Google Cloud Weekly - GCP Newsletter #398
NewsOfficial Blog Security Threat IntelligenceIntroducing Google Threat Intelligence: Actionable threat intelligence at Google scale Official Blog SecurityIntroducing Google Security Operations: Intel-driven, AI-powered SecOps LLM Official Blog Translation APILLMs, AI Studio, higher quality, oh my! Our latest Translation AI advancements - Announcing new generative model for Google Cloud’s Translation API. BigQuery Official BlogMaintain business continuity across regions with BigQuery managed disaster recovery Chrome Enterprise Official BlogChrome Enterprise expands ecosystem to strengthen endpoint security and Zero Trust access Sponsor
Articles, TutorialsInfrastructure, Networking, Security, KubernetesOfficial Blog SecurityAdvancing the art of AI-driven security with Google Cloud - Recent improvements in security area. Google Kubernetes Engine Official BlogThe surprising economics of Horizontal Pod Autoscaling tuning - This blog post describes fundamental Horizontal Pod Autoscaler optimization strategies for GKE. DevOps Kubernetes PaywallEnable secure websocket connection through NGINX Ingress on GKE Kubernetes - Step-by-Step Guide: Enabling Secure WebSockets on GKE with NGINX Ingress Kubernetes. Docker KubernetesDeploying GitHub Action Runners on GKE with dind-rootless - TLDR: This article describes the steps to configure and deploy self-hosted GitHub Action Runners using docker:dind-rootless to Google…. SecuritySetup Temporary elevated access for Google Cloud with PAM - Privileged Access Manager (PAM) is a security solution designed to manage, monitor, and secure access to privileged accounts within an organization’s IT infrastructure. App Development, Serverless, Databases, DevOpsAlloyDB Cloud SQL Databases Official BlogAlloyDB vs. self-managed PostgreSQL: a price-performance comparison Cloud Spanner Databases Official BlogHow chaos testing adds extra reliability to Spanner’s fault-tolerant design GCP Experience Official BlogParamount+: A streaming powerhouse with limitless entertainment Official Blog PrometheusControlling metric ingestion with Google Cloud Managed Service for Prometheus Cloud SQL Databases Official BlogCloud SQL for PostgreSQL data cache under the hood Active Assist Databases Official BlogWhat’s new with Active Assist: New Hub UI and four new recommendations AWS Billing Cloud Storage InfrastructureBilled for unauthorized requests? Google Cloud Storage vs. AWS S3 - Can unauthorized access to Google Cloud Storage lead to unexpected bills? Cloud SpannerCloud Spanner — Demystifying Load-based Splitting - Testing Cloud Spanner "split" capability. Artifact Registry CI Cloud Build DevOpsOptimizing CI in Google Cloud Build - Exploring multiple methods to tune performance of continuous integration process using Cloud Build. SREGoogle Cloud SLO demystified: Uncovering metrics behind predefined SLOs - Unveiling Google Cloud SLO Secrets. This is a guided tour to predefined SLOs of monitored services. Big Data, Analytics, ML&AIBigQuery Official BlogBreaking barriers: How BigQuery data insights boosts the data exploration journey - Using BigQuery data insights features to accelerate analytics workflows. BigQuery Official Blog PartnersProduct analytics for generative AI model and media asset companies using BigQuery - A solution that combines images, audio data with structured user-experience in BigQuery. BigQuery Cloud Data Fusion Cloud SQL Databases Official BlogBuilding a Cloud Data Fusion pipeline to upload audit records generated by Cloud SQL for SQL Server to BigQuery - Data Fusion pipeline the steps to output audit records to internal or external sinks with minimal coding. BigQuery BillingHow to save 90% on BigQuery storage - Tips to reduce BigQuery costs. BigQuery DataformEnhance your data quality tests with the dataform_assertions package - Using dataform-assertation package for quality tests in Dataform. GCP Experience Looker Official BlogHow Trendyol solves cloud governance at scale with Looker BigQuery DataplexScale Data Quality effortlessly on Google Cloud: Building a federated DQ framework empowered by Dataplex AutoDQ and BigQuery - An overview of Dataplex Auto Data Quality tool. BigQueryBridging the gap: validating data across data warehouses with data validation testing - Using Data Validation Tool for validating migrated data to BigQuery. App Engine BigQuery dbtCentralize and Serve your dbt Documentation in Google Cloud - A comprehensive guide to securely deploy and update your dbt documentation within Google Cloud using Cloud Build, App Engine, and IAP. BigQuery Data Studio GIS VisualizationVisualizing US census data with BigQuery and Looker Studio - Using Looker Studio to visualize geospatial data stored in BigQuery. GeminiA tour of Gemini 1.5 Pro samples - Samples in various programming languages that are utilizing Gemini 1.5 Pro. Machine Learning Vertex AI Vertex AI Agent BuilderMoneyball with GenAI: Using Vertex AI Search to Find the Next Generation of Baseball Stars - A solution that scans PDF scouting reports and simplifies searching for information. AI Machine Learning Vertex AIMLOps end-to-end system on Google Cloud Platform (I): Empowering Forecasting Solutions - A big picture of MLOps-driven forecasting system, addressing all key points of ML Operations. VariousSREGoogle Cloud accidentally deletes UniSuper’s online account due to ‘unprecedented misconfiguration’ - More than half a million UniSuper fund members went a week with no access to their superannuation accounts after a “one-of-a-kind” Google Cloud “misconfiguration” led to the financial services provider’s private cloud account being deleted, Google and UniSuper have revealed. Slides, Videos, AudioSecurity Podcast - #171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side. GCP Life Podcast - #64 In this episode we discuss; Ubuntu 24.04, Google Revenue, Direct VPC Access, GKE Threat Detection, Verified Peering, IBM Buys HashiCorp, Qantas Information Leak, Uncharmed, Killer Asteroids, Gemin. ReleasesAlloyDB - Model endpoint management is now available in Preview for both AlloyDB and AlloyDB Omni. Version 15.5.3 of the simplified installation method for AlloyDB Omni is now available in Preview. Private Service Connect is now generally available (GA). AlloyDB Omni version 15.5.1 and later lets you add sidecar containers to your database cluster when you use the AlloyDB Omni Kubernetes Operator. You can now set password policies for local database users. GKE on AWS - You can now launch clusters with the following Kubernetes versions. GKE on AWS now supports clusters in the ap-northeast-2 region. A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. Anthos clusters on Azure - A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. GDCV for VMware - GKE on VMware 1.28.500-gke.121 is now available. The following issues are fixed in 1.28.500-gke.121: Added the CNI binaries back to the OS image, so that clusters using multiple network interfaces with these CNI binaries can continue working. A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. Apigee Advanced API Security - On May 9, 2024 we released an updated version of Advanced API Security. Addition of CIDR range support when specifying IPv4 addresses for security action rules. Apigee X - Limit on number of basepaths per environment Apigee is enforcing a temporary limit of 500 basepaths per environment to avoid potential failures when deploying API proxy revisions. On May 8, 2024, we released an updated version of Apigee X. This release contains the General Availability (GA) release of AppGroups for Apigee and Apigee hybrid (version 1.10.0 and later). On May 7, 2024, we released an updated version of Apigee. Target server SSL enforcement With this release, Apigee customers can specify strict SSL southbound enforcement in TargetServer configurations using the object's enforce key. Environment-level flag for SSL enforcement Apigee customers can specify strict SSL southbound enforcement across an Apigee environment, using the SSLInfo.Enforce flag. Two-way HTTPS health monitor support Apigee health monitors using Cloud Architecture Center - (New guide) C3 AI architecture on Google Cloud: Develop applications using C3 AI and Google Cloud. Artifact Registry - Artifact Registry generic repositories are available in Preview. Backup and DR Service - Backup and DR Service 11.0.10.425 is now available to update your backup/recovery appliance. BigQuery - JavaScript user-defined aggregate functions (UDAFs) are in preview. You can now store columns in your vector indexes and pre-filter data in your vector searches to improve query efficiency. BigQuery Managed Disaster Recovery provides managed failover and redundant compute capacity for business critical workloads. You can now create AWS Glue federated datasets using the the Google Cloud console. Billing - You can now download data about all your committed use discounts (CUD) as a flat comma-separated value (CSV) file. Certificate Authority Service - Implement fine-grained policy controls over your certificate issuance using certificate templates. Chronicle - Gemini for investigation assistance Gemini for investigation assistance can now support you with the following: Search: Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts. Chronicle Security Operations - Gemini for investigation assistance Gemini for investigation assistance can now support you with the following: Search: Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts. Chronicle SOAR - Release 6.3.1 is now in General Availability. Remote Agents Release 1.6.0 is now in General Availability. Release 6.3.2 is currently in Preview. Issues when Siemplify > Set Case SLA actions run at the exact same time (ID #49397338). Wrong error message displays when you to try add a custom list with a name that already exists (ID #50610331). User mentioned in case not receiving an email notification (ID #00274991). Widgets not fully aligned on Case view page (ID #49711925). Number increased for integer type integration parameters (ID #00287205). Compute Engine - Preview: You can now use the Require OS Config organization policy constraint to automatically enable VM Manager for all new VMs in your organization, folder, or project. Dataform - Gemini, an AI-powered collaborator in Google Cloud, can help you generate code in Dataform. Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.61 1.2.5 2.0.69 2.1.48 2.2.5. Dataproc - Dataproc on Compute Engine: 2.0.101-debian10, 2.0.101-rocky8, 2.0.101-ubuntu18 2.1.49-debian11, 2.1.49-rocky8, 2.1.49-ubuntu20, 2.1.49-ubuntu20-arm 2.2.15-debian12, 2.2.15-rocky9, 2.2.15-ubuntu22. New Dataproc on Compute Engine subminor image versions: 2.0.100-debian10, 2.0.100-rocky8, 2.0.100-ubuntu18 2.1.48-debian11, 2.1.48-rocky8, 2.1.48-ubuntu20, 2.1.48-ubuntu20-arm 2.2.14-debian12, 2.2.14-rocky9, 2.2.14-ubuntu22. Dataproc on Compute Engine: Backported patches for HIVE-14557, HIVE-19326, HIVE-20514, HIVE-21100, HIVE-22165, HIVE-22416, HIVE-24435. Dialogflow - Dialogflow ES and Dialogflow CX: The us-dialogflow.googleapis.com endpoint and locations/us resource location, which served as aliases for global resources, will be discontinued on May 21, 2024. Dialogflow CX and Vertex AI Agents: Effective June 15, 2024, the following generative features will be upgraded from text-bison-001 to gemini-1.0-pro-001: Vertex AI agent apps Data store agents (aka Chat agents) Generators Generative fallback For more information, see the email announcement. Document AI - Batch processing with Layout Parser is available. Model pretrained-foundation-model-v1.1-2024-03-12 is available for custom extractor. Identity-Aware Proxy - Identity-Aware Proxy (IAP) now supports Workforce Identity Federation for application access. Google Kubernetes Engine - In new Standard clusters running GKE version 1.29 and later, GKE assigns IP addresses for GKE Services from a Google-managed range: 34.118.224.0/20 by default. Container Threat Detection (KTD) fails to deploy on Autopilot clusters running the following GKE versions: 1.28.6-gke.1095000 to 1.28.7-gke.1025000 1.29.1-gke.1016000 to 1.29.1-gke.1781000 To mitigate this issue, upgrade the cluster to version 1.28.7-gke.1026000 or later, or to 1.29.2-gke.1060000 or later. A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. (2024-R13) Version updates The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. GKE new features - In new Standard clusters running GKE version 1.29 and later, GKE assigns IP addresses for GKE Services from a Google-managed range: 34.118.224.0/20 by default. GKE - (2024-R13) Version updates The following control plane and node versions are now available: 1.26.14-gke.1044001 1.26.15-gke.1300000 1.27.11-gke.1062003 1.27.13-gke.1166000 1.28.7-gke.1026001 1.28.9-gke.1209000 1.29.1-gke.1589020 1.29.3-gke.1282001 1.29.4-gke.1447000 The following versions are no longer available: 1.26.13-gke.1144000 1.26.15-gke.1158000 1.26.15-gke.1243000 1.27.12-gke.1190000 1.27.13-gke.1070000 1.28.3-gke.1118000 1.28.3-gke.1286000 1.28.8-gke.1175000 1.28.9-gke.1069000 1.29.1-gke.1589017 1.29.3-gke.1093000 1.29.3-gke.1093006 1.29.4-gke.1165000 Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release. Cloud Life Sciences - The migration documentation has been updated to explain how to use workflow services that you have configured for Cloud Life Sciences with Batch instead. Looker - Looker (Google Cloud core) and Looker (original) changes. Looker 24.8 includes the following changes, features, and fixes: Expected Looker (original) deployment start: Monday, May 13, 2024 Expected Looker (original) final deployment and download available: Thursday, May 23, 2024 Expected Looker (Google Cloud core) deployment start: Monday, May 13, 2024 Expected Looker (Google Cloud core) final deployment: Monday, May 20, 2024. Database connection pooling is becoming generally available. The last_logged_in_at time is now captured when a URL that is created by the create_embed_url is used to log in to the Looker instance. Previously, queries for totals would not run when a derived table referenced an ephemeral derived table using the SQL_TABLE_NAME syntax. An issue has been fixed with the scrollbar appearing in text tiles. An issue has been fixed where embed download filter parameters for cookieless embed were incorrectly escaped (space mapped to x2B [+] rather than x20). An issue has been fixed where ↙ ↘ characters were being reversed in single value visualizations. Text is now properly truncated in table visualizations even when the underlying field has defined html and link parameters. Previously, an issue could cause Look titles to be cut off. Previously, an issue caused filters to be incorrectly restored in the dashboard edit filter dialog. Previously, if Looker encountered an invalid visualization type on a tile, the dashboard would not load. Previously, queries that were defined with the API occasionally could not be downloaded as PNGs or JPGs. Quick start queries with missing identifiers will no longer cause validation to fail. Referencing the ALL_FIELDS set in a join or view will no longer cause validation to fail. You can now see longer embedded Look titles without needing to scroll. For LookML projects with a large number of files, IDE folders were slow to respond when you were navigating and creating, editing, or deleting LookML files. When you search for a user or group, strings with commas now work as expected. An issue where paper size did not change correctly when Fit to Dashboard was used has been fixed. Previously, when embedded Explores were rendered in an iframe, a screen jump might have occurred. Previously, query downloads of type json_bi could have failed if they included fields that were hidden from the visualization. Looker now initializes Development Mode projects for Looker projects that are in Production Mode. Text in the project IDE will now be line wrapped. When a Git project becomes corrupted, Looker now proactively converts it to a clone to prevent further issues. When a LookML project fails to load, a log message will now be generated. The log error about getting an access token from the Google OAuth library has been reclassified as a warning. When a custom filter is too large for the JSON parser to handle, Looker now returns a more descriptive error. HSQLDB has been updated to version 2.7.2 to comply with GHSA-77xx-rxvh-q682. Looker (original) only changes. On the Looker Labs page, links to documentation will now open in a new browser tab instead of navigating away from the Looker UI. Migrate to Containers - The Migrate to Containers UI in the Google Cloud console, migctl, and CRDs that used processing clusters to migrate workloads to Google Cloud are no longer available. Cloud Monitoring - You can now configure a logs panel widget to display log entries by log view. Synthetic monitors no longer require that the ingress rule be set to allow all traffic. A Selenium WebDriver sample is now available for synthetic monitors. AutoML Natural Language - This legacy version of AutoML Natural Language is deprecated and new models can no longer be trained nor deployed on the legacy platform. Security Command Center - Assign high-value resources based on Sensitive Data Protection insights for Cloud SQL The attack path simulations feature can now automatically set the resource value of a Cloud SQL resource based on the sensitivity of the data that the instance contains. SAP Solutions - New SAP HANA certification: Hyperdisk Balanced usage with M1 machine types For use with SAP HANA on Google Cloud, SAP has certified the usage of Hyperdisk Balanced with the M1 series of memory-optimized machine types. |
If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com
Have a great week,
Zdenko
Older messages
GCP Newsletter #397
Monday, May 6, 2024
Welcome to issue #397 May 6th, 2024 News AI Cloud Storage Official Blog PyTorch Introducing Dataflux Dataset for Cloud Storage to accelerate PyTorch AI training Google Kubernetes Engine Official Blog
GCP Newsletter #396
Monday, April 29, 2024
Welcome to issue #396 April 29th, 2024 News Networking Official Blog Partners Introducing the Verified Peering Provider program, a simple alternative to Direct Peering - Google has launched a new
GCP Newsletter #395
Monday, April 22, 2024
Welcome to issue #395 April 22nd, 2024 News LLM Official Blog Vertex AI Meta Llama 3 Available Today on Google Cloud Vertex AI - Meta Llama 3 model is available on Vertex AI Model Garden. BigQuery LLM
GCP Newsletter #394
Monday, April 15, 2024
Welcome to issue #394 April 15th, 2024 In this issue, all related to Cloud Next 2024 is covered (and there was plenty of it!!!). News Google Cloud Platform Official Blog All 218 things we announced at
GCP Newsletter #393
Monday, April 8, 2024
Welcome to issue #393 April 8th, 2024 News BigQuery Official Blog Security Privacy-preserving data sharing now generally available with BigQuery data clean rooms - BigQuery data clean rooms are now
You Might Also Like
💻 Installing Linux on an Old Laptop Instead of a Raspberry Pi — Flagship Phones Need More Storage
Monday, November 18, 2024
Also: I Built the Perfect Programming Platform In Less Than 10 Minutes, and More! How-To Geek Logo November 18, 2024 Did You Know The Sixth Sense was the highest-grossing horror film of all time in
Daily Coding Problem: Problem #1612 [Hard]
Monday, November 18, 2024
Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Etsy. Given a sorted array, convert it into a height-balanced binary search tree.
10,000 ways to fail & The European Search Perspective
Monday, November 18, 2024
Reflecting on over five years of Creativerly, Signal introduces Call Links, the science of mental models, and a lot more in this week's issue of Creativerly. Creativerly 10000 ways to fail &
Charted | Global GHG Emissions, by Sector 🌎
Monday, November 18, 2024
In this graphic, we show greenhouse gas emissions by sector in 2023. View Online | Subscribe | Download Our App Presented by: New 3-Part Series: Bitcoin Demystified >> Learn more about one of the
Spyglass Dispatch: Samsung/Google Smart Glasses • Star Wars Mess • Netflix Knocked Out • Conan's Oscars • MicroStrategy's Comeback • Vision Pro In Focus • Saving 'Inside the NBA' • Apple Television Lives!
Monday, November 18, 2024
Samsung/Google Smart Glasses • Star Wars Mess • Netflix Knocked Out • Conan's Oscars • MicroStrategy's Comeback • Vision Pro In Focus • Saving 'Inside the NBA' • Apple Television Lives!
GCP Newsletter #424
Monday, November 18, 2024
Welcome to issue #425 November 18th, 2024 News Google Kubernetes Engine Official Blog 65000 nodes and counting: Google Kubernetes Engine is ready for trillion-parameter AI models - Google Kubernetes
Design and code beautiful products. Together.
Monday, November 18, 2024
Pablo Ruiz-Múzquiz and the team at Penpot have recently announced a new plugin feature that allows users to build new tools and functionalities on the platform. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Can Bitcoin Put an End to Forever War?
Monday, November 18, 2024
Top Tech Content sent at Noon! How the world collects web data Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today, November 18, 2024? The HackerNoon
25 tips for programming with AI
Monday, November 18, 2024
Meta Quest dominates Steam VR; Stop squirting hot glue into devices -- ZDNET ZDNET Tech Today - US November 18, 2024 digitalspeed-gettyimages-1322205545 25 AI tips to boost your programming
Ordering, Grouping and Consistency in Messaging systems
Monday, November 18, 2024
We went quite far from our Queue Broker series in recent editions, but today, we're back to it! By powers combined, I joined our Queue Broker implementation to solve the generic idempotency check