Welcome to issue #283 February 28th, 2022

News

Build a data mesh on Google Cloud with Dataplex, now generally available - Dataplex centrally manage, monitor, and govern data across distributed data, and make it securely accessible to a variety of analytics tools.

Five reasons to join our Public Sector Connect community - The public sector has an untapped problem-solving superpower: each other. Join like-minded problem solvers and innovators in Google Cloud’s Public Sector Connect.

Join us for Google Cloud Security Talks: Threat Detection & Response Edition - Join us for Google Cloud Security Talks focused on security operations. Learn how to modernize your approach to threat detection and response with Google.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Four ways Google Cloud Marketplace simplifies buying cloud software - Learn about new features in Google Cloud Marketplace that make buying and selling better than ever.

Pathways to Best Cloud Security Posture Review in GCP - Intention behind this blog is to provide a guide to GCP Consultants and Partners help them to deliver The Best Cloud Security Posture Review offerings to their customers.

Setting up a simulated on-prem environment for GCP - This guide is meant to setup a basic simulated on-prem environment, which configures IPSec (strongSwan), BGP (frr) and DNS (CoreDNS).

Google Cloud Anthos Series - Part5 - Part-5: Anthos Config Management.

Overview of Google Cloud Load Balancers - An overview of various Load Balancers on Google Cloud.

App Development, Serverless, Databases, DevOps

Ready, set, launch! Cloud Spanner makes application launches easier with warmup and benchmarking tool. - To achieve the powers of consistency, scale and availability by default Cloud Spanner has a built-in mechanism to automatically shard your database and provide a transparent and seamless experience. This blog introduces a tool to expedite the automatic sharding for big scale launch and promotions.

Migrating a PHP application to use Cloud Spanner - How to convert a PHP application to use Cloud Spanner using Magento as an example.

Taking a first look at Google Cloud Architecture Diagramming Tool

Google Cloud Architecture Diagramming tool? My first feedback - Feedback after using GCP Architecture diagramming tool.

Serverless APIs made simple on GCP with Goblet backed by Cloud Functions and Cloud Run - By Austen Novis, Staff Software Engineer.

How to build an event driven application on Google Cloud using cloud functions - An example of using Cloud Functions to build a video analysis tool.

Google Cloud Functions caching with node-cache - Using cache in NodeJS Cloud Functions.

OAuth2 authentication for a Google Cloud Functions - Authenticating Cloud Functions through OAuth2 and API Gateway.

Automatic Release Propagation for Canary releases with Cloud Run - Learn how to set up automatic release propagation for canary releases on Cloud Run by using Cloud Run Release Manager.

☘️ Random configuration tips for Google Cloud SQL

Logging like a professional with NestJS and TypeORM - Architecture in NodeJs for easy logging and error handling.

Big Data, Analytics, ML&AI

Data Workflow Modernization - Drive transformational improvement in users’ workflows, not an incremental improvement in the tools you use.

Recipe for building your first Data Product in a Data Mesh - A journey of a thousand miles begins with a single step. For a Data Mesh, this journey begins with a single Data Product. This article covers a recipe for building your first Data Product.

Lightweight Data Orchestration using Cloud Workflows and Dataform - Find out how Cloud Workflows and Dataform can be used to compose a lightweight and low-cost ingestion solution on Google Cloud Platform.

Error handling with Apache Beam, Asgarde with Kotlin - In a previous article, we presented a library allowing error handling with Apache Beam with less code :.

Remote Functions in BigQuery - How it works, and what you can do with it.

UNNEST, the First BigQuery Function for GA4 the E-commerce Tracking - Using UNNEST to analyze GA4 data in BigQuery.

Looker — self-hosted installation on GCP - Looker is Google Cloud’s cloud-native Enterprise BI Platform enabling access to near real-time data when and where you need it.

Developing high-quality ML solutions - Practices for developing quality ML solutions for each stage of the MLOps lifecycle.

PyTorch on Google Cloud: Blog series recap - This blog post has a list of all the posts published as part of PyTorch on Google Cloud blog series.

Implementing MLOps pipeline in Vertex AI to adapt to the changes in data - Using Vertex AI and Cloud Functions to prepare MLOps for data drift situations.

Various

Google Cloud Data Heroes Series: Meet Lynn, a cloud architect equipping bioinformatic researchers with genomic-scale data pipelines on GCP - Google Cloud introduces their Data Hero series with a profile on Lynn Langit, a data cloud architect, educator, and developer on GCP.

10 Best Google Cloud Certifications to Aim in 2022 - An overview of GCP Certifications.

Slides, Videos, Audio

GCP Podcast - #294 Looker with Leigha Jarett and Debi Cabrera.

Kubernetes Podcast - #169 Sysdig Cloud Native Security and Usage Report, with Anna Belak.

Security Podcast - #53 Seven Years of SOAR: What's Next?

Releases

Network Connectivity Center - Networking Connectivity Center now supports the use of a third-party network virtual appliance in any Google Cloud region for the following use cases: Providing site-to-cloud connectivity Providing connectivity or managing traffic between VPC networks A third-party network virtual appliance could be an SD-WAN router, a firewall appliance, a load balancer, or another appliance, as long as it uses BGP.

Cloud Run - Cloud Run now supports using less than one CPU.

Security Command Center - Security Command Center can automatically send findings, assets, and security sources to the following SIEM and SOAR platforms: Cortex XSOAR—see Sending Security Command Center data to Cortex XSOAR. MITRE ATT&CK framework details related to findings are now available as finding attributes for all Security Command Center services.

Service Mesh - 1.10.x & 1.11.x & 1.12.x. The Istio project recently disclosed a series of CVEs that can expose Anthos Service Mesh to remotely exploitable vulnerabilities. 1.12.x. 1.12.4-asm.1 is now available. 1.11.x. 1.11.7-asm.1 is now available. 1.10.x. 1.10.6-asm.1 is now available.

Cloud SQL Postgres - Due to a change in a recent maintenance update, the changes listed in the February 4 Release Notes entry have been applied to some instances but postponed for the others. If your primary instance uses a private IP address, you can now select an allocated IP range for clones and replicas created from the instance.

Traffic Director - Read Security Bulletin GCP-2022-008 about Envoy security vulnerabilities and update Envoy proxies in your Traffic Director installation to Envoy release 1.21.1.

Anthos Config Management - 1.10.2. The constraint template library includes new templates: K8sPSPAutomountServiceAccountTokenPod, RestrictNetworkExclusions, and K8sDisallowAnonymous. The template library's K8sContainerRatios template supports a new field: cpuRatio. The template library's K8sRestrictRoleBindings template now supports regular expression matching of role/clusterRole names by using the regexMatch field. The template library's K8sProhibitRoleWildcardAccess template now allows roles and clusterRoles specified in the constraint to be exempted from the policy. A set of template library's templates now include the exemptImages parameter, which exempts specific containers from the policy. Fixed an issue in the hydration-controller container causing the reconciler Pod crash looping when there is a malformed or missing kustomization.yaml in the base directory. Fixed a memory leak in the Config Sync reconciler container that led to high memory utilization or Pod restarts due to out-of-memory errors.

Anthos clusters on bare metal - 1.10. Release 1.10.2 Anthos clusters on bare metal 1.10.2 is now available for download. Functionality changes: A preflight check now verifies whether your node machine has enough disk space before starting an install. Fixes: Fixed issue in which the edge profile's request to reserve resources is lost during the upgrade process. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section. 1.8 & 1.9 & 1.10. Security bulletin (1.8, 1.9, and 1.10) Envoy recently released multiple security vulnerability fixes.

Anthos clusters on Azure - Kubernetes version 1.21.6-gke.1500 is now available. You can now launch clusters in the brazilsouth Azure region. Fixed CVE-2021-4154, see GCP-2022-002 for more details. Fixed CVE-2022-0185, see GCP-2022-002 for more details. Fixed CVE-2021-4034, see GCP-2022-004 for more details. Fixed CVE-2021-43527, see GCP-2022-005 for more details.

Anthos clusters on VMware - The Envoy project recently discovered a set of vulnerabilities. Anthos clusters on VMware 1.9.4-gke.3 is now available. Fixes Upgraded Cilium to version 1.10.5. When cluster autoscaling is enabled in a Dataplane-v2 cluster, scale down may sometimes take longer.

Cloud Run for Anthos - Support for Knative Serving 1.1.2 is now available in version 1.23.0-gke.17 of Cloud Run for Anthos on Google Cloud.

Cloud Asset Inventory - The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the Feed API, and the Search APIs (SearchAllResources and SearchAllIamPolicies): Cloud Healthcare API healthcare.googleapis.com/ConsentStore healthcare.googleapis.com/Dataset healthcare.googleapis.com/DicomStore healthcare.googleapis.com/FhirStore healthcare.googleapis.com/Hl7V2Store. The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies): Vertex AI aiplatform.googleapis.com/PipelineJob.

Compute Engine - NVIDIA 510 driver not yet supported for GPUs running on Compute Engine, see Known issues.

Data Catalog - Public preview: Public tags that provide less strict access control as compared to private tags for searching and viewing tags is rolled out to all Data Catalog regions with minimal disruption and in a controlled way.

Data Fusion - Cloud Data Fusion version 6.6.0 is in Preview. Features in 6.6.0: Cluster reuse is generally available (GA). Changes in 6.6.0: To enable cluster reuse, the runtime property system.profile.properties.clusterReuseEnabled is no longer required. Fixed in 6.6.0: Improved instance stability.

Cloud Networking Products - Zonal Cloud DNS zones are now available in Preview.

Cloud Domains - Cloud Domains now supports the following new TLDs: .day .contact .de .nl .autos The annual price for the following two TLDs has changed to $15: .boats .homes For details, see Cloud Domains Pricing.

Eventarc - Eventarc is now HIPAA and SOC 1-compliant. Support for applying a path pattern when filtering is now available in Preview.

Istio on GKE - 1.4.x & 1.6.x. The Istio project recently disclosed a series of CVEs that can expose Istio on GKE to remotely exploitable vulnerabilities. 1.6.x. 1.6.14-gke.9 is now available. 1.4.x. 1.4.11-gke.4 and 1.4.10-gke.23 are now available.

Google Kubernetes Engine - The Envoy project recently discovered a set of vulnerabilities. (2022-R3) Version updates GKE cluster versions have been updated. GKE nodes that use Container-Optimized OS with Docker (cos) may experience random TCP connection resets when two pods on the same node communicate using a Kubernetes ClusterIP Service. GKE Gateway traffic management is now in Preview for GKE 1.22 and later version clusters.

GKE - (2022-R03) Version updates Version 1.21.6-gke.1503 is now the default version.

Google Kubernetes Engine Rapid - (2022-R03) Version updates Version 1.22.6-gke.300 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2022-R03) Version updates Version 1.21.6-gke.1503 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2022-R03) Version updates Version 1.19.16-gke.3600 is now available in the Stable channel.

Cloud Run for Anthos - Support for Knative Serving 1.1.2 is now available in version 1.23.0-gke.17 of Cloud Run for Anthos on Google Cloud.

Load Balancing - Network Load Balancing introduces a new monitoring resource type loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule that lets you monitor all the supported protocols including TCP, UDP, ESP, and ICMP.

Cloud Logging - You can now collect Apache CouchDB logs from the Ops Agent, starting with version 2.11.0. You can now collect Apache Hadoop logs and metrics from the Ops Agent, starting with version 2.11.0. You can now collect Apache HBase logs and metrics from the Ops Agent, starting with version 2.11.0. You can now collect Apache ZooKeeper logs from the Ops Agent, starting with version 2.11.0. You can now collect WildFly logs from the Ops Agent, starting with version 2.11.0.

Cloud Monitoring - Metrics Explorer and charts on dashboards have a new metric selection interface. You can now collect Apache ActiveMQ metrics from the Ops Agent, starting with version 2.11.0. You can now collect Apache Hadoop metrics and logs from the Ops Agent, starting with version 2.11.0. You can now collect Apache HBase metrics and logs from the Ops Agent, starting with version 2.11.0. You can now collect MongoDB metrics from the Ops Agent, starting with version 2.11.0. You can now collect RabbitMQ metrics from the Ops Agent, starting with version 2.11.0.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko