Google Cloud Platform Newsletter

Check Archive for older issues

News

Introducing Multi-Cluster Orchestrator: Scale your Kubernetes workloads across regions - Multi-Cluster Orchestrator is a new service from Google Cloud that simplifies the management of workloads across Kubernetes clusters. It offers simplified multi-cluster workload management, intelligent resource optimization, enhanced application resilience, and tight integration with existing tools. Platform engineering teams with a GitOps focus and AI/ML inferencing platform teams can benefit from Multi-Cluster Orchestrator.

GKE at 65,000 nodes: Evaluating performance for simulated mixed AI workloads - Google Kubernetes Engine (GKE) now supports 65,000-node clusters, a significant increase from the previous limit of 15,000 nodes. This breakthrough enables large-scale AI workloads, such as training massive language models, on GKE. The blog post describes a benchmark that simulates these workloads on a 65,000-node GKE cluster, providing insights into performance, challenges, and optimizations.

Google, Bytedance, and Red Hat make Kubernetes generative AI inference aware - Google, ByteDance, and Red Hat have collaborated to enhance Kubernetes for generative AI inference. New capabilities include LLM-aware routing, an inference performance project for benchmarking, and Dynamic Resource Allocation for efficient scheduling of accelerators.

Accelerate analytics with AI-assisted data preparation in BigQuery, now GA - BigQuery data preparation, now generally available, leverages AI to simplify and automate data preparation tasks, reducing the time spent on data wrangling and improving productivity. It offers comprehensive transformation capabilities, data standardization, automated schema mapping, and AI-suggested join keys for data enrichment. With its visual, low-code data pipeline features, users can design, execute, and monitor complex data pipelines, enforce data quality with error tables, and streamline deployment with GitHub integration.

Instance Replication now available for Filestore - Google Cloud has introduced Filestore Instance Replication, enabling customers to meet business continuity objectives and regulatory requirements. The feature offers efficient replication with an RPO of up to 30 minutes for data change rates of 100 MB/sec. Customers can replicate Filestore instances to a secondary location, ensuring continuous data replication and minimal data loss in case of outages.

Accelerate Mainframe Modernization with gen AI from Google Cloud and its partners - Google Cloud has launched new solutions to accelerate mainframe modernization using generative AI models and partner technologies. Google Cloud offers three products for mainframe customers: Mainframe Assessment Tool, Mainframe Rewrite, and Dual Run.

How AI will help address 5 urgent manufacturing challenges - In today's dynamic business landscape, manufacturers face unprecedented pressure due to e-commerce and supply chain disruptions. Leading manufacturers leverage AI and integrated data solutions to thrive. Google Cloud's Manufacturing Data Engine (MDE) helps unlock operational data's potential and drive AI transformation. MDE addresses critical trends shaping manufacturing's future, including digital-first experiences, resilience, bridging the digital skills gap, sustainability, and unlocking holistic insights.

Unlock AI with IT and OT data powered by Manufacturing Data Engine with Cortex Framework - Google Cloud's Manufacturing Data Engine with Cortex Framework helps manufacturers unlock the full potential of their operational data and drive AI transformation on and off the factory floor. The latest release introduces powerful new features such as Development Mode, historical metadata linking, and Configuration Packages to enable better data grounding of IT and OT data for faster AI outcomes. By combining multimodal data from machines, sensors, and cameras with data from Cortex Framework, manufacturers gain a holistic view of their operations and can unlock new AI use cases such as optimizing production schedules based on real-time demand signals or accurately forecasting financial impacts by correlating machine performance with ERP financial data.

Rice University and Google Public Sector partner to build an innovation hub in Texas - Rice University and Google Public Sector have partnered to launch the Rice AI Venture Accelerator (RAVA) in Texas. RAVA aims to drive early-stage AI innovation and commercialization by connecting AI-first startups with leading enterprises in healthcare, energy, transportation, and the public sector.

---

As a trusted Google Cloud partner of over a decade, DoiT delivers the only end-to-end FinOps platform that goes beyond cost optimization to drive reliability, performance, and security.

Kubernetes optimization with full visibility

Continuously and autonomously optimize your Kubernetes environment for peak performance at the lowest possible cost, and correlate that spend with your wider business objectives.

Learn How

---

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud CISO Perspectives: How digital sovereignty builds better borders for the future - This article explains three pillars on Google Cloud's approach to digital sovereignty: data sovereignty, operational sovereignty, and software sovereignty.

Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) - Suspected China-nexus threat actor actively exploits a critical vulnerability in Ivanti Connect Secure (CVE-2025-22457), allowing remote code execution. The actor deploys new malware families, TRAILBLAZE and BRUSHFIRE, and leverages the SPAWN ecosystem. Organizations should patch immediately and monitor for suspicious activity.

DPRK IT Workers Expanding in Scope and Scale - North Korean IT workers, posing as legitimate remote workers, are expanding their operations globally, with a focus on Europe. They use deceptive tactics, such as providing fabricated references and using multiple personas, to infiltrate companies and generate revenue for the regime. In addition to espionage and data theft, they are now engaging in extortion, targeting larger organizations and threatening to release sensitive data or provide it to competitors.

Simplifying Transitive Connectivity in GCP with Network Connectivity Center - Google Cloud Platform (GCP) provides various networking options, but native VPC peering can become cumbersome when dealing with transitive routing requirements. Network Connectivity Center (NCC) solves this issue with two new capabilities: Private Service Connect (PSC) Propagation and Producer VPC Spokes.

Scalable GCP KMS Governance: Minus the Centralization - Standardize KMS key configuration in Google Cloud using Org Policies.

The Ultimate Guide to Understanding GCP Resource Hierarchy - This article provides a comprehensive explanation of how Google Cloud Platform (GCP) organizes resources, manages access, and maintains control across projects.

App Development, Serverless, Databases, DevOps

Serverless Application Authorization Using Google Cloud Load Balancer Service Extensions - This tutorial demonstrates how to implement a load balancer authorization extension for serverless applications on Google Cloud, using a callout extension deployed on Cloud Run. This approach provides custom authorization capabilities beyond IAP, enabling fine-grained access control, such as JWT-based authentication.

Connect PostgreSQL Clients to Cloud SQL for PostgreSQL using Manual IAM Authentication - In this article, we'll look at the steps on how to use Manual IAM database authentication with PostgreSQL clients like psql and pgAdmin.

The cloud architecture of Cool Maze - Cool Maze is a mobile app that lets you send a photo from your mobile to your computer, by scanning a QR code.

Use IAM Authentication to connect to AlloyDB - Learn how to use IAM Authentication to connect to AlloyDB, a PostgreSQL-compatible database service. This article covers both automatic and manual IAM database authentication methods, including steps for creating IAM users and service accounts, granting necessary IAM roles, and connecting to AlloyDB using IAM credentials. It also discusses the benefits of automatic IAM authentication and provides recommendations for long-lived processes or applications that rely on connection pooling.

How to Implement Google Login in Laravel

Big Data, Analytics, ML&AI

How WindTL is transforming wildfire management with Google Cloud - WindTL, developed by Improving Aviation, is a decision support tool that leverages AI-powered models to deliver accurate wildfire spread, ember behavior, and ignition risk predictions. By utilizing Google Kubernetes Engine (GKE), BigQuery, and Vertex AI, Improving Aviation has achieved accelerated model execution, scalable data processing, and improved prediction accuracy, revolutionizing wildfire prediction and saving lives.

Tmux Is Tmagic - Leverage a subtle bash framework to execute data pipelines in the background, saving time for mission-critical tasks.

SQL Pipe Syntax Style Guide & Best Practices - A Comprehensive and Pioneering Edition for Adoption.

BigQuery Trick That Saved My Sanity (and Budget) on Dev/Test - This article introduces BigQuery's Table Clones and Snapshots, which offer a faster and more cost-effective way to create isolated copies of large tables for development, testing, and backup purposes.

LLMs Evaluation on GCP - An introduction to some of the most common evaluation approaches for LLM applications and how GCP can support you across the journey.

Roadmap Generator as Gemini - Gemini, integrated with Google Apps Script, automates project roadmap creation in Google Sheets, enhancing efficiency and agile planning. The script generates detailed roadmaps, including Gantt charts, from simple goals or detailed descriptions. Sample tests demonstrate its effectiveness. Users can modify the script to customize roadmap formats and regenerate roadmaps as needed.

Stowage Planning Automation Using Gemini: A Feasibility Study and A Prompt-Based Approach - Gemini 2.5 Pro Experimental enabled automated cargo ship stowage planning via prompt engineering, overcoming prior model limitations.

Model Context Protocol(MCP) with Google Gemini LLM — A Deep Dive (Full Code) - A step-by-step guide with code, architecture, and real-world use case.

Various

London Looker Meetup — May 8th 2025 — Registration Open & Call for Speakers! - The first London Looker Meetup will be on Thursday, May 8th at the Google London — Pancras Square office from 17:30–20:30.

Slides, Videos, Audio

Kubernetes Podcast - #250 Kubernetes Resource Orchestrator (KRO), with Jesse Butler and Nic Slattery.

Security Podcast - #217 Red Teaming AI: Uncovering Surprises, Facing New Threats, and the Same Old Mistakes?

Releases

AlloyDB - When the ScaNN index creation updates the reltuples statistics of a heap table, performance might be degraded for queries involving that table. If your cluster is encrypted with a customer-managed encryption key (CMEK), and no specific CMEK key is configured for continuous or automated backups, then backups will be created with the cluster CMEK.

API Gateway - On April 2, 2025, we released an updated version of API Gateway. With this release, API Gateway meets the regulatory and compliance requirements for support of data residency for data at rest.

Apigee API Hub - VPC Service Controls (VPC-SC) integration (Preview) API hub now integrates with VPC Service Controls, providing enhanced network security for your API hub instance provisioned in Google Cloud. Data Residency Zone (DRZ) compliance API hub is now compliant with Data Residency Zone (DRZ) C3 requirements. Terraform support for provisioning You can now provision API hub instances programmatically using Terraform for Google Cloud within Cloud Shell, enabling infrastructure-as-code practices. Plugin Framework API hub now uses a plugin framework to connect and ingest API metadata from various Google Cloud services and external sources where your APIs are managed or defined. API Metadata Curations API hub introduces a curation process to transform and enrich API metadata ingested by plugins. API Supply chain graph view Visualize and understand the dependencies within your API ecosystem with the new interactive API supply chain graph view. Enhancements to the Operations entity [API only] You can now add, edit, or delete operations for an API version even if it lacks a specification file or has an unparsable one. Attach API documents You can now enhance your API documentation by attaching additional relevant files, such as requirements, design documents, and functionality details, directly to your APIs in API hub. Deprovision an API hub instance [API only] You can now delete an API hub instance from your Google Cloud project using the ApiHubInstance API.

Application Integration - Build Conversational Agents with Dialogflow CX (Preview) Application Integration now simplifies the creation of conversational experiences with direct integration with Conversational Agents (Dialogflow CX). Enhancements to Replay Execution Application Integration Replay Execution now provides the following enhancements: Modify input parameters on replay: You can now modify the input parameters of an integration execution when initiating a replay.

Assured Workloads Access Approval - Access Approval supports Document AI in the GA stage.

BigQuery - BigQuery ML now supports the following generative AI functions, which let you analyze text using a Vertex AI Gemini model. BigQuery migration assessment now includes support for Amazon Redshift Serverless. You can now generate structured data by using BigQuery ML's AI.GENERATE_TABLE function with Gemini 1.5 Pro, Gemini 1.5 Flash, and Gemini 2.0 Flash models. You can now create and use Python user-defined functions (UDFs) in BigQuery. The Python code that you generate using Gemini in BigQuery Notebooks is now much more likely to leverage your data. You can now generate Dataframes code in BigQuery Notebooks that use BigFrames libraries. Pipe syntax supports a linear query structure designed to make your queries easier to read, write, and maintain. You can use a CREATE MODEL statement to create a contribution analysis model in BigQuery ML. Iceberg external tables now support merge-on-read. On the Scheduling page, you can now view existing schedules, create new schedules, and perform other actions for data preparations, notebooks, BigQuery pipelines, and scheduled queries. You can build BigQuery pipelines (formerly workflows), composed of SQL queries or notebooks, in BigQuery Studio. You can now define a _CHANGE_SEQUENCE_NUMBER for BigQuery change data capture (CDC) to manage streaming UPSERT ordering for BigQuery. BigQuery now supports subqueries in row level access policies. You can now use BigQuery Data Transfer Service for Search Ads to view Performance Max (PMax) campaign data for the following tables: CartDataSalesStats ProductAdvertised ProductAdvertisedDeviceStats ProductAdvertisedConversionActionAndDeviceStats This feature is generally available (GA). You can now configure the repeat frequency of BigQuery Data Transfer Service for Google Ad Manager. You can now skip loading match tables for BigQuery Data Transfer Service for Google Ad Manager. You can include data preparation tasks in BigQuery pipelines that execute your code assets in sequence at a scheduled time.

Chronicle - Medium Priority rule set Google SecOps has introduced a new rule set, Medium Priority, in Applied Threat Intelligence (ATI).

Chronicle Security Operations - Create a quick action (Preview) Administrators can now predefine quick actions for analysts to execute directly within cases and alerts. What's New in Google SecOps At the top of your Google SecOps screen, click the question mark and select What's New to display the top five new features in the Google SecOps platform. Optimize log management using extractors This feature is currently in Preview. Medium Priority rule set Google SecOps has introduced a new rule set, Medium Priority, in Applied Threat Intelligence (ATI).

Chronicle SOAR - Release 6.3.41 is now available for all regions. Release 6.3.42 is being rolled out to the first phase of regions as listed here. Create a quick action (Preview) Administrators can now predefine quick actions for analysts to execute directly within cases and alerts.

Colab - Preview: You can switch to a default runtime with GPUs by using a button in your Colab Enterprise notebook.

Cloud Composer - The unification of Cloud Composer 3 billing with BigQuery is paused until further notice. In recently released Airflow builds of Cloud Composer 3, the Airflow web server requires more CPU to finish its initialization when an environment is created or updated.

Compute Engine - Generally available: You can manage OS policy assignments across projects and zones at scale in large organizations using the OS policy orchestrator feature in VM Manager. Compute Engine provides the interactive serial console for troubleshooting malfunctioning instances.

Contact Center AI Platform - Version 3.33 pre-release announcement Version 3.33 of Google Cloud CCaaS is not yet released, but we expect the capabilities of version 3.33 to closely match the capabilities described in this announcement. Salesforce CRMs: attach a CCaaS session object to a CRM record if a matching CRM record is found For Salesforce CRMs, when you append a call or chat session to the latest open record, you have the option to attach a CCaaS session object to a CRM record if a matching CRM record is found. New options for CRM comments when saving call recordings and chat transcripts to external storage When you save call recordings and chat transcripts to external storage, you can control how these are referenced in the CRM record. New call type in reports: Voice Outbound (UCaaS) We've added the Voice Outbound (UCaaS) report type to the Create Reports page for calls and chats so you can generate reports that contain this type of call. Conditional overcapacity deflections You can now enable conditional overcapacity deflections for calls. New post events for virtual task assistants The following new virtual task assistant post events are available: Virtual task assistant joined Virtual task assistant left Virtual task assistant session variables received The agent adapter can use the browser's postMessage() method to send events to the parent iFrame to trigger various actions in your custom CRM application. Bulk agent status import improvements When you import agent statuses in bulk, the Import Statuses dialog now indicates when the upload is complete and sends you a confirmation email. Configure a contact list destination to pass data parameters to a SIP header You can configure a contact list destination to pass data parameters to a SIP URI when an agent uses the destination to make an outbound call or transfer a call. View transcripts for completed chats If you save chat transcripts in external storage, you can view them from the Completed Chats dashboard. Session metadata contains conversation IDs for virtual agents and Agent Assist The session metadata file now contains the conversation ID for a virtual agent or for Agent Assist if either of those are involved in a session. The following issues were addressed in this release: Fixed an issue where users couldn't deactivate a disposition code or list that was assigned to a queue when the queue was deleted prior to the deactivation.

Dataproc Metastore - Dataproc Metastore federation now supports multi-regional Dataproc Metastore services.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.98 1.2.42 2.2.42. Dataproc Serverless for Spark: Installed CUDA, cuDNN and NCCL NVIDIA libraries in 1.2 and 2.2 runtimes. New Dataproc Serverless for Spark runtime versions: 1.1.97 1.2.41 2.2.41.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.2.51-debian12, 2.2.51-rocky9, 2.2.51-ubuntu22. Dataproc on Compute Engine: Hyperdisk-Balanced is now the default primary disk type when creating a cluster from the console. Dataproc on Compute Engine: Fixed incorrectly attributed Dataproc job logs in Cloud Logging for clusters created with 2.2+ image versions.

Cloud Deploy - Cloud Deploy support for timed promote is now generally available. Cloud Deploy support for deploy policies is now generally available. Cloud Deploy support for repair rollout automation is now generally available.

Dialogflow - Dialogflow CX (Conversational Agents): Data store tools no longer require the use of a playbook and can be used with any agent. Dialogflow CX (Conversational Agents): The gemini-1.0-pro model is deprecated as of March 24, 2025 and has been automatically upgraded to the gemini-1.5-flash-001 model. Dialogflow CX (Conversational Agents): AI generation of language-specific information, entities and training phrases is now GA. Dialogflow CX (Conversational Agents): All prebuilt agents are now GA.

Document AI - All processors can now extend the Maximum page limit for online and synchronous requests up to 30 pages.

Gemini - Code customization for chat is now generally available for VS Code and IntelliJ Gemini Code Assist.

Google Kubernetes Engine - GKE now provides insights and recommendations that help you identify workloads without resource requests or limits so that you can specify the resource needs for these workloads. (2025-R13) Version updates GKE cluster versions have been updated. Automatic application monitoring is now generally available in GKE versions 1.28 and later.

Cloud Logging - You can include pipe syntax in the SQL queries you run on the Log Analytics page.

Looker - Looker (Google Cloud core) and Looker (original) changes. The following features have been added to Studio in Looker, which is available in preview: You can connect to Google BigQuery and Google Sheets using Owner's Credentials.

Cloud Monitoring - If you have enabled logging for failures of an uptime check, you can view the logs from the Uptime details page.

Cloud PubSub - A weekly digest of client library updates from across the Cloud SDK.

Risk Manager - Risk Manager is now called Cyber Insurance Hub.

Cloud Run - Deploying multiple containers (sidecars) to a Cloud Run job is now generally available.

Security Command Center - When activating Security Command Center Enterprise, you can monitor the provisioning status and progress of initial scans.

Sensitive Data Protection - The MAC_ADDRESS_UNIVERSAL infoType detector is available in all regions.

Service Mesh - 1.25.x. 1.25.0-asm.8 is now available for in-cluster Cloud Service Mesh. There is a known issue where all gateway CRs will see a downtime for status updates when upgrading from 1.24.3 to 1.25.x .

Cloud Spanner - In Spanner Graph you can view a visualization of graph elements returned by a Spanner Graph query and of a Spanner Graph schema. Spanner now supports the following GoogleSQL JSON mutator functions: JSON_ARRAY_APPEND() JSON_ARRAY_INSERT() JSON_REMOVE() JSON_SET() JSON_STRIP_NULLS() Spanner now supports the following PostgreSQL JSONB mutator functions: jsonb_insert() jsonb_set() jsonb_set_lax() jsonb_strip_nulls() Spanner also supports the following PostgreSQL JSONB operators: concat: jsonb || jsonb -> jsonb delete: jsonb - text -> jsonb For more information, see JSON functions in GoogleSQL and Supported PostgreSQL functions. The GoogleSQL JSON_KEYS and PostgreSQL json_object_keys functions, which extract unique JSON keys from a JSON expression, are generally available. JSON search indexes are generally available in Spanner. A monthly digest of client library updates from across the Cloud SDK.

Cloud SQL MySQL - You can now integrate Cloud SQL for MySQL and Vertex AI (in Preview). Cloud SQL now supports Managed Connection Pooling (MCP) in Preview, which lets you scale your workloads by optimizing resource utilization for your Cloud SQL instances using pooling.

Cloud SQL Postgres - The rollout of the following extension versions and plugin versions is complete: Extensions and plugins PostGIS is upgraded from 3.4.4 to 3.5.2. Cloud SQL now supports Managed Connection Pooling (MCP) in Preview, which lets you scale your workloads by optimizing resource utilization for your Cloud SQL instances using pooling.

Cloud Storage - Additional functionality is now available for the bucket IP filtering feature: You can use IP filtering for buckets in all regions, dual-regions, and multi-regions. Storage batch operations for Cloud Storage is now generally available (GA). You can now use metrics to monitor Cloud Storage FUSE performance.

Cloud Text-to-Speech - Chirp 3: HD voices with 8 speakers and 31 locales is now GA.

Cloud TPU - Flex-start for Cloud TPU, powered by Dynamic Workload Scheduler, is available in Preview.

VMware Engine - Google Cloud VMware Engine now supports 24 ve2 node types, enabling precise and efficient environment sizing.

VPC Service Controls - General availability support for the following integration: Google Agentspace Enterprise.

Virtual Private Cloud - You can access global Google APIs by using Private Service Connect backends that are based on cross-region internal Application Load Balancers.