Welcome to issue #242 May 17th, 2021

News

Maximize your Cloud Run investments with new committed use discounts - Committed use discounts in Cloud Run enable predictable costs—and a substantial discount!

4 new features to secure your Cloud Run services - We’re improving the security of your Cloud Run environment with things like support for Secret Manager and Binary Authorization.

Deploying multi-YAML Workflows definitions with Terraform - Learn how to deploy workflows spread over multiple YAML files with Terraform.

Deliver zero trust on unmanaged devices with new BeyondCorp Enterprise protected profiles - Maintain your zero trust security standards while enabling remote workers to access what they need with the new protected profile.

Enhance DDoS protection & get predictable pricing with new Cloud Armor service - Protect yourself with the same technology that has protected Google from some of the largest cyber attacks ever reported.

Translation API Advanced can translate business documents across 100+ languages - Google Cloud AI translation services now directly translate documents in formats such as Docx, PPTx, XLSx and PDF while preserving document formatting.

Browse and query Cloud Spanner databases from Visual Studio Code - For developers who are building applications that interact with Cloud Spanner, we're excited to announce the Google Cloud Spanner driver for the popular SQLTools extension for VS Code.

The cloud developer’s guide to Google I/O 2021 - Learn about the most exciting cloud developer sessions, workshops, and meetups at Google I/O 2021.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud CISO Perspectives: May 2021 - Google Cloud CISO Phil Venables shares his perspective on industry news as RSA 2021 approaches.

Automate your budgeting with the Billing Budgets API - Budgets are ideal for visibility into your costs but they can become tedious to manually update. Using the Billing Budgets API you can automate updates and changes with your custom business logic!

Introduction to modern application platform for enterprises - With cloud adoption and changing technology landscape enterprises want to understand the features required by an application platform that runs modern applications.

How does Anthos simplify hybrid & multicloud deployments? - If you're an enterprise, chances are you have networking, storage, and compute on multiple clouds and in your own data center. How can you secure and operate existing apps, develop and deploy new apps across those disparate locations? How can you get centralized visibility and management of the resources? Well, that's why Anthos exists!

Congrats, you bought Anthos! Now what? - Deploying a new cloud application platform like Anthos is a big step. Here are some things you can do to help jumpstart adoption.

Creating Kubernetes cluster by joining Google Cloud Platform (GCP) Virtual Machines - A brief tutorial to set Kubernetes cluster from scratch using Compute Engine instances.

Setup a Kubernetes GKE Cluster using Rancher - This articles describes a process of creating GKE cluster from Rancher.

GKE Usage Metering - GKE Usage Metering joined with billing — hourly analysis and full queries for GKE recharging a shared cluster.

How to generate short-lived GCP Service Account Keys or OAuth2 tokens with Vault - Storing service accounts inside the Vault.

Google Cloud Platform- Let’s dive into Security Best Practices-I - A few tips to improve security in your GCP projects.

Something about Google API keys, how to secure them, and what Firebase got to do with this. - Securing API keys when using Firebase.

App Development, Serverless, Databases, DevOps

API design 101: Links to our most popular posts - Most requested blog posts on API design in one location to read now or bookmark for later.

Next-generation serverless: three ways enterprises can benefit - The next-generation of serverless is about a whole lot more than just functions.

A simple way to automate On-demand Backups in Cloud SQL - Scheduling on-demand backups for Cloud SQL.

Scheduling Cloud SQL exports using Cloud Functions and Cloud Scheduler - Learn the steps required to schedule a weekly export of a Cloud SQL database to Cloud Storage.

CI/CD Pipeline using Cloud Build with GitOps Technique - Learn how to set up a CI/CD pipeline for your frequent development code changes with Git Repository in Google Cloud.

Cloud Build Notifications with Cloud Run and C++ - This article describes how when a full build (as opposed to a pull request build) fails you get notified using Google Cloud services and C++ client libraries.

How to Install OctoberCMS (Laravel) Application on Google App Engine - A tutorial on how to deploy Laravel application on GAE Flex.

How to Install WordPress in Google App Engine Standard Environment

How to build Microservices on Google Cloud Platform and App Engine - Using App Engine for microservices.

Cloud Spanner Point-In-Time-Recovery: Restoring a Dropped Table - This blog demonstrates how to recover a dropped table using PITR using gcloud commands in Cloud Spanner.

Big Data, Analytics, ML&AI

Storing Snowplow bad row events in BigQuery - How to use Cloud Functions and a BigQuery schema generator to make Snowplow bad row schema violation events easily queryable.

PIVOT in BigQuery - Examples of using new PIVOT table function in BigQuery.

Executing Jupyter Notebooks on serverless GCP products - Example of deploying and executing Jupyter notebook on serverless Google Cloud products.

Big Data Analytics with Cloud Notebooks and Query Style ML - Using two different ways to create a logistic regression model.

How to connect Plotly Dash to a SQL database - Visualizing data from BigQuery with Plotly.

Creating a Kubeflow Pipelines Component - A tutorial to create Kubeflow pipelines component.

MLOps: Big Picture in GCP - An overview of GCP products that can be used in MLOps.

Various

10 Reasons Google Cloud Is #2 on Industry Cloud Top 10 List - Takeaways from interview with Lori Mitchell-Keller, Industry Solutions at Google Cloud.

Costa Mesa Sanitary District improves manhole maintenance with machine learning - Learn how Costa Mesa Sanitary District is using machine learning to automate and streamline manhole maintenance.

Getting Certified as a Google Cloud Professional Cloud Architect — 2021 - Some tips for passing Cloud Architect certification exam.

Passing the Google cloud professional networking engineer exam - Topics to study when preparing for the Networking Engineer certification exam.

Google Cloud Professional Cloud Architect— Exam prep sheet v2 — New exam - Prep sheets for GCP certifications preparation.

Slides, Videos, Audio

GCP Podcast - #259 Document AI with Anu Srivastava and Sudheera Vanguri.

Kubernetes Podcast - #150 Pixie, with Zain Asgar and Ishan Mukherjee.

Releases

AI Platform - Deep Learning Containers - M70 Release Added TensorFlow Enterprise 2.5 containers. M69 Release Updated cuDNN from 8.0.4 to 8.0.5.

AI Platform - Deep Learning VMs - M70 Release Added TensorFlow Enterprise 2.5 images. M69 Release Migrated Collection Agent to Cloud Monitoring version 2.

Anthos Config Management - 1.7.1. Anthos Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: 9b5e4cf). A bug in Anthos Config Management 1.7.0 which broke nomos hydrate --no-api-server-check has been fixed. The Config Sync admission webhook in Anthos Config Management 1.7.0 would block requests when a managed resource in the cluster copied annotations to another resource. Config Sync container images are now correctly updated when Anthos Config Management is upgraded. A bug in Anthos Config Management 1.7.0 which caused nomos status to return errors when both unstructured repos and Hierarchy Controller were being used has been fixed.

Cloud Asset Inventory - New resource types are now available.

BigQuery - Updated version of ODBC driver for BigQuery includes bug fixes and install guide improvements. Updated version of JDBC driver for BigQuery includes bug fixes, service account keyfile support, connection property enhancements, and BigQuery client library updates. BigQuery now supports the following SQL query clauses and operators: PIVOT operator UNPIVOT operator QUALIFY clause This feature is in Preview.

BigTable - The Cloud Bigtable documentation on schema design for time series data has been updated with an emphasis on recommended design patterns. You can now use IAM conditions to define and enforce conditional access control for Cloud Bigtable instances, clusters, and tables.

Billing - Committed use discounts are now available for public preview to purchase for Cloud Run. Cloud Billing Reports now show the target budget amount when you open the report from a budget In the Cloud Billing Console, Billing Budgets are linked to the Billing Reports page.

Cloud Composer - Cloud Composer 1.16.4 and 1.17.0 release started on May 13, 2021. Preview: Cloud Composer supports Airflow 2. Airflow 2.0.1 is available in Cloud Composer images. You can now break down costs associated with particular Cloud Composer environments. New versions of Cloud Composer images: composer-1.17.0-preview.0-airflow-2.0.1 composer-1.16.4-airflow-1.10.15 composer-1.16.4-airflow-1.10.14 (default) composer-1.16.4-airflow-1.10.12. For new Cloud Composer environments with Airflow 2, SMTP configuration properties for Airflow have new default values: smtp_user is set to an empty value by default. Improved the error message that is generated when the specified service account does not have enough permissions to run Airflow workloads. Added troubleshooting information to error messages generated on Airflow web server deployment failures. GKE clusters of new Cloud Composer environments use Container-Optimized OS with Containerd (cos_containerd) image type. Kerberos client (krb5-user) package is pre-installed in Cloud Composer container images. Some environment operations that failed because of networking problems are now retried instead of failing. Database passwords are now redacted in error messages that appear in Composer Agent logs. Error messages about dependency conflicts that happen when installing Python packages are now correctly reported. When an environment upgrade fails because of package dependency conflicts, the error message contains detailed information about the conflict.

Compute Engine - Preview: You can use OS configuration management to deploy and automate software configurations on your virtual machine (VM) instances using gcloud command-line and OS Config API. N2 machines are now available in the following regions and zones: Osaka, Japan: asia-northeast2-a,b,c Seoul, South Korea: asia-northeast3-a,b,c See VM instance pricing for details. N2D machines are now available in Tokyo asia-northeast1-c.

Cloud Dataflow - You can now enable logging of human-readable hot keys. Dataflow Shuffle is now the default mode for all batch pipelines.

Datastore - You can now view recent import and export operations from the Google Cloud Console.

Cloud Debugger - Cloud Debugger has updated the configuration file naming and keywords that you use to block access to sensitive data.

Dialogflow - Preview launch of Twilio telephony integration.

Cloud Networking Products - Configuring Cloud DNS scopes is now available in Preview.

IAM - You can now use the Google Cloud Console to manage workload identity federation. The ability to attach service accounts to resources in other projects is now generally available.

Istio on GKE - 1.2.x & 1.0.x & 1.1.x & 1.4.x & 1.6.x. Google Support does not provide support for Istio installations.

Google Kubernetes Engine - (2021-R16) Version updates GKE cluster versions have been updated. Dataplane V2 is generally available in newly created clusters using GKE versions 1.20.6-gke.700 and later. The GKE Gateway controller, Google Cloud's implementation of the Gateway API, is available in Preview in GKE version 1.20 and later. In GKE version 1.20 and later, the GKE Gateway controller introduces the new gateway.networking.x-k8s.io resource. The Istio project recently disclosed a new security vulnerability (CVE-2021-31920) affecting Istio.

Google Kubernetes Engine Rapid - (2021-R16) Version updates Version 1.19.10-gke.1000 is now available in the Rapid channel.

Google Kubernetes Engine Regular - (2021-R16) Version updates Version 1.19.9-gke.1400 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2021-R16) Version updates Version 1.18.17-gke.700 is now available in the Stable channel.

Cloud Monitoring - Cloud Monitoring is introducing metrics scopes. The replacement of Cloud Monitoring Workspaces with metrics scopes is complete.

Cloud Run - Committed use discounts are now available for Cloud Run. Customer managed encryption keys are now available for use with Cloud Run. You can now use Binary authorization with Cloud Run to enforce policy-based deployment of Cloud Run services. Recommender now provides recommendations for securing Cloud Run services by creating dedicated service accounts. Cloud Run now provides UI, command line, and YAML support for referencing Secret Manager Secrets.

Cloud Storage - XML API multipart uploadsPreview launched.

Traffic Director - Fixed an issue where the Services user interface would display a warning if a service had a mix of healthy backend groups (x out of x healthy endpoints) and empty backend groups (0 out of 0 healthy endpoints).

Dialogflow Enterprise - Preview launch of Twilio telephony integration.

Secret Manager - Secret Manager now supports etags for optimistic concurrency control.

GKE on-prem 1.5 - A recently discovered vulnerability, CVE-2021-31920, affects Istio in respect to its authorization policies.

Workflows - v1. Workflows is HIPAA compliant.

Anthos clusters on VMware 1.7 - A recently discovered vulnerability, CVE-2021-31920, affects Istio in respect to its authorization policies.

Cloud Run for Anthos - CVE-2021-31920 affects Istio, a component used by Cloud Run for Anthos.

Anthos clusters on VMware 1.6 - A recently discovered vulnerability, CVE-2021-31920, affects Istio in respect to its authorization policies.

GKE - (2021-R16) Version updates Version 1.19.9-gke.1400 is now the default version.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko