Welcome to issue #280 February 7th, 2022

News

Simplify data processing and data science jobs with Serverless Spark, now available on Google Cloud - Spark on Google Cloud, Serverless and Integrated for Data Science and ETL jobs.

Introducing Certificate Manager to simplify SaaS scale TLS and certificate management - Cloud Certificate Manager lets our users acquire and manage TLS certificates for use with Cloud Load Balancing.

Unveiling a new visual user interface for Google Cloud’s Speech-to-Text API - Developers can more leverage Google Cloud’s Speech-to-Text API in Google Cloud Console’s visual interface.

Pub/Sub Lite low cost messaging, now with higher availability - To provide cost-conscious customers with higher availability, Pub/Sub Lite offers regional topics that are stored across two zones.

Introducing new Cloud Client Libraries for Compute Engine - General availability of the Google Cloud Client Libraries for Compute Engine, which provides a more idiomatic style for each programming language.

BigQuery Connector for SAP: Power your cloud data analytics strategy - This announcement blog describes the capabilities and benefits of the real-time BigQuery Connector for SAP.

Unlock collaboration with Google Workspace Essentials - Introducing Google Workspace Essentials Starter, a no-cost offering to bring modern collaboration to work.

Strengthening our European data sovereignty offerings with Assured Workloads for EU - Assured Workloads for EU on Google Cloud is now generally available to help address customer requirements for data residency and data sovereignty.

Google Cloud is a Leader in The Forrester Wave: Public Cloud Container Platforms, Q1 2022 - Google Cloud’s Container Platforms (GKE, Anthos, Cloud Run) named a Leader in the Forrester Wave: Public Cloud Container Platforms, Q1 2022 report.

Save the date for Google Cloud Next: October 11–13, 2022 - Mark October 11–13, 2022, in your calendar, and sign up at g.co/cloudnext to get updates.

Access role-based Google Cloud training free of charge - Free Cloud Architect, Cloud Engineer, Data Analyst, Data Engineer, DevOps Engineer, Machine Learning Engineer, and Cloud Developer training.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud CISO Perspectives: January 2022 - Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.

Don’t run all code, run only what’s changed: Optimizing IaC deployment with Cloud Build - Multi-folder Infrastructure as code deployment management, IaC selective deployment strategy.

VPC Service Control - VPC Service Control is a unique option available on the GCP platform that delivers a layer of control that reduces the risk of data exfiltration.

Managing GCP projects at scale — part 2 - How did we build our GCP project factory?

Testing Anthos Baremetal in GCE [Part1] - Deployment of Anthos Baremetal on Compute Engine.

GKE Monitoring | Best Practices & Tools to Use - This article will walk you through the nuances of monitoring a Kubernetes cluster deployed on GKE.

App Development, Serverless, Databases, DevOps

How to build a digital commerce platform on Google Cloud - How to build a digital commerce platform on Google Cloud.

Smarter applications with Document AI, Workflows and Cloud Functions - With Document AI, process your files to get structured data, organize your business processes with Workflows, and Cloud Functions to customize for your users' needs.

Managing GCP Filestore in Production — Backups & Monitoring - This blog post takes you through a walkthrough of provisioning, mounting, scheduling backups, performing a restore of Cloud Filestore.

Easy CSV importing into Cloud Bigtable - Importing CSV data into Bigtable with cbt tool.

Introducing Google Cloud Logging Python v3.0.0 - Manage your app’s Python logs and related metadata using Google Cloud.

Google Container Registry (GCR): Logging into a private registry from GKE, GCE, Docker - This walkthrough addresses how to configure the necessary components for pulling images from a private GCR registry.

Implementing the saga pattern in Workflows - Implementing the saga pattern in Workflows.

Sending an email with SendGrid from Workflows - Workflows snippet that is using SendGrid API to send email.

Load and use JSON data in your workflow from GCS - Workflows snippet to load JSON data from Cloud Storage and use in Workflows step.

Using the Secret Manager connector for Workflows to call an authenticated service - Getting data from Secret Manager in Workflows.

.NET 6 support in Google Cloud Buildpacks and Cloud Run - Example of using Buildpacks to deploy .NET application on Cloud Run.

Big Data, Analytics, ML&AI

Looking to build a recommendation system on Google Cloud? Leverage the following guidelines to identify the right solution for you (Part I) - The goal of this first post in the blog series is to introduce the different paths to recommendation systems on GCP and establish better criteria for when to use which solution.

Intro to data science on Google Cloud - Overview of the data science workflow on Google Cloud, from data engineering, data analysis, model development, ML engineering and orchestration.

Make your people find what they’re looking for - 5 steps for Building a Centralized and Secured Data Catalog.

Composer, Sendgrid and Secrets - Using secrets stored in Secret Manager in Cloud Composer.

How to do product mix optimization in real-time - Linear programming on streaming data within an Apache Beam pipeline.

How to properly play Wordle using Dataflow and BigQuery. - This article will show you how to compute best combination of words for Wordle using Dataflow and BigQuery.

BigQuery Write API explained: An overview of the Write API - Introducing the BigQuery Write API, how it compares to existing data ingestion methods into BigQuery, and how to get started with it.

Build a recommender with BigQuery ML - Part 2: Flex slots and Cloud Workflows.

Tutorial: Detection of High-Usage BigQuery Jobs on Google Cloud Platform - This tutorial will walk you through configuring a Cloud Function that runs regularly to identify high-usage BigQuery jobs.

Version Control of BigQuery schema changes with Liquibase - Using Liquibase to manage BigQuery schema changes.

Do You Really Need a Feature Store? - In the majority of cases, a feature store is overkill.

A Vertex AI TensorBoard alternative for smaller budgets (Part 1) - A short guide on how to get the advantageous of Vertex AI TensorBoard at a fraction of the price.

AlphaFold for Everybody - A new Google Cloud blog shows how to use Vertex AI to run DeepMind’s groundbreaking Alphafold protein structure prediction system.

Various

Notes from my Google Cloud Looker LookML Developer Certification Exam - A process of preparation for LookerML certification exam.

Book: Google Anthos in Action - Learn Anthos directly from the Google development team! Anthos delivers a consistent management platform for deploying and operating Linux and Windows applications anywhere—multi-cloud, edge, on prem, bare metal, or VMware.

Some Initial Takeaways from Google Cloud’s Recent Big Changes

Slides, Videos, Audio

GCP Podcast - #291 Redesigning the Cloud SDK and CLI with Wael Manasra and Cody Oss.

Security Podcast - #50 The Epic Battle: Machine Learning vs Millions of Malicious Documents.

Releases

Access Approval - Access Approval provides a public issue tracker that you can use for suggesting product features, providing product and documentation feedback, and reporting issues.

Anthos clusters on AWS - A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack.

Anthos clusters on bare metal - 1.6 & 1.7 & 1.8 & 1.9 & 1.10. Security bulletin (all minor versions) A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. 1.8. Release 1.8.8 Anthos clusters on bare metal 1.8.8 is now available for download. Fixes: The following container image security vulnerabilities have been fixed: CVE-2021-3733 CVE-2021-3737 CVE-2021-3997. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Anthos - Anthos component releases for January, 2022 Anthos clusters on VMware: Jan 24, 2022: 1.9.3 and 1.8.6 patch releases Anthos clusters on bare metal: Jan 27, 2022: 1.9.4 and 1.10.1 patch releases Feb 01, 2022: 1.8.8 patch release Anthos clusters on AWS: Jan 27, 2022: aws-1.10.1-gke.0 (previous generation) patch release Anthos Config Management: Jan 27, 2022: 1.10.1 patch release Anthos Service Mesh: Jan 19, 2022: Managed Anthos Service Mesh patch release Jan 20, 2022: 1.10.6 and 1.12.2 patch releases Connect: N/A Cloud Run for Anthos: N/A Migrate for Anthos and GKE: Jan 11, 2022: patch release Cloud Logging: Jan 2022 release updates Cloud Monitoring: Jan 2022 release updates.

BigQuery ML - BigQuery ML Hyperparameter tuning is now generally available (GA).

BigQuery - The BigQuery migration assessment is now available in Preview. The WITH RECURSIVE feature has been added to Google Standard SQL for BigQuery and is now in Preview. BigQuery now supports materialized views without aggregation and materialized views with inner join.

Billing - Starting on February 1, 2022, Google Cloud usage by customers in Bahrain is subject to 10% VAT.

Access Transparency - Access Transparency provides a public issue tracker that you can use for suggesting product features, providing product and documentation feedback, and reporting issues.

Compute Engine - Generally available: Support for the Intel Ice Lake processor on general purpose N2 VMs has reached general availablity. Generally available: The n2-node-128-864 sole-tenant node type. Rate limits for all Compute Engine requests have the following changes: All per-user rate limits are removed. Duplicate API quota groups are displayed in the Cloud Console. As of February 1, 2022, all CentOS 8 images are deprecated. Restructured documentation to better group content and improve discoverability.

Config Connector - Config Connector version 1.72.1 is now available. Miscellaneous bug fixes.

Dataproc - Enabled the Resource Manager UI and HA capable UIs in HA cluster mode. 1.4.80-debian10 and 1.4.80-ubuntu18 are the last releases for the 1.4 images. New sub-minor versions of Dataproc images: 1.4.80-debian10 and 1.4.80-ubuntu18 1.5.56-debian10, 1.5.56-ubuntu18, and 1.5.56-centos8 2.0.30-debian10, 2.0.30-ubuntu18, and 2.0.30-centos8. Configured Zeppelin Spark interpreter to run in YARN client mode by default for image version 2.0. Dataproc Serverless for Spark now uses runtime version 1.0.2, which updates Spark to 3.2.1 version.

Cloud Debugger - Cloud Debugger now has Preview support for VPC Service Controls.

Deep Learning Containers - M89 release TensorFlow Enterprise 2.8 is now available and includes Long Term Version Support.

Cloud Deploy - Google Cloud Deploy is now available in the following regions: northamerica-east1 (Montréal) asia-northeast1 (Tokyo).

KMS - You can now use Cloud EKM with a Virtual Private Network (preview).

Google Kubernetes Engine - A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. You will not be able to create new node pools that use a Docker node image starting with GKE v1.23 when: Creating a new cluster, Adding a node pool to an existing cluster, or Using Node Auto-provisioning (NAP) with --autoprovisioning-image-type set to Docker node images. (2022-R02) Version updates GKE cluster versions have been updated. Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185 have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both. In GKE, you can now filter Pub/Sub cluster notifications by notification type. When creating a maintenance exclusion window, you can restrict the exclusion to specify types of maintenance.

GKE - (2022-R02) Version updates Control plane and node version 1.19.16-gke.6100 is now available.

Google Kubernetes Engine Rapid - (2022-R02) Version updates Version 1.22.4-gke.1501 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2022-R02) Version updates Version 1.22.3-gke.1500 is now available in the Regular channel.

Google Kubernetes Engine Stable - (2022-R02) Version updates Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.1500 with this release.

KF - 2.7.2. Bug fix for Kf Build garbage collection. Added buildTimeout configuration feature.

Cloud Monitoring - You can now save a copy of a chart on a predefined dashboard to one of your custom dashboards by selecting Add to Custom Dashboard from the More Options menu on the chart. You can now view SLOs on a custom dashboard.

Pub/Sub Lite - Pub/Sub Lite now supports regional Lite topics that replicate data to a secondary zone.

Secret Manager - Secret manager now supports data checksums when adding or accessing a secret version.

Security Command Center - Event Threat Detection, a built-in service of Security Command Center, launched the Exfiltration: BigQuery Data to Google Drive rule to Preview. Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, is in Preview. Web Security Scanner, a built-in service of Security Command Center, released the CACHEABLE_PASSWORD_INPUT and SESSION_ID_LEAK finding types. Web Security Scanner, a built-in service of Security Command Center, provides detectors for the OWASP Top 10 2017 and OWASP Top 10 2021.

Service Mesh - Managed Anthos Service Mesh. Using the fleet feature API to set up managed Anthos Service Mesh with automatic control plane management is now available as a preview feature in the rapid, regular, and stable release channels.

SAP Solutions - SAP HANA certifications: N2 series Compute Engine VMs on the Intel Ice Lake CPU platform SAP now certifies Compute Engine N2 series machine types with the Intel Ice Lake CPU platform. SAP NetWeaver certifications: N2 series Compute Engine VMs on the Intel Ice Lake CPU platform SAP now certifies Compute Engine N2 series machine types with the Intel Ice Lake CPU platform. BigQuery Connector for SAP: Google Cloud BigQuery Connector for SAP is now generally available (GA).

Cloud SQL MySQL - The Key Access Justifications (KAJ) feature is now generally available in Cloud SQL.

Cloud SQL Postgres - The following PostgreSQL minor versions and extension versions are now available. Query Insights lets you configure the query sampling rate. The Key Access Justifications (KAJ) feature is now generally available in Cloud SQL.

Cloud SQL SQL Server - The Key Access Justifications (KAJ) feature is now generally available in Cloud SQL.

Tensorflow Enterprise - TensorFlow Enterprise 2.8 is now available and includes Long Term Version Support.

Cloud TPU - Cloud TPU now supports Tensorflow 2.8.0.

Traffic Director - Traffic Director new service routing APIs are available in preview.

Transcoder API - VP9 codec settings do not support a rateControlMode set to crf (constant rate factor). The v1beta1 API is no longer available. Added v1 gcloud commands. Added a guide on how to concatenate multiple input videos into a single output video. Added a guide on how to include captions and subtitles in an output video.

VPC Service Controls - General availability for the following integrations: Cloud TPU. Preview support for the following integration: Cloud Debugger.

Workflows - Workflows is now Payment Card Industry Data Security Standard (PCI DSS)-compliant.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko