for Prometheus

Cloud SQL Databases Official Blog

Cloud SQL for PostgreSQL data cache under the hood

Active Assist Databases Official Blog

What’s new with Active Assist: New Hub UI and four new recommendations

AWS Billing Cloud Storage Infrastructure

Billed for unauthorized requests? Google Cloud Storage vs. AWS S3 - Can unauthorized access to Google Cloud Storage lead to unexpected bills?

Cloud Spanner

Cloud Spanner — Demystifying Load-based Splitting - Testing Cloud Spanner "split" capability.

Artifact Registry CI Cloud Build DevOps

Optimizing CI in Google Cloud Build - Exploring multiple methods to tune performance of continuous integration process using Cloud Build.

SRE

Google Cloud SLO demystified: Uncovering metrics behind predefined SLOs - Unveiling Google Cloud SLO Secrets. This is a guided tour to predefined SLOs of monitored services.

Big Data, Analytics, ML&AI

BigQuery Official Blog

Breaking barriers: How BigQuery data insights boosts the data exploration journey - Using BigQuery data insights features to accelerate analytics workflows.

BigQuery Official Blog Partners

Product analytics for generative AI model and media asset companies using BigQuery - A solution that combines images, audio data with structured user-experience in BigQuery.

BigQuery Cloud Data Fusion Cloud SQL Databases Official Blog

Building a Cloud Data Fusion pipeline to upload audit records generated by Cloud SQL for SQL Server to BigQuery - Data Fusion pipeline the steps to output audit records to internal or external sinks with minimal coding.

BigQuery Billing

How to save 90% on BigQuery storage - Tips to reduce BigQuery costs.

BigQuery Dataform

Enhance your data quality tests with the dataform_assertions package - Using dataform-assertation package for quality tests in Dataform.

GCP Experience Looker Official Blog

How Trendyol solves cloud governance at scale with Looker

BigQuery Dataplex

Scale Data Quality effortlessly on Google Cloud: Building a federated DQ framework empowered by Dataplex AutoDQ and BigQuery - An overview of Dataplex Auto Data Quality tool.

BigQuery

Bridging the gap: validating data across data warehouses with data validation testing - Using Data Validation Tool for validating migrated data to BigQuery.

App Engine BigQuery dbt

Centralize and Serve your dbt Documentation in Google Cloud - A comprehensive guide to securely deploy and update your dbt documentation within Google Cloud using Cloud Build, App Engine, and IAP.

BigQuery Data Studio GIS Visualization

Visualizing US census data with BigQuery and Looker Studio - Using Looker Studio to visualize geospatial data stored in BigQuery.

Gemini

A tour of Gemini 1.5 Pro samples - Samples in various programming languages that are utilizing Gemini 1.5 Pro.

Machine Learning Vertex AI Vertex AI Agent Builder

Moneyball with GenAI: Using Vertex AI Search to Find the Next Generation of Baseball Stars - A solution that scans PDF scouting reports and simplifies searching for information.

AI Machine Learning Vertex AI

MLOps end-to-end system on Google Cloud Platform (I): Empowering Forecasting Solutions - A big picture of MLOps-driven forecasting system, addressing all key points of ML Operations.

Various

SRE

Google Cloud accidentally deletes UniSuper’s online account due to ‘unprecedented misconfiguration’ - More than half a million UniSuper fund members went a week with no access to their superannuation accounts after a “one-of-a-kind” Google Cloud “misconfiguration” led to the financial services provider’s private cloud account being deleted, Google and UniSuper have revealed.

Slides, Videos, Audio

Security Podcast - #171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side.

GCP Life Podcast - #64 In this episode we discuss; Ubuntu 24.04, Google Revenue, Direct VPC Access, GKE Threat Detection, Verified Peering, IBM Buys HashiCorp, Qantas Information Leak, Uncharmed, Killer Asteroids, Gemin.

 

Releases

AlloyDB - Model endpoint management is now available in Preview for both AlloyDB and AlloyDB Omni. Version 15.5.3 of the simplified installation method for AlloyDB Omni is now available in Preview. Private Service Connect is now generally available (GA). AlloyDB Omni version 15.5.1 and later lets you add sidecar containers to your database cluster when you use the AlloyDB Omni Kubernetes Operator. You can now set password policies for local database users.

GKE on AWS - You can now launch clusters with the following Kubernetes versions. GKE on AWS now supports clusters in the ap-northeast-2 region. A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

Anthos clusters on Azure - A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

GDCV for VMware - GKE on VMware 1.28.500-gke.121 is now available. The following issues are fixed in 1.28.500-gke.121: Added the CNI binaries back to the OS image, so that clusters using multiple network interfaces with these CNI binaries can continue working. A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

Apigee Advanced API Security - On May 9, 2024 we released an updated version of Advanced API Security. Addition of CIDR range support when specifying IPv4 addresses for security action rules.

Apigee X - Limit on number of basepaths per environment Apigee is enforcing a temporary limit of 500 basepaths per environment to avoid potential failures when deploying API proxy revisions. On May 8, 2024, we released an updated version of Apigee X. This release contains the General Availability (GA) release of AppGroups for Apigee and Apigee hybrid (version 1.10.0 and later). On May 7, 2024, we released an updated version of Apigee. Target server SSL enforcement With this release, Apigee customers can specify strict SSL southbound enforcement in TargetServer configurations using the object's enforce key. Environment-level flag for SSL enforcement Apigee customers can specify strict SSL southbound enforcement across an Apigee environment, using the SSLInfo.Enforce flag. Two-way HTTPS health monitor support Apigee health monitors usingcan now use all SSL parameters available in theblock of their TargetServer configurations when performing health checks.

Cloud Architecture Center - (New guide) C3 AI architecture on Google Cloud: Develop applications using C3 AI and Google Cloud.

Artifact Registry - Artifact Registry generic repositories are available in Preview.

Backup and DR Service - Backup and DR Service 11.0.10.425 is now available to update your backup/recovery appliance.

BigQuery - JavaScript user-defined aggregate functions (UDAFs) are in preview. You can now store columns in your vector indexes and pre-filter data in your vector searches to improve query efficiency. BigQuery Managed Disaster Recovery provides managed failover and redundant compute capacity for business critical workloads. You can now create AWS Glue federated datasets using the the Google Cloud console.

Billing - You can now download data about all your committed use discounts (CUD) as a flat comma-separated value (CSV) file.

Certificate Authority Service - Implement fine-grained policy controls over your certificate issuance using certificate templates.

Chronicle - Gemini for investigation assistance Gemini for investigation assistance can now support you with the following: Search: Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts.

Chronicle Security Operations - Gemini for investigation assistance Gemini for investigation assistance can now support you with the following: Search: Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts.

Chronicle SOAR - Release 6.3.1 is now in General Availability. Remote Agents Release 1.6.0 is now in General Availability. Release 6.3.2 is currently in Preview. Issues when Siemplify > Set Case SLA actions run at the exact same time (ID #49397338). Wrong error message displays when you to try add a custom list with a name that already exists (ID #50610331). User mentioned in case not receiving an email notification (ID #00274991). Widgets not fully aligned on Case view page (ID #49711925). Number increased for integer type integration parameters (ID #00287205).

Compute Engine - Preview: You can now use the Require OS Config organization policy constraint to automatically enable VM Manager for all new VMs in your organization, folder, or project.

Dataform - Gemini, an AI-powered collaborator in Google Cloud, can help you generate code in Dataform.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.61 1.2.5 2.0.69 2.1.48 2.2.5.

Dataproc - Dataproc on Compute Engine: 2.0.101-debian10, 2.0.101-rocky8, 2.0.101-ubuntu18 2.1.49-debian11, 2.1.49-rocky8, 2.1.49-ubuntu20, 2.1.49-ubuntu20-arm 2.2.15-debian12, 2.2.15-rocky9, 2.2.15-ubuntu22. New Dataproc on Compute Engine subminor image versions: 2.0.100-debian10, 2.0.100-rocky8, 2.0.100-ubuntu18 2.1.48-debian11, 2.1.48-rocky8, 2.1.48-ubuntu20, 2.1.48-ubuntu20-arm 2.2.14-debian12, 2.2.14-rocky9, 2.2.14-ubuntu22. Dataproc on Compute Engine: Backported patches for HIVE-14557, HIVE-19326, HIVE-20514, HIVE-21100, HIVE-22165, HIVE-22416, HIVE-24435.

Dialogflow - Dialogflow ES and Dialogflow CX: The us-dialogflow.googleapis.com endpoint and locations/us resource location, which served as aliases for global resources, will be discontinued on May 21, 2024. Dialogflow CX and Vertex AI Agents: Effective June 15, 2024, the following generative features will be upgraded from text-bison-001 to gemini-1.0-pro-001: Vertex AI agent apps Data store agents (aka Chat agents) Generators Generative fallback For more information, see the email announcement.

Document AI - Batch processing with Layout Parser is available. Model pretrained-foundation-model-v1.1-2024-03-12 is available for custom extractor.

Identity-Aware Proxy - Identity-Aware Proxy (IAP) now supports Workforce Identity Federation for application access.

Google Kubernetes Engine - In new Standard clusters running GKE version 1.29 and later, GKE assigns IP addresses for GKE Services from a Google-managed range: 34.118.224.0/20 by default. Container Threat Detection (KTD) fails to deploy on Autopilot clusters running the following GKE versions: 1.28.6-gke.1095000 to 1.28.7-gke.1025000 1.29.1-gke.1016000 to 1.29.1-gke.1781000 To mitigate this issue, upgrade the cluster to version 1.28.7-gke.1026000 or later, or to 1.29.2-gke.1060000 or later. A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. (2024-R13) Version updates The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

GKE new features - In new Standard clusters running GKE version 1.29 and later, GKE assigns IP addresses for GKE Services from a Google-managed range: 34.118.224.0/20 by default.

GKE - (2024-R13) Version updates The following control plane and node versions are now available: 1.26.14-gke.1044001 1.26.15-gke.1300000 1.27.11-gke.1062003 1.27.13-gke.1166000 1.28.7-gke.1026001 1.28.9-gke.1209000 1.29.1-gke.1589020 1.29.3-gke.1282001 1.29.4-gke.1447000 The following versions are no longer available: 1.26.13-gke.1144000 1.26.15-gke.1158000 1.26.15-gke.1243000 1.27.12-gke.1190000 1.27.13-gke.1070000 1.28.3-gke.1118000 1.28.3-gke.1286000 1.28.8-gke.1175000 1.28.9-gke.1069000 1.29.1-gke.1589017 1.29.3-gke.1093000 1.29.3-gke.1093006 1.29.4-gke.1165000 Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.

Cloud Life Sciences - The migration documentation has been updated to explain how to use workflow services that you have configured for Cloud Life Sciences with Batch instead.

Looker - Looker (Google Cloud core) and Looker (original) changes. Looker 24.8 includes the following changes, features, and fixes: Expected Looker (original) deployment start: Monday, May 13, 2024 Expected Looker (original) final deployment and download available: Thursday, May 23, 2024 Expected Looker (Google Cloud core) deployment start: Monday, May 13, 2024 Expected Looker (Google Cloud core) final deployment: Monday, May 20, 2024. Database connection pooling is becoming generally available. The last_logged_in_at time is now captured when a URL that is created by the create_embed_url is used to log in to the Looker instance. Previously, queries for totals would not run when a derived table referenced an ephemeral derived table using the SQL_TABLE_NAME syntax. An issue has been fixed with the scrollbar appearing in text tiles. An issue has been fixed where embed download filter parameters for cookieless embed were incorrectly escaped (space mapped to x2B [+] rather than x20). An issue has been fixed where ↙ ↘ characters were being reversed in single value visualizations. Text is now properly truncated in table visualizations even when the underlying field has defined html and link parameters. Previously, an issue could cause Look titles to be cut off. Previously, an issue caused filters to be incorrectly restored in the dashboard edit filter dialog. Previously, if Looker encountered an invalid visualization type on a tile, the dashboard would not load. Previously, queries that were defined with the API occasionally could not be downloaded as PNGs or JPGs. Quick start queries with missing identifiers will no longer cause validation to fail. Referencing the ALL_FIELDS set in a join or view will no longer cause validation to fail. You can now see longer embedded Look titles without needing to scroll. For LookML projects with a large number of files, IDE folders were slow to respond when you were navigating and creating, editing, or deleting LookML files. When you search for a user or group, strings with commas now work as expected. An issue where paper size did not change correctly when Fit to Dashboard was used has been fixed. Previously, when embedded Explores were rendered in an iframe, a screen jump might have occurred. Previously, query downloads of type json_bi could have failed if they included fields that were hidden from the visualization. Looker now initializes Development Mode projects for Looker projects that are in Production Mode. Text in the project IDE will now be line wrapped. When a Git project becomes corrupted, Looker now proactively converts it to a clone to prevent further issues. When a LookML project fails to load, a log message will now be generated. The log error about getting an access token from the Google OAuth library has been reclassified as a warning. When a custom filter is too large for the JSON parser to handle, Looker now returns a more descriptive error. HSQLDB has been updated to version 2.7.2 to comply with GHSA-77xx-rxvh-q682. Looker (original) only changes. On the Looker Labs page, links to documentation will now open in a new browser tab instead of navigating away from the Looker UI.

Migrate to Containers - The Migrate to Containers UI in the Google Cloud console, migctl, and CRDs that used processing clusters to migrate workloads to Google Cloud are no longer available.

Cloud Monitoring - You can now configure a logs panel widget to display log entries by log view. Synthetic monitors no longer require that the ingress rule be set to allow all traffic. A Selenium WebDriver sample is now available for synthetic monitors.

AutoML Natural Language - This legacy version of AutoML Natural Language is deprecated and new models can no longer be trained nor deployed on the legacy platform.

Security Command Center - Assign high-value resources based on Sensitive Data Protection insights for Cloud SQL The attack path simulations feature can now automatically set the resource value of a Cloud SQL resource based on the sensitivity of the data that the instance contains.

SAP Solutions - New SAP HANA certification: Hyperdisk Balanced usage with M1 machine types For use with SAP HANA on Google Cloud, SAP has certified the usage of Hyperdisk Balanced with the M1 series of memory-optimized machine types.

 

Latest Issues




Contact

Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]