Welcome to issue #441 March 10th, 2025

News

Hej Sverige! Google Cloud launches new region in Sweden - Google Cloud has launched its 42nd cloud region in Sweden, providing Swedish businesses and individuals with access to high-performance, low-latency cloud services.

Meet Kubernetes History Inspector, a log visualization tool for Kubernetes clusters - Kubernetes History Inspector (KHI) is a powerful log visualization tool for Kubernetes clusters. It collects, correlates, and analyzes log streams from various Kubernetes components, presenting them in a chronological timeline.

Get Salesforce insights in BigQuery for unified analytics powered by Datastream - Datastream, Google Cloud's fully managed change data capture service, now supports Salesforce as a source. This simplifies connecting to Salesforce, automatically capturing changes and delivering them to BigQuery, Cloud Storage, and other Google Cloud destinations.

Introducing built-in performance monitoring for Vertex AI Model Garden - Vertex AI now offers built-in performance monitoring and alerts for its managed foundation models, including Gemini. These metrics are easily accessible on the Vertex AI homepage, providing information about usage, latency, and error rates.

Announcing AI Protection: Security for the AI era - Google Cloud introduces AI Protection, a set of capabilities designed to safeguard AI workloads and data across clouds and models. AI Protection helps teams discover AI inventory, secure AI assets, and manage AI threats. It integrates with Security Command Center, providing a centralized view of AI posture and holistic risk management.

Forrester study reveals significant benefits and cost savings with Spanner - Forrester's Total Economic Impact™ (TEI) study reveals that organizations can achieve significant benefits by deploying Spanner, Google Cloud's globally consistent, multi-model database.

Google Cloud named a Leader in the 2025 Forrester Data Security Platforms Wave - Google has been recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2025 report. This recognition reflects Google's commitment to providing cutting-edge data security in the cloud, addressing the evolving needs of customers and the market.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Challenges with URL Path Forwarding in GKE Ingress Controller - Handling GKE Ingress controller not supporting URL path overwriting.

GoStringUngarbler: Deobfuscating Strings in Garbled Binaries - GoStringUngarbler is a command-line tool that automatically decrypts strings found in garble-obfuscated Go binaries. It can streamline the reverse engineering process by producing a deobfuscated binary with all strings recovered and shown in plain text, thereby simplifying static analysis, malware detection, and classification.

Not Lost in Translation: Rosetta 2 Artifacts in macOS Intrusions - Mandiant has discovered that sophisticated threat actors are using x86-64 compiled macOS malware, likely due to broader compatibility and relaxed execution policies compared to ARM64 binaries. Analysis of Ahead-Of-Time (AOT) files, combined with FSEvents and Unified Logs, can assist in investigating macOS intrusions.

App Development, Serverless, Databases, DevOps

Best practices for achieving high availability and scalability in Cloud SQL - This blog post explains how to maximize business continuity efforts with Cloud SQL's high availability and scalability features, as well as how to use Cloud SQL Enterprise Plus features to build resilient database architectures that can handle workload spikes, unexpected outages, and read scaling needs.

Build a planet scale, global architecture for modern apps on Google Cloud - This article presents an architecture for building modern, globally load-balanced, self-healing, auto-scaled, and secure applications on Google Cloud without managing any servers. It leverages Cloud DNS, Cloud Armor, Cloud Load Balancing, and Cloud Run Functions.

GCP Logging Is Not Free… - This article will help you understand GCP loggings price calculation, identify the storage breakdown & ways to reduce your loggings bills.

Better Spending Habits with Firebase Genkit & Monzo - This article showcases a small integration built using Firebase Genkit, a new framework for adding AI into web and mobile apps. McMurdo found it easy to use and sprinkle some AI magic into his app.

Conquering Firestore’s Disjunction Limit: A Troubleshooting Guide - Firestore has a limit of 30 OR conditions in a single query, which can be a challenge when building complex search and filtering features. To overcome this, you can use the "Query Splitting and Merging" approach, which involves breaking down complex queries into smaller, manageable pieces, running them efficiently, and then combining the results intelligently.

Quick Tip: Clearing disk space in Cloud Shell - A quick tip on how to clear disk space in Cloud Shell.

Unico builds cutting-edge IDTech with Spanner Vector Search - Unico, a leading biometric verification and authentication company, leverages Google Cloud's Spanner Vector Search to enhance its digital identity solutions. Spanner's vector search capabilities enable Unico to perform efficient 1:N searches, retrieve semantically relevant results, and ensure diversity and relevance in identity verification.

Big Data, Analytics, ML&AI

Building a Cloud Data Pipeline: From Web Scraping to Automation - Building a data pipeline on GCP.

Using Spark Scala & Dataproc: Efficiently Writing to Spanner with Mutations - This blog post explains how to efficiently write data into Google Cloud Spanner using the Mutations API in Spark Scala. It covers the challenges of using Mutations, such as transaction limits and dynamic batching, and provides a detailed code example for migrating data from BigQuery to Spanner using Apache Spark with Scala on a Dataproc cluster.

Migrating POINT Data Type from MySQL to BigQuery using Dataflow - This blog post discusses the challenges of migrating POINT data type from MySQL to BigQuery and presents a solution using Apache Beam and Google Cloud Dataflow.

The Ultimate Guide to Evaluating LLMs - Mastering Google Cloud’s Gen AI Evaluation Service.

AI Appraiser: Discover the value of your items with Gemini on Google Cloud - AI Appraiser is a tool that uses the power of Gemini's multimodal capabilities and integrated search to provide AI-powered appraisals of items based on images and optional descriptions.

How to calculate your AI costs on Google Cloud - Google Cloud offers a comprehensive approach to understanding and managing AI costs, ensuring organizations capture maximum value from their AI investments.

Getting data into BigQuery for building (Gen)AI demos - How can you show the value (Gen)AI has by bridging the gap between theory and practice? Let’s start by getting data into BigQuery.

Guide: Our top four AI Hypercomputer use cases, reference architectures and tutorials - AI Hypercomputer, a fully integrated supercomputing architecture for AI workloads, offers various use cases with reference architectures and tutorials. It enables affordable inference with JAX, GKE, and NVIDIA Triton Inference Server, especially when paired with Spot VMs for significant cost savings.

Use Gemini 2.0 to speed up document extraction and lower costs - Gemini 2.0, a powerful AI tool, can help businesses speed up document extraction and lower costs. This article presents a multi-step approach to document extraction using Gemini 2.0 and structured, externalized rules. This method offers advantages like modular extraction, externalized rule management, and easy integration with existing data pipelines.

Various

Professional Cloud Security Engineer Certification exam preparation 2025

Slides, Videos, Audio

Security Podcast - #213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security.

Releases

AlloyDB - AlloyDB for PostgreSQL is now available in the following region: europe-north2 (Stockholm).

Anthos clusters on VMware - The Envoy project recently announced several new security vulnerabilities (CVE-2024-53269, CVE-2024-53270, and CVE-2024-53271) that could allow an attacker to crash Envoy.

Apigee Advanced API Security - On March 7, 2025 we released an updated version of Apigee Advanced API Security. Availability of data obfuscation support with Advanced API Security With this release, data obfuscation can be used with Advanced API Security.

AppEngine Go - Go 1.23 is now generally available.

AppEngine Standard - App Engine now sets the automatic scaling maximum instances default for standard environment deployments to 20.

Cloud Architecture Center - Infrastructure for a RAG-capable generative AI application using Vertex AI and Vector Search: Added information about the Terraform configuration sample to deploy the architecture. Infrastructure for a RAG-capable generative AI application using Vertex AI and Vector Search: Updated the data processing component in the reference architecture to use a Cloud Run function in place of a Cloud Run job.

Artifact Registry - v1. Artifact Registry is available in the europe-north2 region (Stockholm).

BigQuery - BigQuery Data Transfer Service now supports custom reports for Google Ads. BigQuery is now available in the Stockholm (europe-north2) region. You can create a SQL user-defined aggregate function by using the CREATE AGGREGATE FUNCTION statement. Gemini in BigQuery can help you complete Python code with contextually appropriate recommendations that are based on content in the query editor.

BigTable - Bigtable is available in the europe-north2 (Stockholm) region.

Cloud Build - Cloud Build is now available in the northamerica-south1 region.

Certificate Authority Service - v1. Certificate Authority Service is now available in the following region: europe-north2 (Stockholm) For more information, see Certificate Authority Service locations.

Chronicle - The session timeout duration is being extended from 3 hours to 8 hours. Gemini documentation summaries You can use Gemini to answer questions about Google SecOps based on the documentation.

Chronicle Security Operations - The session timeout duration is being extended from 3 hours to 8 hours. Map users in the platform for Google Cloud Identity customers Administrators can now provision and map new users into the platform by adding them to groups in bulk using their email addresses. Gemini documentation summaries You can use Gemini to answer questions about Google SecOps based on the documentation. The Custom Fields feature is now in General Availability.

Chronicle SOAR - Release 6.3.37 is now in General Availability. Release 6.3.38 is currently in Preview. The phased rollout to regions as described here is postponed to Sunday, March 16th, 2025. Beginning on Sunday, March 9, 2025, we will initiate a phased rollout of releases.

Cloud Composer - A new Cloud Composer release has started on March 5, 2025. You can now specify an order in which Airflow searches for secrets by overriding the [secrets]backends_order Airflow configuration option. Fixed an issue in Cloud Composer REST API that allowed some environment.patch operations to succeed when multiple update masks that aren't related to each other were passed in a request. New Airflow builds are available in Cloud Composer 3: composer-3-airflow-2.10.2-build.10 (default) composer-3-airflow-2.9.3-build.17. New images are available in Cloud Composer 2: composer-2.11.4-airflow-2.10.2 (default) composer-2.11.4-airflow-2.9.3. Cloud Composer versions 2.6.2 and 2.6.3 have reached their end of support period. Cloud Composer 3 supports Customer Managed Encryption Keys (CMEK).

Compute Engine - Generally available: Configure the host error detection time, which is the the maximum amount of time Compute Engine waits to restart or terminate an instance after detecting that the instance is unresponsive. Generally available: Stockholm, Sweden, Europe (europe-north2-a,b,c) has launched with N4, C3D highmem, C4 highmem, and E2 machine types available in all three zones.

Contact Center AI Insights - You can integrate Agent Assist summarization generators with Conversational Insights.

Container Registry - The schedule for the Container Registry shutdown has changed.

Dataflow - Dataflow is now available in Stockholm (europe-north2).

Dataproc Serverless - Dataproc is now available in the europe-north2 region (Stockholm, Sweden). New Dataproc Serverless for Spark runtime versions: 1.1.94 1.2.38 2.2.38.

Dataproc - Dataproc is now available in the europe-north2 region (Stockholm, Sweden). New Dataproc Serverless for Spark runtime versions: 1.1.94 1.2.38 2.2.38.

Datastore - Firestore in Datastore mode now supports the europe-north2 Stockholm region.

Cloud Firestore - Firestore now supports the europe-north2 Stockholm region.

Cloud Functions - Cloud Run functions now supports the Go 1.23 runtime at the General Availability release level.

KMS - Cloud KMS is available in the following region: europe-north2 For more information, see Cloud KMS locations.

Google Kubernetes Engine - GKE now allows you to enable logging of Horizontal Pod Autoscaler decisions starting from GKE version 1.31.5-gke.1090000 or later, or version 1.32.1-gke.1260000 or later. You can now monitor startup latency of Kubernetes workloads and nodes using the new Startup Latency dashboard available in the Observability tab on the Deployment details and Cluster details pages in the GKE Console. (2025-R09) Version updates GKE cluster versions have been updated. The Envoy project recently announced several new security vulnerabilities (CVE-2024-53269, CVE-2024-53270, and CVE-2024-53271) that could allow an attacker to crash Envoy. The europe-north2 region in Stockholm, Sweden is now available.

Memorystore for Redis Cluster - Memorystore for Redis Cluster supports storing and querying vector data. Memorystore is available in the europe-north2 (Stockholm) region.

Memorystore for Memcached - Memorystore is available in the europe-north2 (Stockholm) region.

Cloud Interconnect - Dedicated Cloud Interconnect support is available in the following colocation facilities: Stockholm, Sweden For more information, see the Locations table and Global Locations.

Cloud VPN - Cloud VPN is now available in region europe-north2 (Stockholm, Sweden).

Cloud PubSub - Pub/Sub is now available in the europe-north2 region (Stockholm, Sweden, Europe). You can now ingest streaming data into Pub/Sub by using an import topic, from the following external sources: Azure Event Hubs Amazon Managed Streaming for Apache Kafka (MSK) Confluent Cloud.

Cloud Run - The following new region is now available: europe-north2. The following new region is now available: northamerica-south1. Support for the Go 1.23 runtime is now in general availability (GA).

Secret Manager - Secret Manager is now available in the following region: europe-north2 (Stockholm) For more information, see Secret Manager locations.

Security Command Center - The AWS connector has changed to enable additional use cases and requires the collection of AWS organization and organizational unit (OU) data. You can use Virtual Machine Threat Detection to scan your Amazon Elastic Compute Cloud (EC2) VM disks for malware.

Sensitive Data Protection - Sensitive Data Protection is available in the europe-north2 region.

SAP Solutions - Google Cloud's Agent for SAP version 3.7 Version 3.7 of Google Cloud's Agent for SAP is generally available (GA).

Cloud Spanner - You can create Spanner regional instance configurations in Stockholm, Sweden (europe-north2). A new multi-region instance configuration is now available in Europe - eur7 (Milan/Frankfurt/Turin).

Cloud SQL MySQL - Cloud SQL Enterprise edition now supports the europe-north2 (Stockholm) region. Cloud SQL for MySQL now supports minor version 8.0.41.

Cloud SQL Postgres - Cloud SQL Enterprise edition now supports the europe-north2 (Stockholm) region. The rollout of the following minor versions, extension versions, and plugin versions is complete: Minor versions 12.21 is upgraded to 12.22.

Cloud SQL SQL Server - Cloud SQL Enterprise edition now supports the europe-north2 (Stockholm) region.

Cloud Storage - Cloud Storage now offers support in the Stockholm, Sweden (europe-north2) region.

Cloud Text-to-Speech - Chirp 3: HD voices now supports 8 new speakers in 31 new locales: ar-XA, bn-IN, cmn-CN, de-DE, en-AU, en-GB, en-IN, en-US, es-ES, es-US, fr-CA, fr-FR, gu-IN, hi-IN, id-ID, it-IT, ja-JP, kn-IN, ko-KR, ml-IN, mr-IN, nl-NL, pl-PL, pt-BR, ru-RU, sw-KE, ta-IN, te-IN, th-TH, tr-TR, and vi-VN.

Virtual Private Cloud - The following features of internal ranges are available in Preview: Reserving internal ranges with IPv6 addresses Creating immutable internal ranges (ranges that can't be updated, except for the description) Editable descriptions For more information, see Internal ranges overview. You can exclude IP address ranges from internal range automatic IP address allocation. You can create internal ranges that overlap with routes and subnets. For auto mode VPC networks, added a new subnet 10.226.0.0/20 for the Stockholm europe-north2 region.