Welcome to issue #256 August 23rd, 2021

News

Introducing security configuration for gRPC apps with Traffic Director - gRPC-based services can now be configured via the Traffic Director control plane to use TLS and mutual TLS to establish secure communications.

Manage data exfiltration risks in Cloud Run with VPC Service Controls - The scalability and ease of use of fully managed compute now comes with enterprise-grade guardrails at the network level.

Zero trust is a must: Supporting our customers with new BeyondCorp Enterprise features - New features for BeyondCorp Enterprise include native support for client certificates, on-prem connector, and new attributes in Access Context Manager.

Zero effort performance insights for popular serverless offerings - Traces provide signals for latency. Traces are now available by default in serverless offerings such as AppEngine, Cloud Run and Cloud Functions.

Scaling data access to 10Tbps (yes, terabits) with Lustre - Working with DDN and NAG, the Lustre file system running on Google Cloud ranked 8th on this year’s IO500 benchmark.

What's the latest with Actifio GO backup and disaster recovery? - Read the latest news on Actifio GO backup and disaster recovery including information about the July 2021 release.

Use Process Metrics for troubleshooting and resource attribution - Find memory leaks or the source of performance issues, and understand aggregate resource consumption for your virtual machines with process metrics.

Private Catalog: Enabling easier curation of Cloud Marketplace products - Admins can now add SaaS products from Google Cloud Marketplace to their organization’s Private Catalog, for use by end users.

Announcing Apricot: a new subsea cable connecting Singapore to Japan - The new Apricot subsea cable will connect Singapore, Japan, Guam, the Philippines, Taiwan and Indonesia by 2024.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Five do’s and don’ts of multicloud, according to the experts - Experts shared how to do multicloud the right way.

Getting to the cloud: Best practices for migrating from On-prem to Google Cloud using Storage Transfer Service - Learn how to use Storage Transfer Service to move data from on-prem to the cloud, and common mistakes to avoid.

How to conduct live network forensics in GCP - Collect and preserve vital evidence for the digital forensic process while the incident response team resolves an incident.

Zero trust: Putting it all together with policy - Use your understanding about your systems, services and applications to set policies that make sense for your specific set of risks and goals.

Deploy Anthos on GKE with Terraform part 1: GitOps with Config Sync - It is now simple to use Terraform to configure Anthos features on your GKE clusters. This is the first part of the 3 part series that describes using Terraform to enable Config Sync.

Foundational best practices for securing your cloud deployment - The security foundations blueprint identifies core security decisions and guides you with opinionated best practices for deploying a secured GCP environment.

GCP CA Service: how to get started! - A practical run through setting up a private CA root and Subordinate CA via the new GCP CA Service!

Latest Updates From Google Cloud Platform - CloudBuild Private Pool for Reaching out to Private Resources Outside GCP.

Google Kubernetes Engine (GKE) Security Best Practices - Security best practices on GKE.

App Development, Serverless, Databases, DevOps

Unlocking Application Modernization with Microservices and APIs - How enterprises can use both API management and a service mesh to create better experiences for both developers and customers.

Using a private repo on Artifact Registry in Google Cloud Functions - Late last year, we announced that Artifact Registry was going GA, allowing GCP customers to manage their packages within the same platform as they were being deployed. In this blogpost, we want to show you how to do exactly that with a private dependency.

High durability options for Compute Engine workloads - This article provides information regarding the durability that Persistent Disk provides.

Artifact Registry: the next generation of Container Registry - Compared with Container Registry, Artifact Registry lets you store non-container artifacts, and provides better security and more flexibility.

Using Compute Engine: Users’ top questions answered - Answers to Compute Engine users’ most common questions, based on best-read documentation pages.

What is Memorystore? - Many of today's applications ranging from gaming, cybersecurity, social media require processing data at sub-millisecond latency to deliver real-time experiences. To meet demands of low latency at increased scale and reduced cost you need an in-memory datastore.

Understanding Cloud SQL Maintenance: why is it needed? - Get acquainted with the way maintenance works in Cloud SQL so you can effectively plan availability.

Meet the Firestore Emulator Requests Monitor - The Firestore Emulator Requests Monitor allows you to see requests to your local Firestore Emulator in real-time, and drill down to the details of each request, such as method, path, and Firebase Security Rules evaluation.

How to connect a Private Cloud SQL instance to a Private IP VM - How to set up a connection from a private Compute Engine VM to a private Cloud SQL instance using the mysqlsh command line tool.

Big Data, Analytics, ML&AI

StarThinker 2.0 Is Here - StarThinker, is a simple and intuitive web UI that allows users to create, edit, run, and schedule data pipelines consistently.

IDC reveals 323% ROI for SAP customers using BigQuery - Resulting from interviews with seven customers leveraging BigQuery for SAP data, IDC demonstrates a 323% ROI and 52% lower 3-year cost of operations.

BigQuery Admin reference guide: API landscape - Explore the different BigQuery APIs that can help you programmatically manage and leverage your data.

BigQuery workload management best practices - This blog aims to simplify the concept of slots and related metrics, benefits of dedicated slots, monitoring best practices and, optimize workload with Automation.

How to configure the “Export Collections to BigQuery” extension and use SQL “full” power on your Firestore data - How to use Firebase extension to export Firestore to BigQuery.

How Data Scientists Can Increase Their Productivity With the Aid of Data Engineers Solutions Using BigQuery, Google Colab and Python - This article aims to bring a set of solutions in Python used by Data Engineers that will increase the productivity of Data Scientists that needs to use Google BigQuery in daily operations and just want this thing to work.

Access free training and learn how to automate hyperparameter tuning to find the best model - We’ll walk through how to easily create optimal machine learning models with BigQuery ML's recently launched automated hyperparameter tuning. You can also register for our free training on August 19 to gain more experience with hyperparameter tuning and get your questions answered by Google experts.

Build a reinforcement learning recommendation application using Vertex AI - In this article, we’ll demonstrate an RL-based movie recommender system, including a MLOps pipeline, built with Vertex AI and TF-Agents.

Scalable tech support via AI-augmented chat - As Googlers transitioned to working from home during the pandemic, more and more turned to chat-based support to help them fix technical problems. Google's IT support team looked at many options to help meet the increased demand for tech support quickly and efficiently.

New study available: Modernize with AIOps to maximize your impact - In this commissioned study, Forrester Consulting explores how organizations are using AI Ops in their cloud environments.

How to get better retail recommendations with Recommendations AI - Recommendations AI is a solution that uses machine learning to bring product recommendations to their shoppers across any catalog or client list. This service is part of our full suite of Retail solutions. When you integrate with the Retail API, you get the benefit of Google's Product Discovery.

Piloting Google Cloud Platform to enhance data access and usability at NYC Planning - How New York City’s Department of City Planning is using GCP to develop data products for the future of the city.

Various

Listen up! Google Cloud Reader reaches 50 episodes - Google Cloud Reader is a podcast that lets you listen to the Google Cloud Blog posts that aren't as dependent on visuals.

How retailers can boost agility and resilience in Google Cloud - Learn how retailers can migrate their on-premises applications to the cloud, to stay relevant and competitive.

Promoting Google Cloud Content Creators - Perspectives on GCP content creation.

Slides, Videos, Audio

GCP Podcast - #272 GKE Turns Six with Anthony Bushong, Gari Singh, and Kaslin Fields.

Kubernetes Podcast - #159 Talos, with Andrew Rynhard.

Releases

Anthos clusters on bare metal - 1.7. Release 1.7.3 Anthos clusters on bare metal 1.7.3 is now available. Fixes: The following container image security vulnerabilities have been fixed: CVE-2021-3520 CVE-2021-20305 CVE-2021-22924 CVE-2021-22925 CVE-2021-31535 CVE-2021-33560 CVE-2021-33910. Known issues: When you upgrade Anthos clusters on bare metal from a version with a security patch to the next minor release, we recommend you upgrade to the highest patch version to ensure you have the latest security fixes.

AppEngine Standard Java - Upgraded Jetty to version 9.4.43.v20210629.

AppEngine Standard NodeJS - The NodeJS 16 runtime for App Engine standard environment is now available in Public Preview.

Google Cloud Armor - Google Cloud Armor integration with reCAPTCHA Enterprise is now available in Public Preview.

BigQuery - Cloud Spanner federated queries are now generally available (GA).

Cloud Build - Users can now configure triggers that only execute a build when granted approval by a set of users.

Channel Services - v1. The ImportCustomer method is now generally available.

Compute Engine - Preview: Manually live migrate VMs from one host to another.

Config Connector - Config Connector 1.59.0 is now available. Added networkConfig field into ContainerNodePool. Added processingUnits field into SpannerInstance. config-connector CLI supports IAMPartialPolicy as an IAM output format. Fixed the issue where ComputeInstance fails reconciliation if metadata is set outside KCC (Issue #524).

Data Fusion - SQL Server source plugin version 1.5.5 is now available.

Dataproc Metastore - v1beta1. CMEK integration with Dataproc Metastore is available in Preview.

Dataproc - Added support for Dataproc Metastore in three recently turned up regions: .europe-west1, northamerica-northeast1, and asia-southeast1. Dataproc issues a warning message if the staging or test bucket name contains an underscore.

Deep Learning Containers - M78 Release Updated TensorFlow Enterprise patch version 2.3.3 to 2.3.4. TensorFlow Enterprise 2.5 TensorFlow Enterprise 2.5 Deep Learning Containers are now deprecated.

Deep Learning VM - M78 Release Updated TensorFlow Enterprise patch version 2.3.3 to 2.3.4. Fixed a bug that prevented users from exporting a notebook as a PDF. TensorFlow Enterprise 2.5 TensorFlow Enterprise 2.5 Deep Learning VM images are now deprecated.

Cloud Networking Products - Managing routing policies in Cloud DNS is available in preview.

Eventarc - Support for 16 new regions.

Cloud Healthcare API - v1. An interactive version of the Cloud Healthcare API quickstart is now available in the Cloud Console.

Google Kubernetes Engine - (2021-R27) Version updates GKE cluster versions have been updated. For GKE clusters running Windows Server node pools, you can proactively receive updates about new GKE versions and the Windows OS versions they use by subscribing to UpgradeAvailableEvent notifications. A simplified GKE API for configuring which logs and metrics are collected and sent to Cloud Logging and Cloud Monitoring is now available. GKE clusters running node pools that use containerd might experience IP leak issues and exhaust all Pod IPs on a node. An issue was identified with v1beta1 of the BackendConfig API, where a Cloud Armor security policy was inadvertently deleted from the backend Service of an Ingress resource on the following affected GKE versions: 1.18.19-gke.1400 and later 1.19.10-gke.700 and later 1.20.6-gke.700 and later To fix this issue, use v1 of the BackendConfig API, or update your clusters to one of the following GKE versions: 1.20.9-gke.900 and later 1.21.1-gke.2700 and later For more information, see Kubernetes issue #1508 and the Ingress Known issues page.

GKE - (2021-R27) Version updates Version 1.20.8-gke.2100 is now the default version.

Google Kubernetes Engine Rapid - (2021-R27) Version updates Version 1.20.8-gke.2100 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2021-R27) Version updates Version 1.20.8-gke.2100 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2021-R27) Version updates There are no new releases in the Stable channel.

Cloud Logging - You can now use Chef to install and manage the Google Cloud operations suite agents across your fleet of Linux and Windows VMs.

KF - 2.5.1. Kf CLI can now override the manifest.yaml app name. When deleting resources, Kf will now delete any sub resources before returning success on the deletion request.

Cloud Monitoring - You can now use Chef to install and manage the Google Cloud operations suite agents across your fleet of Linux and Windows VMs.

reCAPTCHA Enterprise - reCAPTCHA Enterprise for WAF and Google Cloud Armor integration is now available in Public Preview.

Cloud Spanner - Cloud Spanner now creates dedicated backup jobs to take backups instead of using an instance's server resources. Views are now supported in Cloud Spanner databases. Released Query Optimizer version 3.

Cloud SQL MySQL - The following MySQL minor versions have been upgraded: MySQL 5.7.33 is upgraded to 5.7.34. MySQL 5.7.33 has been upgraded to 5.7.34.

Cloud SQL Postgres - Cloud SQL now offers faster maintenance, with connectivity dropping for less than 30 seconds on average.

Tensorflow Enterprise - TensorFlow Enterprise 2.3 has been updated to 2.3.4 from 2.3.3. TensorFlow Enterprise 2.5 Deep Learning VM images and Deep Learning Containers are now deprecated.

VMware Engine - Preview: VMware Engine integration with Google Cloud's operations suite using a standalone metrics and logs agent.

Virtual Private Cloud - If you are using Private Service Connect endpoints to access services in another VPC network, deleting an endpoint no longer fails if you try to delete multiple endpoints in a short period of time.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko