Welcome to issue #419 October 7th, 2024

News

Parallelstore is now GA, fueling the next generation of AI and HPC workloads - Parallelstore, a high-performance file service for HPC and AI workloads, is now generally available on Google Cloud. Built on the Distributed Asynchronous Object Storage (DAOS) architecture, Parallelstore combines a fully distributed metadata and key-value architecture to deliver high-performance throughput and IOPS.

You can now sign Microsoft Windows artifacts with keys protected by Cloud HSM - Google Cloud now allows users to sign Microsoft Windows artifacts with keys protected by Cloud HSM. This capability enables developers to protect their signing keys with FIPS 140-2 Level 3 assurances and reduce infrastructure and operations costs.

Introducing Valkey 8.0 on Memorystore: unmatched performance and fully open-source - Google Cloud launches Valkey 8.0 on Memorystore, a fully managed service that offers enhanced performance, improved reliability, and full compatibility with Redis OSS. Valkey 8.0 introduces asynchronous I/O capabilities, key-memory efficiency improvements, and several features that enhance cluster resilience and availability.

AlloyDB supercharges PostgreSQL vector search with accuracy, speed, and 1B+ scale - AlloyDB's ScaNN index is now generally available. With the ScaNN index, AlloyDB combines the performance of a vector-optimized database, delivering accurate results in record time and scaling to support more than a billion vectors, with the query flexibility, enterprise features, and multi-workload capabilities of a relational database.

Announcing new Confidential Computing updates for even more hardware security options - General Availability of several Confidential Computing options and updates to the Google Cloud attestation service.

Enhancing your gen AI use case with Vertex AI embeddings and task types - Vertex AI Embeddings and Task Types can enhance your gen AI use cases by improving the accuracy and effectiveness of your Retrieval Augmented Generation (RAG) system. Traditional similarity search often falls short due to the "question is not the answer" problem, where questions and answers have distinctly different meanings. Task type embeddings address this challenge by learning the relationship between query and answer embeddings, eliminating the need for customized dual encoder models or advanced RAG systems.

Aiven partnership enables multi-cloud, managed PostgreSQL with AlloyDB Omni - Google Cloud and Aiven partner to offer Aiven for AlloyDB Omni, a managed cloud database service that provides a simplified and secure way to deploy, manage, and scale AlloyDB Omni on Google Cloud, AWS, and Azure.

Understand your Cloud Storage footprint with AI-powered queries and insights - With AI-powered storage insight generation, customers can ask questions to uncover valuable insights about their Cloud Storage environment, such as potential security risks, compliance issues, and cost-saving opportunities.

The Google for Startups Cloud Program fuels more AI innovation - The Google for Startups Cloud Program supports AI innovation by providing startups with access to Google's AI technology, training, and business support.

Migrate your SQL Server databases using Database Migration Service, now GA - Database Migration Service for SQL Server is now generally available, it enables seamless migration of SQL Server databases from on-premises and other clouds to Cloud SQL for SQL Server.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

capa Explorer Web: A Web-Based Tool for Program Capability Analysis - capa Explorer Web is a web-based tool that allows users to interactively browse and display capa results in multiple viewing modes. It provides an intuitive and interactive way to visualize the capa analysis results, including rule matches, function capabilities, and process capabilities. Users can sort, search, and filter results, and view detailed information for each rule match. capa Explorer Web also integrates with VirusTotal, allowing users to explore capa results directly from VirusTotal.

Build service centric apps with Google Cross-Cloud Network — demo - Google Cloud's service-centric Cross-Cloud Network simplifies network complexity in multicloud and hybrid environments. It offers benefits like IP address management, isolation of deployments, workload security, and simplified routing. Considerations include connectivity, security, and privacy. Learn more through documentation, NEXT '24 session, and Architecture Center Doc.

Faster Machine Learning Deployments: Why We Disabled GKE Image Streaming - PicCollage disabled Google Kubernetes Engine Image Streaming to improve machine learning deployments. Image streaming caused slowdowns when pulling large images with lengthy setups, taking up to 16 minutes. Disabling streaming reduced deployment time to around 9 minutes.

Workload Identity vs. Workforce Identity in GCP: A Guide for Beginners - This article gives an overview of Workload Identity and Workforce Identity.

Leveraging Istio to connect External VM to Kubernetes (GKE) - This article explores how to extend Kubernetes service mesh capabilities beyond the cluster by leveraging Istio to seamlessly connect an external Virtual Machine (VM) to a Google Kubernetes Engine (GKE) cluster. It demonstrates a practical approach to integrating VM-based workloads with Kubernetes-native microservices, utilizing Istio’s advanced networking and traffic management features to create a unified, scalable service mesh across both environments. The article provides a step-by-step guide on setting up Istio to enable workloads in the Kubernetes Cluster to send and receive traffic from and to the VM, including generating necessary artifacts, configuring the external VM, and installing and starting the Istio sidecar service.

Deny Policies — The thing you didn’t know you needed | Google Cloud - Deny policies in Google Cloud act as guardrails, ensuring certain actions are never allowed, even if a user seemingly has permission. They provide an extra layer of security and control, especially for sensitive data. Deny policies can be attached at three levels: organization, folder, and project, allowing granular control over resources. By implementing deny policies strategically, organizations can prevent unauthorized access, enforce regulatory compliance, and protect against accidental deletions or modifications.

How virtual red team technology can find high-risk security issues before attackers do - Security Command Center's virtual red team technology simulates sophisticated attackers to find high-risk cloud security issues before they can be exploited. Unlike static, rules-based approaches, virtual red teaming discovers unique attack paths and toxic combinations specific to each customer's cloud environment, enabling more effective responses to previously unknown cloud risks.

App Development, Serverless, Databases, DevOps

How to Deploy a Go service to GCP Cloud Run - Learn how to effortlessly deploy your Go service to GCP Cloud Run with Docker, environment variables, and troubleshooting tips.

SSL/TLS Connections in CloudSQL - This article describes how to enable and enforce SSL/TLS connections to a Cloud SQL database.

Is a 35.1% Cost Increase Worth It? Choosing Between Tier 1 and Tier 2 in Google Cloud Run Functions - Choosing between Tier 1 and Tier 2 regions in Google Cloud Run Functions can significantly impact your budget.

GCP Cloud Run: An Extensive Guide to Serverless Deployments - This article presents foundational knowledge and advanced techniques needed to master Cloud Run.

GCP Cloud Functions Logging - Lets get straight into the fun stuff, the code.

Embracing gen AI with the latest Google Cloud databases innovations - Google Cloud is embracing generative AI with innovations across its database offerings. Developers can now build enterprise gen AI apps with operational data using Spanner, AlloyDB, and Memorystore. Gemini models simplify every stage of the database journey, from fleet management to troubleshooting. Legacy databases can be modernized for AI with Oracle Database@Google Cloud, now available in five regions.

Accessing a private bucket through a load balancer in GCP with Terraform - This article provides a step-by-step guide on how to securely expose a private Google Cloud Storage (GCS) bucket to the public using Terraform.

Protocol Buffer as data type in Spanner - An overview of how to use recently introduced Protocol Buffers data type in Cloud Spanner.

Big Data, Analytics, ML&AI

Mastering Dataflow: 5 In-Depth Guides to Real-World Applications - Google Cloud's Dataflow offers a range of solutions for real-time data processing. These include machine learning and generative AI, ETL and integration, log replication and analytics, marketing intelligence, and clickstream analytics. Each solution guide provides an overview, detailed sketch, and link to a comprehensive guide with code samples and best practices. With Dataflow's scalability, flexibility, and reliability, developers can build real-time solutions efficiently.

Cloud Composer 3: Truly “serverless”? - An overview of Cloud Composer third generation.

Long Running Operations on GCP with Cloud Batch and Cloud Workflow - In this article we will see how we can implement a simple architecture to handle LROs using Google Cloud Platform (GCP).

Build your own Google Cloud Expert from scratch - Want to build an AI assistant which deeply understands Google Cloud and runs on Google Cloud?

Persisting LLM chat history to Firestore - LangChain and Firestore can be used to build LLM powered chat applications. LangChain's RunnableWithMessageHistory helps manage chat message history, while Firestore's FirestoreChatMessageHistory stores messages to a Firestore collection. This allows for persistent chat history and more meaningful conversations. Future posts will explore advanced use cases for Firestore in LLM applications.

When to use supervised fine-tuning for Gemini - This article delves into what SFT (Supervised Fine-Tuning) is, when to embrace SFT, and how it compares to other methods for optimizing your models output.

An advanced LlamaIndex RAG implementation on Google Cloud - This post provides a practical guide to rapidly prototyping and evaluating RAG (Retrieval Augmented Generation) solutions using Llama-index, Streamlit, RAGAS, and Google Cloud's Gemini models. It explores how to build reusable components, extend existing frameworks, and test performance reliably.

Three steps in mapping out your modern platform strategy - Building a modern, AI-ready developer platform involves defining its purpose, assembling the necessary components, and establishing a continuous improvement process. Organizations embark on platform overhauls for various reasons, such as coping with growth, adopting AI, or improving cost, performance, or user experience. Key steps include defining the platform's purpose, assembling its components, and establishing a process for continuous improvement.

Various

Bringing the best of Google Cloud to the Public Sector - Google Cloud is committed to pushing the boundaries of AI and security in the public sector. Recent innovations include more powerful versions of Gemini, Gemini Flash, and Imagen 3. Public sector organizations are leveraging generative AI to drive transformative change, from streamlining citizen services to improving patient outcomes.

Gemini at Work: Putting AI to work in the public sector - Google Cloud's Gemini at Work event showcased transformative generative AI use cases from customers across industries, including the public sector. Google Workspace will now have the Gemini app built directly into it, providing government employees with their own virtual assistant while upholding security and compliance policies.

Slides, Videos, Audio

Kubernetes Podcast - #238 KCP, with Marvin Beckers.

Security Podcast - #192 Confidential + AI: Can AI Keep a Secret?

Releases

Access Context Manager - Generally available: App allowlist support for context-aware access You can now create an access binding with a map of applications to access levels to apply access levels to specific applications, avoiding unintended effects on other applications.

Agent Assist - Agent Assist now offers Live transcription adaptation in preview.

AlloyDB - AlloyDB now supports up to 128 TiB storage per cluster in all locations. The alloydb_scann extension (previously named postgres_scann) is generally available (GA) for the AlloyDB service in Google Cloud. AlloyDB Omni is in Limited Availability on the Aiven Platform. AlloyDB outbound public IP connectivity on primary and secondary instances is generally available (GA).

Anthos Config Management - Config Controller now uses the following versions of its included products: Config Connector v1.122.0, release notes.

Anthos clusters on AWS - You can now launch clusters with the following Kubernetes versions.

Google Distributed Cloud Bare Metal - 1.29. Release 1.29.600-gke.108 Google Distributed Cloud for bare metal 1.29.600-gke.108 is now available for download. Fixes: Fixed Cloud Audit Logging failure due to allowlisting issue with multiple project IDs. The following container image security vulnerabilities have been fixed in 1.29.600-gke.108: Critical container vulnerabilities: CVE-2024-37371 CVE-2024-42154 High-severity container vulnerabilities: CVE-2020-22218 CVE-2024-0553 CVE-2024-0567 CVE-2024-37370 CVE-2024-39487 CVE-2024-41040 CVE-2024-41046 CVE-2024-41049 CVE-2024-41059 CVE-2024-41070 CVE-2024-42104 CVE-2024-42148 CVE-2024-42161 CVE-2024-42224 Medium-severity container vulnerabilities: CVE-2016-3709 CVE-2024-36901 CVE-2024-36938 CVE-2024-41009 CVE-2024-41012 CVE-2024-41055 CVE-2024-41063 CVE-2024-41064 CVE-2024-42101 CVE-2024-42102 CVE-2024-42131 CVE-2024-42137 CVE-2024-42152 CVE-2024-42153 CVE-2024-42157 CVE-2024-42223 CVE-2024-42229 CVE-2024-42232 CVE-2024-42236 CVE-2024-42244 CVE-2024-42247 Low-severity container vulnerabilities: CVE-2022-2309 CVE-2024-41007. Known issues: For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

GKE attached clusters - This release includes the following GKE attached clusters platform versions.

GKE on AWS - You can now launch clusters with the following Kubernetes versions.

Anthos clusters on Azure - You can now launch clusters with the following Kubernetes versions.

GDCV for VMware - Google Distributed Cloud (software only) for VMware 1.29.600-gke.109 is now available for download. Removed TLS/SSL weak message authentication code cipher suites in the vSphere cloud controller manager. Fixed the following vulnerabilities in 1.29.600-gke.109: Critical container vulnerabilities: CVE-2021-38297 CVE-2023-24540 CVE-2023-29405 CVE-2023-29404 CVE-2023-24538 CVE-2024-37371 CVE-2023-29402 CVE-2022-23806 High-severity container vulnerabilities:. Google Distributed Cloud (software only) for VMware 1.30.100-gke.96 is now available for download. Fixed the following issues in 1.30.100-gke.96: Fixed the known issue where updating dataplaneV2.forwardMode didn't automatically trigger anetd DaemonSet restart.

Anthos GKE on AWS - You can now launch clusters with the following Kubernetes versions.

Apigee UI - On October 3, 2024, we released an updated version of the Apigee UI. Bug ID Description 369647749 Proxy deployment units counts include shared flows Fixed issue where proxy deployment unit counts in the UI did not take into account shared flow deployments.

Apigee Advanced API Security - On October 4, 2024 we released an updated version of Advanced API Security. Fixed: Delay in score generation for Risk Assessment v2 with VPC-SC-enabled organizations only In Risk Assessment v2, which is in preview, this issue has been resolved: With VPC-SC-enabled organizations only, when generating scores for new organizations or scoring changes to included proxies, shared flows, and target server configurations, score generation could have take as much as three hours.

Apigee X - On October 2, 2024, we released an updated version of Apigee. With this release, all remaining Apigee API Management organizations with Subscription 2021 contracts have been upgraded to introduce standard and extensible API proxy features. Subscription Apigee organizations (without hybrid entitlements) upgraded in this release will see changes to the user experience in the Classic Apigee UI.

Apigee Hybrid - v1.13.1 On October 4, 2024 we released an updated version of the Apigee hybrid software, Cassandra credential rotation in Vault Starting in version v1.3.1, You can set up automatic Cassandra credential rotation when your credentials are stored in Hashicorp Vault. New data pipeline for analytics and debug with data residency Starting with Apigee Hybrid 1.13.1, Apigee Hybrid can use a new data pipeline to collect data for analytics and debug to allow various runtime components to write data directly to our control plane. Bug ID Description 364282883 Remove check for dc-expansion flag and add timeout to multi-region seed host connection test. Bug ID Description N/A Security fixes for apigee-open-telemetry-collector.

Application Integration - Local logging in async mode (Generally available (GA)) By default, local logging for new integrations is now enabled in async mode. Test cases (Preview) You can now test if your integration is working as intended by creating and running test cases on your complex integrations. Diagram mode in the Data Transformer Task (Preview) The Diagram mode provides a console-based experience to select the input and output variables and perform transformations in the data transformation editor. Replay execution (Preview) You can now rerun a failed integration with the same parameters as the previous execution.

Cloud Architecture Center - (New guide) Enterprise application on Compute Engine VMs with Oracle Exadata in Google Cloud: Provides a reference architecture for an application that's hosted on Compute Engine VMs with connectivity to Oracle Cloud Infrastructure (OCI) Exadata databases in Google Cloud.

Artifact Registry - Artifact Registry support for OCI specifications v1.1 is generally available in Docker format repositories. Artifact Analysis is gradually rolling out regionalized data storage and endpoints to help support compliance with data residency requirements.

Assured Workloads for Goverment - The following products are now supported by the following control packages. Cloud Run and Filestore are now supported by the following control packages.

Backup and DR Service - Backup and DR Service added support to view unprotected resource logs in Cloud Logging. Backup and DR Service added support to view unprotected resource reports in BigQuery.

BigQuery - You can now create an external dataset in BigQuery that links to an existing database in Spanner. ODBC driver update, release 3.0.7 1016 [New] Connector authentication on Google Cloud VMs: The connector now supports authentication through Application Default Credentials using the Google internal metadata server, eliminating the need for a keyfile. You can now enable, disable, and analyze history-based optimizations for queries. You can now use flexible column names with BigQuery tables and views for extracting, loading, streaming, and querying data. You can now use the operational health dashboard to get a single-pane view of key metrics such as slot usage, shuffle usage, errors, and total storage in real time. You can now create a materialized view replica directly from the Google Cloud console.

Billing - View and manage unexpected costs with Anomaly Detection (in preview) You can now view and manage cost spikes that deviate from your historical spend patterns using the Anomalies dashboard (preview).

Channel Services - Partners selling Workspace and ChromeOS products can now import customers who currently work with a different reseller or Google.

Chronicle Security Operations - When performing a search on entities in the SOAR search page, you can now focus on more precise results by using the new condition Equals, in addition to the default condition Contains. The case report now includes all information written on the case wall. It is now possible to merge cases where the requester is not the assignee both in the platform and through the API endpoint: api/external/v1/cases-queue/bulk-operations/MergeCases.

Chronicle SOAR - Release 6.3.20 is now in General Availability. Remote Agents 2.2.0 is now in General Availability. Release 6.3.21 is currently in Preview. When performing a search on entities in the SOAR search page, you can now focus on more precise results by using the new condition Equals, in addition to the default condition Contains. Remote Agents 2.2.0 Release is currently in Preview. Logs quality and coverage enhancements.

Colab - Gemini in Colab Enterprise, which is a product in the Gemini for Google Cloud portfolio, is generally available.

Cloud Composer - A new Cloud Composer release has started on October 01, 2024. (Available without upgrading) Fixed the cause of DAG run failures for runs created from the Cloud Console when the [scheduler]allowed_run_id_pattern Airflow configuration option is set to a custom value. (Airflow 2.9.3 and 2.9.1) The apache-airflow-providers-google package was upgraded to version 10.23.0 in Cloud Composer 2 images and Cloud Composer 3 builds. (Airflow 2.9.3 and 2.9.1) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 8.4.2 in Cloud Composer 2 images and Cloud Composer 3 builds. New Airflow builds are available in Cloud Composer 3: composer-3-airflow-2.9.3-build.1 composer-3-airflow-2.9.1-build.8 (default) composer-3-airflow-2.7.3-build.17. Cloud Composer 2.9.5 images are available: composer-2.9.5-airflow-2.9.3 composer-2.9.5-airflow-2.9.1 (default) composer-2.9.5-airflow-2.7.3. Cloud Composer version 2.4.4 has reached its end of support period.

Compute Engine - Preview: Multi-writer support for Hyperdisk Balanced High Availability disks.

Dataform - The maximum size limit for workspaces encrypted with customer-managed encryption keys (CMEK) is 512 MB.

Dataplex - Managed connectivity pipelines are generally available (GA).

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.81 1.2.25 2.2.25. Blocklisted the following Dataproc on Compute Engine subminor image versions: 2.0.120-debian10, 2.0.120-rocky8, 2.0.120-ubuntu18 2.1.68-debian11, 2.1.68-rocky8, 2.1.68-ubuntu20, 2.1.68-ubuntu20-arm 2.2.34-debian12, 2.2.34-rocky9, 2.2.34-ubuntu22.

Dataproc - Blocklisted the following Dataproc on Compute Engine subminor image versions: 2.0.120-debian10, 2.0.120-rocky8, 2.0.120-ubuntu18 2.1.68-debian11, 2.1.68-rocky8, 2.1.68-ubuntu20, 2.1.68-ubuntu20-arm 2.2.34-debian12, 2.2.34-rocky9, 2.2.34-ubuntu22.

Datastore - You can now use property transforms like increment in the REST API. You can now use customer-managed encryption keys (CMEK) in Datastore to protect your data. The Java client library for Firestore in Datastore mode now supports client-side tracing.

Cloud Data Loss Prevention - The current default LOCATION infoType detection model, which is accessible when InfoType.version is set to latest or stable, is now also used when InfoType.version is set to legacy. The FINLAND_BUSINESS_ID infoType detector is available in all regions.

Document AI - Custom Extractor pretrained-foundation-model-v1.2-2024-05-10 and pretrained-foundation-model-v1.3-2024-08-31 are now Stable versions.

Cloud Filestore - NFSv4.1 protocol support, integrated with Managed Service for Microsoft Active Directory, is now generally available for zonal, regional, and enterprise instances.

Anti Money Laundering AI - A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version.

Cloud Firestore - You can now use customer-managed encryption keys (CMEK) in Firestore to protect your data.

Cloud Functions - You can now manage function resources using custom constraints that get enforced at the project level.

Gemini - Code customization is now generally available in Gemini Code Assist for: VS Code with the Gemini Code Assist + Cloud Code extension (version 2.18.0+) IntelliJ with the Gemini Code Assist/Cloud Code plugin (version 1.1.0) Cloud Workstations Cloud Shell Editor With code customization, Gemini Code Assist lets you get enhanced code suggestions based on your organization's private codebase(s) (in GitHub.com or GitLab.com) and in line with your coding conventions. Local codebase awareness is now available for VS Code, IntelliJ, Cloud Workstations, and Cloud Shell Gemini Code Assist. The VS Code Gemini Code Assist extension now supports code transformation. Improved error handling for the IntelliJ Gemini Code Assist plugin.

Identity Platform - Custom organization policies for Identity Platform are generally available (GA).

Integration Connectors - The following connectors are now generally available (GA): Asana, WordPress. To view the list of all the GA connectors, see Connectors in GA.

Google Kubernetes Engine - CVE-2024-45016 was discovered in the Linux kernel, which can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. The following beta APIs were added in Kubernetes 1.31 and are available in GKE version 1.31.1-gke.1361000 and later: networking.k8s.io/v1beta1/ipaddresses networking.k8s.io/v1beta1/servicecidrs Enabling both APIs at the same time enables the Multiple Service CIDRs Kubernetes feature in a GKE cluster. Ray Operator on GKE is now generally available on 1.29 and later. (2024-R38) Version updates GKE cluster versions have been updated. GKE now supports the Parallelstore CSI driver in allowlisted general availability (GA), which means that you can reach out to your Google support team to use the service under GA terms. In GKE version 1.30.3-gke.1639000 and later and 1.31.0-gke.1058000 and later, GKE can handle GPU and TPU node disruptions by notifying you in advance of a shutdown and by gracefully terminating your workloads.

GKE new features - The following beta APIs were added in Kubernetes 1.31 and are available in GKE version 1.31.1-gke.1361000 and later: networking.k8s.io/v1beta1/ipaddresses networking.k8s.io/v1beta1/servicecidrs Enabling both APIs at the same time enables the Multiple Service CIDRs Kubernetes feature in a GKE cluster. Ray Operator on GKE is now generally available on 1.29 and later. GKE now supports the Parallelstore CSI driver in allowlisted general availability (GA), which means that you can reach out to your Google support team to use the service under GA terms. In GKE version 1.30.3-gke.1639000 and later and 1.31.0-gke.1058000 and later, GKE can handle GPU and TPU node disruptions by notifying you in advance of a shutdown and by gracefully terminating your workloads.

Cloud Logging - You can now use Terraform commands to a create or update a log scope. The layout of the Logs Explorer page has been changed. The pricing for vended network logs has changed.

Memorystore for Redis Cluster - Added support for custom constraints. Instance configurations are now Generally Available on Memorystore for Redis Cluster.

Cloud Memorystore - Added support for custom constraints.

Cloud Monitoring - You can now apply and modify dashboard-wide filters by selecting the filter option within the cell of a table.

Cloud NAT - Hybrid NAT is available in General Availability.

Network Connectivity Center - Producer VPC Spokes is now available in public preview.

Cloud PubSub - Pub/Sub adds support for OpenTelemetry tracing. The message retention duration option for a subscription specifies how long Pub/Sub retains messages after publication.

Cloud Run - Service-level minimum instances are now generally available (GA).

Security Command Center - Manage security postures using the Google Cloud console You can now create, deploy, update, and delete security postures using the Google Cloud console. GKE Security Posture vulnerability findings now support attack exposure scores GKE runtime OS vulnerability findings detected by GKE Security Posture in Google Cloud are now scored by attack path simulations. Data residency for Security Command Center is now available in the Kingdom of Saudi Arabia.

Sensitive Data Protection - The current default LOCATION infoType detection model, which is accessible when InfoType.version is set to latest or stable, is now also used when InfoType.version is set to legacy. The FINLAND_BUSINESS_ID infoType detector is available in all regions.

Service Mesh - Managed Cloud Service Mesh. The following images are now rolling out for managed Cloud Service Mesh: 1.19.10-asm.19 is rolling out to the rapid release channel. 1.23.x. A known issue with asmcli for 1.23 is now fixed.

Sovereign Controls by Partners - Cloud Run and Filestore are now supported by the following control packages: Local Controls by S3NS, Sovereign Controls by PSN, Sovereign Controls by SIA/Minsait, Sovereign Controls Advanced by CNTXT, Sovereign Controls Foundation by CNTXT, T-Systems Sovereign Cloud.

Cloud Spanner - Spanner now supports the SAFE_TO_JSON function in GoogleSQL-dialect databases. You can perform vector similarity search using the now Generally Available K-nearest neighbors (KNN) vector distance functions: COSINE_DISTANCE() EUCLIDEAN_DISTANCE() DOT_PRODUCT() For more information, see Perform vector similarity search in Spanner by finding the K-nearest neighbors. The FLOAT32 (GoogleSQL) and float4/real (PostgreSQL) data types are Generally Available. Spanner now supports end-to-end tracing in preview, along with client-side tracing in the Java and Go client libraries.

Cloud SQL MySQL - You can now configure server certificate authority (CA) mode when you create a Cloud SQL instance. Cloud SQL for MySQL 8.4 is now generally available.

Cloud SQL Postgres - The pg_ivm extension, version 1.9, is generally available. You can now configure server certificate authority (CA) mode when you create a Cloud SQL instance.

Cloud SQL SQL Server - You can now configure server certificate authority (CA) mode when you create a Cloud SQL instance. You can now use the gcloud sql instances patch command to update the time zone of your Cloud SQL for SQL Server instance after you create the instance.

Traffic Director - Managed Cloud Service Mesh. The following images are now rolling out for managed Cloud Service Mesh: 1.19.10-asm.19 is rolling out to the rapid release channel. 1.23.x. A known issue with asmcli for 1.23 is now fixed.

Workflows - A math.floor function has been added to return the largest integer less than or equal to a given number.