Welcome to issue #387 February 26th, 2024

News

Introducing Google Distributed Cloud for retail and manufacturing

Next generation Autocomplete is now available in Preview - The next generation of Autocomplete is now available in Preview, offering seamless integration with Address Validation, more intuitive pricing, and support for expanded place types from the new Places API.

Gemma is now available on Google Cloud - Google Cloud customers can get started today customizing and building with Gemma models in Vertex AI and running them on Google Kubernetes Engine.

Introducing Managed Instance Groups standby pool: Stop and suspend idle VMs - Now with standby pool in Managed Instance Groups (MIG) you can pause and resume VMs, manually or as part of MIG automation. This is a new way for MIGs to reduce costs when pausing applications, or enable a MIG to respond faster to increased load with pre-initialized VMs.

---

Imagine having a direct line to over 150 senior cloud architects for any cloud-related question or issue you encounter. With thousands of cloud questions and issues resolved, DoiT is your gateway to world-class cloud expertise.

---

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Digital exchanges achieving performance, scale, and resilience with Google Cloud

Troubleshooting best practices for Private Service Connect

Want your cloud to be more secure? Stop using service account keys

A year in the cybersecurity trenches with Mandiant Managed Defense - This blog highlights our key observations from the many engagements we were involved with in 2023.

Wrangle your alerts with open source Falco and the gcpaudit plugin

Pitfalls to avoid when using Spot VMs in GKE for Cost reduction - Learn in detail on how to use spot vms effectively with GKE and avoid concerns on downtimes.

CI/CD pipeline to deploy applications on Google Kubernetes Engine (GKE) using Cloud Build and Cloud Deploy - Implementation of a CI/CD pipeline to deploy applications on Google Kubernetes Engine (GKE) using Google Cloud Build and Cloud Deploy.

Whoami — The quest of understanding GKE Workload Identity Federation - This is a journey down the rabbit hole of Workload Identity Federation in GKE to understand its inner workings at a networking level.

A guide to setting up GKE multi-cluster Gateway - This blog post covers setting up a multi-cluster GKE Gateway controller.

App Development, Serverless, Databases, DevOps

Minimal downtime migration from PostgreSQL database to Spanner PostgreSQL dialect database

Running machine learning in the cloud for live service games - Generative AI Framework for Games provides templates for running gen AI for games on Google Cloud, as well as a framework for data ingest and storage to support these live models.

loveholidays: improving the contact center experience with conversational AI

Top 5 Special-Use Features of Google Cloud Spanner - This article describes five features that you might not need in your day-to-day database dealings but are intriguing for specific use cases.

Protect disk snapshots against accidental deletion or malicious tampering - This article explores an approach to protect snapshots against deletion (and potentially other modifications).

Test-Driven Development with Java, Spring Boot and Duet AI in GCP - Write tests before business logic with Duet AI assistance!

Big Data, Analytics, ML&AI

Orchestrate Vertex AI’s PaLM and Gemini APIs with Workflows - This blog post shows how to call some of the gen AI models from Workflows.

Serverless data architecture for trade surveillance at Deutsche Bank - Deutsche Bank uses Google Cloud's BigQuery and Dataproc to streamline trade surveillance. This serverless architecture simplifies data sharing, reduces costs, and allows them to focus on detecting suspicious activity and ensuring regulatory compliance.

How to Automate Dataflow Flex-Template Deployments with GitLab CI/CD - Automating Google Cloud Dataflow development life cycle with Gitlab CI/CD pipelines.

Avoid Autopilot in Cloud Composer 2 - A simple way to run your Aiflow DAGs in a standard GKE cluster under Cloud Composer 2 to reduce costs.

Installing Julia on Vertex AI Workbench instances: A Step-by-Step Guide - This blog post will guide you through the process of installing Julia and its kernel on your Vertex AI Notebook Instance.

How we have created DWH using Google Cloud Platform (part 1) - Building a corporate data warehouse based on the Google Cloud Platform.

Use Google Cloud Batch for Running WDLs - Google’s Cloud Life Sciences API is being deprecated. For those relying on it, Google Cloud Batch combined with Cromwell offers a powerful alternative for batch processing workflows.

BigQuery as a Vector Database — how cool is that? - Demonstrating vector search in BigQuery for embeddings.

I spent 4 hours figuring out how BigQuery executes the SQL query internally. Here’s what I found. - What happens after you submit the query?

Text Embedding in BigQuery using ML.GENERATE_EMBEDDING Function - Using the ML.GENERATE_EMBEDDING function with the remote model to embed text stored in BigQuery.

Leveraging Gemini for PII Detection in BigQuery: An Experiment - Step-by-step sample code on an experiment using Google Gemini Pro 1.0.

Unlocking New Frontiers: The Synergy of of Audio Transcripts using Video Intelligence API and Generative AI - An example of using video analytics together with Gen AI.

Making AI more Open and Accessible to Cloud Developers with Gemma on Vertex AI - Gemma is a family of open, lightweight, and easy-to-use models developed by Google Deepmind.

Using and Finetuning Google’s State-of-the-Art Open Source Model Gemma-2B - This article describes how to use and fine-tune Gemma model.

Various

10 Reasons for Government & Education to Join Google Cloud Next '24 - Google Cloud Next ‘24: Your launchpad to navigate the tech landscape, equip yourself with cutting edge tools, learn from real-world case studies and connect with fellow public servants shaping the future of government.

Slides, Videos, Audio

Kubernetes Podcast - #219 API Machinery, Chaos and Dishwashers, with Lucas Käldström.

Security Podcast - #160 Don't Cloud Your Judgement: Security and Cloud Migration, Again!

Releases

AlloyDB - You can now configure instances to use 128 vCPUs and 864 GB of RAM per node.

Anthos Config Management - 1.17.2. The constraint template library includes a new template: K8sRestrictAdmissionController. The constraint template library includes a new template: K8sCronJobAllowedRepos. Added the authentication type k8sserviceaccount for syncing from OCI images and Helm charts hosted in Artifact Registry. Simplified the steps to export metrics to Cloud Monitoring. Fixed the unrecognized label error in the otel-collector configuration that caused kustomize metrics to be rejected.

Anthos clusters on bare metal - 1.16. Release 1.16.6 GKE on Bare Metal 1.16.6 is now available for download. Fixes: Fixed an issue where upgrades are blocked because cluster-operator can't delete stale, failing preflight check resources. Fixes: The following container image security vulnerabilities have been fixed in 1.16.6: High-severity container vulnerabilities: CVE-2024-21626 Medium-severity container vulnerabilities: CVE-2023-3446 CVE-2023-3817 Low-severity container vulnerabilities: CVE-2023-2975 CVE-2023-4527 CVE-2023-4911. Known issues: For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Anthos clusters on VMware - The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-0193 For more information, see the GCP-2024-013 security bulletin.

Batch - In the Google Cloud console, the Job list page has been updated to reduce latency. Fixed the issue causing latency when listing jobs in projects that contain more than 10,000 jobs.

BigQuery ML - The following BigQuery text embedding features are now generally available (GA): Creating a BigQuery ML remote model that references a Vertex AI textembedding-gecko* text embedding model. Using the ML.GENERATE_EMBEDDING function with the remote model to embed text stored in BigQuery. Generating text embeddings with the NNLM, SWIVEL, and BERT TensorFlow models.

Billing - Between February 13, 2024 and February 22, 2024, some SKU IDs for your support subscriptions have changed. US-based billing accounts only: In August 2023, Google Cloud Marketplace transitioned to the Agency model for marketplace services for US partners and US customers.

Certificate Manager - Certificate Manager supports the management of certificates independently in each project with separate authorization.

Chronicle - Chronicle now supports the timestamp.get_date() function. Fixed an issue that prevents you from using the list, percentile, and percentile_distinct functions when you create a custom measure in your dashboard. Google has added Tokyo (Japan) as a new region for Chronicle customers.

Cloud Composer - Cloud Composer 2.6.2 release started on February 22, 2024. Fixed a problem where one DAG run could potentially delete task instances from other DAG runs if run_id was the same (backported #32684 from a later Airflow version). Cloud Composer 2.6.2 images are available: composer-2.6.2-airflow-2.6.3 (default) composer-2.6.2-airflow-2.5.3.

Compute Engine - Preview: With managed workload identities for Compute Engine, you can implement mutually authenticated and encrypted communications between any two Compute Engine VMs.

Dataflow - You can now use Gemma models in your Apache Beam inference pipelines.

Deep Learning Containers - M117 release Fixed an issue wherein the latest container had a deprecation-public-image tag.

Dialogflow - The previously announced migration from Standard NLU to Advanced NLU will no longer occur on March 1, 2024. Dialogflow CX agents now default to advanced NLU. You can now import and export Dialogflow CX custom entities. Dialogflow CX channel-specific response messages are now available for the following integrations: Google Chat, LINE, Messenger from Meta, Workplace from Meta, Slack.

Immersive Stream for XR - Upgrade to Unreal Engine 5.3. Optimized the Unreal Template Project.

Google Kubernetes Engine - (2024-R05) Version updates GKE cluster versions have been updated. The GKE Stateful HA Operator is now available in GA starting in GKE versions 1.28.5-gke.1113000 and later, or 1.29.0-gke.1272000 and later. A bug in the image streaming feature might cause containers to fail because of a missing file or files. You can now use the GKE API to apply Resource Manager tags to your GKE nodes. Kubernetes Engine best practice observability packages, including control plane logs, control plane metrics, and kube state metrics are now enabled by default for new managed GKE Enterprise clusters to ensure availability of necessary data when it's needed for troubleshooting or optimization. GKE now delivers insights and recommendations if your cluster's Certificate Authority (CA) is expired or will expire in the next 180 days.

Load Balancing - Global external Application Load Balancers now let you customize your own error responses when an HTTP error status code (4xx and 5xx) is generated.

Cloud Logging - You can now configure and save a Log Analytics chart directly in Monitoring. For information and recommendations about how to instrument your applications to collect metrics, logs, and traces, see the following documents: Instrumentation and observability overview Choose an instrumentation approach Go instrumentation example Java instrumentation example.

Cloud Monitoring - For information and recommendations about how to instrument your applications to collect metrics, logs, and traces, see the following documents: Instrumentation and observability overview Choose an instrumentation approach Go instrumentation example Java instrumentation example.

Cloud PubSub - If you have filtering enabled, the backlog metrics only include data from messages that match the filter.

reCAPTCHA Enterprise - reCAPTCHA Enterprise Mobile SDK v18.4.2 is now available for iOS. reCAPTCHA Enterprise Mobile SDK v18.5.0-beta01 is now available for Android.

Security Command Center - Manual control of finding state deprecated for vulnerabilities and misconfigurations Starting October 21, 2024, you will no longer be able to manually update the state of vulnerability or misconfiguration findings that are issued by Security Health Analytics or VM Manager.

Cloud Spanner - The OpenCensus libraries are archived.

Cloud SQL Postgres - Cloud SQL Enterprise Plus edition now supports versions 12 and 13 of PostgreSQL.

Cloud Trace - For information and recommendations about how to instrument your applications to collect metrics, logs, and traces, see the following documents: Instrumentation and observability overview Choose an instrumentation approach Go instrumentation example Java instrumentation example.

Transcoder API - v1. You can now set an exact frame rate on the output video.

Vertex AI - Gemma open models, based on Gemini models, are available Gemma models are available to run on your hardware, mobile devices, or hosted services.

VPC Service Controls - General availability support for the following integration: Dataform.

Workflows - The maximum number of concurrent workflow executions has increased from 3,000 to 5,000.