Welcome to issue #309 August 29th, 2022

News

Announcing Virtual Machine Threat Detection now generally available to Cloud customers - Google Cloud makes the world’s first public cloud agentless virtual machine threat detection available to all Security Command Center Premium customers.

Announcing public availability of Google Cloud Certificate Manager - Google Cloud Certificate Manager can help users acquire and manage TLS certificates at scale for use with Cloud Load Balancing. Now in general availability, it includes Terraform automation and self-service ACME certificate enrollment.

Vertex AI Example-based Explanations improve ML via explainability - Meet a new approach to explain AI: Vertex AI Example-based Explanations help you build better models and loop in stakeholders.

Route Datadog monitoring alerts to Google Cloud with Eventarc - Route Datadog monitoring alerts to Google Cloud with Eventarc.

New prefix and suffix lifecycle rules for Cloud Storage - Google Cloud Storage now offers lifecycle rules based on prefix or suffix, and for multipart uploads.

Register now for Firebase Summit 2022! - Seventh annual Firebase Summit is returning as a hybrid event with both in-person and virtual experiences! 1-day, in-person event will be in New York City on October 18, 2022.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Google Kubernetes Engine: 7 years and 7 amazing benefits - How you can benefit from 7 years of the most automated and scalable managed Kubernetes.

How to avoid cloud misconfigurations and move towards continuous compliance - Infrastructure continuous compliance can be achieved thanks to Google Cloud’s open and extensible architecture, which uses Security Command Center and open source solutions.

Jupiter evolving: Reflecting on Google’s data center network transformation - Thanks to optical circuit switching (OCS) and wave division multiplexing (WDM) in the Jupiter data center network, Google enjoys a host of benefits.

Implementing a zero trust network using Anthos Service Mesh and BeyondCorp Enterprise - Zero trust is a security concept for modern distributed networks in which there may be no traditional network edge. Let’s set it up on GCP.

Zero Trust Access with Beyondcorp - An overview of Beyondcorp concept on GCP.

Ultimate Google Cloud Operations configuration for external services - Monitoring Elasticsearch service deployed on Elastic Cloud with OpenTelemetry and Cloud Operations.

How We Manage Google Kubernetes Engine - Hello, this is Oguzhan from Trendyol; I am working as a Site Reliability Engineer. Today, We will be talking about how we create a Private….

Optimizing Linkerd Metrics in Prometheus - Linkerd is a service mesh solution with an ideology like “do less but do it best.” It has the Viz extension that provides its own dashboard….

Modern Data Stack: One K8S cluster to rule them all - Organizing GKE for data applications.

App Development, Serverless, Databases, DevOps

Lightweight Application Development with Serverless Cloud Functions (Java) and Cloud SQL (SQL Server) in 2 minutes - In this post, you’ll learn to build a Java based Cloud Function that will connect to Cloud SQL - SQL Server database using Cloud SQL Connector for Java.

Why all retailers should consider Google Cloud Retail Search - Cloud Retail Search offers advanced search capabilities such as better understanding user intent and self-improving ranking models that help retailers unlock the full potential of their online experience.

How to Connect to Cloud SQL using Python … the easy way! - Learn how to connect to a Cloud SQL database from Python using the Cloud SQL Python Connector.

Scalable Matchmaker Performance with Cloud Memorystore for Redis Read Replicas - This blog post shows the performance of Open Match and Cloud Memorystore for Redis Read Replicas to create a scalable matchmaker to handle a large surge of players.

Automatic Database Compatibility Testing - Learn how to test database schema compatibility from your CI pipeline to improve your canary deployments.

Avoid Public PyPI Using Google Cloud Artifact Registry - Set up a private Python index using Artifact Registry, following instructions that also work when users do not have internet access.

Deploy React App to Google App Engine with Bitbucket Pipelines - Setup Continuous Deployment for your React app using Bitbucket Pipelines and Google App Engine.

Dialogflow CX Cloud Function Webhook with VPC-SC - To enhance responses, Dialogflow CX can use Cloud Functions. Lets use a TCP reverse proxy to enable private communication.

Three ways to boost your NetApp Google Cloud Skills - Labs to learn NetApp.

Designing Bigtable Schemas - A brief overview of the Bigtable schema design principles.

Big Data, Analytics, ML&AI

How to get a Beam schema from a BigQuery schema JSON file - Learn how to write Beam pipelines with dynamic schemas using BigQuery JSON schema files.

Airflow logging and alerting on Google Cloud - In this article we will walk through the practical logging and alerting solutions for Airflow on Google Cloud.

Spatial Clustering on BigQuery - Best Practices - Reduce cost and increase performance of your geospatial queries by leveraging spatial clustering in BigQuery.

End-to-End DBT project in Google Cloud Platform (Part 1) - This article covers basic concepts around dbt and using with BigQuery.

Managing our data using BigQuery, dbt and Github Actions - Setting data warehouse on GCP with BigQuery and dbt and deploying via GitHub actions.

Dynamically Load Data to any BigQuery Table from GCS - How would you load 100s of tables from GCS to BigQuery?

BigQuery resource management - A custom solution to monitor BigQuery.

Decision Gate for MLOps pipelines with Vertex AI Experiments - Building decision gate using Vertex AI Experiments.

Various

Observing Women’s Equality Day 2022 with Google Cloud - Googlers and Google Cloud Innovator Champion community what Women’s Equality Day 2022 means to them.

Passing the Google Cloud professional Database engineer exam - Concrete tips to focus on preparation for Database Engineer Exam.

Slides, Videos, Audio

GCP Podcast - #317 Launching Products at Google Cloud with Anita Kibunguchy-Grant and Gabe Weiss.

Kubernetes Podcast - #187 Kubernetes 1.25, with Cici Huang.

Security Podcast - #80 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Does the Risk Change?

GCP Life Podcast - #21 In this episode we discuss; NZ Region, Google Outage, Google Q2 Results, ACCC Approves Mandiant, Google Removed Workspaces, Google Sued, Google Announcements, Man Robbed, XSS Vulnerabilities.

Releases

Transcoder API - Deinterlace configurations are now supported. Audio-only outputs are now supported. Labels are now supported.

Access Approval - Access Approval supports Dataproc in the Preview stage.

Anthos clusters on AWS - Anthos clusters on AWS (previous generation) aws-1.12.2-gke.1 is now available. You can now launch clusters with the following Kubernetes versions: 1.21.14-gke.2900 1.22.12-gke.1100 1.23.9-gke.800. This release fixes the following vulnerabilities: CVE-2022-29901 CVE-2022-28693 CVE-2022-29900 CVE-2022-23825 CVE-2020-29361 CVE-2020-27350 CVE-2021-20232 CVE-2022-34903 CVE-2020-24659 CVE-2021-20305 CVE-2021-43618 CVE-2021-3580 CVE-2021-20231 CVE-2021-3520 CVE-2020-29363 CVE-2020-29362 CVE-2022-1664 CVE-2021-33910 CVE-2018-25032.

Anthos clusters on bare metal - 1.12. Release 1.12.2 Anthos clusters on bare metal 1.12.2 is now available for download. Features: Added –use-disk flag to bmctl backup cluster command to use the disk instead of the in-memory buffer to back up a cluster. Fixes: Added caching for the Cloud Audit Logging feature status to avoid unnecessary checks and improve performance. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section. 1.10. Release 1.10.8 Anthos clusters on bare metal 1.10.8 is now available for download. Fixes The following container image security vulnerability has been fixed: CVE-2022-1664. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section. 1.12. Anthos VM Runtime Anthos VM Runtime is Generally Available (GA). VM Runtime issues: When kubevirt is configured, customers should ensure that TOR switches have MAC learning enabled.

Anthos clusters on VMware - Anthos clusters on VMware 1.12.1-gke.57 is now available. GA: You can now have your GKE clusters in separate vSphere clusters. Fixed the issue where mounting emptyDir volume with exec option on Container-Optimized OS (COS) nodes fails with permission error.

Artifact Registry - Container Analysis automatic scanning for Java and Go vulnerabilities in container images is now in Preview.

Compute Engine - Preview: You can double the default size limit for a managed instance group (MIG): Zonal MIGs now support up to 2,000 VMs and regional MIGs support up to 4,000 VMs.

Dataflow - Dataflow now uses Regional Managed Instance Groups (MIGs).

Dataproc - Announcing the Preview release of Dataproc custom constraints, which can be used to allow or deny specific operations on Dataproc clusters. Announcing Dataproc Serverless for Spark preview runtime version 2.0.0-RC1, which includes the following components: Spark 3.3.0 Cloud Storage Connector 2.2.7 Java 17 Conda 4.13 Python 3.10 R 4.1 Scala 2.13. Dataproc Serverless for Spark now uses runtime version 1.0.16, which upgrades the following components to the following versions: Spark 3.2.2 Avro 1.11.1 Hadoop 3.3.4 Jetty 9.4.48.v20220622 ORC 1.7.5 RoaringBitmap 0.9.31 Scala 2.12.16.

Google Kubernetes Engine - CVE-2022-24675 CVE-2022-2068 CVE-2022-28327 have been patched in the PD CSI driver in 1.23 for newly created clusters. For VPC-native clusters, the user-managed secondary range for Services can now be shared among clusters in the same subnet.

KF - 2.11.5. Added limits to containers. Fixed set-env slowness. 2.11.4. Fixed issue that liveness probe is not set properly.

Cloud Monitoring - There are new filtering capabilities for the projects.uptimeCheckConfig.list API method.

Resource Manager - Organization Policy custom constraints has launched into public preview.

Security Command Center - The following attributes were added to the Finding object of the Security Command Center API: Database provides information about access to a database that is related to a finding.

SAP Solutions - Monitoring agent for SAP HANA version 2.6 Version 2.6 of the monitoring agent for SAP HANA is now available. Google Cloud monitoring agent for SAP NetWeaver version 2.6 Version 2.6 of the Google Cloud monitoring agent for SAP NetWeaver is now available. Terraform configurations for SAP deployments on Google Cloud Terraform configurations to automate the deployment of the following SAP solutions on Google Cloud are now generally available (GA): SAP HANA single-host scale-up or multi-host scale-out SAP HANA scale-out with host auto-failover SAP HANA scale-up in a Linux high-availability cluster SAP NetWeaver on RHEL or SLES SAP NetWeaver high-availability cluster configuration on SLES For more information, see Automating SAP deployments on Google Cloud with Terraform.

Cloud SQL Postgres - The following extensions in Cloud SQL for PostgreSQL are generally available: pgRouting.

Cloud SQL SQL Server - Cloud SQL may set a value for the max server memory (mb) flag on instances, based on Microsoft's recommended values.

Cloud Storage - The restrict authentication types organization policy constraint is now generally available (GA).

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko