Welcome to issue #342 April 17th, 2023

News

New log-based metrics feature makes it easier than ever to track important logs - Bucket-scoped log-based metrics are user-defined log-based metrics that evaluate log entries routed to a specific log bucket.

Timeseries Insights API for low latency anomaly detection at scale is now GA

Google Cloud Assured Open Source Software service is now generally available

What’s new with VMware Engine: New regions and more capabilities for storage, availability, data protection and more

Announcing the public preview of BigQuery change data capture (CDC) - BigQuery change data capture lets you replicate, insert, update, and/or delete changes from source systems without DML MERGE-based ETL pipelines.

Workflows gets an updated JSON Schema - Proactively avoid syntax errors, and speed up your coding with better auto-completion, thanks to an updated Workflows schema.

Connect from anywhere: Internal HTTP(S) Load Balancers are now globally accessible - Global access with Internal HTTP(S) Load Balancer is now GA! This feature will allow private clients to access your load balancer’s IP address from all GCP regions.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

How to secure content production on Google Cloud with CSAP

Hosting successful live events with Google Cloud - A live event, with media and streaming content, requires scalable, reliable infrastructure; CDN tech helps make it possible.

Cloud CISO Perspectives: Early April 2023 - Google Cloud CISO Phil Venables discusses our new report on how and why boards of directors should be involved in cybersecurity and risk decisions.

5 reasons to run your media services on Google Cloud - Five reasons to consider Google Cloud for your media platform needs.

Building geo-distributed applications on GKE with YugabyteDB - Learn how to build geo-distributed apps on Google Kubernetes Engine with YugabyteDB for high availability, low latency, and data compliance.

Best Kept Security Secrets: How Assured Workloads accelerates security and compliance

Google Cloud Landing Zone with Terraform and Cloud Foundation Fabric FAST — Part 1 - Step-by-step guidance for setting up a new Landing Zone on Google Cloud, using Google’s open source Fabric FAST, which is part of their Cloud Foundation Fabric part 1.

Google Cloud Landing Zone with Terraform and Cloud Foundation Fabric FAST — Part 2 - Step-by-step guidance for setting up a new Landing Zone on Google Cloud, using Google’s open source Fabric FAST, which is part of their Cloud Foundation Fabric part 2.

Set up Cloud NAT with Google Kubernetes Engine (GKE) - Cloud NAT allows GKE cluster nodes without public IP addresses, to connect to the internet using static IP addresses.

App Development, Serverless, Databases, DevOps

Work from anywhere: Boost developer productivity with Cloud Workstations - Cloud-based workstations for engineers keep your core tools and platforms consistent and secure, plus easier to manage.

Modernizing Public Sector Call Centers - Offering call centers better resilience against future crises, higher satisfaction for callers, greater empowerment for call center operators, and cost savings over time for the government agency with Google Cloud Contact Center AI (CCAI) and Apigee API Management.

Overview of the AlloyDB Index Advisor feature and how to use it - AlloyDB has built-in, managed database features that recommends Indexes to improve database query performance.

Best practices and a tutorial for using Google Cloud Functions with MongoDB Atlas

Running MySQL in Google Cloud - Managed MySQL on Google Cloud allows for all the same use cases, with much less headache and administrative load.

How to identify and reduce costs of your Google Cloud observability in Cloud Monitoring - A cost savings guide for Cloud Monitoring.

No, Cloud Run is not better than Google Cloud Functions - The right questions to ask.

Overcoming Common Challenges of Google Cloud Workflows - Tips and tricks to get the most of of Cloud Workflows.

Cloud Spanner — Is it possible to speed-up index creation? - Experimenting with different setups to speed up index creation for Cloud Spanner.

APIGEE — An API Management Service on Google Cloud - Streamline Your API Management with APIGEE: A Powerful Solution on Google Cloud.

Big Data, Analytics, ML&AI

Best practices of orchestrating Notebooks on Serverless Spark - Shift your notebook workloads to Spark and enjoy automated scaling, easier version tracking and automated logging.

Data warehouse, data lake, delta lakes, and multicloud data with Google Cloud’s BigLake - An overview of BigLake.

Google Cloud Alternatives to Cloud Composer - Do not kill a fly with a hammer.

An Easy Way to Speed Up your dbt Runs on BigQuery - Speed up dbt runs using concurrent queries.

Oracle to BigQuery: Migrate Oracle to BigQuery using Vertex AI notebooks and GCP Dataproc Serverless - Dataproc Templates, in conjunction with VertexAI notebook and Dataproc Serverless, provide a one-stop solution for migrating data directly from Oracle Database to GCP BigQuery.

How to build Dataflow Pipelines with Beam Golang SDK - IoT Dataflow Pipeline with Data Enrichment, Correction and Filtering using Pub/Sub and BigQuery.

Our BigQuery Cost Reduction Journey - A description of BigQuery cost reduction.

Simplify Data Science Workflows on BigQuery with Fugue and Python - Speed Up Iteration and Cut Computation Cost.

You’re not the only that messes up — how I dropped half of the data from a new table in BigQuery - Sharing a minor mistake that caused me to lose half of the data in a new BigQuery table.

Rapidly deploy PyTorch applications on Batch using TorchX - Batch and TorchX simplify the development and execution of PyTorch applications in the cloud to accelerate training, research, and support for ML pipelines.

Fine-tuning FLAN-T5 XXL with DeepSpeed and Vertex AI - Learn how to fine-tune a FLAN-T5 XXL model in Vertex AI, using the DeepSpeed library with 8xA100 GPUs.

Preview: Google Cloud Dataplex wows - Google Cloud Dataplex is an amazingly complete system for turning raw data from silos into unified data products ready for analysis. And a bit overwhelming to learn.

Slides, Videos, Audio

Kubernetes Podcast - #199 SCaLE20x.

Security Podcast - #116 SBOMs: A Step Towards a More Secure Software Supply Chain.

GCP Life Podcast - #37 “Everything is hacked!” – In this episode we discuss; LTT Hack, TikTok Ban, 3CX Hack, Latitude Hack, Crown Hack, Service NSW Hacks, Chrome Bugs, Security Frameworks, Pwn2Own, Aussie Sackings, Open Letter To Open AI, Vicuna, ChatGPT In Italy, Gen App Builder, Hugging GPT, Auto GPT, Baby GPT, Chat GPT Plugins, Reflexions Paper, Any Yet It Understands.

Releases

Anthos Config Management - Config Controller now uses the following versions of its included products: Config Connector v1.102.0, release notes Anthos Config Management v1.14.3, release notes.

Anthos clusters on bare metal - 1.6 & 1.7 & 1.8 & 1.9 & 1.10 & 1.11 & 1.12 & 1.13 & 1.14. Kubernetes image registry redirect As of March 21, 2023, traffic to k8s.gcr.io is redirected to registry.k8s.io, following the community announcement.

Anthos clusters on Azure - Kubernetes image registry redirect As of March 21, 2023, traffic to k8s.gcr.io is redirected to registry.k8s.io, following the community announcement.

Anthos clusters on VMware - Anthos clusters on VMware 1.12.7-gke.20 is now available. Added admin cluster CA certificate validation to the admin cluster upgrade preflight check. Fixed an issue where using gkectl update to enable Cloud Audit Logs did not work. Fixed the following vulnerabilities: High-severity container vulnerabilities: CVE-2023-23916 CVE-2022-3970 Container-optimized OS vulnerabilities: CVE-2022-27239 CVE-2022-46663 CVE-2020-17437 CVE-2022-32149 CVE-2019-18276 CVE-2022-48303 Ubuntu vulnerabilities: CVE-2022-3169 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3545 CVE-2022-3623 CVE-2022-36280 CVE-2022-41218 CVE-2022-4139 CVE-2022-42328 CVE-2022-42329 CVE-2022-47520 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461. Kubernetes image registry redirect As of March 21, 2023, traffic to k8s.gcr.io is redirected to registry.k8s.io, following the community announcement. 1.13.7 patch release Anthos clusters on VMware 1.13.7-gke.29 is now available. Fixed for 1.13.7 Fixed an issue where gkectl check-config fails at Manual LB slow validation with a nil pointer error. Fixed for 1.13.7 Fixed the following vulnerabilities: High-severity container vulnerabilities: CVE-2021-3449 CVE-2023-23916 Container-optimized OS vulnerabilities: CVE-2022-27239 CVE-2023-28466 CVE-2021-38561 CVE-2022-46663 CVE-2020-17437 CVE-2022-32149 CVE-2019-18276 CVE-2022-48303 Ubuntu vulnerabilities: CVE-2022-3169 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3545 CVE-2022-3623 CVE-2022-36280 CVE-2022-41218 CVE-2022-4139 CVE-2022-42328 CVE-2022-42329 CVE-2022-47520 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461 CVE-2023-20938 CVE-2023-23454 CVE-2023-23455. Security bulletin Two new vulnerabilities, CVE-2023-0240 and CVE-2023-23586, have been discovered in the Linux kernel that could allow an unprivileged user to escalate privileges. 1.12.7-gke.19 bad release Anthos clusters on VMware 1.12.7-gke.19 is a bad release and you should not use it.

Apigee X - On April 13, 2023, we released an updated version of Apigee. New features now supported in Apigee in VS Code for local development The following features are now supported with Apigee in VS Code for local development as part of the Insiders build (as of v1.22.1-insiders.3): Create multi-repository workspaces - Choose individual storage locations for artifacts, such as API proxies that are stored as individual SCMs, but develop them together using a single workspace.

AppEngine Flexible NodeJS - Node.js 18 is now generally available.

AppEngine Standard NodeJS - Changes to the default behavior of the Node.js buildpacks are rolling out over the next few days.

AppEngine Standard Ruby - The Ruby 3.2 runtime for App Engine standard environment is now generally available.

Google Cloud Armor - Advanced rule tuning features for preconfigured WAF rules are now Generally Available.

Cloud Asset Inventory - The following resource type is now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

Bare Metal Solution - You can now skip the cooling-off period while deleting a LUN or a storage volume.

Batch - Documentation for pricing has been added to explain how you can visualize the costs associated with your Batch jobs by using Cloud Billing reports. Documentation has been added to explain networking concepts and how to configure networking for Batch. Batch is available in the following regions: asia-northeast1 (Tokyo) europe-west4 (Netherlands) For more information, see Locations.

BeyondCorp Enterprise - Dry run configuration of context-aware access policy for the Google Cloud console and Google Cloud APIs is generally available (GA).

BigQuery - BigQuery supports setting the rounding mode to ROUND_HALF_EVEN or ROUND_HALF_AWAY_FROM_ZERO for parameterized NUMERIC or BIGNUMERIC columns at the column level. The limit for maximum result size (20 GiB logical bytes) when querying Azure or Amazon Simple Storage service (S3) data is now generally available (GA). The results for queries against table snapshots can now be returned from cache.

Chronicle - Supported default parsers have changed, more info on release page.

Data Catalog - Data Catalog is now available in the Turin (europe-west12) and Doha (me-central1) regions.

Dataflow - Dataflow cost monitoring is now available in preview.

Deep Learning VM - M107 Release Miscellaneous software updates.

Dialogflow - Dialogflow CX now supports flexible webhooks, where you can define the request HTTP method, request URL parameters, and fields of the request and response messages.

Cloud Firestore - The Firestore documentation has been updated to include guidance on using regional endpoints.

Cloud Functions - All 1st and 2nd gen Google Cloud Functions using the Node.js runtime now automatically run the npm run build command during deployment if they define an npm build script in their package.json file.

Google Kubernetes Engine - Pods bound to Preemptible and Spot nodes are now automatically deleted from the Kubernetes API server after the Preemptible or Spot instance is preempted. Two new vulnerabilities, CVE-2023-0240 and CVE-2023-23586, have been discovered in the Linux kernel that could allow an unprivileged user to escalate privileges. In GKE 1.27 and later, GKE nodes will not keep compressed image layers in containerd's content store once they have been unpacked, by setting discard_unpacked_layers=true in containerd configuration. The new release of the GKE Gateway controller (2023-R01) is now generally available.

Load Balancing - We have added new fields in the logging support available for Regional external HTTP(S) load balancer and Internal HTTP(S) Load Balancer: proxyStatus a string that specifies why the load balancer returned an error response tls specifies the tls metadata for the connection between the client and the load balancer For details, see Regional external HTTP(S) load balancer logging and monitoring Internal HTTP(S) Load Balancing logging and monitoring This enhancement is available in General availability.

Cloud Logging - The Logging Query Language now supports a built-in SEARCH function that you can use to find strings in your log data.

Cloud Monitoring - Chart legends in select Cloud Monitoring pages have been updated.

Network Intelligence Center - Network Analyzer now includes an insight that gives a summary of the IP address utilization of all the subnet ranges in the analyzed project.

Recommender - Recommendations can now be exported to non-US regions.

Cloud Run - Startup CPU boost for Cloud Run services is now at general availability (GA). When deploying a new revision, Cloud Run now starts enough instances of the new revision before directing traffic to it.

Security Command Center - The custom modules feature for Security Health Analytics is now generally available (GA). Event Threat Detection, a built-in service of Security Command Center, launched the following new rules to General Availability.

SAP Solutions - Workload Manager is now generally available (GA) for evaluating SAP workloads Workload Manager is a rule-based, cross-project validation service for evaluating workloads running on Google Cloud. Cloud Storage Backint agent for SAP HANA version 1.0.25 Version 1.0.25 of the Cloud Storage Backint agent for SAP HANA is now available.

Cloud Spanner - Cloud Spanner integration with Data Catalog is now available in Preview in the europe-central2 region.

Cloud Storage Transfer - Storage Transfer Service can now optionally preserve UID, GID, and mode metadata for folders, and recreate empty folders, when transferring between file systems. Transfers from S3-compatible storage to Cloud Storage are now generally available (GA).

Vertex AI - Vertex AI Prediction You can now update some scaling and container logging configuration settings on a DeployedModel without undeploying and redeploying it to an endpoint. The Timeseries Insights API is now Generally Available. M107 Release The M107 release of Vertex AI Workbench user-managed notebooks includes the following: Fixed a bug that displayed the wrong version of the JupyterLab user interface.

Virtual Private Cloud - Documentation updates for Private Service Connect: Private Service Connect endpoints with consumer HTTP(S) controls are now called Private Service Connect backends.

Workflows - Workflows support for Customer-Managed Encryption Keys (CMEK) is available in Preview. Use the Workflows JSON schema in your IDE to provide syntax support when creating a workflow.