Welcome to issue #245 June 7th, 2021

News

Security Command Center now supports CIS 1.1 benchmarks and granular access control - Apply fine-grained access control and compare your security posture against industry best practices with new Security Command Center capabilities.

Zero-trust managed security for services with Traffic Director - By integrating Traffic Director with CA Service, you can easily manage certificates for apps running on Google Kubernetes Engine.

Introducing logical replication and decoding for Cloud SQL for PostgreSQL - Check out new logical replication and decoding features for CloudSQL for PostgreSQL, enabling change data capture (CDC) for fast performance and improved use of data analytics pipelines.

New Cloud TPU VMs make training your ML models on TPUs easier than ever - New Cloud TPU VMs let you run TensorFlow, PyTorch, and JAX workloads on TPU host machines, improving performance and usability, and reducing costs.

Firebase Realtime Database Launches in Singapore - Besides USA and Belgium, Realtime Database is available in Singapore.

Expanding Crashlytics Support for Apple Platforms

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Jumpstart your journey developing on GKE - This e-book will be a reference guide for new GKE developers, telling the end-to-end story of the developer journey, covering all stages of building applications with Kubernetes: code, CI/CD, run, operate and manage. This blog will be a way of launching this key asset.

Manage Multiple GKE clusters in Terraform - Creating multiple clusters and deploying Kubernetes configuration into them via the Kubernetes Provider.

5 tips to maximize your Kubernetes developer experience with Cloud Code - A few tips to keep in mind as you begin your app development journey with Kubernetes.

Kubernetes Auto-scaling in response to RabbitMQ Queue length via GCP Cloud Functions - Scaling GKE cluster based on a number of tasks in the queue.

Reference of Important GCP CIDR Blocks - Reference of all the important GCP CIDR ranges.

gcloud alias for Application Default Credentials - Shell alias script that will print the active in-use account for GCP application default credentials (ADC).

App Development, Serverless, Databases, DevOps

Tips for migrating from MySQL to Cloud Spanner - Despite helpful tools like HarbourBridge, database migrations are never trivial. Here are a few things to pay attention to when migrating from MySQL to Spanner, and how to update your application logic to address them.

Cloud Firestore explained: for users who never used Firestore before - A breakdown of some of the database basics, terms you should know, what Firestore is, how it works, how it stores data, and how to get started using it with the assumption that you don’t have any existing database knowledge.

What is Cloud Spanner? - Want a relational database that scales globally? Learn all about Cloud Spanner.

DevOps on Google Cloud: tools to speed up software development velocity - Google Cloud’s application development and continuous integration/continuous delivery (CI/CD) tools help ForgeRock developers stay productive.

Apigee tools and solutions - Common solutions and tools developed by Apigee.

Backup database to Google Cloud Storage - A process to set up periodic database backup to Google Cloud Storage.

Configure Cross-origin resource sharing (CORS) on a Google Cloud Storage Bucket - Basic operations with CORS and Cloud Storage.

Serving gRPC+HTTP from a Go app on Cloud Run (and elsewhere) - A code sample to deploy Go server to serve both gRPC and HTTP endpoint from a single service.

Kafka Key Compaction Alternative on GCP - Implementing event sourcing with Firestore.

Big Data, Analytics, ML&AI

BEAM (Batch + strEAM) your Data Pipelines on Google Dataflow - An overview of Beam and Cloud Dataflow.

Using Cloud Pub/Sub on Node.js from Kotlin/JS - Kotlin/JS app which communicates with Cloud Pub/Sub.

Back to the future of the Datawarehouse Episode 1/3 - New series about Data warehousing, the good the bad, and the ugly!

Reverse US Geocoding in BigQuery - How to convert GPS coordinates into cities, counties, states and even ZIP codes for free!

Automating BigQuery exports and email via Cloud Build - Outline of a quick and easy way to send BigQuery reports/extracts using automated emails with Cloud Build.

Working with OpenStreetMap Data - Analyzing OpenStreetMap data in BigQuery public dataset.

Serve a TensorFlow Hub model in Google Cloud with Vertex AI - Make open-source TensorFlow Hub models ready for production by hosting them with Google Cloud's Vertex AI.

5 ways Vertex Vizier hyperparameter tuning improves ML models - Get a quick tutorial on how Vertex Vizier hyperparameter tuning can improve the quality of your ML models.

Streamline your ML training workflow with Vertex AI - Many of us have used a local computing environment for machine learning (ML). For some problems, a local environment is more than enough. Plus, there's a lot of flexibility. Install Python, install JupyterLab, and go!

Vertex AI - does it live up to the MLOps hype? - On overview of Vertex AI in the context of MLOps.

Various

How Mr. Cooper is using AI to increase speed and accuracy for mortgage processing - Learn how Google Cloud helped Mr. Cooper build a next generation, AI powered platform to process mortgage documents at tremendous scale.

PedidosYa: BigQuery reduced our total cost per query by 5x - Online food ordering app switches to Google Cloud, speeds up deployment 3x and cuts costs per query 5x.

Google is moving parts of YouTube to its cloud service

Slides, Videos, Audio

GCP Podcast - #262 Database Migration Service with Shachar Guz and Gabe Weiss.

Releases

AI Platform - Deep Learning Containers - M71 release Upgraded TensorFlow Probability, TensorFlow I/O, and TensorFlow Estimator in TensorFlow 2.5 containers.

AI Platform - Deep Learning VMs - M71 Release Refreshed the Debian-10 images (Ubuntu images not refreshed in this release).

Anthos clusters on AWS - Anthos clusters on AWS 1.7.2-gke.0 is now available. The Anthos clusters on AWS 1.7.2-gke.0 release addresses the following vulnerabilities: CVE-2020-29361 CVE-2020-1971 CVE-2020-29362 CVE-2020-29362 CVE-2021-23841 CVE-2021-25735.

Anthos clusters on bare metal - 1.7. Release 1.7.2 Anthos clusters on bare metal release 1.7.2 is now available. Fixes: Fixed CVE-2021-25735 that could allow node updates to bypass a Validating Admission Webhook. Functionality changes: Updated the bmctl check snapshot command so that it includes certificate signing requests in the snapshot. Known issues: Node logs from nodes with a dot (".") in their name are not exported to Cloud Logging.

Anthos - Anthos 1.7.2 is now available.

Anthos GKE on AWS - Anthos clusters on AWS 1.7.2-gke.0 is now available. The Anthos clusters on AWS 1.7.2-gke.0 release addresses the following vulnerabilities: CVE-2020-29361 CVE-2020-1971 CVE-2020-29362 CVE-2020-29362 CVE-2021-23841 CVE-2021-25735.

Artifact Registry - v1beta2. Maven, npm, and Python repositories are now in Preview.

Cloud Asset Inventory - Cloud Asset Inventory Console Preview is now publicly available. New resource types are now available.

Compute Engine - N2D machine types are now available in us-west4-a , Las Vegas, Nevada. Preview: Access the Compute Engine API using Cloud Client Libraries built on our latest client library model.

Config Connector - Config Connector 1.51.2 is now available. Miscellaneous bug fixes.

Dataproc - New sub-minor versions of Dataproc images: 1.3.91-debian10, 1.3.91-ubuntu18, 1.4.62-debian10, 1.4.62-ubuntu18, 1.5.37-centos8, 1.5.37-debian10, 1.5.37-ubuntu18, 2.0.11-centos8, 2.0.11-debian10, and 2.0.11-ubuntu18. Image 1.3 - 2.0 All jobs now share a single JobthreadPool. Image 2.0 Added snappy-jar dependency to Hadoop. Image 1.5 and 2.0 Agnets no longer publish a /has_run_before sentinel file. Image 1.3 - 2.0 SPARK-35227: Replace Bintray with the new repository service for the spark-packages resolver in SparkSubmit. Image 2.0 Fixed the problem that the environment variable PATH was not set in YARN containers.

Deep Learning VM - M71 Release Refreshed the Debian-10 images (Ubuntu images not refreshed in this release).

Dialogflow - Dialogflow CX will have new pricing on September 1, 2021.

Cloud Data Loss Prevention - MEDICAL_TERM infoType detector is now available in all regions.

Google Kubernetes Engine - The security community recently disclosed a new security vulnerability CVE-2021-30465 found in runc that has the potential to allow full access to a node filesystem.

Cloud Monitoring - A JSON editor has been integrated with the dashboard page.

Cloud Run - Request timeouts up to 60 minutes are now at general availability (GA).

Cloud Spanner - We are replacing the Insert a row and Edit a row data forms in the Cloud Console with pre-populated DML query templates on the Query page.

Cloud SQL MySQL - CloudSQL for MySQL now supports the MySQL flags expire_logs_days (for MySQL 5.6 and 5.7) and binlog_expire_logs_seconds (for MySQL 8.0).

Cloud SQL Postgres - Both the Cloud SQL Java Connector and Cloud SQL Python Connector now support IAM Authentication for PostgreSQL. The logical replication and decoding functionality of PostgreSQL is available as a preview. Cloud SQL for PostgreSQL now supports the pg_similarity extension, which provides support for similarity queries in PostgreSQL.

Cloud TPU - New Cloud TPU VMs make training your ML models on TPUs easier than ever The new Cloud TPU VM architecture makes it easier than ever before to use our industry-leading TPU hardware.

Traffic Director - Support for Go is added to Traffic Director service security with proxyless gRPC.

Transfer Appliance - Transfer Appliance offers the Transfer Appliance Cloud Setup Application.

Virtual Private Cloud - The Private Service Connect Published Services tab in the Google Cloud Console now correctly displays service attachments. When a Private Service Connect consumer endpoint is deleted, the service attachment details now correctly reflects this change. Publishing services and accessing published services using Private Service Connect is now available in Preview. Private Service Connect service attachment details always show a status of Accepted for consumer endpoints, even if they have a different status. When a Private Service Connect consumer endpoint is deleted, the service attachment details do not reflect this change. Updating a Private Service Connect service attachment using the PATCH API method requires that you provide all values in the request body, not just the values that you are updating. If you enable PROXY protocol for a Private Service Connect service attachment, the PROXY protocol header value might be 0xEA or 0xE0. If you publish a service using Private Service Connect, and the referenced load balancer does not have any backend VMs, all Private Service Connect endpoints in the consumer network might become unresponsive. If you want to create a Private Service Connect endpoint in a Shared VPC network, the endpoint must be created in the same project that contains the virtual machines (VMs) that send requests to the endpoint. The Private Service Connect Published Services tab in the Google Cloud Console does not display service attachments.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko