Welcome to issue #315 October 10th, 2022

News

New Google Cloud Spot VM price reductions: Up to 11% off already discounted - New, lower prices available on Google Cloud Spot VMs.

Introducing gcloud storage: up to 94% faster data transfers for Cloud Storage - gcloud CLI enables super-fast data transfers into Cloud Storage and delivers a consistent CLI experience across all Google Cloud services.

Moving to Log Analytics for BigQuery export users - Log Analytics combines the power of BigQuery with Cloud Logging. Learn why you should migrate to Log Analytics and how to convert SQL queries originally made for BigQuery log sink.

Cloud Monitoring further embraces open source by adding PromQL - PromQL is now supported in Cloud Monitoring’s Metrics Explorer and dashboards. Use the query language that Kubernetes devs already know and love.

Querying Firestore in the Cloud Console - You can now visually construct queries using all the power of the Firestore SDK—query collections or collection groups using multiple WHERE clauses, equalities, and comparison operators.

CCAI Platform goes GA: Faster time to value with AI for your Contact Center - Google Cloud Contact Center AI provides end-to-end capabilities that bring AI to the call center.

Streamline your models to production with the Vertex AI Model Registry - The Vertex AI Model Registry is the central repository where you can manage the lifecycle of all your ML models.

Announcing Advanced Markers: easily create highly customized, faster performance markers - With Advanced Markers for the Maps JavaScript API. Now, you can create highly customized, faster performance markers that provide a richer user experience, showcase your brand, and save time and resources.

Google announces new Health Equity Research Initiative to mitigate health disparities - The Google Health Equity Research Initiative is designed to help researchers advance health equity research and improve health outcomes for groups disproportionately impacted by health disparities and/or negative social and structural determinants of health.

U.S. Army chooses Google Workspace to deliver cutting-edge collaboration - Google Public Sector will provide 250,000 active-duty enlisted members of the U.S. Army with Google Workspace.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

From open source to managed services: Maisons du Monde’s service mesh journey - Hear why Maisons du Monde chose to migrate from Istio to Anthos Service Mesh and the continuing benefits of their application modernization.

6 Building blocks for cloud networking - Networking Architecture - This blog looks at 6 reference blocks of cloud networking and some services that can assist when designing your cloud networks.

Use Artifact Registry and Container Scanning to shift left on security and streamline your deployments - Artifact Registry and Container Scanning help customer shift left security for kubernetes GKE and Cloud Run.

Securing Software Supply Chain on Google Cloud - The purpose of this document is to provide a step by step guide and related artifacts to set up a secure CI/CD pipeline for a containerized workload.

Best security practices for Service Account keys on Google Cloud - The best security practices that can be implemented on service accounts and mitigate them without getting compromised.

Notification of Firewall denies - An example of using Cloud Monitoring alerting subsystem to inform users about rejected requests because of firewall rules in VPC.

VPC design considerations for Google Cloud - Covering 201 to 301, a quick recap of all network design fundamental considerations used in Google Cloud’s VPC.

How to use Workload Identity for access provisioning of Kubernetes services on Google Cloud - Workload Identity is the recommended way for your workloads running on Google Kubernetes Engine (GKE) to access Google Cloud services in a secure and manageable way.

App Development, Serverless, Databases, DevOps

100,000 new SUVs booked in 30 minutes: How Mahindra built its online order system - Mahindra Group’s Automotive Division optimized their website in anticipation of the release of the new vehicle model.

Tell us about your Cloud Architecture dreams - Learn how Google is thinking about cloud architecture and share your thoughts with us.

Log levels in Google Cloud (Node.js) - Using the correct logging format in serverless instances.

GCP Cloud Logging : How to Enable Data Access Audit For Selected Buckets - This post explains how to enable data access audit for selected GCS buckets while excluding other buckets within the same project from being audited.

How to secure APIs against fraud and abuse with reCAPTCHA Enterprise and Apigee X - This Apigee X with reCAPTCHA Enterprise proxy code guide shows exactly how to provision a reCAPTCHA proxy flow.

.NET 6 on Cloud Functions (2nd gen) - deploying .NET functions to Cloud Functions 2nd gen.

What’s new in Cloud Run 2022 - Top 5 problems that Cloud Run solved for me in 2022.

Big Data, Analytics, ML&AI

Secure streaming data with Private Service Connect for Confluent Cloud - Confluent Cloud supports Google Cloud Private Service Connect making it easier for organizations to get secure private network connectivity.

Analyzing satellite images in Google Earth Engine with BigQuery SQL - Learn how to use BigQuery SQL inside Google Earth Engine to analyze satellite imagery to track farm health.

Built with BigQuery: How Tinyclues and Google Cloud deliver the CDP capabilities that marketers need - Built with BigQuery: How TinyClues delivers their next generation headless CDP solution.

How to simplify and fast-track your data warehouse migrations using BigQuery Migration Service - A suite of tools for enabling end-to-end data warehouse migrations to BigQuery.

Building an automated data pipeline from BigQuery to Earth Engine with Cloud Functions - This post walks through the architecture for a recently open sourced architecture of an automated data pipeline with BigQuery and Earth Engine.

3 BigQuery SQL Tricks to Undo Your Screw Ups - Messing up while writing and running SQL is inevitable; your recovery determines whether this is a hiccup or an apocalypse.

GCP — Proactive DQ Alert Setup - Using Data Quality library to manage pro-active data quality alerts on the data ingested in BigQuery.

Using custom containers with Dataflow flex templates - This article describes how to use custom containers with Dataflow templates.

How our commitment to open source unlocks AI and ML innovation - From TensorFlow, JAX, and TFX to MLIR, KubeFlow, and Kubernetes, Google OSS contributions help accelerate machine learning.

Building reusable Machine Learning workflows with Pipeline Templates - This blog post demonstrates how to create, upload, and (re)use end-to-end pipeline templates using the Kubeflow Pipelines (KFP) SDK registry client (`RegistryClient`), Artifact Registry, and Vertex AI Pipelines.

Building Large Scale Recommenders using Cloud TPUs - In this blog post, we introduce concepts to generate and analyze traces to debug PyTorch training performance on TPU VM.

Various

Sales specialist, mentor, and woman in Web3: Anella Bokhari is building community and helping others tell their story along the way - Sales Specialist, Mentor, and Woman in Web3: Anella Bokhari Wears Many Hats But Has the Same “Why” – Helping Others Find & Tell Their Stories.

Google Cloud Next for application developers: 5 can’t miss breakout sessions - These five breakout sessions at Google Cloud Next ‘22 will bring application developers up to speed on trends on containers, serverless, and CI/CD.

5 Google Cloud Next ’22 sessions on Cloud FinOps Cost Optimization - Learn from industry experts and real-world customers on how to optimize your costs on Google Cloud and create efficient solutions to maximize your business value on cloud.

Google Cloud Next ‘22 for enterprise cloud architects: 5 breakout sessions you can’t miss - This year, Google Cloud Next will feature plenty of keynotes and sessions for enterprise cloud architects.

Google Cloud Next for executives and IT business leaders: 5 key breakout sessions - These five breakout sessions at Google Cloud Next ‘22 will illustrate how businesses are using cloud technology to build for the future.

Slides, Videos, Audio

GCP Podcast - #322 2022 State of DevOps Report with Nathen Harvey and Derek DeBellis.

Kubernetes Podcast - #191 Fresh Pivot, with Dan Stein.

Security Podcast - #86 How to Apply Lessons from Virtualization Transition to Make Cloud Transformation Better.

GCP Life Podcast - #24 “How long has that API been open!” – In this episode we discuss; Optus Hack, Next 2022, VS Code, Anthos On Prem, BQ Streaming, GCP Data Tools, Firewall Policies, Interview with Dheerendra Nath, What are OKR’s?

Releases

Anthos clusters on AWS - Anthos clusters on AWS (previous generation) aws-1.13.0-gke.5 is now available. You can now launch clusters with the following Kubernetes versions: 1.22.15-gke.300 1.23.12-gke.300 1.24.6-gke.200. This release fixes the following vulnerabilities: CVE-2022-1292 CVE-2022-1586 CVE-2022-2097 CVE-2022-2068 CVE-2022-34903 CVE-2022-37434. If you use the deprecated ubuntuRepositoryMirror: 'packages.cloud.google.com' field in the AWSManagementService resource and are upgrading your node pool, you must upgrade only to the 1.22.15-gke.300 or 1.23.12-gke.300 versions included in this release.

Anthos clusters on bare metal - 1.12. Release 1.12.3 Anthos clusters on bare metal 1.12.3 is now available for download. Fixes: Updated the container image to resolve a YAML text/template vulnerability. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Anthos GKE on AWS - Anthos clusters on AWS (previous generation) aws-1.13.0-gke.5 is now available. You can now launch clusters with the following Kubernetes versions: 1.22.15-gke.300 1.23.12-gke.300 1.24.6-gke.200. This release fixes the following vulnerabilities: CVE-2022-1292 CVE-2022-1586 CVE-2022-2097 CVE-2022-2068 CVE-2022-34903 CVE-2022-37434. If you use the deprecated ubuntuRepositoryMirror: 'packages.cloud.google.com' field in the AWSManagementService resource and are upgrading your node pool, you must upgrade only to the 1.22.15-gke.300 or 1.23.12-gke.300 versions included in this release.

Apigee X - On October 6, 2022, Apigee announced the GA launch of Cloud Monitoring for Apigee gateway node usage for Pay-as-you-go customers.

Assured Workloads for Goverment - If you create a public cluster on Google Kubernetes Engine (GKE) version 1.23 or newer in any existing Assured Workloads compliance regime folder, it might fail with the following error: ManagedResourceService.AddServiceBundle, PERMISSION_DENIED'/> APPLICATION_ERROR;google.cloud.servicedirectory.v1beta1/ManagedResourceService.AddServiceBundle;Request is disallowed by organization's constraints/gcp.restrictServiceUsage constraint for 'projects/attempting to use service 'servicedirectory.googleapis.com' To fix this issue, the Service Directory API (servicedirectory.googleapis.com) must be added as an allowed service on the resource usage restriction organization policy for the folder.

Batch - Starting today, to submit a job, you must also have the Service Account User (roles/iam.serviceAccountUser) IAM role on the service account used by a job. The new Batch Job Editor (roles/batch.jobsEditor) IAM role is intended to replace the existing Batch Job Administrator (roles/batch.jobsAdmin) role.

BigQuery - You can now explore query results in Colab using Python libraries. Concurrent connections quotas are now based on the project that initiates the Storage Write API request, not the project containing the BigQuery dataset resource. A weekly digest of client library updates from across the Cloud SDK.

Cloud Build - Users can now build repositories from GitLab Enterprise Edition, including instances hosted in a private network.

Carbon Footprint - We improved the data quality and updated coverage for the following services: Improved mapping between Google Cloud services and internal resource use, particularly for a few Networking SKUs. Updated carbon model to version 6.

Chronicle - Chronicle Feed Management for the Rapid7 Insight log type now enables you to configure the Rapid7 API endpoint. Chronicle Curated Detections has been enhanced with the following additional detection content: Windows-based threats: Living off the land (LotL): identifies tools native to Microsoft Windows operating systems that can be abused by threat actors for malicious purposes. The following supported default parsers have changed.

Cloud Composer - Starting from January 2023, the default version for new Cloud Composer environments changes from Cloud Composer 1 to Cloud Composer 2. Airflow worker memory requirements in Airflow 2.3 are 30% higher compared to workers in Airflow 2.2 or Airflow 2.1, which causes problems with automatically calculated Airflow worker concurrency.

Compute Engine - Generally available: Tau T2A, Google Cloud's first general purpose VM family to run on Arm architecture, is now generally available in these three regions.

Dataflow - Dataflow is now available in Tel Aviv (me-west1). The Dataflow VM image has been updated to include several mitigations for a recently disclosed hardware speculative execution vulnerability named Retbleed.

Dataproc Serverless - Dataproc is now available in the me-west1 region (Tel Aviv, Israel). Preemptible SPOT VMs can be used as secondary workers in a Dataproc cluster.

Dataproc - Dataproc is now available in the me-west1 region (Tel Aviv, Israel). Preemptible SPOT VMs can be used as secondary workers in a Dataproc cluster.

Dialogflow - Dialogflow CX now provides a conversation history tool, which can be used to browse, filter, and analyze production conversations.

Networking Interconnect - Dedicated Interconnect support is available in the following colocation facilities: Equinix SO2, Sofia For more information, see the Locations table.

GKE - The following control plane and node versions are now available: 1.21.14-gke.7100 1.22.15-gke.100 1.23.12-gke.100 1.24.5-gke.600.

Google Kubernetes Engine Rapid - The following versions are now available in the Rapid channel: 1.21.14-gke.7100 1.22.15-gke.100 1.23.12-gke.100 1.24.5-gke.600 1.25.1-gke.500.

Google Kubernetes Engine Regular - The following versions are now available in the Regular channel: 1.21.14-gke.5300 1.22.13-gke.1000.

Google Kubernetes Engine Stable - The following versions are now available in the Stable channel: 1.21.14-gke.5300.

Cloud Logging - You can now collect Oracle Database logs and metrics from the Ops Agent, starting with version 2.22.0. A weekly digest of client library updates from across the Cloud SDK.

Media CDN - Media CDN now supports origin redirect following and origin header overrides in Preview.

Memorystore for Memcached - Added new Memorystore for Memcached region: Tel Aviv (me-west1).

Cloud Memorystore - Added new Memorystore for Redis region: Tel Aviv (me-west1).

Cloud Monitoring - You can now collect Oracle Database logs and metrics from the Ops Agent, starting with version 2.22.0.

Cloud Interconnect - Dedicated Interconnect support is available in the following colocation facilities: Equinix SO2, Sofia For more information, see the Locations table.

Cloud VPN - Cloud VPN is now available in region me-west1 (Tel Aviv, Israel).

Network Intelligence Center - Network Analyzer is now Generally Available. Preview: Network Topology provides dedicated views and insights of VMs and instance groups that generate higher egress.

Cloud Run - Cloud Run services can now connect to Memorystore for Redis instances using integrations (Preview). Cloud Run services can now use the Global External HTTP(S) Load Balancer to map Custom Domains using integrations (Preview). New security recommendations are created for Cloud Run services, which recommends securing environment variables that might contain passwords, API keys and Google application credentials.

Security Command Center - Error notifications in Security Command Center console When Security Command Center detects configuration errors that prevent services from detecting threats or vulnerabilities, a pop-up notification appears in the Security Command Center console.

Service Mesh - 1.12.x & 1.13.x & 1.14.x. The Istio and Go projects recently disclosed a CVE that can expose Anthos Service Mesh to remotely exploitable vulnerabilities. 1.14.x. 1.14.4-asm.2 is now available. 1.13.x. 1.13.8-asm.4 is now available. 1.12.x. 1.12.9-asm.3 is now available.

SAP Solutions - Monitoring agent for SAP HANA version 2.8 Version 2.8 of the monitoring agent for SAP HANA is now available.

Cloud Speech-to-Text - Speaker Diarization is now available for "Latest" models in en-US.

Cloud SQL MySQL - Terraform is supported when you use self-service maintenance.

Cloud SQL Postgres - Cloud SQL for PostgreSQL now supports the log_timezone and TimeZone flags. Terraform is supported when you use self-service maintenance.

Cloud SQL SQL Server - When you create an instance, you can set a permanent time zone for the instance. Terraform is supported when you use self-service maintenance.

Cloud Storage Transfer - Multipart upload for transfers originating from a file system is now generally available (GA) and enabled by default. The Storage Transfer Service REST API now provides a transferJobs.delete method. Support for exporting data from Cloud Storage to a file system is now generally available (GA).

Cloud Text-to-Speech - Text-to-Speech now offers these new voices: cloud-mr-IN-Wavenet-A, cloud-mr-IN-Standard-A, cloud-mr-IN-Wavenet-B, cloud-mr-IN-Standard-B, cloud-mr-IN-Wavenet-C, cloud-mr-IN-Standard-C.

Vertex AI - Incrementally train an AutoML model You can now incrementally train an AutoML image classification or object detection model by selecting a previously trained model. Vertex AI Feature Store The ability to delete feature values from an entity type is now available in Preview. Vertex AI model evaluation is now available in Preview.

VMware Engine - VMware Engine adds five service subnets for newly created private clouds.

Virtual Private Cloud - For auto mode VPC networks, added a new subnet 10.208.0.0/20 for the Tel Aviv me-west1 region. Accessing managed services using Private Service Connect with consumer HTTP(S) controls is available in General Availability for the global external HTTP(S) load balancer.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko