Welcome to issue #326 December 26th, 2022

As this is the last issue in 2022, I want to thank you all for sticking with this newsletter, your feedback, and your support, and wish you all the best in 2023.

News

Document AI adds three new capabilities to its OCR engine - Announcing three new features for Document AI OCR, including intelligent document quality metrics, digital PDF support, and OCR model versioning.

New control plane connectivity and isolation options for your GKE clusters - New GKE networking options enable cluster isolation for the control plane and node pools, for more scalable, secure, and cost-effective GKE clusters.

Filestore Enterprise Multishares for GKE now generally available - Using Filestore Enterprise multishare with your GKE environment can improve storage efficiency.

---

Meet DoiT

We are committed to solving both essential and advanced cloud challenges. That's why we provide intelligent technology that simplifies and automates cloud use, alongside expert consultancy and unlimited technical support - all at no extra cost to our customers.

---

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud CISO Perspectives: December 2022 - Which security lessons of the past year were the most important? We look back at 2022 with members of GCAT and Google Cloud’s Office of the CISO.

Understanding Cloud Load Balancing for hybrid and multicloud environments - Cloud Load Balancing supports hybrid and multicloud with universal traffic management policies, and tools for high performance and reliability.

An Introduction to IPv6 on Google Cloud - Google Cloud now supports IPv6 addressing on ‘dual-stack’ VM instances running both IPv4 and IPv6, as well as dual-stack GKE nodes and pods.

Protecting GKE Ingress default backend with Cloud Armor - Learn how to protect the GKE Ingress default backend with Cloud Armor Policies.

The Benefits of Using MetalLB for Load Balancing in Google Anthos - Benefits of using Metal Load Balancer with Anthos.

Setup SSO for OpenVPN Access Server with Google Cloud Identity using SAML - With OpenVPN Access Server 2.11 or above, you can set up SSO using SAML, this blog post describes setting up SSO with Google Cloud Identity.

The Chronicle CLI - Chronicle SIEM recently released the Chronicle CLI onto GitHub. In this post I’ll explore what it is, and how to start using it.

App Development, Serverless, Databases, DevOps

The Squire’s guide to automated deployments with Cloud Build - Getting started with your first automated deployment pipeline using open source project Emblem featuring Google Cloud Serverless products like Cloud Run, Cloud Build, Artifact Registry, and Pub/Sub.

Google Cloud Memorystore for Redis Best Practices - Tips for a highly performant and worry-free deployment - Memorystore for Redis on Google Cloud is a fully managed, highly available, highly performing, scalable and secure service for Redis. Best practices & features that will accelerate your deployment.

Configuring Google Cloud Datastream private connectivity with Cloud SQL for PostgreSQL - Running Datastream replicating data from a Cloud SQL PostgreSQL from another project with a private IP to BigQuery.

Best practices for architecting cost-effective and scalable Apigee-X PayG Organisation in GCP - A checklist for crucial decision areas that need to be planned before provisioning an Apigee X organization.

BYOP — Bring your own Prometheus (and Grafana) to monitor Apigee hybrid - This article describes the deployment of a custom end-to-end metrics path based on the popular open-source tool Prometheus and Grafana for hybrid Apigee deployment.

How to globally expose Apigee for internal traffic - This article provides a step-by-step guide on how to leverage the “global-access” feature of the Internal Load Balancer to expose different API services within your organisation with a single entry point over multiple regions.

GCP Cloud SQL Users in Terraform - Setting users for Cloud SQL via Terraform.

Cloud Run: Hot reload your Secret Manager secrets - Keep the latest secret version in Cloud Run with Secret Manager integration can be a challenge or even a blocker. But not anymore!

Disaster Recovery — locality-restricted workloads on GCP - This post discusses how you can use Google Cloud to architect for disaster recovery (DR) to meet location-specific requirements.

Big Data, Analytics, ML&AI

Dead letter queue for errors with Beam, Asgarde, Dataflow and alerting in real time - The goal of this article is showing a use case with a Beam pipeline containing a dead letter queue for errors applied with Asgarde library.

Data augmentation with BigQuery and Google Knowledge Graph - Example of using data from Google Knowledge Graph to enrich data in BigQuery.

How I use BigQuery Analytic Functions as a Data Scientist - Practical examples on how to use advanced SQL to do analyses in BigQuery.

Loading Geographic Multiband Raster Data in BigQuery - Goal: Load Raster Data in BigQuery using Dataflow with GeoBeam or GDAL core libraries.

Perform hyperparameter tuning using R and caret on Vertex AI - How to perform hyperparameter tuning on Vertex AI using custom containers for models written in R.

BigQuery View Table for Machine Learning Feature Store - Organizing data in BigQuery for Machine Learning.

Various

2022 was a year spent turning sustainable ambitions into action - Enabling Google Cloud customers to make sustainability-minded decisions contributes to reversing climate change in a big way.

The top 8 products startups use on Google Cloud - Discover the 8 top products that startups use on Google Cloud to innovate and grow.

A motorcycle accident left Googler Yariv Adan with chronic pain—it’s made him an advocate for empathy and equity - Product Lead for Cloud Conversational AI, Yariv Adan shares how he’s breaking stigmas and advocating for disabled colleagues in the workplace.

Google Cloud wrapped: Top 22 news stories of 2022, according to you - We ran the numbers to find this year’s top Google Cloud news stories, by readership.

Passing all the 12 Google Cloud certifications efficiently - Comparing GCP certification exams.

Slides, Videos, Audio

GCP Podcast - #331 2022 Year End Wrap Up.

Security Podcast - #102 Sunil Potti on Building Cloud Security at Google.

Releases

Anthos clusters on AWS - A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code.

Anthos clusters on bare metal - 1.13 & 1.14. Anthos clusters on bare metal release 1.14.0 is now available for download. 1.13. Release 1.13.3 Anthos clusters on bare metal 1.13.3 is now available for download. The following container image security vulnerabilities have been fixed: CVE-2022-35737 CVE-2022-42311 CVE-2022-33745 CVE-2022-42309 CVE-2022-42320 CVE-2022-42323 CVE-2022-33748 CVE-2022-42321 CVE-2022-33746 CVE-2022-42310 CVE-2022-42316 CVE-2022-42322 CVE-2022-42319 CVE-2022-42325 CVE-2022-42315 CVE-2022-42324 CVE-2022-42314 CVE-2022-42317 CVE-2022-42312 CVE-2022-42318 CVE-2022-42313 CVE-2022-42326. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Anthos clusters on Azure - A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code.

Anthos clusters on VMware - A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code. Anthos clusters on VMware 1.14.0-gke.430 is now available. Support for user cluster creation with Controlplane V2 enabled is now generally available. Upgraded Kubernetes from 1.24 to 1.25: Migrated PDB API version from policy/v1beta1 to policy/v1. Fixed an issue where anet-operator could be scheduled to a Windows node with enableControlplaneV2: true. Anthos clusters on VMware 1.12.4-gke.42 is now available. Changed the relative file path fields in the admin cluster configuration file to use absolute paths. Increased memory limit of monitoring-operator- Pods to 1 GB to avoid potential OOM events under certain configurations.

Anthos GKE on AWS - A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code.

AppEngine Standard - The option to update a Serverless VPC Access connector is now available in preview.

Batch - Documentation has been updated to include new samples.

BigQuery - The Lineage tab in the table properties page lets you track how your data moves and transforms through BigQuery. BigQuery now blocks saving query results to Google Drive from projects inside a VPC Service Controls protected perimeter.

Cloud Composer - (Available without upgrading) Fixed an issue where upgrading a Private IP environment with VPC peerings to Cloud Composer 2.0.31 and later versions resulted in intermittent issues with database connections. Cloud Composer 1.20.2 and 2.1.2 are versions with an extended upgrade timeline.

Compute Engine - Generally available: N2 VMs with 64 or more vCPUs now support up to 4 GB/s (read) and 3 GB/s (write) throughput per instance with Extreme persistent disks (pd-extreme).

Dataproc Serverless - New sub-minor versions of Dataproc images: 1.5.79-debian10, 1.5.79-rocky8, 1.5.79-ubuntu18 2.0.53-debian10, 2.0.53-rocky8, 2.0.53-ubuntu18 2.1.1-debian11, 2.1.1-rocky8, 2.1.1-ubuntu20. New Dataproc Serverless for Spark runtime versions: 1.0.25 2.0.5. Backported Spark patch in Dataproc Serverless for Spark runtime 1.0 and 2.0: SPARK-40481: Ignore stage fetch failure caused by decommissioned executor.

Dataproc - New sub-minor versions of Dataproc images: 1.5.79-debian10, 1.5.79-rocky8, 1.5.79-ubuntu18 2.0.53-debian10, 2.0.53-rocky8, 2.0.53-ubuntu18 2.1.1-debian11, 2.1.1-rocky8, 2.1.1-ubuntu20. New Dataproc Serverless for Spark runtime versions: 1.0.25 2.0.5. Backported Spark patch in Dataproc Serverless for Spark runtime 1.0 and 2.0: SPARK-40481: Ignore stage fetch failure caused by decommissioned executor.

Datastore - Support for the australia-southeast2 (Melbourne) region.

Terraform on Google Cloud - Published an update to the Terraform blueprints page.

Document AI - v1.3. We are launching a public preview version of the Purchase Order (PO) processor, pretrained-purchase-order-v1.1-2022-06-17, with the following new features: Support for uptraining to improve, add, and remove entities in the schema Support for uptraining to add support for unsupported languages Improvements to overall performance. v1beta3. The Document AI OCR Processor has the following new features: The OCR Processor now supports extracting embedded text from digital PDFs in public preview. Known issues with the digital PDF feature of the Document AI OCR Processor: On a small number of documents, the word ordering within lines of text as reported by native text extraction might be wrong.

Cloud Firestore - Support for the australia-southeast2 (Melbourne) region.

Cloud Functions - The option to update a Serverless VPC Access connector is now available in preview.

Google Kubernetes Engine - Dual-stack clusters in GKE are now generally available. A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code. You can now enable NCCL Fast Socket on your multi-GPU workloads. CVE-2022-37434, CVE-2022-40674, CVE-2022-1586, CVE-2022-1587 have been patched in the PD CSI driver in 1.22, 1.23, 1.24 for newly created clusters.

Cloud Logging - Cloud Logging now supports the following regions: US EU For more information, see Data regionality for Cloud Logging.

Pub/Sub Lite - Pub/Sub Lite now supports export subscriptions.

Retail Recommendations AI - Recommendations AI now provides the On-sale model.

Cloud Run - The option to update a Serverless VPC Access connector is now available in preview.

Security Command Center - The userName attribute was added to the Finding object of the Security Command Center API.

Cloud Spanner - The new Cloud Spanner Kafka connector publishes change streams records to Kafka for application integration and event triggering. You can now use the ALTER INDEX statement to add columns into an index or drop non-key columns.

Cloud SQL MySQL - Cloud SQL for MySQL now supports using the lower_case_table_names flag for MySQL 8.0.

Cloud Storage Transfer - Storage Transfer Service now offers Preview support for tracking progress of a Transfer Job using Cloud Monitoring, allowing you to monitor the number of objects and amount of data copied by Storage Transfer Service in near real-time.

Cloud TPU - Cloud TPU now supports TensorFlow patches: 2.8.4, 2.9.3, and 2.10.1.

Vertex AI - Vertex AI TensorFlow Profiler Vertex AI TensorFlow Profiler is generally available GA. Vertex AI Matching Engine Vertex AI Matching Engine now offers General Availability support for updating your indices using Streaming Update, which is real-time indexing for the Approximate Nearest Neighbor (ANN) service. Vertex AI Feature Store streaming ingestion is now generally available (GA). You can now override the default data retention limit of 4000 days for the online store and the offline store in Vertex AI Feature Store.

VMware Engine - VMware Engine nodes are now available in the following additional region: Milan, Italy, Europe (europe-west8).

Virtual Private Cloud - Preview: You can use geo-location objects in firewall policy rules to filter external IPv4 and external IPv6 traffic based on specific geographic locations or regions. Preview: You can use Threat Intelligence for firewall policy rules to secure your network by allowing or blocking traffic based on threat intelligence data. Preview: You can use address groups to combine multiple IP addresses and IP ranges into a single named logical unit. Preview: You can use fully qualified domain name (FQDN) objects in firewall policy rules to filter incoming or outgoing traffic from specific domain names.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko