News
AI Official BlogAI Hypercomputer software updates: Faster training and inference, a new resource hub, and more - Google Cloud's AI Hypercomputer software stack receives significant updates, including faster training and inference, a centralized resource hub, and improved resiliency at scale.
BigQuery Data Analytics Official BlogBigQuery's AI-assisted data preparation is now in preview - BigQuery data preparation, powered by AI, streamlines and simplifies the data preparation process. It offers AI-powered suggestions, data cleansing and standardization, visual data pipelines, and data pipeline orchestration. With BigQuery data preparation, organizations can significantly reduce the time spent on manual data preparation tasks, improve data quality, and empower users to make informed decisions.
Cloud SQL Databases Official BlogWhat’s new in PostgreSQL 17, now available in Cloud SQL - PostgreSQL 17 is now available on Cloud SQL, bringing new features and enhancements in security, developer experience, performance, tooling, and observability. Notable improvements include the MAINTAIN privilege for granular control over database maintenance tasks, the MERGE command for efficient data manipulation, and improved memory structure for vacuum operations.
LLM Official Blog Partners Vertex AIAnnouncing Anthropic’s upgraded Claude 3.5 Sonnet on Vertex AI - Anthropic's upgraded Claude 3.5 Sonnet model is now generally available on Vertex AI, featuring a new "computer use" capability in public beta. This means you can use the model to direct the model to generate computer actions, like keystrokes and mouse clicks, allowing it to interact with your user interface (UI).
Apigee Official BlogGoogle Cloud Apigee named a Leader in the 2024 Gartner® Magic Quadrant™ for API Management - Google Cloud's Apigee has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for API Management for the ninth consecutive time.
DevOps Official BlogGoogle is a Leader in Gartner Magic Quadrant for Strategic Cloud Platform Services - Google Cloud has been recognized as a Leader in the Gartner Magic Quadrant for Strategic Cloud Platform Services for the seventh consecutive year.
Articles, Tutorials
Infrastructure, Networking, Security, Kubernetes
Google Kubernetes Engine GPU Official BlogSave on GPUs: Smarter autoscaling for your GKE inferencing workloads - Autoscaling with GPU utilization can cause you to overprovision LLM workloads, adding unnecessary cost to meeting your performance goals. Autoscaling with LLM server metrics will enable you to achieve your latency or throughput goals while spending the minimal amount on accelerators.
Official Blog Threat IntelligenceInvestigating FortiManager Zero-Day Exploitation (CVE-2024-47575) - In October 2024, Mandiant collaborated with Fortinet to investigate the mass exploitation of FortiManager appliances. The vulnerability, CVE-2024-47575, allows unauthorized threat actors to execute arbitrary code or commands against vulnerable FortiManager devices. Mandiant observed a new threat cluster, UNC5820, exploiting this vulnerability as early as June 27, 2024.
API Cloud Identity Aware Proxy Kubernetes Paywall SecuritySecuring GCP Workflow Communication with Kubernetes API Endpoints with Identity-Aware Proxy (IAP) — a Step by Step Guide - In this guide, you'll learn how to secure communication between GCP Workflows and Kubernetes API endpoints using Identity-Aware Proxy.
Docker Google Kubernetes Engine KubernetesMitigating Docker Hub Rate Limits in GKE Clusters with little effort - This article explores effective solutions to mitigate Docker Hub rate limits without modifying existing deployments.
FinOps KubernetesHow to use GKE's new Custom Compute Classes - GKE's new Custom Compute Classes (CCC) offer increased availability and cost savings by providing fallback compute priorities and active migration of workloads to preferential node shapes. CCC maximizes obtainability and reliability, ensuring successful autoscaling and control over resource allocation.
VMware EngineAutomating Google Cloud VMware Engine Deployments - Automating Google Cloud VMware Engine Deployments aims to streamline the configuration and deployment of GCVE using Cloud Build as a CI/CD platform and Terraform as an IaC tool. It addresses the challenge of long deployment times by configuring resources to support extended deployments. The article covers setting up the environment, creating a Cloud Build pipeline, and configuring Terraform for proper timeout values.
Cloud Storage Google Kubernetes Engine KubernetesMount Cloud Storage buckets as volumes in GKE (Google Kubernetes Engine) - This article explores the process of utilizing the Cloud Storage FUSE CSI driver to mount cloud storage buckets as persistent volumes, providing step-by-step instructions for setting up the driver, creating a sample cloud storage bucket, and deploying a sample pod to consume the volume.
Knative Kubernetes PaywallImplementing Scale-to-Zero with Knative: A Comprehensive Guide - Implementing a scale-to-zero solution using Knative, a Kubernetes-based platform that offers powerful serverless capabilities. Covers both external and internal traffic patterns, and provide step-by-step instructions for building a basic scale-to-zero application. Prerequisites include a Kubernetes cluster, Knative Serving component, kubectl CLI tool, Docker, and optionally the kn CLI tool and a container registry account.
Google Kubernetes Engine KubernetesKeep Kubernetes GitOps Pipeline out of your cluster - Keep your Kubernetes GitOps pipeline out of your cluster. When more of the CI/CD process is moved to the cluster that is hosting the workloads, you lose some visibility and control around what the final Kubernetes configuration looks like. The recommendation is to prepare for debugging scenarios and keep the hydration of your configuration outside of your cluster in a place where you can easily examine what the final config looks like.
Chronicle GeminiCreating an Entity Explorer Widget in Chronicle SOAR with Gemini Code Assist - In this post, I explore using Gemini Code Assist to create a custom Entity Explorer Action and HTML widget in Chronicle SOAR.
FinOpsImprove budget relevance by expanding cost visibility dashboards - You can avoid surprises on your cloud bill by creating budgets, but how do you make sure they remain relevant and appropriate?
App Development, Serverless, Databases, DevOps
DevOps Official BlogHighlights from the 10th DORA report - The 2024 DORA report, marking a decade of investigation into high-performing technology teams, reveals the impact of AI adoption, platform engineering, and developer experience on software delivery performance.
DevOps Official BlogMeasuring developer experience with the HEART Framework: A guide for platform engineers - The HEART Framework is a holistic approach to measuring developer experience (DX) by tracking specific metrics related to happiness, engagement, adoption, retention, and task success. It provides actionable data on how developers feel and interact with the tools and services they use throughout the software development process.
AI Compute Engine Official BlogWe tested Intel’s AMX CPU accelerator for AI. Here’s what we learned - Google Cloud tested Intel’s AMX CPU accelerator for AI on Confidential VMs and found that it can significantly improve the performance of deep-learning training and inference.
Cloud Spanner Databases GCP Experience Official BlogSpanner and PostgreSQL at Prefab: Flexible, reliable, and cost-effective at any size - Prefab uses Spanner’s PostgreSQL interface for its datastore, configurations, feature flags, and generated client telemetry. Spanner is used for the feature flag services that need to scale to meet customer demands, while Ruby on Rails, React, and PostgreSQL are used for the application’s user interface.
Cloud Run SecurityAuthenticating to Backend Services in EnvoyProxy via OAuth 2.0 jwt-bearer Flow using ExtAuthz - Securing backend services in EnvoyProxy with OAuth 2.0 jwt-bearer flow and GCP metadata service.
Cloud SQLSetting Up PostgreSQL Replication Between Google Cloud SQL and an On-Premise Server for Business Continuity - Ensure data continuity and strengthen resilience in your business operations with PostgreSQL replication for effective business continuity.
Cloud Functions KotlinHow to Upgrade Google Cloud Functions from GEN1 to GEN2 - In this guide, we'll show you how to smoothly upgrade your Google Cloud Function from GEN1 to GEN2. We'll cover changes in Gradle files, function implementation, and deployment using GitHub Actions. Ensure the Eventarc API is enabled for GEN2 deployment.
Cloud Run ServerlessServerless Backstage with Cloud Run: A Guide for Ambitious Minimalists - This article provides a guide for deploying Backstage, an internal developer portal, on a serverless stack using Google Cloud Run. The setup includes a Cloud SQL database for persistent storage, direct VPC egress for internal endpoint access, and integration with Secret Manager for secure configuration.
API SecurityHow to use Google Cloud API integration in Google SecOps - Learn how to use Google Cloud API integration in Google SecOps to execute any API request from Google Cloud services, including Google SecOps SIEM API.
DevOps Docker TerraformAutomate Docker Builds and Push to Google Artifact Registry with Terraform Including Args - This post demonstrates how to automate building Docker images and pushing them to Google Artifact Registry using Terraform. It covers authenticating Docker with Google Cloud, building the Docker image, pushing it to the Artifact Registry, and defining variables and locals.
Firebase Gemini Vertex AIOrchestrating Firebase and AI: 8 Genkit Architecture Patterns - Genkit is a code-first framework for orchestrating, deploying, and monitoring workflows involving generative AI. This article focuses on Genkit's orchestration aspect, showcasing how it acts as the conductor of Firebase, orchestrating different architecture patterns.
Cloud Workstations InfrastructureWhat is GCP Cloud Workstation? - Google Cloud Workstations is a fully managed service that provides cloud-based development environments, eliminating the need for local setup and configuration. It offers secure and consistent development environments for teams spread across different locations, ensuring standardized tools, libraries, and settings.
Cloud Logging MonitoringEnhancing observability in complex IT infrastructures with Google Cloud Logging - Google Cloud Logging offers centralized observability for complex IT infrastructures, enabling unified visibility, efficient scaling, simplified data access, and streamlined analysis. Key features include user-defined log buckets for customized log storage, log views for selective access control, log scopes for defining search boundaries, and aggregated sinks for centralized log collection and management.
AI CI DevOps GitHubAutomating DevOps with GenAI: Approving Deployments with GitHub Actions and Google Cloud - This article presents an innovative solution that integrates Generative AI (GenAI) into a GitHub Actions workflow to automate code analysis and trigger deployments on Google Cloud Run. By utilizing a Large Language Model (LLM), the system analyzes code changes, approves or rejects them based on quality, and automatically deploys approved code to Google Cloud Run.
Big Data, Analytics, ML&AI
BigQuery Google AnalyticsIncredible BigQuery Extract Performance - Improving BigQuery export of Google Analytics data to Snowflake.
Airflow Google Kubernetes Engine KubernetesSpark on GKE: A Guide to using GKEStartPodOperator for Spark workloads - Learn how to efficiently run your Spark applications on Google Kubernetes Engine using the GKEStartPodOperator from the Google Kubernetes Engine Operators for Apache Airflow.
BigQuery Data Analytics LookerFrom Data to Insights: Building a Data Engineering Pipeline Analyzing BayWheels Bike Data - The example of end-to-end data pipeline.
AI Infrastructure Machine Learning RayRunning Training Jobs with Ray Jobs - Ray Jobs, an open-source framework, simplifies distributed computing for machine learning workloads. With Ray Jobs, you can define your training job, submit it to a Ray cluster, and monitor its progress using the Ray Dashboard. Ray Jobs automates cluster management, enabling scalable computation and cost efficiency by terminating clusters after job completion.
Gemini Generative AITutorial : Multi-Agent interactions with Autogen and Gemini — Part 7: Sequential Chat - This article introduces a conversation design pattern called Sequential Chat, which allows for a sequence of conversations between multiple agents.
Gemini Generative AITutorial : Multi-Agent interactions with Autogen and Gemini — Part 8: Group Chat - This tutorial explores "Group Chat," a conversation involving more than two agents using Autogen and Gemini.
Generative AI LLM Machine Learning Vertex AIModel Alignment Through Automatic Prompt Updates From User Feedback - Google researchers have developed a technique to automatically improve prompts for language models based on user-provided feedback. The technique is available as an open-source Python library and through a user interface in Vertex AI Studio, making it easy for prompt developers to use. Prompt refinement with this model alignment technique has been shown to boost the quality of prompts and save significant time during prompt design.
Generative AI LLM Machine LearningDesigning Cognitive Architectures: Agentic Workflow Patterns from Scratch - This article explores 8 advanced agentic workflow patterns that enhance the capabilities of AI systems using Large Language Models (LLMs) and AI agents.
Generative AI LLMBuilding a Scalable Pipeline for Continuous Document Indexing to Power RAG based Q&A - Continuous Document Indexing and Q&A Solution with Google Cloud, Redis, and LangChain.
Various
Generative AI Official BlogAdapting model risk management for financial institutions in the generative AI era - Generative AI (gen AI) has the potential to revolutionize the financial services industry, but it also introduces new risks. Existing model risk management (MRM) frameworks can be adapted to manage these risks, but regulators need to provide enhanced clarity and establish expectations in areas such as model governance, development, validation, and oversight.
Slides, Videos, Audio
Security Podcast - #195 Containers vs. VMs: The Security Showdown!
Releases
Compute Engine - Generally available: You can extend the term lengths of your resource-based commitments beyond the preset 1 or 3 years and choose custom term lengths such as 2, 3.5, or 5.5 years.
Contact Center AI Insights - Quality AI is now generally available within Insights.
Data Fusion - Using Dataproc version 2.2 in your Cloud Data Fusion pipeline can fail in some cases with the following error: ERROR [Driver:o.a.s.d.y.ApplicationMaster@97] - User class threw exception: java.lang.NoSuchMethodError: 'org.apache.spark.sql.catalyst.encoders.ExpressionEncoder org.apache.spark.sql.catalyst.encoders.RowEncoder.apply(org.apache.spark.sql.types.StructType)' at io.cdap.cdap.etl.spark.batch.OpaqueDatasetCollection.toDataframeCollection(OpaqueDatasetCollection.java:111).
Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.85 1.2.29 2.2.29. Dataproc Serverless for Spark: Added common AI/ML Python packages by default to Dataproc Serverless for Spark 1.2 and 2.2 runtimes. Dataproc Serverless for Spark: Upgraded Cloud Storage connector to 3.0.3 version in the latest 1.2 and 2.2 runtimes. Announcing the General Availability (GA) release of Spark UI for Dataproc Serverless Batches and Interactive sessions which allows you to monitor and debug your serverless Spark workloads.
Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.124-debian10, 2.0.124-rocky8, 2.0.124-ubuntu18 2.1.72-debian11, 2.1.72-rocky8, 2.1.72-ubuntu20, 2.1.72-ubuntu20-arm 2.2.38-debian12, 2.2.38-rocky9, 2.2.38-ubuntu22.
Datastream - Datastream is now available in the europe-southwest1 (Madrid) region.
Cloud Data Loss Prevention - The PARAGUAY_TAX_NUMBER infoType detector is available in all regions. The sensitive data discovery service can now detect the presence of secrets, such as passwords and authentication tokens, in your Cloud Run service revision environment variables.
Document AI - The Document AI section of the Google Cloud console now allows you to configure property descriptions as part of the Custom extractor processor-creation process.
Gemini - BigQuery provides context-aware transformation recommendations from Gemini for cleansing data for analysis.
Cloud Logging - You can now create alerting policies that monitor the results of your SQL queries.
Cloud Monitoring - You can now create alerting policies that monitor the results of your SQL queries.
Cloud Run - GPU support (Preview) is now available in the following region: europe-west4. You can now create custom organization policies and apply them to projects, folders, or organizations (GA). Cloud Run integrations are discontinued from the Google Cloud console and Google Cloud CLI for new users.
Security Command Center - Event Threat Detection's Outgoing DoS finding has been shut down and is no longer available.
Sensitive Data Protection - The PARAGUAY_TAX_NUMBER infoType detector is available in all regions. The sensitive data discovery service can now detect the presence of secrets, such as passwords and authentication tokens, in your Cloud Run service revision environment variables.
Service Mesh - Managed Cloud Service Mesh. The rollout of managed Cloud Service Mesh version 1.19 to the stable channel has completed. In future releases, managed Cloud Service Mesh will use the GKE release channel to determine the data plane component and Istio API versions.
Cloud SQL MySQL - When you run the backupRuns.GET API or the gcloud sql backups describe command, the maxChargeableBytes parameter now appears in the response. You can now create a read replica for an instance that has private services access configured for it and connector enforcement enabled for it.
Cloud SQL Postgres - When you run the backupRuns.GET API or the gcloud sql backups describe command, the maxChargeableBytes parameter now appears in the response. PostgreSQL version 17 is now generally available. You can now create a read replica for an instance that has private services access configured for it and connector enforcement enabled for it.
Cloud SQL SQL Server - When you run the backupRuns.GET API or the gcloud sql backups describe command, the maxChargeableBytes parameter now appears in the response. You can now create a read replica for an instance that has private services access configured for it and connector enforcement enabled for it.
Cloud Storage - Announced billing changes for BigQuery users who are accessing Cloud Storage will now take effect February 1, 2025. Connecting to Cloud Storage using gRPC is generally available (GA). You can now emit client-side metrics for gRPC.
Traffic Director - Managed Cloud Service Mesh. The rollout of managed Cloud Service Mesh version 1.19 to the stable channel has completed. In future releases, managed Cloud Service Mesh will use the GKE release channel to determine the data plane component and Istio API versions.
VPC Service Controls - General availability support for the following integration: Vertex AI in Firebase.
Agent Assist - (Proactive) Generative knowledge assist now offers additional functions and supports more languages.
AlloyDB - Database server compatibility with PostgreSQL version 16 is generally available (GA).
Anthos Config Management - Config Controller now uses the following versions of its included products: Config Connector v1.123.1, release notes.
Google Distributed Cloud Bare Metal - 1.29. Release 1.29.700-gke.113 Google Distributed Cloud for bare metal 1.29.700-gke.113 is now available for download. Fixes: Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy. The following container image security vulnerabilities have been fixed in 1.29.700-gke.113: Medium-severity container vulnerabilities: CVE-2024-7264 Low-severity container vulnerabilities: CVE-2024-43167 CVE-2024-43168 GHSA-xr7q-jx4m-x55m. Known issues: For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
Anthos clusters on VMware - Google Distributed Cloud (software only) for VMware 1.29.700-gke.110 is now available for download. The following issues are fixed in 1.29.700-gke.110: Fixed the known issue that caused gkectl to display false warnings on admin cluster version skew.
GDCV for VMware - Google Distributed Cloud (software only) for VMware 1.29.700-gke.110 is now available for download. The following issues are fixed in 1.29.700-gke.110: Fixed the known issue that caused gkectl to display false warnings on admin cluster version skew.
Apigee X - On October 23, 2024, we released an updated version of Apigee (1-14-0-apigee-1). Bug ID Description N/A Updates to security infrastructure and libraries. On October 22, 2024, we released a new version of Apigee. With this release, the following limits for Apigee organizations have changed: The maximum number of deployed API proxies and shared flows per (non-hybrid) organizations is 6000.
Cloud Architecture Center - Design an optimal storage strategy for your cloud workload: Added information about Parallelstore.
Artifact Registry - Artifact Analysis now supports scanning for vulnerabilities in the following types of operating systems: AlmaLinux OS Chainguard Google Distroless Red Hat Universal Base Image (UBI) Rocky Linux SUSE Linux Enterprise Server (SLES) Wolfi If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry addressing these new operating systems, in addition to already supported operating system and language package vulnerabilities. Artifact Analysis now supports manual scans for vulnerabilities in the following types of packages: AlmaLinux OS Chainguard .NET Google Distroless NPM PHP Python Ruby Rust Red Hat Universal Base Image (UBI) Rocky Linux SUSE Linux Enterprise Server (SLES) Wolfi You can use the On-Demand Scanning API to manually scan container images locally on your computer or in your registry.
Assured Workloads for Goverment - The IRS Publication 1075 control package is now generally available.
Backup and DR Service - Backup and DR service added support to deploy new management console without the need to create private services access.
BigQuery - BigQuery provides context-aware transformation recommendations from Gemini for cleansing data for analysis. You can now view, trigger, and pause Airflow DAGs in BigQuery. You can now manage notebook schedules on the Orchestration page. Custom organization policies let you allow or deny specific operations on BigQuery Data Transfer Service transfer configurations to meet your organization's compliance and security requirements.
Colab - Colab Enterprise is now available in the following regions: Hamina, Finland (europe-north1) Milan, Italy (europe-west8) Tel Aviv, Israel (me-west1) Warsaw, Poland (europe-central2) See Colab Enterprise locations.
Cloud Composer - A new Cloud Composer release has started on October 22, 2024. (Only new Cloud Composer 2 environments, all versions) If a GKE Control Plane IP range is specified for an environment, GKE creates a new subnetwork in this range to provision the IP address for communication with the GKE Control Plane. (Airflow 2.9.3) The apache-airflow-providers-google package was upgraded to version 10.24.0 in Cloud Composer 2 images and Cloud Composer 3 builds. (Airflow 2.9.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 9.0.0 in Cloud Composer 2 images and Cloud Composer 3 builds. (Airflow 2.9.3 and 2.7.3) Changes in preinstalled packages: The grpcio package was downgraded from 1.66.2 to 1.65.5. New Airflow builds are available in Cloud Composer 3: composer-3-airflow-2.9.3-build.4 (default) composer-3-airflow-2.7.3-build.20. Cloud Composer 2.9.8 images are available: composer-2.9.8-airflow-2.9.3 (default) composer-2.9.8-airflow-2.7.3. Cloud Composer version 2.4.6 has reached its end of support period.