Welcome to issue #278 January 24th, 2022

News

Find products faster with the new All products page - Introducing the new Google Cloud All products page. Quickly navigate to products from one place. Explore products at a glance and save time.

Encrypt Data Fusion data and metadata using Customer Managed Encryption Keys (CMEK) - General availability of Customer Managed Encryption Keys (CMEK) for encrypting Cloud Data Fusion data and metadata at-rest.

Webhook, Pub/Sub, and Slack Alerting notification channels launched - Announcing the general availability of the new Pub/Sub, Webhook, and Slack Notification channels.

Keep tabs on your tables: Cloud SQL for MySQL launches database auditing - The Cloud SQL for MySQL Audit Plugin is an advanced enterprise-grade security plugin that offers advanced auditing features.

New in Google Cloud VMware Engine: Single nodes, certifications and more - The latest version of Google Cloud VMware Engine now supports single node clouds, compliance certs and Toronto availability.

BigQuery Explainable AI now in GA to help you interpret your machine learning models - BigQuery Explainable AI allows you to interpret your ML models.

Understanding Firestore performance with Key Visualizer - Firestore Key Visualizer is now Generally Available! Try out the new interactive performance monitoring tool that helps you observe and maximize Firestore’s performance.

Bio-pharma organizations can now leverage the groundbreaking protein folding system, AlphaFold, with Vertex AI - How to run DeepMind’s AlphaFold on Google Cloud’s Vertex AI.

Apache Beam conference call for speakers - Beam Summit is coming back on 18-20 July 2022 Austin, Texas and online.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Developing and securing a platform for healthcare innovation with Google Cloud - Highmark Health and Google are using a technique called “secure-by-design” to address the security, privacy, and compliance aspects of bringing Living Health to life.

How to publish applications to our users globally with Cloud DNS Routing policies? - Build and deploy high availability applications globally by using Cloud DNS routing policies.

Comparing Terraform and Cloud Deployment Manager - Comparison of Deployment Manager and Terraform.

Implement Cloud Armor Security Policy/s using Terraform - Implementing security policies through Terraform for 'Instance Groups as the backend service' and defining WAF Rules and consuming them through Security Policy.

Tutorial: Rotating Service Account Keys using Secret Manager - The Service Account Key Rotater is a pluginable solution that can easily be extended for other external services that require access to Service Account Keys.

Google Cloud Anthos Series - Part1: Anthos Platform Introduction.

GKE Authentication and Authorization Between Cloud IAM and RBAC - Learn how users are created in GKE & how Google Cloud IAM and RBAC work together to achieve better authentication & authorization.

Resolving network connectivity issues between GCP Services - Learn how to connect to peered private clusters and manage services such as Cloud-SQL and GKE without public IP addresses.

NGINX Ingress or GKE Ingress? - In this article, two popular Ingress options for Google Kubernetes Engine are described

Java Microservice on Google Kubernetes Engine (GKE) Cluster - In this article are described steps to create a Java Microservice, and deploy it to Google Kubernetes Engine.

Develop and debug Kubernetes microservice applications fast with Cloud Code and Skaffold modules - With Skaffold and Cloud Code, Google Cloud makes it easy for you to quickly develop and debug your Kubernetes microservice applications.

App Development, Serverless, Databases, DevOps

How Wayfair is modernizing, one database at a time - Wayfair migrated to Google Cloud database services because Cloud SQL and Cloud Spanner provided a clear path for shifting workloads to the cloud.

Creating custom notifications with Cloud Monitoring and Cloud Run - A tutorial for writing and deploying customized Cloud Monitoring alert notifications to third party services.

DevOps for tech companies and startups: Learn from over 32,000 professionals on how to drive success with Google Cloud’s DORA research - The 2021 State of DevOps Report is live and we want to help your organization continue to thrive with Google Cloud’s best DevOps practices.

Patterns for better insights and troubleshooting with hybrid cloud logs - Read this blog to discover how Google Cloud is helping customers improve cost and get better insights from their apps and services with cloud logs.

Enable feature-rich Logging for FastAPI on Google Cloud Logging - Set up Cloud Logging for FastAPI (Python framework).

The pitfalls of scaling on Serverless platforms - Some things you might want to consider, when you need to prepare for burst loads on serverless platforms.

Connecting to MS SQL on Compute in GCP Using Cloud IAP - Connect to and manage MS SQL on GCP Compute using your preferred SQL management software via Cloud IAP.

Cloud Monitoring, We Need to Chat - How to use Google Chat as a notification channel for Cloud Monitoring alerts.

Deploy Cloud Functions on GCP with Terraform - In this tutorial you are going to deploy a simple Cloud Function triggered by a Cloud Storage event with Terraform.

Cloud Functions in Go with Terraform - Deploying a Cloud Function in Go using Terraform.

Automatic CloudSQL load balancing with PGPool-II and far too much bash scripting - Automatic CloudSQL Load Balancing for Kubernetes with Terraform, PGPool-II and Too Much Bash Scripting.

Big Data, Analytics, ML&AI

Data considerations for early-stage startups - Google Cloud technology stack considerations for early-stage startups.

Data Fusion SAP Connectors - Unlock the value of your SAP data on Google Cloud with Data Fusion SAP connectors.

Data Fusion SAP accelerator for Procure 2 Pay - Google Cloud Data Fusion accelerator for SAP Procure to Pay, consisting of SAP connector, pipeline templates, target BigQuery schemas and Looker block.

How to: BigQuery Protobuf Streaming Inserts using Java - An end-to-end example of how to create and push data to BigQuery in protobuf format.

BigQuery: Advanced SQL query hacks - This is a list of time-saving, cost-saving and life-saving SQL query hacks you need to know.

Levenshtein distance as a remedy for sequential data - Calculating Levenshtein distance in BigQuery.

End-to-End BigQuery Machine Learning - Use Google Cloud BigQuery to compete in a Kaggle competition.

How can demand forecasting approach real time responsiveness? Vertex AI makes it possible - AI is making it possible for retailers to do forecasting with near-real-time insights from a wealth of sources. Get granular with Vertex AI Forecast.

Tokenizing sensitive data to train models using VertexAI

PyTorch/XLA: Performance debugging on Cloud TPU VM: Part III - In this blog post, we introduce concepts to generate and analyze traces to debug PyTorch training performance on TPU VM.

Various

A Co-author’s Take on ‘The Definitive Guide to Modernizing Applications on Google Cloud’​ - Thoughts and experiences on writing book (related to GCP).

Slides, Videos, Audio

GCP Podcast - #289 Cloud Security Megatrends with Phil Venables.

Security Podcast - #48 EP48 Confidentially Speaking 2: Cloudful of Secrets.

Releases

AppEngine Standard Java - Updated Java SDK to version 1.9.94.

AppEngine Standard Python3 - Users of the App Engine Bundled Services for Python 3 can now access Blobstore, Deferred, and Mail handlers in preview, through language-idiomatic libraries.

Compute Engine - Learn about the differences between multi-tenancy and sole-tenancy by reading the new About VM tenancy document. Generally available: You can now use the SSH troubleshooting tool to help you determine the cause of failed SSH connections. Generally Available: Configure commitments to renew automatically.

Config Connector - Config Connector version 1.71.0 is now available. Added support for LoggingLogMetric resource. Added support for NetworkConnectivitySpoke resource. Added regional support for ComputeTargetHTTP(S)Proxy resource(s). Added spec.build.availableSecrets to CloudBuildTrigger resource. Added spec.nodeConfig.nodeGroupRef and spec.nodeConfig.spot to ContainerCluster and ContainerNodePool resources. Added spec.readReplicaMode, spec.replicaCount and status.nodes to RedisInstance resources. Added spec.settings.ipConfiguration.allocatedIpRange to SQLInstance resource. Added spec.publicAccessPrevention to StorageBucket resource. Added spec.identityServiceConfig to ContainerCluster resource.

Config Controller - Config Connector version 1.71.0 is now available. Added support for LoggingLogMetric resource. Added support for NetworkConnectivitySpoke resource. Added regional support for ComputeTargetHTTP(S)Proxy resource(s). Added spec.build.availableSecrets to CloudBuildTrigger resource. Added spec.nodeConfig.nodeGroupRef and spec.nodeConfig.spot to ContainerCluster and ContainerNodePool resources. Added spec.readReplicaMode, spec.replicaCount and status.nodes to RedisInstance resources. Added spec.settings.ipConfiguration.allocatedIpRange to SQLInstance resource. Added spec.publicAccessPrevention to StorageBucket resource. Added spec.identityServiceConfig to ContainerCluster resource.

Data Catalog - Public preview: Creating rich-text overview and adding data stewards to your data entries is rolled out to all Data Catalog regions with minimal disruption and in a controlled way.

Dataproc - Announcing the General Availability (GA) release of Dataproc Serverless for Spark, which allows you to run your Spark jobs on Dataproc without having to spin up and manage your own cluster. Added support for Dataproc Metastore's beta NetworkConfig field. Dataproc extracts the warehouse directory from the Dataproc Metastore service for the cluster-local warehouse directory. New sub-minor versions of Dataproc images: 1.4.79-debian10 and 1.4.79-ubuntu18 1.5.55-debian10, 1.5.55-ubuntu18, and 1.5.55-centos8 2.0.29-debian10, 2.0.29-ubuntu18, and 2.0.29-centos8. Migrated to Eclipse Temurin JDK in image versions 1.4, 1.5, and 2.0. Upgraded Log4j version to 2.17.1 in image versions 1.4, 1.5, and 2.0. The Cloud Storage connector jar is installed on the Solr server (even if dataproc:solr.gcs.path property is not set). Fixed a bug where cluster restart disabled Solr and Ranger services even if the components are selected. YARN-8865: RMStateStore contains large number of expired RMDelegationToken. RANGER-3324: Make optimized db schema script idempotent for MySQL DB.

Cloud Deploy - Google Cloud Deploy support for Skaffold version 1.35.1 has been updated to version 1.35.2, which is now the default Skaffold version. Google Cloud Deploy is generally available (GA). Google Cloud Deploy now has beta stage support for VPC Service Controls. You can now roll back targets from the delivery pipeline visualization in Google Cloud Console. Google Cloud Deploy now automatically applies provenance labels to deployed resources.

Dialogflow Enterprise - Dialogflow CX now provides an IDENTITY system function, which is useful to copy a composite parameter object in a parameter preset field. The Dialogflow CX QueryResult.match.event field previously only populated custom events.

Dialogflow - Dialogflow CX now provides an IDENTITY system function, which is useful to copy a composite parameter object in a parameter preset field. The Dialogflow CX QueryResult.match.event field previously only populated custom events.

Cloud Data Loss Prevention - The SOUTH_AFRICA_ID_NUMBER infoType detector is available in all regions.

Cloud Networking Products - Managing routing policies in Cloud DNS is available in GA.

Document AI - The Intelligent Document Quality Processor is now publicly accessible and now supports 3 more defect types: quality/defect_document_cutoff quality/defect_text_cutoff quality/defect_glare.

Google Kubernetes Engine - (2022-R01) Version updates GKE cluster versions have been updated. 1.23 is now available in the Rapid channel Kubernetes 1.23 is now available in the Rapid channel. Notable features Beta: PodSecurity admission PodSecurity replaces the deprecated PodSecurityPolicy admission controller (which will be removed in 1.25). Notable changes and bug fixes Kubernetes 1.23 is built with go1.17, which requires aggregated API servers, admission webhooks, and custom resource conversion webhooks to use TLS certificates that include the service DNS name as a subjectAltName. New API versions flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration autoscaling/v2 HorizontalPodAutoscaler. Deprecated API versions These APIs are still served in version 1.23 but are in a deprecation period: PodSecurityPolicy policy/v1beta1 PodSecurityPolicy Deprecated in 1.21 with removal targeted for version 1.25. Clusters running GKE node versions 1.19.16-gke.1500 and 1.19.16-gke.3600 will be unstable if Container Threat Detection (KTD) is enabled. VPC-scoped DNS for GKE using Cloud DNS is now generally available for GKE versions 1.21 and later. A new kubernetes metric, Network policy event count (kubernetes.io/pod/network/policy_event_count), is available (beta) for GKE Dataplane V2 clusters in GKE versions 1.22.3-gke.700 and later. Now available in Preview: Use a compact placement policy to specify that nodes within the node pool should be placed in closer physical proximity to each other within a zone.

GKE - (2022-R01) Version updates Version 1.21.6-gke.1500 is now the default version.

Google Kubernetes Engine Rapid - (2022-R01) Version updates Version 1.22.3-gke.1500 is now the default version in the Rapid channel. 1.23 is now available in the Rapid channel Kubernetes 1.23 is now available in the Rapid channel. Notable features Beta: PodSecurity admission PodSecurity replaces the deprecated PodSecurityPolicy admission controller (which will be removed in 1.25). Notable changes and bug fixes Kubernetes 1.23 is built with go1.17, which requires aggregated API servers, admission webhooks, and custom resource conversion webhooks to use TLS certificates that include the service DNS name as a subjectAltName. New API versions flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration autoscaling/v2 HorizontalPodAutoscaler. Deprecated API versions These APIs are still served in version 1.23 but are in a deprecation period: PodSecurityPolicy policy/v1beta1 PodSecurityPolicy Deprecated in 1.21 with removal targeted for version 1.25.

Google Kubernetes Engine Regular - (2022-R01) Version updates Version 1.21.6-gke.1500 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2022-R01) Version updates Version 1.20.12-gke.1500 is now the default version in the Stable channel.

Load Balancing - The default behavior for HTTP/3 and Google QUIC is changing for global external HTTP(S) load balancers.

Cloud Monitoring - Private uptime checks are now available in Preview. When you click on an entry in the Instances table on the Monitoring VM Instances dashboard, a sliding panel now appears with the instance details, replacing the VM Instance Details page.

Network Intelligence Center - Overly permissive rule insights are now generally available.

reCAPTCHA Enterprise - You can now use reCAPTCHA Enterprise account defender to detect and prevent account-related fraudulent activities.

Retail Recommendations AI - The Retail console is now available to all Recommendations AI users.

Anthos Service Mesh - 1.10.x. 1.10.6-asm.0 is now available. 1.12.x. 1.12.2-asm.0 is now available. Managed Anthos Service Mesh. Version 1.12 is now available for managed Anthos Service Mesh and is rolling out into the Rapid Release Channel. Managed Anthos Service Mesh now supports GKE Autopilot in the Regular and Rapid channels. Managed Anthos Service Mesh control plane now displays its provisioning status in the ControlPlaneRevision API. Managed Anthos Service Mesh now supports deploying a proxy built on the distroless base image.

SAP Solutions - Google Cloud Connector for SAP Landscape Management version 2.3.0 Version 2.3.0 of the Google Cloud Connector for SAP Landscape Management is now available.

VPC Service Controls - Preview support for the following integration: Image streaming for container images stored in Artifact Registry.

Workflows - Workflows is now certified as SOC 1 compliant.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko