Welcome to issue #433 January 13th, 2025

News

Introducing Vertex AI RAG Engine: Scale your Vertex AI RAG pipeline with confidence - Vertex AI RAG Engine is a fully managed service that helps you build and deploy retrieval-augmented generation (RAG) implementations with your data and methods.

Google Cloud expands its support for founders through partnerships with 300 accelerators worldwide - Google Cloud expands its support for founders through partnerships with 300 accelerators worldwide. These partnerships provide startups with access to Google Cloud's technology, resources, and benefits, including Startup Success Managers, Customer Engineers, and AI product teams.

Introducing Google Cloud Abuse Event Logging to enable automated incident remediation - Google Cloud customers can now track Cloud Abuse Events using Cloud Logging, including leaked service account keys, crypto mining incidents, and malware. These events are provided in a structured log format and can be integrated into existing security monitoring and incident response systems for enhanced automation and historical trend analysis.

Supporting women founders innovating with AI - The Google for Startups Accelerator: Women Founders program supports women-led AI startups in Europe and Israel. This ten-week accelerator provides expert mentorship, technical support, and tailored workshops to help startups scale.

Get ready for a unique, immersive security experience at Next ‘25

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation

Toward faster incident resolution at Palo Alto Networks with Personalized Service Health - Palo Alto Networks integrated Google Cloud's Personalized Service Health signals into its incident workflow for its Google Cloud-based PRISMA Access offering, enabling faster incident response and contingency actions to protect business continuity.

Understanding and Solving GKE Workload Identity Cross-Project Issues - This article explains how GKE Workload Identity works and provides a step-by-step guide to resolving cross-project setup issues.

Implementing Zero Trust Security in GKE: A Practical Guide - This guide demonstrates how to use Cloud Service Mesh to enforce mutual TLS encryption, implement identity-aware access control, and achieve namespace isolation. By following these steps, you can enhance the security posture of your GKE clusters and protect against lateral movement, man-in-the-middle attacks, and identity spoofing.

Deploy K8sGPT on GKE with Gemini-pro model - K8sGPT: Your AI-Powered Kubernetes Troubleshooter.

Are you doing Google Cloud Site Reliability Engineering (SRE) Wrong? Part 1 — Core Principles - Google Cloud Architecture Framework — Reliability Core Principles.

A Beginner’s Guide to Terraform Testing on Google Cloud - This article describes how to start with Terraform testing on GCP.

App Development, Serverless, Databases, DevOps

Avoid global outages by partitioning cloud applications to reduce blast radius - To reduce the risk of global outages, Google Cloud recommends partitioning the serving stack. Partitioning involves running isolated instances of application servers and storage. When making changes to the application code, new changes are deployed to one partition at a time, limiting the blast radius of an outage.

DB Migration Against All Odds - A success story of migrating a production database with numerous constraints.

How to use GitHub Actions to deploy your Docker image to Google Cloud - With multi environmental support and code examples.

Cloud Spanner — Evaluating commit timestamp optimization for recent-data queries - Spanner's commit timestamp optimization reduces query I/O when reading recent data. Tests show that using the commit timestamp column option can significantly reduce the number of rows scanned and improve performance, especially for recently loaded data.

Spring Cloud integrates AlloyDB - This article provides a complete example that shows how to connect to AlloyDB using a Spring Boot application.

Golang: Acquiring Google OAuth2 Tokens Behind a Proxy - This article explains how to use the `google.golang.org/api/idtoken` package to acquire Google OAuth2 tokens behind a proxy.

Big Data, Analytics, ML&AI

How to work with open source formats on BigQuery - BigQuery supports various open-source data formats. This post provides code examples and explanations for working with them.

Taming the JSON Beast: How to Parse Complex Nested Data in BigQuery - Learn how to parse complex nested JSON data in BigQuery using powerful SQL functions like JSON_VALUE and JSON_QUERY.

Distributed data preprocessing with GKE and Ray: Scaling for the enterprise - Ray and GKE can be used together to preprocess large datasets for machine learning. By leveraging the power of parallelism and cloud infrastructure, this combination can significantly reduce data preparation time and accelerate the overall machine learning workflow.

Enhance viewer engagement with gen AI-powered scene detection for ads - With Gemini, publishers can maximize the potential of their ad inventory and deliver a better ad experience for viewers.

Supervised Fine Tuning for Gemini: A best practices guide - This blog post delves into how developers can streamline their Supervised fine-tuning (SFT) process, including selecting the optimal model version, crafting a high-quality dataset, and employing best practices to evaluate models.

The PyTorch developer's guide to JAX fundamentals - This article provides a straightforward tutorial to help PyTorch users understand the basics of JAX by connecting its new concepts to the PyTorch building blocks they’re already familiar with.

Implementing Typeahead Suggestions with Google Cloud’s Vector Store for Enhanced Semantic Accuracy in E-commerce Search - Learn how to leverage the power of AI to improve accuracy of Typeahead Suggestions on custom Search Engines.

How to get started with BigQuery Omni: a terraformed example - This tutorial demonstrates how to set up BigQuery Omni with a connection to AWS and leverage data from a CSV file stored in S3.

How I built an agent with Pydantic AI and Google Gemini - This article describes how to build an AI agent using Pydantic AI and Google Gemini. The agent analyzes web pages, understands community sentiment, and synthesizes this information into a coherent SWOT analysis.

Taming the Tool Chaos: The Generative AI Agents & Tool Registry - A practical guide to managing Tools for Generative AI Agents.

Evaluating RAG pipelines - This article goes through different approaches to evaluating RAG pipelines and what metrics to use.

How to build dynamic web experiences with Conversational Agents - Build dynamic web pages that adapt their content based on user intent using Conversational Agents and function tools. Learn how to create a retail chatbot that dynamically updates product information based on user queries.

Various

Empowering retailers with AI for commerce, marketing, supply chains, and more - At the National Retail Federation (NRF) conference, Google Cloud showcased over 20 ISV and services partners utilizing Vertex AI, Gemini models, and other Google Cloud technologies to transform retail businesses. These partners are leveraging AI to create personalized marketing campaigns, optimize unified commerce experiences, create sustainable supply chains, and enhance physical store operations.

How retailers are accelerating AI into production with NVIDIA and Google Cloud - Retail customers and partners are combining Google Cloud with NVIDIA AI Enterprise to unlock AI transformation at scale, reducing costs, enhancing customer satisfaction, improving responsiveness, and driving in-store analytics and innovation.

Releases

Anthos clusters on VMware - Google Distributed Cloud (software only) for VMware 1.29.900-gke.181 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.900-gke.181 runs on Kubernetes v1.29.11-gke.300. If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

Apigee Advanced API Security - On January 7, 2024 we released a new version of Advanced API Security Abuse Detection. API key drill down details are now available in the preview release of Advanced API Security Abuse Detection incidents. UI support for environment-level client IP address resolution.

Batch - You can use the Google Cloud console to create jobs that use GPUs.

Chronicle - For the list of available new parsers, go to the release page.

Chronicle Security Operations - Playbook names must now be unique across all SOAR environments, as part of updates to support future features. For customers with existing playbooks in different environments that have the same name, there is no need to manually change names. However, the next time you edit one of these playbooks, you will be asked to change the name before you save. The user must log in to the Google SecOps platform with the exact same IdP group name as entered in the Settings screen.

Chronicle SOAR - Release 6.3.29 is now in General Availability. Release 6.3.30 is currently in Preview. Playbook names must now be unique across all SOAR environments, as part of updates to support future features. For customers with existing playbooks in different environments that have the same name, there is no need to manually change names. However, the next time you edit one of these playbooks, you will be asked to change the name before you save.

Cloud Composer - Starting after April 13, 2025, Cloud Composer 3 will unify its billing with BigQuery. The Cloud Composer 3 standard milli DCU-hours SKU will be replaced with the new BigQuery Engine for Apache Airflow SKU, which will be calculated based on the number of BigQuery slot hours that your Cloud Composer 3 environments consume. Other SKUs will be renamed and moved under the BigQuery hierarchy. The change will be rolled out gradually to all regions supported by Cloud Composer 3. For more information about the change, see Transition to BigQuery slot-hour-based pricing. The issue with automatic environment upgrades and upgrading Airflow builds in Cloud Composer 3 is resolved and these operations are working. If you think that your environment is still impacted by this issue, please reach out to the Cloud Support team. In January 2025, we will delete inactive Cloud Composer 1 environments that are non-recoverable. Environments that have both of the following problems present at the same time will be deleted: The environment's underlying GKE cluster is deleted.