Welcome to issue #197 July 6th, 2020

News

Google Cloud VMware Engine is now generally available - Google Cloud VMware Engine is a first-party, fully managed VMware service that lets you modernize and enhance existing applications.

Presto optional component now available on Dataproc - The Presto query engine optional component is now available for Dataproc, Google Cloud’s fully managed Spark and Hadoop cluster service.

Dataproc Metastore: Fully managed Hive metastore now available for alpha testing - Dataproc Metastore is a fully managed open source Apache Hive metastore service, so you can easily build data lakes on Google Cloud.

New IT Cost Assessment program: Unlock value to reinvest for growth - Our new IT Cost Assessment program lets you understand how your company’s IT spend compares to your industry peers, so you can quickly identify key areas of opportunity to unlock value to reinvest for growth.

Reinforcing our commitment to privacy with accredited ISO/IEC 27701 certification - Google Cloud is the first major cloud provider to receive an accredited ISO/IEC 27701 certification as a data processor.

Analyzing petabytes of data just got easier, with Google Sheets - Announcing the general availability of Connected Sheets, which provides the power and scale of BigQuery in the familiar context of Sheets.

Bare Metal Solution: Coming to a Google Cloud data center near you - With Bare Metal Solution, now you can run specialized databases in five new Google Cloud regions.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Not just compliance: reimagining DLP for today’s cloud-centric world - A look back at the history of DLP before discussing how DLP is useful in today’s environment, including compliance, security, and privacy use cases.

How to use GCP Secret Manager to Manage your Secrets using Terraform - Setting secrets in Secret Manager with Terraform.

How to Deploy MongoDB Atlas on GCP using Terraform - Deploying MongoDB Atlas with Terraform on Google Cloud.

Canary Deployment using Istio and Google Kubernetes Engine - In a production environment, the best practice is to roll out your new features in a phase-wise release, and therefore, a need arises to split the incoming traffic between the older and the newer versions of the application. A combination of GKE and Istio would help in achieving this type of methodology.

Google Cloud Platform pentest notes — service accounts - Using a service account file to access GCP services.

Deploying Service or Ingress on GKE - Getting Started with GKE: Endpoints with Service and Ingress.

Kubernetes, Istio and The World Outside Rapido - Handling egress traffic for a private GKE cluster.

How I Setup A Simple CI/ CD Process With Jenkins And GKE Part 2 - Setting CI/CD pipeline with Jenkins on GKE.

Google Kubernetes Networking options explained & demonstrated - This blog post explores the different network modes available in Google Kubernetes Engine, including the differences between them and the advantages of each when creating a new GKE cluster.

App Development, Serverless, Databases, DevOps

A guide to setting up monitoring for object creation in Cloud Storage - Learn how to set up monitoring and alerting when an object is created in Cloud Storage.

.NET Core 3.1 updates in Cloud Shell and App Engine flexible environment - Deploying .NET application on App Engine Flexible.

Swift on Cloud Run - Build a highly scalable Docker applications using Swift + Cloud Run!

SAP on Google Cloud : When SAP Developers join the cloud (pt. 1) - Learn how to create a CI/CD pipeline for SAP HANA HDI containers and micro-services extending SAP functionality in Google Cloud.

Don’t Accept the Defaults! How to Reduce Costs with Google App Engine Autoscaling - Getting higher performance at lower costs by modifying the default values to match the workload of your service for App Engine workloads.

Big Data, Analytics, ML&AI

Model with TensorFlow and Serve on Google Cloud Platform - Serving TensorFlow Models on a scalable cloud platform.

Building a genomics analysis architecture with Hail, BigQuery, and Dataproc - Try a cloud architecture for creating large clusters for genomics analysis with BigQuery and Google-built healthcare tooling.

Genomics analysis with Hail, BigQuery, and Dataproc - Try data analytics for genomics research in the cloud using BigQuery, Dataproc and Hail for fast large-scale research.

How to load XML data into BigQuery using Python Dataflow - Parse the XML into a Python dictionary and use Apache Beam’s BigQueryIO.

How to handle Google Analytics data in BigQuery - The ways & tricks to tackle Shaded Tables and ARRAYs in BigQuery tables.

The Python implementation of Dataflow to transfer Datastore entities to BigQuery - Transferring entities of Google Cloud Datastore into BigQuery in bulk with Dataflow implemented in Python.

Load files faster into BigQuery - Benchmarking CSV, GZIP, AVRO and PARQUET file types for ingestion.

Migrating HDFS Data to Google Cloud Storage - Moving data from Hadoop cluster to Cloud Storage with Cloud Storage Connector.

Cleanse Salesforce Address Data using Cloud Dataprep by Trifacta - Learn Data Management with Cloud Dataprep and Salesforce.

Google Cloud’s AI Adoption Framework: Helping you build a transformative AI capability - The Google Cloud AI Adoption Framework whitepaper aims to provide a guiding framework for technology leaders who want to leverage the power of AI.

Various

11 best practices for operational efficiency and cost reduction with Google Cloud - Our new eGuide examples how fundamental IT changes like migrating on-premises workloads to the cloud can reduce costs, increase agility, and pay ROI dividends down the line.

Slides, Videos, Audio

GCP Podcast - #225 Cloud Audit Logging with Philip O'Toole and Oscar Guerrero.

Kubernetes Podcast - #110 Mirantis, with Adrian Ionel.

Releases

BigQuery - Flex slots are now generally available (GA). The BigQuery SLA has been updated to >= 99.99% Monthly Uptime Percentage for all users.

BigQuery ML - BigQuery ML now supports time series models as a beta release.

Cloud Build - Cloud Build now provides open-source notifiers for Slack and SMTP.

Cloud Composer - Cloud Composer support for VPC Service Controls is now in Beta.

Cloud Debugger - Cloud Debugger now lets you canary snapshots and logpoints on your Node.js applications.

Dialogflow - The V1 API is in the process of a gradual shutdown.

IAM - The organization policy constraint to prevent automatic role grants to Cloud IAM service accounts is now generally available. Starting on July 27, 2020, IAM policies will identify deleted members that are bound to a role. Starting on July 27, 2020, if a binding in a policy refers to a deleted member (for example, deleted:user:tamika@example.com?uid=123456789012345678901), you cannot add a binding for a newly created member with the same name (in this case, user:tamika@example.com).

Google Kubernetes Engine - NodeLocal DNSCache is now generally available. GKE Node System Configuration is now beta. Starting with GKE 1.17.6, Vertical Pod Autoscaler recommendations are more fine-grained, starting from 1 mCPU and 1 MiB. GKE cluster versions have been updated. Nodes with auto-upgrade enabled will be upgraded: Rollouts are phased across multiple weeks, to ensure cluster and fleet stability. The following Kubernetes versions are now available for new clusters and for opt-in master upgrades and node upgrades for existing clusters. No channel Note: Your clusters might not have these versions available. The COS image for GKE 1.14.10-gke.45 clusters is cos-73-11647-534-0. The COS image for GKE 1.15.12-gke.6 clusters is cos-77-12371-251-0.

Load Balancing - You can now create an internal HTTP(S) load balancer in a Shared VPC service project.

Cloud Logging - Cloud Logging now contains a Logs Dashboard page that provides a high-level overview into the health of your systems running within a project.

Resource Manager - The Organization Policy for restricting automatic IAM permission grants to new service accounts has launched into general availability.

Cloud Run - Cloud Run (fully managed) support for connecting to a VPC network with Serverless VPC Access is now at general availability (GA). Cloud Run is now available in the following regions: asia-northeast2 (Osaka) australia-southeast1 (Sydney) northamerica-northeast1 (Montréal).

VPC Service Controls - Beta release of the VPC Service Controls Troubleshooter. Beta stage support for the following integrations: Cloud Composer Cloud Healthcare API.

Network Intelligence Center - Connectivity Tests now supports running tests from the Network interface details screen of a Compute Engine VM instance in the Google Cloud Console.

Dialogflow Enterprise - The V1 API is in the process of a gradual shutdown.

Service Mesh - 1.6.4-asm.9 is now available. ASM 1.6 is compatible with and has the feature set of Istio 1.6 (see Istio release notes), subject to the list of ASM Supported Features. 1.5.7-asm.0 and 1.4.10-asm.3 Fixes the security issue, ISTIO-SECURITY-2020-007, with the same fixes as Istio 1.6.4. Anthos Service Mesh now supports multi-cluster meshes (beta) when running on GKE on Google Cloud. Users that configure multiple clusters in their mesh can now see unified, multi-cluster views of their services in the Anthos Service Mesh pages in the Cloud Console. ASM 1.6 is supported in a single cluster configuration in Anthos Attached Clusters in the following environments: Amazon Elastic Kubernetes Service (EKS) and Microsoft Azure Kubernetes Service (AKS). The profile to install ASM in GKE has been renamed from asm to asm-gcp, see Upgrading Anthos Service Mesh on GKE. In the asm-multicloud profile, ASM now installs a complete observability stack (Prometheus, Grafana and Kiali). Support for cross-cluster load balancing (beta) for your multi-cluster mesh for GKE on Google Cloud. New installation guides: Installing Anthos Service Mesh on attached clusters and Adding clusters to an Anthos Service Mesh. Anthos Service Mesh now supports cross-cluster security policies (beta) for your multi-cluster mesh when running on GKE on Google Cloud. Upgrade from ASM 1.5 to ASM 1.6 without downtime using a dual control plane upgrade. Known Issue: If you upgrade from Istio to ASM 1.6 and have set SLOs on your service metrics, those SLOs might be lost and need to be recreated after the upgrade.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko