Welcome to issue #399 May 20th, 2024

News

Gemini Official Blog Vertex AI

Vertex AI at I/O: Bringing new Gemini and Gemma models to Google Cloud customers - Vertex AI updates from Google I/O ‘24.

Official Blog TPU

Announcing Trillium, the sixth generation of Google Cloud TPU - Trillium TPUs achieve an impressive 4.7X increase in peak compute performance per chip compared to TPU v5e.

Billing FinOps Official Blog

Elevate your FinOps strategy: Optimize with FinOps hub, now GA - FinOps hub enables you to supercharge your FinOps practices and optimize costs with intelligent insights and actionable recommendations. Rightsize resources, reduce waste, and rate optimization with committed use discounts (CUDs), so you can invest those savings directly into innovation. FinOps hub is now generally available.

Official Blog Ray Vertex AI

Announcing general availability of Ray on Vertex AI

Cloud Firestore Databases Eventarc Official Blog Serverless

Firestore integration with Eventarc reaches GA with Auth Context

Official Blog Security

Google is named a Visionary in its first 2024 Gartner® Magic Quadrant™ for SIEM

Sponsor

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Google Kubernetes Engine Official Blog Security

How to strengthen supply chain security with GKE Security Posture

CISO Official Blog Security

Cloud CISO Perspectives: What you missed at Phil and Kevin’s RSA Conference fireside chat

IAM Official Blog Security

Automatically disabling leaked service account keys: What you need to know - Starting June 16, 2024, exposed service account keys that have been detected in services including public repos will be automatically disabled by default for new and existing customers.

IAM Security

9 Tips to Correctly Understand and Configure IAM on GCP - A brief overview of IAM properties.

Kubernetes Workload Identity

GKE Workload Identity is now named Workload Identity Federation — what else has changed? - GKE Workload Identity got a new name and an alternative, simpler way to configure it. Read for feature comparison and code samples.

DevOps Python

Drawing cloud system architecture via Python code - Diagrams python package provides an interface to define architecture schemas.

DevOps Infrastructure Media CDN

Optimising Media Delivery with Google’s Media CDN

App Development, Serverless, Databases, DevOps

Official Blog SAP

Accelerate SAP S/4HANA deployments with ‘Guided Deployment Automation for SAP’

GCP Experience HPC Official Blog

Performing large-scale computation-driven drug discovery on Google Cloud - Atommap, a computational drug discovery company built an elastic supercomputing cluster on the Google Cloud to empower large-scale, computation-driven drug discovery.

Cloud Functions Python Serverless

Google Cloud Functions Guide — Deploying on Serverless Framework - Serverless Framework is an open-source command-line tool (CLI) that allows you to develop and deploy serverless applications on GCP.

AlloyDB Cloud SQL Private Service Connect

Connect to Non-PSC AlloyDB or Non-PSC Cloud SQL from a different VPC - This blog dives into the world of private connectivity for AlloyDB, focusing on the benefits of Private Service Connect.

Cloud Asset Inventory

Unveiling GCP Asset Inventory: A Comprehensive Guide to Querying VMs, Disks, and Source Images

AlloyDB Gemini

Gemma and Gemini-Pro AI Models in AlloyDB Omni - This blog post explains how to integrate AlloyDB Omni with Vertex AI and make predictions using Google Gemini.

Cloud Identity

Setting Up Cloud Identity Free: A Step-by-Step Guide - This guide walks you through creating a Cloud Identity Free account.

Big Data, Analytics, ML&AI

AI Gaming Official Blog

Game-changing assets: Making concept art with Google Cloud's generative AI - This blog post demonstrates how easy it is for gaming developers to deploy generative AI services on Google Cloud, showcase the available tooling of Model Garden on Vertex AI (including partner integrations like Hugging Face and Civitai), and highlight their potential for scaling game-asset creation.

Cloud Dataflow Official Blog Streaming

No work items left unturned: How Dataflow mitigates stragglers

Cloud Dataproc Python

Dataproc Serverless: Python Package Management through Conda - Use Conda to package up python dependencies for your Dataproc Serverless jobs.

Dataform Terraform

Understanding Dataform Terminologies And Authentication Flow - Part 1 of Dataform 101: Fundamentals of a single repo, multi-environment Dataform with least-privilege access control and infrastructure as code setup.

BigQuery Gemini Official Blog

Creating marketing campaigns using BigQuery and Gemini models - In this blog, we will go through the various steps of how data and marketing teams can harness the power of multimodal large language models (LLMs) in BigQuery to create and launch more effective and intelligent marketing campaigns.

BigQuery GCP Experience Official Blog

Built with BigQuery: Making data activation and monetization accessible with Optable - Optable is the maker of an end-to-end data clean room platform for the advertising industry that integrates with BigQuery and enables audience activation and insights through connections with downstream systems.

Dataplex Official Blog Partners

Data democratization with Dataplex: Implementing a data mesh architecture - This blog post explores data mesh as a concept and delineates the ways that Dataplex, a data fabric capability within the BigQuery suite, can be used to realize the benefits of decentralized data architecture.

BigQuery Python

BigQuery Hide and Seek: The Quest for Lost Tables and Elusive Datasets! - We compare approaches for getting insights in your BigQuery footprint and present you a custom Python script for full flexibility.

BigQuery BigQueryML

Multi-Time Series and Hierarchical Time Series Forecasting Made Easy Using BigQueryML - A walk through 2 different approaches that are useful when you want to forecast multiple time series using a single query alongside guidance with examples on how to choose the most convenient one depending on your needs.

AI LLM Official Blog

To tune or not to tune? A guide to leveraging your data with LLMs

GCP Experience Gemini Official Blog Partners

How Mantle uses Gemini to simplify equity management

Various

Webinar: How to Scale Data Integration to and from Google BigQuery - May 30th 2024 - Get practical advice from leading data integration executives on how to deliver data at speed and scale to power analytical and operational use cases.

Slides, Videos, Audio

Kubernetes Podcast - #225 Postgres on Kubernetes, with Álvaro Hernández.

Security Podcast - #173 SAIF in Focus: 5 AI Security Risks and SAIF Mitigations.

 

Releases

Anthos clusters on bare metal - 1.29. Release 1.29.100-gke.251 GKE on Bare Metal 1.29.100-gke.251 is now available for download. Added new API and IAM role requirements for Cloud Monitoring: You must enable the kubernetesmetadata.googleapis.com API for your project and grant the roles/kubernetesmetadata.publisher IAM role to the Logging and Monitoring service account (anthos-baremetal-cloud-ops, when created automatically). Functionality changes: Added checks to validate the SSH client certificate file type before saving the certificate as a Secret. Fixes: Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining. The following container image security vulnerabilities have been fixed in 1.29.100-gke.251: Medium-severity container vulnerabilities: CVE-2024-2961 CVE-2024-28182. Known issues: For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

GKE on AWS - A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

Anthos clusters on Azure - You can now launch clusters with the following Kubernetes versions. A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

Anthos clusters on VMware - Release 1.29.100-gke.248 Google Distributed Cloud on VMware 1.29.100-gke.248 is now available for download. Updated Dataplane V2 to use Cilium 1.13. The following issues are fixed in 1.29.100-gke.248: Fixed the known issue that after a user cluster upgrade, the user master nodes with COS OS image used 172.17.0.1/16 as the Docker bridge IP addresses. A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

GDCV for VMware - Release 1.29.100-gke.248 Google Distributed Cloud on VMware 1.29.100-gke.248 is now available for download. Updated Dataplane V2 to use Cilium 1.13. The following issues are fixed in 1.29.100-gke.248: Fixed the known issue that after a user cluster upgrade, the user master nodes with COS OS image used 172.17.0.1/16 as the Docker bridge IP addresses. A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

Apigee Integrated Portal - On May 16, 2024 we released a new version of the Apigee integrated portal. This release includes general improvements to performance and availability.

Apigee Advanced API Security - On May 14, 2024 we released an updated version of Advanced API Security. Addition of autonomous system numbers (ASN), HTTP methods, and region codes as supported security action rule condition types.

Apigee X - On May 17, 2024, we released an updated version of Apigee (1-12-0-apigee-4-hotfix). Bug ID Description 337876238, 330314128, 333762214 Resolved issues resulting in an increase in 404/503 responses.Upgraded storage for the Apigee router to the latest version to resolve 404 responses.Adjusted traffic weight and delays in the older replica set to handle traffic divergence during the release process to address any 5xx responses. Navigation menus in the Classic Apigee UI have been restored to support the transition from the Classic console to Apigee in the Google Cloud console. Correction: Apigee hybrid entitlements are available in Apigee Subscription 2024 plans.

AppEngine Flexible NodeJS - Node.js .22 is now available in preview.

AppEngine Standard NodeJS - Node.js 22 is now available in preview.

Cloud Architecture Center - Infrastructure for a RAG-capable generative AI application using Vertex AI: Added information about getting started with deploying the reference architecture by using a Jump Start Solution. (New guide) Global deployment with Compute Engine and Spanner: Learn how to architect a multi-tier application that runs on Compute Engine VMs and Spanner in a global topology on Google Cloud.

Cloud Asset Inventory - The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

Bare Metal Solution - You can now view information about upcoming maintenance events for Bare Metal Solution on Upcoming maintenance events page.

BigQuery - You can now create Gemini-enhanced translation rules to use with the interactive SQL translator. Phrase support for the SEARCH function is in preview.

Billing - Generate a SQL query to BigQuery from your Cloud Billing Reports (in preview) In the cloud console, on the Billing Reports page, you use the report settings and filters to refine the data returned to your report. Commitment recommendations in the FinOps hub now include a Recommended quantity column, so you can see more information about recommendations at a glance.

Chronicle Security Operations - Google SecOps now supports the following functions in Detection Engine rules: fingerprint sample_rate For more information about these functions, see YARA-L 2.0 language syntax.

Chronicle SOAR - Release 6.3.2 is now in General Availability. Release 6.3.3 is currently in Preview. Search results distorting the screen (ID #00273643). Inline CSS removed in Insights (ID #00273271). SAML login page showing blank (ID #00279230). Gitsync power up push content not triggering automatically (ID #00283331). Job page loading slowly and needs to be refreshed many times (ID #50253417). Alert Type is empty when trying to add alert grouping rules (ID # 00275434).

Compute Engine - Generally Available: Advanced maintenance control for sole-tenancy lets you control planned maintenance events for sole-tenant node groups and minimize maintenance-related disruptions.

Container Registry - Effective May 15, 2024, Artifact Registry hosts all images for the gcr.io domain in projects without previous Container Registry usage.

Dataflow - Dataflow no longer supports the NVIDIA Tesla K80 GPU type.

Dataproc Serverless - New Dataproc on Compute Engine subminor image versions: 2.0.102-debian10, 2.0.102-rocky8, 2.0.102-ubuntu18 2.1.50-debian11, 2.1.50-rocky8, 2.1.50-ubuntu20, 2.1.50-ubuntu20-arm 2.2.16-debian12, 2.2.16-rocky9, 2.2.16-ubuntu22. Dataproc on Compute Engine latest 2.x image versions: Removed repo.anaconda.com channel from Dataproc on Compute Engine 2.x image version clusters for installation of packages.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.102-debian10, 2.0.102-rocky8, 2.0.102-ubuntu18 2.1.50-debian11, 2.1.50-rocky8, 2.1.50-ubuntu20, 2.1.50-ubuntu20-arm 2.2.16-debian12, 2.2.16-rocky9, 2.2.16-ubuntu22. Dataproc on Compute Engine latest 2.x image versions: Removed repo.anaconda.com channel from Dataproc on Compute Engine 2.x image version clusters for installation of packages.

Deep Learning Containers - M121 release Updated the R CPU container image from R 4.3 to R 4.4.

Deep Learning VM - M121 release CUDA 12.2 images are now available.

Cloud Data Loss Prevention - The IMMIGRATION_STATUS infoType detector is available in all regions. The RUSSIA_PASSPORT infoType detector is available in all regions. The UKRAINE_PASSPORT infoType detector is available in all regions. The UZBEKISTAN_PASSPORT infoType detector is available in all regions.

Cloud Functions - Cloud Functions (2nd gen) now supports the Node.js 22 runtime at the Preview release level.

Cloud Healthcare API - The fhir_read_ops, fhir_write_ops, and fhir_search_ops quota metrics are generally available (GA) and have replaced the legacy fhir_ops quota metric. Importing and exporting FHIR resources, including their historical versions, as history bundles using Cloud Storage is available in Preview.

Identity-Aware Proxy - Generally Available: Service accounts can now use JSON Web Tokens (JWTs) to programmatically access resources protected by Identity-Aware Proxy (IAP).

KMS - Cloud KMS with Autokey is now in Preview for Cloud Storage, Compute Engine, BigQuery, and Secret Manager. Cloud KMS has two new organization policy constraints that you can use to control key version destruction.

Backup for GKE - Backup for GKE now supports creating a backup plan when creating a cluster.

Google Kubernetes Engine - (2024-R14) Version updates There are no version updates for 2024-R14. A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. Added a release note to May 16, 2023 for 1.27 available in the Rapid channel. A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

Cloud Logging - You can now attach an IAM role binding to a log view that grants a principal access to the log view.

Media CDN - Media CDN supports content targeting, which helps you cache and deliver assets that are customized for your end-user contexts.

Cloud Monitoring - You can now configure dashboards to display events by using the Monitoring API.

Policy Intelligence - The IAM recommender generates policy insights and role recommendations for identities in Workload Identity Federation pools.

reCAPTCHA Enterprise - reCAPTCHA Enterprise Mobile SDK v18.5.0 is now available for iOS. reCAPTCHA Enterprise Mobile SDK v18.5.0 is now available for Android.

Cloud Run - Cloud Run is now covered by FedRAMP High. Cloud Run has been added to Google Cloud's Pricing Calculator.

Security Command Center - Rapid Vulnerability Detection preview shuts down on July 14, 2024 The Preview release of the Rapid Vulnerability Detection service is discontinued and the service will be shut down on July 14, 2024.

Sensitive Data Protection - The IMMIGRATION_STATUS infoType detector is available in all regions. The RUSSIA_PASSPORT infoType detector is available in all regions. The UKRAINE_PASSPORT infoType detector is available in all regions. The UZBEKISTAN_PASSPORT infoType detector is available in all regions.

Cloud Source Repositories - Cloud Source Repositories is scheduled for end of sale on June 17, 2024.

Cloud Spanner - Spanner now supports a new metric in the monitoring console called read_request_latencies_by_change_stream. Vector length annotation is now generally available.

Cloud Storage Transfer - Storage Transfer Service now supports transfers from Amazon S3 over a Google-managed private network.

Cloud Text-to-Speech - Cloud Text-to-Speech now offers updated Journey voices with an additional speaker, en-us-Journey-O.

Vertex AI - Ray on Vertex AI is now Generally Available and includes the following updates: Ray version 2.9.3 and Python 3.10 are supported. For Ray on Vertex AI, Ray version 2.4 is no longer supported.

Vertex AI Workbench - The M121 release of Vertex AI Workbench user-managed notebooks includes the following: Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to linux-image-5.10.0-29-cloud-amd64. The M121 release of Vertex AI Workbench managed notebooks includes the following: Updated the R CPU kernel from R 4.3 to R 4.4. v2. M121 release The M121 release of Vertex AI Workbench instances includes the following: Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to linux-image-5.10.0-29-cloud-amd64.

 

Latest Issues




Contact

Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]