Welcome to issue #241 May 10th, 2021

News

Customers handle up to 28% more concurrent chats with Agent Assist for Chat - Contact Center AI Agent Assist for Chat is now in Public Preview, speeding up resolutions to customers’ problems.

Databricks on Google Cloud is now generally available - With the GA of Databricks on Google Cloud, enterprises get the benefits of an open data cloud platform with greater analytics flexibility, unified infrastructure management, and optimized performance.

OpenTelemetry Trace 1.0 is now available - Google Cloud continues to invest in OpenTelemetry with many of our partners to provide standardized metrics, logs and traces for our users.

Take the 2021 State of DevOps survey: Shape the future of DevOps - Help us shape the future of DevOps and make your voice heard by completing the 2021 State of DevOps survey before June 11, 2021.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

13 best practices for user account, authentication, and password management, 2021 edition - Google Cloud offers our best practices to ensure you have a safe, scalable, usable account authentication system.

Retire your tech debt: Move vSphere 5.5+ to Google Cloud VMware Engine - Migrating your legacy VMware vSphere environment to Google Cloud VMware Engine can be a quick and easy way to get your systems back into compliance.

A handy new Google Cloud, AWS, and Azure product map - To help developers translate their prior experience with other cloud providers to Google Cloud, we have created a table showing how generally available Google Cloud services map to similar offerings in AWS and Azure.

Dear Keys, are you still alive ? - Monitoring which service account keys are used.

Solving the Workload Identity sameness with IAM Conditions - Context.

Three methods for obtaining GCP access tokens - Using user credentials, service account credentials or the metadata service to obtain access tokens from Google’s Identity service.

The Multi-Cloud Future (4) — Five Patterns To Get You To Start ‘Thinking’ Multi-cloud - To do multi-cloud, you should first ‘think multi-cloud’. Here are five patterns that can get you to start ‘thinking’ multi-cloud.

CI/CD using Cloud Build for “Migrate for Anthos” - Migrate the Nodejs server running on a GCE VM to GKE using Migrate for Anthos tool and setup CI/CD using Cloud Build.

Networking in Google Cloud: Creating subnets in GCP - This blog is for the AWS professionals struggling to correlate the difference between AWS and GCP network & other beginner individuals who are looking to start with GCP.

SRE fundamentals 2021: SLIs vs SLAs vs SLOs - What’s the difference between an SLI, an SLO and an SLA? Google Site Reliability Engineers (SRE) explain.

Injecting Secrets in GKE with Secret Manager - Handling application secret in GKE using Secret Manager.

Security in GCP — Impersonation - Using Service Account impersonation on example of Terraform.

App Development, Serverless, Databases, DevOps

A map of storage options in Google Cloud - This post covers the different storage options available within Google Cloud across three storage types: object storage, block storage, and file storage. It also covers the use cases that are best suited for each storage option.

Include Cloud Spanner databases in your CI/CD process with the Liquibase extension - In February, we announced the beta version of the Liquibase Cloud Spanner extension that allows developers to use Liquibase's open-source database library to manage and automate schema changes in Cloud Spanner. We're happy to share that the Liquibase Cloud Spanner extension is now GA.

Google Cloud Spanner with Entity Framework Core - This article will help you get started with Entity Framework Core for Spanner by creating a simple Console App that uses Spanner with EF Core.

Scheduling Cloud Bigtable Backups - In this tutorial, you'll learn how to create backups at regularly scheduled intervals (such as daily or weekly) using the Cloud Bigtable Scheduled Backups example.

Debugging your Proxyless gRPC service mesh - New tools, examples, and documentation to make it easier to debug your Proxyless gRPC applications.

How Cloud Run changes Cloud Architecture - Exploring and improving Cloud Run startup latencies.

Deploy Cloud Run for Nodejs Projects in Nx Workspace - Nx is a suite of powerful, extensible dev tools to help you architect, test, and build at any scale.

Few tips and tricks with GCE startup script - Detecting when GCE startup script completes.

The Hidden Costs of Google Compute Engine IPs - What you need to know when using more than one network interface in Google Cloud.

Deploying GCP Cloud Function via Bitbucket Pipelines + Serverless Framework - Setting CI/CD pipeline for Cloud Functions.

Sending emails natively from Google Cloud Pub/Sub events - pubsub_sendmail is a Google Cloud Function that can be triggered by a Google Cloud Pub/Sub which then sends an email using Python smtplib to the desired recipient.

How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit - A story about finding vulnerability and developing an exploit to break out of the App Engine sandbox and get arbitrary code execution on a Google server.

Big Data, Analytics, ML&AI

Serverless: A journey to a no-ops Data Architecture on Google Cloud - An example of serverless data architecture to process Covid-19 data.

Enterprise ETL automation on GCP - Large enterprises never have just one or two data sources. It’s always tens or hundreds of places they need to pull data from, if not….

Apache Beam: Look-up Table with Side Input - Using the side input feature of Apache Beam.

Collecting Wine Reviews Data Using Apache Airflow & Cloud Composer - Explaining Airflow basics and example of a pipeline using GCP producs.

PyTorch on Google Cloud: How to train PyTorch models on AI Platform - With PyTorch on Google Cloud blog series, we aim to share—how to build, train and deploy PyTorch models at scale, how to create reproducible machine learning pipelines on Google Cloud AI Platform and emphasize Cloud AI Platform’s first class support for training and deploying PyTorch models.

BigQuery Stored Procedure for Permutation Test - Learn how to use stored procedures to apply permutation tests to any dataset quickly and efficiently.

New blueprint helps secure confidential data in AI Platform Notebooks - Get an in-depth look at AI Platform Notebooks security features and get a step-by-step guide to better secure your Notebooks environment.

Diving into your documents with DocAI - Shine a light on all your "dark" data with Google's Document AI. Turn unstructured pdfs into fully automated workflows with machine learning powered parsers.

Serverless Prediction at Scale: Custom Model Deployment on Google Cloud AI Platform - Deploying a real-world custom healthcare model to Google Cloud AI Platform, exposing the model as a secure REST API, and verify the model’s scalability with load testing.

Creating ML Datasets with ease using BigQuery and Dataflow - If you’re working with large amounts of data, BigQuery and Dataflow on GCP can boost your efficiency when generating datasets for ML.

Various

5 customers explain why they migrated from AWS to GCP - 5 SADA customers who explain why they decided to make the move from AWS to GCP.

Why Spotify loves being locked into Google Cloud - Some companies are wary about using a single cloud vendor, or using managed services that can be hard to quit. Spotify has made a big bet in the other direction.

Google Cloud and Seagate: Transforming hard-disk drive maintenance with predictive ML - Seagate and Google work on ML that forecasts the probability of problems with hard disk drives.

What you can learn in our Q2 2021 Google Cloud Security Talks on May 12th - Navigate the latest news in cloud security for spring 2021 with our experts from Google Cloud.

Don’t miss these talks on the Google community track at Percona Live Online - Join Google community track at Percona Live Online on May 12–13, 2021 for talks on topics ranging from using databases with Kubernetes to database migration to observability and troubleshooting.

Toronto Meetup up - Running Business Analytics for a Serverless Insurance Company - Learn WHY & HOW to bring analytics superpowers of BigQuery data warehouse to your AWS solutions.

Book - The Definitive Guide to Conversational AI with Dialogflow and Google Cloud - Build Advanced Enterprise Chatbots, Voice, and Telephony Agents on Google Cloud.

How I Passed the GCP Professional ML Engineer Certification - A study plan to pass ML Engine certification exam.

Slides, Videos, Audio

GCP Podcast - #258 The Power of Serverless with Aparna Sinha and Philip Beevers.

Kubernetes Podcast - #149 Putting on a KubeCon, with Colleen Mickey.

PodRocket Podcast - Firebase, development, and design in 2021 with David East.

Releases

AI Platform - Deep Learning Containers - M68 Release Upgraded R containers from 3.6 to 4.0.

AI Platform - Deep Learning VMs - M68 Release Upgraded R Images from 3.6 to 4.0.

BigTable - New guidance is available to help you schedule Cloud Bigtable backups using Cloud Scheduler, Pub/Sub, and Cloud Functions. Cloud Bigtable now provides a Cloud Monitoring metric that reports the amount of logical storage bytes that a backup is using. The ability to restore from a Cloud Bigtable backup to a different instance is now generally available.

Compute Engine - Generally available: Create virtual machines for high performance computing (HPC) workloads using the HPC VM image.

Config Connector - Config Connector version 1.49.1 is now available. Miscellaneous bug fixes.

Data Fusion - There is an issue in the BigQuery sink plugin version 0.17.0, which causes data pipelines to fail or give incorrect results.

Cloud Healthcare API - v1. The defaultSearchHandlingStrict field in the projects.locations.datasets.fhirStores.FhirStore resource is now available in the v1 version of the Cloud Healthcare API.

Google Kubernetes Engine - You can now enable and configure OS Login for private GKE clusters and nodes. The Envoy and Istio projects recently announced several new security vulnerabilities ( CVE-2021-28683, CVE-2021-28682, and CVE-2021-29258) that could allow an attacker to crash Envoy. (2021-R15) Version updates GKE cluster versions have been updated. The kubelet graceful node shutdown feature is now enabled on preemptible and GPU accelerator nodes running versions 1.20.5-gke.500 or later.

Google Kubernetes Engine Rapid - (2021-R15) Version updates Version 1.19.9-gke.1900 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2021-R15) Version updates Version 1.18.17-gke.100 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2021-R15) Version updates Version 1.18.17-gke.100 is now the default version in the Stable channel.

Load Balancing - Zonal NEGs (with GCE_VM_IP network endpoints) can now be used as backends for internal TCP/UDP load balancers.

Cloud Logging - The Logs Explorer Histogram offers new time controls, including zooming and scrolling, to give you more in-depth analysis of your logs data. You can now add custom fields in the Logs Explorer to better analyze logs and refine your queries.

Cloud Monitoring - Cloud Monitoring has added new ways to interact with charts. The Query Editor for Monitoring Query Language (MQL) has been reimplemented. The Inventory tab on the Cloud Monitoring VM Instances dashboard now offers the ability to filter and sort the instance table by any combination of columns.

Cloud Run - By default, the memory allocated to each container instance of a new service is 512MiB. You can now use Identity-aware Proxy with Cloud Run to use identity and context to guard access to your applications.

Security Command Center - Security Command Center Premium has launched Continuous Exports for Pub/Sub in general availability. Security Health Analytics, a built-in service of Security Command Center, has launched a new detector, PUBSUB_CMEK_DISABLED, in general availability. Event Threat Detection, a built-in service of Security Command Center, has launched a new detector in general availability. Documentation Event Threat Detection and Container Threat Detection documentation now includes examples of JSON output for findings.

Cloud Speech-to-Text - The Speech-to-Text model adaptation feature is now a GA feature.

Cloud Video Intelligence API - The following features are available in the Video Intelligence API version v1: Face detection: Locate faces within a video, and identify attributes such as glasses being worn.

Deep Learning VM - M68 Release Upgraded R Images from 3.6 to 4.0.

Artifact Registry - v1beta2. Artifact Registry now supports audit logging for container images in Cloud Audit Logs.

Anthos clusters on bare metal - 1.6 & 1.7. The Envoy and Istio projects recently announced several new security vulnerabilities (CVE-2021-28683, CVE-2021-28682, and CVE-2021-29258) that could allow an attacker to crash Envoy.

AI Platform Unified - You can now use a pre-built container to serve predictions from TensorFlow 2.4 models. You can now use a pre-built container to serve predictions from scikit-learn 0.24 models. You can now use a pre-built container to serve predictions from XGBoost 1.3 models.

GKE on-prem 1.5 - The Envoy and Istio projects recently announced several new security vulnerabilities (CVE-2021-28683, CVE-2021-28682, and CVE-2021-29258) that could allow an attacker to crash Envoy. Anthos clusters on VMware 1.7.1-gke.4 is now available. If you upgrade the admin cluster before you upgrade the associated user clusters within the same minor version, such as from 1.7.0 to 1.7.1, the user control-planes will be upgraded together with the admin cluster. Fixes: Fixed a bug, so that the hardware version of a virtual machine is determined based on the ESXi host apiVersion instead of the host version.

Anthos clusters on VMware 1.7 - The Envoy and Istio projects recently announced several new security vulnerabilities (CVE-2021-28683, CVE-2021-28682, and CVE-2021-29258) that could allow an attacker to crash Envoy. Anthos clusters on VMware 1.7.1-gke.4 is now available. If you upgrade the admin cluster before you upgrade the associated user clusters within the same minor version, such as from 1.7.0 to 1.7.1, the user control-planes will be upgraded together with the admin cluster. Fixes: Fixed a bug, so that the hardware version of a virtual machine is determined based on the ESXi host apiVersion instead of the host version.

Cloud Run for Anthos - Starting in Cloud Run for Anthos versions 0.21 and later, the new default progress deadline for deployments is up to 10 minutes.

SAP Solutions - Updated SAP HANA certification of the 6 TB m2-megamem-416 machine type For OLAP workloads, the SAP certification of the Compute Engine 6 TB m2-megamem-416 machine type now includes: Scale-out configurations up to 16 nodes.

Anthos clusters on VMware 1.6 - The Envoy and Istio projects recently announced several new security vulnerabilities (CVE-2021-28683, CVE-2021-28682, and CVE-2021-29258) that could allow an attacker to crash Envoy. Anthos clusters on VMware 1.7.1-gke.4 is now available. If you upgrade the admin cluster before you upgrade the associated user clusters within the same minor version, such as from 1.7.0 to 1.7.1, the user control-planes will be upgraded together with the admin cluster. Fixes: Fixed a bug, so that the hardware version of a virtual machine is determined based on the ESXi host apiVersion instead of the host version.

GKE - (2021-R15) Version updates Version 1.18.17-gke.100 is now the default version.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko