Welcome to issue #349 June 5th, 2023
Cloud Security Command Center Official Blog
Introducing new ways Security Command Center Premium protects identities - Catching threat actors trying to compromise identities can be challenging, so we’ve introduced new detection capabilities in Security Command Center Premium.
Infrastructure Networking Official Blog
Announcing Cross-Cloud Interconnect: seamless connectivity to all your clouds - Google Cloud is announcing Cross-Cloud Interconnect, which lets you connect any cloud to Google Cloud via our secure, high-bandwidth global network.
Infrastructure, Networking, Security, Kubernetes
Config Connector Official Blog
Config Connector: An easy way to manage your infrastructure in Google Cloud - Unlike infrastructure-as-code tools, Config Connector manages resources on Google Cloud using the Configuration-as-Data method.
Billing Official Blog
FinOps from the field: How to build a FinOps roadmap - A FinOps Assessment Workshop with Google Professional Services can help answer the question of how to get started, build a plan and a roadmap.
CISO Official Blog
Cloud CISO Perspectives: Late May 2023 - Google Cloud CISO Phil Venables discusses the importance and challenges of digital sovereignty.
Networking Official Blog
The economic advantages of Google Cloud Networking - Describe the findings of the Enterprise Strategy Group report on the Economic Advantage of using Google Cloud Networking services.
Canary deployment using Ingress NGINX Controller - Implementing canary deployments using Ingress Nginx Controller in a Kubernetes cluster.
Cloud Storage DevOps Terraform
Terraform Magic: Creating Client-Specific Buckets with Folder-Level Write Permissions in Google Cloud - Implementing user access for specific folders in GCS buckets in Terraform.
Understanding Shared VPCs in Google Cloud Platform - This article explains what Shared VPC is and how it can be used to improve VPC management on Google Cloud.
Cloud Build Google Kubernetes Engine Microservices
CI/CD — Deploying Microservices in GKE with Helm and Cloud Build - This tutorial will guide you through deploying microservices to GKE using Helm and Cloud Build.
Infrastructure Networking Security VPC
Example of Hybrid Hub-Spoke Network Topology on Google Cloud Platform (GCP) - This article delves into Hub-Spoke Network Topology and Hybrid Connectivity, with a focus on their implementation in the GCP context.
App Development, Serverless, Databases, DevOps
GCP Experience Official Blog
Realizing cloud value for a render platform at Wayfair - Part 1 - Working with Google Cloud, Wayfair identified ~$9M of annual savings for a newly migrated rendering workload.
GCP Experience Official Blog
Realizing cloud value for a render platform at Wayfair — Part 2 - Following Google Cloud’s cost optimization principles, Wayfair executed against a plan to optimize its render farm for the cloud.
Apigee Official Blog
Configuring an Auth0 SAML Identity Provider (IdP) for Apigee Integrated Developer Portal - You can configure the Apigee Integrated Developer Portal with a third-party identity provider that supports Security Assertion Markup Language (SAML).
Cloud Workstations VS Code
Cloud workstations — VS code - Using VS Code for development on Cloud Workstation.
Batch Serverless Workflows
New Batch connector for Workflows - This article explains how to use the new Batch connector in Workflows.
Cloud Bigtable Official Blog
Cloud Bigtable under the hood: How we improved single-row read throughput by 20-50% - Recent projects by the Cloud Bigtable performance team resulted in single-row read throughput improvements of 20-50% while maintaining low latency.
Big Data, Analytics, ML&AI
Pub/Sub Messaging: The Secret to Scalable and Decoupled Systems - A deep dive into Cloud Pub/Sub.
Cloud Pub/Sub Tutorial
Understanding message ordering in Google PubSub - This post explains how order works in PubSub across different scenarios.
5 Tips to Optimise your Looker Dashboards - Tips to optimize your experience with Looker.
BigQuery Dataflow GCP Experience
Lesson Learned while performing data Migration from Oracle Database to BigQuery - Migrating data from Oracle to BigQuery.
Airflow Secret Manager Terraform
Manage Airflow variables in Terraform using Google Secret Manager - This guide provides a practical, step-by-step approach to managing Airflow variables in Terraform using Google Secret Manager as a backend.
How to use DBT with BigQuery to wrangle your Google Analytics data - The advent of Google Analytics 4 (GA4) brought with it a killer feature: the ability to directly export your data to BigQuery.
Big Data BigQuery
BigQuery — Best Practices - An in-depth overview of BigQuery.
BigQueryML Data Analytics Official Blog
Build an image data classification model with BigQuery ML - Step-by-step instructions for building an image classifier with ResNet, Cloud Storage and BQML.
AI BigQueryML Data Analytics Machine Learning Official Blog
How to simplify unstructured data analytics using BigQuery ML and Vertex AI - How BigQuery’s ML inference engine can be used to run inferences against unstructured data in BigQuery using Vertex AI pre-trained models.
Machine Learning Vertex AI
ML Articles Sascha Heyer - A comprehensive list of article that provides you knowledge about Machine Learning on Google Cloud.
Machine Learning Vertex AI
How to Use LLMs to Generate Concise Summaries - Using Vertex AI and LLM models from Google Cloud to generate summaries of text.
Arcade Bracketology - Google Cloud Arcade offers a comprehensive learning experience that allows individuals to earn Skill Badges, demonstrating proficiency in various areas of GCP.
Slides, Videos, Audio
Security Podcast - #123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther.
GCP Life Podcast - #41 “Zip it Good” – In this episode we discuss; Google I/O, Paris Outage, Redhat Layoffs, Zip Domains, Cloud Run Jobs, Cloud Storage Fuse, Latitude Financial, Keypass, NVIDIA H100, Leaked Google Memo.
AlloyDB - Continuous backup and recovery is generally available (GA).
Anthos Config Management - Config Controller now uses the following versions of its included products: Config Connector v1.104.0, release notes.
Anthos clusters on bare metal - 1.13. Release 1.13.8 Anthos clusters on bare metal 1.13.8 is now available for download. Fixes: Fixed an issue that prevented Anthos clusters on bare metal from restoring a high-availability quorum for nodes that use /var/lib/etcd as a mountpoint. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section. 1.15. Release 1.15.1 Anthos clusters on bare metal 1.15.1 is now available for download. Functionality changes: Updated the cluster snapshot capability so that information can be captured for the target cluster even when the cluster custom resource is missing or unavailable. Fixes: Fixed an issue that caused the bmctl restore command to stop responding for clusters with manually configured load balancers. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.
Anthos clusters on VMware - Anthos clusters on VMware 1.15.1-gke.40 is now available. Fixed a known issue where node ID verification failed to handle hostnames with dots. Fixed the following vulnerabilities: High-severity container vulnerabilities: CVE-2023-0286 CVE-2023-0215 CVE-2023-0361 CVE-2022-4450 Container-optimized OS vulnerabilities: CVE-2023-2235 CVE-2023-27534 CVE-2023-0386 CVE-2023-2248 CVE-2023-0464 CVE-2023-1652 CVE-2023-27561.
AppEngine Standard NodeJS - You can use the Pnpm package manager to configure dependencies for Node.js runtimes.
CDN - The advanced traffic management using flexible pattern matching capability with Global External HTTP(S) Load Balancer is now Generally Available.
Chronicle - The following supported default parsers have changed. Updated content to reflect the new Alert view and Alert list.
Cloud Composer - Cloud Composer 2.2.1 release started on May 30, 2023. Starting July 2023, the new composer.environments.executeAirflowCommand permission will be required to run Airflow CLI commands through the gcloud environments run command: The composer.user and composer.environmentAndStorageObjectViewer roles do not have this permission and will not be permitted to run Airflow CLI commands starting July 2023. (Cloud Composer 2) The number of web server workers is now set dynamically based on available web server CPU and memory. (Cloud Composer 2) The deprecated [core]non_pooled_task_slot_count Airflow configuration option is replaced with the [core]default_pool_task_slot_count configuration option in the default Airflow configuration. An improved error message is now displayed when a subnetwork with unsupported IPv4 ranges is used to create an environment in a shared VPC configuration. Cloud Composer 2.2.1 images are available: composer-2.2.1-airflow-2.5.1 (default) composer-2.2.1-airflow-2.4.3. Cloud Composer versions 2.0.14, 2.0.13, 1.18.10, and 1.18.9, have reached their end of full support period.
Compute Engine - Preview: In a managed instance group (MIG), you can set metadata and labels for all VMs in the group without the need to create a new instance template. The image import tool now supports importing CentOS Stream 9 and CentOS Stream 8 images to Google Cloud.
Data Fusion - The SAP Ariba Batch Source plugin is generally available (GA). The SAP SuccessFactors Batch Source plugin is GA.
Dataflow - Data sampling is now generally available (GA).
Dataproc Metastore - Dataproc Metastore gRPC endpoints are generally available (GA). Metadata federation support for BigQuery and BigLake is generally available (GA).
Dataproc - New sub-minor versions of Dataproc images: 2.0.66-debian10, 2.0.66-rocky8, 2.0.66-ubuntu18 2.1.14-debian11, 2.1.14-rocky8, 2.1.14-ubuntu20. Upgrade Cloud Storage connector version to 2.2.14 for 2.0 and 2.1 images. Backport HIVE-22891, HIVE-21660, HIVE-21915 to 2.0 images. Backport HIVE-22891, HIVE-21660, HIVE-25520, HIVE-25521 to 2.1 images.
Cloud Deploy - The price of an active delivery pipeline is reduced.
Cloud Functions - You can use the Pnpm package manager to configure dependencies for Node.js runtimes.
Cloud Healthcare API - Pub/Sub notifications containing FHIR data is generally available (GA). Using the notificationConfig object on a FHIR store is deprecated.
Identity Platform - Password policies are generally available (GA).
Networking Interconnect - Cross-Cloud Interconnect is now generally available.
Google Kubernetes Engine - Agones on GKE users will get recommendations and insights if they did not install the Agones controller on dedicated nodes.
Load Balancing - The global external HTTP(S) load balancer now supports advanced traffic management using flexible pattern matching.
Cloud Logging - Cloud Logging no longer creates a dedicated service account for each log sink.
Cloud NAT - Cloud NAT support for Standard Tier egress is available in Preview.
Cloud Interconnect - Cross-Cloud Interconnect is now generally available.
reCAPTCHA Enterprise - reCAPTCHA Enterprise Mobile SDK v18.2.1 is now available for Android.
Security Command Center - The Google Cloud console has been updated to change how you open Security Command Center pages.
Cloud SQL Postgres - The rollout of the following minor versions, extension versions, and plugin versions is currently underway: Minor versions 10.22 is upgraded to 10.23.
Cloud SQL SQL Server - A vulnerability was recently discovered in Cloud SQL for SQL Server that allowed customer administrator accounts to create triggers in the tempdb database and use those to gain sysadmin privileges in the instance.
Vertex AI - Vertex Prediction You can now specify a multi-region BigQuery table as the input or output to a batch prediction request.
VPC Service Controls - Preview stage support for the following integration: Storage Insights.
Virtual Private Cloud - Support for IPv6 static routes with the following next hops is available in Preview: next-hop-gateway next-hop-instance.