Welcome to issue #293 May 9th, 2022

News

Now generally available: BigQuery BI Engine supports any BI tool or custom application - Learn about BigQuery BI Engine and how to analyze large and complex datasets interactively with sub-second query response time and high concurrency. Now generally available.

Introducing new Google Cloud manufacturing solutions: smart factories, smarter workers - Google Cloud Manufacturing Solutions Announcement.

Orchestrate Looker data transformations with Cloud Composer - New Looker operators in Cloud Composer help you orchestrate Looker data transformations at scale.

Announcing Sovereign Controls for Google Workspace - To further enable EU organizations through digital sovereignty, we’re launching new capabilities to control, limit, and monitor transfers of data to and from the EU.

---

Vultr's new Optimized Cloud Instances deliver all of the power of the cloud without the Big Tech bloat. Instantly deploy worldwide for as low as $28/mo. Exclusive for GCP Weekly readers: Redeem $150 in free credit!

---

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

CIS hardening support in Container-Optimized OS from Google - Our latest Container-Optimized OS release supports CIS benchmark compliance and can provide continuous CIS scanning capabilities.

Implementing HKMA’s Secure Tertiary Data Backup (STDB) on Google Cloud - How to use Google Cloud as a backup storage solution to address HKMA’s Secure Tertiary Data Backup (STDB) guideline.

GCP Routing Adventures (Vol. 1) - Fundamental concepts for routing in GCP networking.

Setting up secure Pub/Sub flow with Go and Terraform - This article covers fully managed message processing pipeline that handles errors and notifications.

Simple Network Foundations using Webform, Terraform, and JSON - Deploying a Google Cloud, or GCP, network as IaC? Use this simple webform with your Terraform repository for quick network deployments.

App Development, Serverless, Databases, DevOps

The definitive guide to databases on Google Cloud: Part 2 - Options at a glance - A look into the different databases and storage options in Google Cloud, a brief note on each one of them, when to choose one over the other, interesting alternatives, and exceptions.

Advancing systems research with open-source Google workload traces - When designing the systems components to support warehouse-scale computers, researchers can use workload traces to inform their designs.

Google's Cloud Console vs Admin Console - What are the differences between the Cloud Console and the Admin Console, and what do you need to use them both for?

Are your SLOs realistic? How to analyze your risks like an SRE - Before committing to an SLO, Site Reliability Engineering practices recommend that you evaluate the risks to a given service.

Getting started with OpenSSH on Windows Compute Engine instances - With support for OpenSSH Server, Compute Engine can remotely connect and administer a Windows Server with the Google Cloud SDK via the gcloud command.

Host Private Node.JS Packages on the Google Cloud with Artifact Registry - How to safely share and reuse your code across multiple projects.

Cloud SQL is not great - Experience of using PostgreSQL on CloudSQL.

Patching GCE VMs using GCP VM Manager (OS Patch Management) - OS patch management with VM Manager.

Real-Time Streaming | MySQL & Oracle to Cloud Spanner - Migrating data to Cloud Spanner.

Going Cloud with SQL Server: Google Cloud Options - This blog post contains concepts and options on hosting SQL Server on GCP.

Big Data, Analytics, ML&AI

The Future of Data: Unified, flexible, and accessible - Google Cloud’s whitepaper explores why the future of data will involve three key themes: unified, flexible, and accessible.

Ingesting GA4 Events for Discovery solutions - Ingest existing Google Analytics 4 events for Discovery solutions.

Solving for food waste with data analytics in Google Cloud - This blog post explores why it is so necessary as a retailer to bring your data to the cloud to apply analytics to minimize food waste.

Cloud Data Fusion: Adding a Service Account to the Secure Store - Storing Service Account JSON keys in plain text is not ideal to say the least. To protect that sensitive information, it is recommended the service account key be stored in the Data Fusion Secure Store to eliminate it from showing up in plain text in pipelines and logs.

Predicting conversion events from Google Analytics dataset for Google Merchandise store in BigQuery - Analyzing Google Analytics sample dataset for BigQuery - BigQuery ML Logistic Regression.

4 Ways BigQuery Metadata Can Help You - Get data about tables, jobs, and more.

14 Best Practices to Tune BigQuery SQL Performance - With big data, querying is no longer just about writing the “correct” syntax, it needs to be cost-effective and fast, too. Here is how….

Using Collation in Google BigQuery - How to Compare and Sort Strings easily with SQL.

Enhancing BigQuery SEARCH features with SEARCH INDEX - A faster way to find text in unstructured text and semi-structured JSON in BigQuery.

Managing your GCP inventory with Cloud Asset API - Using Cloud Functions with Cloud Asset API and BigQuery to keep track of your Google Cloud Platform inventory.

Designing Malloy — Introduction - Malloy is a new query language for data.

Various

Optimize and scale your startup on Google Cloud: Introducing the Build Series - Announcing the launch of the second series of the Google Cloud Technical Guides for Startups, a video series for technical enablement aimed at helping startups to start, build and grow their businesses.

Qwiklabs Trivia: The Next Level - Qwiklabs Trivia to test your knowledge about Google Cloud.

My Review of the Google Cloud Professional Cloud Database Engineer BETA Exam - Last week I sat the brand new Google Cloud Professional Cloud Database Engineer BETA exam. As I love the challenge of these Beta exams, and….

Google Database Engineer Beta Exam Thoughts - Google recently announced a new Database Engineer Exam, available to those who don’t think 60 questions in 2 hours is hardcore enough but….

How to prepare for the GCP Professional Data Engineer certification - A path to pass GCP Professional Data Engineer.

Slides, Videos, Audio

GCP Podcast - #303 Geo-spatial Awakening in Global Supply Chains with Nathan Eaton and Denise Pearl.

Kubernetes Podcast - #178 Kubernetes 1.24, with James Laverack.

Security Podcast - #63 State of Autonomic Security Operations: Are There Sharks in Your SOC with Robert Herjavec.

SRE Podcast - #5 Client-Transparent Migrations with Pavan Adharapurapu.

Releases

Anthos clusters on AWS - Anthos Clusters on AWS aws-1.11.0-gke.6 (previous generation) is now available. The issue announced in the April 19th release note regarding the creation of 1.22 clusters has been resolved. This release fixes the following CVEs: CVE-2022-0492 CVE-2022-1055. This release removes unneeded permissions from the coredns-autoscaler, calico-typha, and konnectivity-agent-autoscaler components.

Anthos clusters on bare metal - 1.10. Release 1.10.4 Anthos clusters on bare metal 1.10.4 is now available for download. Fixes: The following container image security vulnerabilities have been fixed: CVE-2021-3999 CVE-2021-33910 CVE-2021-45960 CVE-2021-46143 CVE-2022-1055 CVE-2022-22822 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25236 CVE-2022-25315 CVE-2022-27666 Role-based access control (RBAC) fixes: Set AutomountServiceAccountToken field for Node Problem Detector jobs and etcd-defrag Daemonsets to false. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section. 1.11. Release 1.11.1 Anthos clusters on bare metal 1.11.1 is now available for download. Fixes: Resolved cluster installation issue in which cluster status is prematurely declared ready, resulting in a "Failed to wait for applied resources" error. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Anthos clusters on VMware - Creating a 1.11.0 user cluster with a 1.10 admin cluster fails.

Anthos - Anthos component releases for April 2022 Anthos clusters on VMware: April 11, 2022: security bulletin April 12, 2022: security bulletin April 18, 2022: 1.10.3-gke.49 patch release April 27, 2022: 1.11.0-gke.543 quarterly minor release April 28, 2022: security bulletin Anthos clusters on bare metal: April 12, 2022: security bulletin April 27, 2022: 1.9.7 patch release April 28, 2022: security bulletin Anthos clusters on AWS: April 05, 2022: (previous generation) security bulletin April 07, 2022: (previous generation) security bulletin April 12, 2022: (previous generation) security bulletin April 13, 2022: release updates April 19, 2022: (previous generation) issue announcement April 26, 2022: security bulletin April 26, 2022: (previous generation) security bulletin Anthos clusters on Azure: April 13, 2022: release updates April 26, 2022: security bulletin Anthos Config Management: April 21, 2022: 1.11.1 patch release Anthos Service Mesh: April 14, 2022: 1.13.2-asm.2 patch release Connect: N/A Cloud Run for Anthos: N/A Migrate for Anthos and GKE: N/A Cloud Logging: April 2022: release updates Cloud Monitoring: April 2022: release updates.

Anthos GKE on AWS - Anthos Clusters on AWS aws-1.11.0-gke.6 (previous generation) is now available. The issue announced in the April 19th release note regarding the creation of 1.22 clusters has been resolved. This release fixes the following CVEs: CVE-2022-0492 CVE-2022-1055. This release removes unneeded permissions from the coredns-autoscaler, calico-typha, and konnectivity-agent-autoscaler components.

AppEngine Standard Ruby - The Ruby 3.0 runtime for App Engine standard environment is now generally available.

Artifact Registry - v1. Artifact Registry is now available in the europe-west9 region (Paris, France). v1. Getting and listing Artifact Registry locations in a project now requires the following permissions: artifactregistry.locations.list artifactregistry.locations.get You can grant these permissions with the Artifact Registry Reader role (roles/artifactregistry.reader) role or another role that includes these permissions.

Cloud Asset Inventory - Documentation for Policy Analyzer has moved to the Policy Intelligence documentation.

BigQuery ML - The following new features are now generally available (GA) for ARIMA_PLUS models: You can use ML.EVALUATE to calculate new forecasting accuracy metrics such as MAPE, SMAPE, and MSE.

BigQuery - The new format element %J is generally available (GA) for DATE, TIME, DATETIME, and TIMESTAMP functions. PARSE_DATE, PARSE_TIME, PARSE_DATETIME, and PARSE_TIMESTAMP now support the following date and time format elements: %a, %A, %g, %G, %j, %u, %U, %V, %w, and %W. Case-insensitive collation support for BigQuery is now available for Preview. The COLLATE function is now available for Preview in Google Standard SQL for BigQuery. The DEFAULT COLLATE clause is now available for Preview. The COLLATE clause is now available for Preview.

BigTable - A Cloud Bigtable table overview page in the Cloud console is now generally available (GA). Cloud Bigtable is available in the europe-west9 (Paris) region.

Cloud Build - Cloud Build now supports a script field, which allows users to specify shell scripts to execute in a build step.

Channel Services - Rebilling is now available in the Partner Sales Console and Cloud Channel API.

Compute Engine - Generally available: Paris, France europe-west9-a,b,c has launched with general-purpose E2 and N2 VMs available in all three zones.

Dataflow - Dataflow is now available in Paris (europe-west9).

Cloud Deploy - Google Cloud Deploy now supports Skaffold version 1.37.1, as the default.

Cloud Functions - Cloud Functions now supports Ruby 3.0 at the General Availability release level. Cloud Functions has added support for the following new runtimes at the Preview release level: Python 3.10 PHP 8.1.

Cloud Healthcare API - v1beta1 & v1 & v1alpha2. The Healthcare Natural Language API is available in the following locations: asia-south1 europe-west4 us-central1.

KMS - Cloud KMS is available in the following region: europe-west9 For more information, see Cloud KMS locations.

Google Kubernetes Engine - Spot Pods for GKE Autopilot clusters is now generally available. Spot VMs on GKE is now generally available. (2022-R10) Version updates GKE cluster versions have been updated. The europe-west9 region in Paris is now available.

GKE - Page: No Channel (2022-R10) Version updates The following control plane and node versions are now available: 1.19.16-gke.11800 1.20.15-gke.6000 1.21.11-gke.1900 1.22.8-gke.2200 1.23.5-gke.1501 1.23.5-gke.2400 The following control plane versions are no longer available: 1.19.16-gke.9200 1.20.15-gke.2500 1.21.5-gke.1805 Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.9400 with this release.

Google Kubernetes Engine Rapid - (2022-R10) Version updates The following versions are now available in the Rapid channel: 1.21.11-gke.1900 1.22.8-gke.2200 1.23.5-gke.2400 The following versions are no longer available in the Rapid channel: 1.21.11-gke.900 1.22.7-gke.1300 1.23.5-gke.200 Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to 1.19.16-gke.9400 with this release.

Google Kubernetes Engine Regular - (2022-R10) Version updates The following versions are now available in the Regular channel: 1.20.15-gke.5000 1.21.11-gke.900 1.23.5-gke.1501 The following versions are no longer available in the Regular channel: 1.20.15-gke.4100 1.21.5-gke.1805 Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to 1.19.16-gke.9400 with this release.

Google Kubernetes Engine Stable - (2022-R10) Version updates Version 1.21.10-gke.2000 is now the default version in the Stable channel.

Load Balancing - Regional external HTTP(S) load balancers now support Shared VPC configurations where the load balancer's forwarding rule, target proxy, and URL map, can be created in a host or service project, while the backend services and backends can be distributed across multiple service projects in the Shared VPC environment.

Cloud Logging - You can now hide large amounts of similar log entries from your query results in the Logs Explorer.

Memorystore for Memcached - Added new Memorystore for Memcached region: Paris (europe-west9). v1. Added new Memorystore for Memcached region: Milan (europe-west8).

Cloud Monitoring - You can now configure Metrics Explorer and charts on dashboards to display a ratio of metrics by using the Cloud Console. SLO monitoring: Cloud Monitoring can now detect potential GKE- and Cloud Run-based services in your project.

Cloud VPN - Cloud VPN is now available in region europe-west9 (Paris, France).

Cloud PubSub - Pub/Sub is now available in europe-west9 (Paris).

Resource Manager - The feature for listing the effectively evaluated tags on a resource has launched into public preview. The resource usage restriction Organization Policy constraint has launched into general availability.

Cloud Run - You can now define service-level objectives (SLOs) for your Cloud Run services using SLO monitoring in Cloud Monitoring or the Cloud Run service page. The following new region is now available: europe-west9.

Service Mesh - Managed Anthos Service Mesh. Version 1.13 is now available for managed Anthos Service Mesh and is rolling out into the Rapid Release Channel. In addition to the existing labels, you can now use the "istio-injection" label as an alias.

Cloud Spanner - You can create Cloud Spanner regional instances in Paris (europe-west9). Query Optimizer version 4 is generally available, and is the default optimizer version.

Cloud SQL - Support for europe-west9 (Paris). New maintenance versions are now available through self-service maintenance.

Cloud Storage - Us-east4 is now available for dual-region storage. Cloud Storage is now available in Paris, France (europe-west9 region).

Traffic Director - Traffic Director's service routing APIs now include Gateway TLS routing.

Cloud Vision API - OCR model migration reverted We have switched the "builtin/stable" model back to the original version temporarily while we fix a bug resulting from this migration. OCR model migration The TEXT_DETECTION and DOCUMENT_TEXT_DETECTION models have been upgraded to newer versions.

Virtual Private Cloud - For auto mode VPC networks, added a new subnet 10.200.0.0/20 for the Paris europe-west9 region.

Cloud VPN - Cloud VPN is now available in region europe-west9 (Paris, France).

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko