Welcome to issue #248 June 28th, 2021

News

HTTP/3 gets your content there QUIC, with Cloud CDN and Load Balancing - Cloud CDN and Load Balancing customers can now serve clients HTTP/3, for better performance for streaming video, image serving and API scaling.

Streamline your real-time data pipeline with Datastream and MongoDB - Continually stream data from legacy relational data stores into MongoDB Atlas with Google Cloud Datastream.

Announcing new features for Cloud Monitoring's Grafana plugin - Here’s an overview of new features we’ve added that improve integration between Cloud Monitoring and Grafana.

BigQuery row-level security enables more granular access to data - BigQuery row-level security provides more granular access control over your data.

Accelerate Google Cloud database migration assessments with EPAM’s migVisor - The Database Migration Assessment is a Google Cloud-led project to help customers accelerate their deployment to Google Cloud databases with a free evaluation of their environment.

IBM Spectrum LSF Now Supports HPC Workloads on Google Cloud - Google Cloud is excited to announce, in collaboration with IBM, enhanced capabilities to IBM Spectrum LSF job scheduling with Google Cloud resources.

Improving cloud operations and migrations with Google Cloud and ServiceNow - Accelerating cloud migrations and improving hybrid and multicloud management with Google Cloud and ServiceNow.

Investing in the heart Of Google Cloud, our developer and customer communities - New Google Cloud internal and external community investments. The intention is to meet Devs where they already congregate.

Cloud Career Jump Start: our virtual certification readiness program - Cloud Career Jump Start is Google Cloud’s first virtual Certification Journey Learning program for underrepresented communities.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

A blueprint for secure infrastructure on Google Cloud - The security foundations blueprint identifies core security decisions and guides you with opinionated best practices for deploying a secured Google Cloud environment.

Latest Transfer Appliance enables fast, simple and secure data movement - Transfer Appliances for simple, secure and performant data movement.

To the cloud and beyond! A program management approach to data center migration - Learn how to streamline your data center migration with Google Cloud and their Professional Services Organization.

Build a platform with KRM: Part 3 - Simplifying Kubernetes app development - Streamline Kubernetes application development with friendly tools from Google.

Struggling to fix Kubernetes over-provisioning? GKE has you covered! - An overview of techniques and tools you can use to reduce your reliance on over-provisioning your Google Kubernetes Engine (GKE) environment.

Exposing our applications with GCLB and Istio - Sharing experience of using Cloud Balancing and Istio.

Extending GCP Cloud DNS to On-prem with Multiple VPCs - A process of connecting GCP environments to those on-prem in a secure way.

Protect from Delete GCP project - Command to set GCP project so it cannot be deleted.

App Development, Serverless, Databases, DevOps

5 things you didn’t know about the new Tau VMs - Learn about Google Cloud’s new Tau VM family, including its first instance type, T2D VMs.

Google Maps Platform JavaScript API and Promises - As of the quarterly release of version 3.45 of the Maps JavaScript API, Promises support is now also available in the weekly channel alongside the pre-existing callback pattern for asynchronous methods.

Riot Games’ chatbot built on Google Cloud Dialogflow & Botcopy achieves a 14% deflection rate. - Riot Games tests Google/Botcopy stack against Amazon Lex. Google/ Botcopy trounces — hands down.

Introducing Upstash for Google Cloud Function & Access using REST APIs - Upstash now supports the Google Cloud Function and provides REST APIs to access the database.

Firecode - Firecode is a Node.js library that lets you efficiently traverse Firestore collections.

How to deploy and secure your Streamlit app on GCP? - Streamlit is a great tool to create beautiful data applications, in this article two solutions are presented to deploy on Google Cloud.

Big Data, Analytics, ML&AI

Orchestrate Data Pipelines using Workflows - A common way to orchestrate data engineering pipelines is using Cloud Composer (based on Apache Airflow). However, many data teams do not want to manage the infrastructure and are looking for serverless options. Workflows is a great alternative to tackle such orchestration use cases. We’ve also used the newly released Workflow connectors feature as part of our blog.

Data Fusion Private Cluster to access public source - Step by step tutorial to configure Data Fusion private cluster to access public source.

Google Cloud Dataprep by Trifacta cheat sheet - Data is needed in every aspect of your business from optimizing profit margin, identifying new market opportunities, predicting next-best offer, responding to fraud, or reporting on regulatory obligations. If you want data as an ally to steer your business, you should look at Dataprep by Trifacta.

The BigQuery admin reference guide: Resource Hierarchy - Learn about the BigQuery Resource Hierarchy, and how to structure Projects, in the first part of our series to help BigQuery administrators master the fundamentals.

Leveraging BigQuery Public Boundaries datasets for geospatial analytics - Here we’ll show you how to join first party data onto the BigQuery Public Boundaries Datasets for comprehensive geospatial analytics.

Monitoring SQL Scripts with BigQuery - Getting insights about executed scripts in BigQuery.

Email Alerts for GCP Events - In this article, we will see how we can set up a framework to send email alerts in event of a failed query in BigQuery.

DBT BigQuery Performance - Profiling DBT runs.

Write to Google BigQuery using Tableau Prep - Saving data from Tableau Prep to BigQuery.

Machine Learning with Google’s BigQuery - How to easily create and deploy ML Models with SQL.

Getting started with MLOps: Selecting the right capabilities for your use case - Navigate the processes and capabilities you need to adopt for your MLOps use cases.

Various

GCP Professional Cloud Architect — Exam Guide Mapping to Prep links - A list of resources to help with Cloud Architect certification exam.

Do you want to know ‘What it takes to be a Certified GCP Professional Security Engineer ?’ - Passing Security certification exam.

Slides, Videos, Audio

GCP Podcast - #264 SRE III with Steve McGhee and Yuri Grinshteyn.

Releases

Access Approval - v1. Cloud Data Loss Prevention is supported by Access Approval in Preview stage. Cloud External Key Manager is supported by Access Approval in Preview stage. Cloud HSM is supported by Access Approval in Preview stage.

AI Platform Unified - You can now use NVIDIA A100 GPUs and several accelerator-optimized (A2) machine types for training.

Anthos Config Management - 1.8.0. Config Connector can no longer be installed via Anthos Config Management. The Config Sync admission webhook serving port is switched from 8676 to 10250. The Hierarchy Controller admission webhook serving port has switched from 9443 to 10250. The Anthos Policy Controller admission webhook serving port is switched from 8443 to 10250. All Anthos Config Management components have been updated to remove use of v1beta1 APIs scheduled to be removed in Kubernetes 1.22. Anthos Policy Controller now supports the ability for users to mutate resources as a preview feature. Anthos Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: f6c2fe8). Editing rights to Hierarchical Resource Quotas are now aggregated into the cluster-wide 'edit' and 'admin' Cluster Roles.

Anthos clusters on bare metal - 1.8. Release 1.8.0 Anthos clusters on bare metal release 1.8.0 is now available. Extended installation support: Provided support to use containerd as the container runtime as GA for Anthos clusters on bare metal release 1.8.0. Functionality changes: Added --workspace-dir flag to bmctl to allow changing the path and name of the workspace directory from the default bmctl-workspace. Fixes: Resolved, as part of the GA support for using containerd as the container runtime, incorrect cgroup driver use. Known issues: If a Node is out of reach, Anthos clusters on bare metal can't start the draining process, which may impact the cluster upgrade process.

Cloud Asset Inventory - New resource types are now available.

BI Engine - BigQuery BI Engine is now available in the Melbourne (australia-southeast2) region.

BigQuery ML - BigQuery ML is releasing the following features for preview: The ML.DETECT_ANOMALIES function is now available. BigQuery ML is now available in the Melbourne (australia-southeast2) region.

BigQuery Transfer - BigQuery Data Transfer Service now supports Google Merchant Center data transfers for local inventories and regional inventories. BigQuery Data Transfer Service is now available in the Melbourne (australia-southeast2) region.

BigQuery - BigQuery table snapshots are now in Preview. Row-level security on table data is now generally available in BigQuery. BigQuery is now available in the Melbourne (australia-southeast2) region.

BigTable - Console Table Management for Cloud Bigtable is now generally available. Cloud Bigtable is now available in the australia-southeast2 (Melbourne) region.

CDN - External HTTP(S) Load Balancing and Cloud CDN now support HTTP/3.

Channel Services - v1alpha1. Added a new feature for the ImportCustomer API to specify which customer will receive imported Cloud Identity information.

Compute Engine - Preview: Use patch alerting to monitor the patch jobs running in your environment. Best practices are now available for the Compute Engine API. Melbourne, Australia australia-southeast2-a,b,c has launched with E2, N2, N1, and M1 machines.

Config Connector - Config Connector 1.53.0 is now available. Added support for NetworkSecurityClientTLSPolicy. Added support for NetworkSecurityServerTLSPolicy. Added support for strong hierarchal references to several resources: Add spec.projectRef to DataprocAutoScalingPolicy Add spec.projectRef to DataprocCluster Add spec.projectRef to DataprocWorkflowTemplate Add spec.projectRef to MonitoringGroup. Change cnrm-system containers to use HTTP probes for readiness instead of command probes.

Data Fusion - Preview: You can now replicate data continuously and in real time from operational data stores in Oracle into BigQuery using the Oracle (by Datastream) plugin.

Cloud Dataflow - Dataflow is now able to use workers, Dataflow Shuffle, Streaming Engine, FlexRS, and regional endpoints in zones in Melbourne (australia-southeast2).

Dataproc - Dataproc is now available in the australia-southeast2 region (Melbourne).

Deep Learning Containers - M73 Release Upgraded TensorFlow Enterprise 2.1.3 to 2.1.4.

Dialogflow - New System functions are now available in Dialogflow CX.

Google Kubernetes Engine - GKE clusters on some 1.18.18+ and 1.19.10+ versions might fail to create or apply CustomResourceDefinitions containing integer validation rules using server-side apply. (2021-R21) Version updates GKE cluster versions have been updated. Internal load balancer subsetting for GKE is now generally available in GKE versions 1.18.19-gke.1400 and later. The australia-southeast2 region in Melbourne is now available.

GKE - (2021-R21) Version updates Version 1.19.9-gke.1900 is now the default version.

Google Kubernetes Engine Rapid - (2021-R21) Version updates Version 1.20.7-gke.1800 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2021-R21) Version updates Version 1.19.9-gke.1900 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2021-R21) Version updates Version 1.18.18-gke.1700 is now available in the Stable channel.

Load Balancing - External HTTP(S) Load Balancing and Cloud CDN now support HTTP/3. Symmetric hashing for internal TCP/UDP load balancers as next hops—When load balancing to multiple NICs on the backends, you no longer need to use source network address translation (SNAT).

Memorystore for Memcached - v1. Added new Memorystore for Memcached region: Melbourne (australia-southeast2).

Cloud Memorystore - Added new Memorystore for Redis region: Melbourne (australia-southeast2).

Cloud Router - Cloud Router now supports the following: Enabling and disabling BGP sessions Updating the BGP keepalive interval.

Cloud Run - Cloud Run is now available in the following region: australia-southeast2 (Melbourne). Cloud Run support for WebSockets, HTTP/2, and gRPC streaming are now at general availability (GA).

Secret Manager - Secret Manager is now available in australia-southeast2 (Melbourne).

Service Mesh - 1.10.x. There is a known issue in 1.10.2-asm.2 where control plane metric reporting to Cloud Monitoring is not functioning properly and reports excessive error logs in the Istiod container. 1.10.x. 1.10.2-asm.2 is now available. Anthos clusters on-premises support Mesh CA. Google-managed control plane release channels are available. Migrating to Mesh CA from Istio CA with little or no downtime. 1.8.x & 1.9.x. The Istio project recently announced a security vulnerability (CVE-2021-34824) where where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. 1.8.6-asm.4 and 1.9.6-asm.1 are now available.

Cloud Spanner - Cloud Spanner regional instances can now be created in Melbourne (australia-southeast2).

Cloud SQL MySQL - Cloud SQL storage limits are now increased to support up to 64 TB. The following MySQL minor versions have been upgraded: MySQL 5.6.50 is upgraded to 5.6.51 MySQL 5.7.32 is upgraded to 5.7.33. Cloud SQL storage limits are now increased to support up to 64 TB. Support for australia-southeast2 (Melbourne) region.

Cloud SQL SQL Server - Cloud SQL for SQL Server now supports SQL Server 2019. Cloud SQL storage limits are now increased to support up to 64 TB. Cloud SQL storage limits are now increased to support up to 64 TB. A preview enables you to use replication in Cloud SQL for SQL Server. Support for australia-southeast2 (Melbourne) region.

Cloud Storage - Melbourne region (australia-southeast2) launched.

Cloud Tasks - v2. A Service Level Agreement (SLA) for Cloud Tasks is now in effect.

Tensorflow Enterprise - TensorFlow Enterprise 2.3 has been updated to 2.3.3 from 2.3.2 TensorFlow Enterprise 2.1 has been updated to 2.1.4 from 2.1.3.

Cloud TPU - The Cloud TPU team has released support for TensorFlow 2.4.2.

Vertex AI - You can now use NVIDIA A100 GPUs and several accelerator-optimized (A2) machine types for training.

VPC Service Controls - General availability for the following integration: Identity-Aware Proxy for TCP forwarding.

Virtual Private Cloud - If you are using Private Service Connect endpoints to access services in another VPC network, and you delete multiple endpoints in a short period of time, one or more of the deletions might fail. If you are using Private Service Connect endpoints to access services in another VPC network, and you create more endpoints than are allowed by the limit set by the service producer, any endpoints created after the limit is reached have a status of Pending, as expected. For auto mode VPC networks, added a new subnet 10.192.0.0/20 for the Melbourne australia-southeast2 region.

Cloud VPN - Cloud VPN is now available in region australia-southeast2 (Melbourne, Australia).

Workflows - v1. Syntax for updating list values and map values is now supported.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko