Welcome to issue #284 March 7th, 2022

News

Google Cloud Managed Service for Prometheus is now generally available - Announcing the GA of Google Cloud Managed Service for Prometheus for the collection, storage, and querying of Kubernetes metrics.

Google Cloud Text-to-Speech API now supports custom voices - Google Cloud’s Text-to-Speech API now supports custom voices to help businesses differentiate their brands and deliver better customer experiences.

Redesigning the Cloud SDK + CLI for easier development - Learn more about the simplified Cloud SDK and gCloud CLI for Google Cloud developers.

Launching new feature or games on existing Cloud Spanner database with Load Generator Tool - Games want to plan for a knife-edge traffic growth pattern, and can use the Cloud Spanner Load Generator tool to prepare their Cloud Spanner database.

Customizing time ranges for budgets in the console - The Google Cloud Console now allows you to configure custom time ranges for your budgets!

Extending network reachability of Vertex AI Pipelines - Techniques for extending the network reachability for Vertex AI pipelines and jobs.

Congratulations Knative on becoming part of the CNCF - Knative enters the CNCF as an incubating project.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Build your perfect Google Cloud infrastructure using Terraform and the gcloud CLI - Learn more about how declarative export allows you to export the current state of your infrastructure into a descriptive file compatible with Terraform.

How Google Cloud helps you to architect for DR when you have locality restricted workloads - Using Google Cloud to architect for disaster recovery (DR) to meet location-specific requirements.

Cloud CISO Perspectives: February 2022 - Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.

78% of VM migrations realize payback in one year or less - IDC research report shows that 78% of businesses realize payback in one year or less after they migrate their VMworkloads to the cloud.

Kubernetes: Ready for a starring role at the movies, and in your architecture? - Google Kubernetes Engine is the most automated, scalable and easy to use service in the market for developing and securing applications.

Using GCP Managed Active Directory to simplify domain authentication - Integrating self-hosted or Software-as-a-service (SaaS) applications and hardware appliances to rely on AD for authentication.

Kubernetes HPA Autoscaling with External metrics - Use GCP Stackdriver metrics with HPA to scale up/down your pods.

How to Fully Automate the Deployment of Google Cloud Platform Projects with Terraform - A workaround to a known Google Cloud API catch-22 issue.

Federating Google Cloud Identities with Azure Active Directory

App Development, Serverless, Databases, DevOps

Using VACUUM to accelerate transaction ID freezing in Cloud SQL for PostgreSQL - Accelerate the vacuum process on your Cloud SQL PostgreSQL instance to avoid transaction ID wraparound problem.

Quickly troubleshoot application errors with Error Reporting - Automatically surface application exceptions in a convenient dashboard and get notified of their existence with Error Reporting.

Accelerate Cloud EDA workflows with NetApp and Google Cloud - Google Cloud and NetApp’s ability to “burst to cloud”, seamlessly spinning up compute and storage on demand accelerates EDA design testing.

Showing the speed of serverless through hackathon solutions - Google Cloud Easy as Pie Hackathon, the results are in.

Google Cloud Cheat Sheet - Developer cheat sheet of Google Cloud products.

Google Cloud Dev library - Dev library is an open-source platform for getting inspiration, learning new projects, or submitting their own Google Cloud related work.

Applying a path pattern when filtering in Eventarc - Example of using filters in Eventarc.

Native implementation of Google Secret Manager in Cloud Functions - Comparing Secret Manager integrations in Cloud Functions.

Integrating DockerSlim container minify step on Cloud Build - Learn about adding a Cloud Build step to minify your containers with DockerSlim by up to 30x making it secure too.

Associate with parent Cloud Workflows logs and child APIs logs using structured logs - Using structured logs in Workflows.

Manage private Python packages using Artifact Registry (Google Cloud) - Setting up Python package and use in Artifact Registry.

Big Data, Analytics, ML&AI

USAA and Google Cloud: modernizing insurance operations with machine learning - This story covers the technical architecture and approach used by USAA and Google Cloud to modernize insurance operations using machine learning.

Event Monitoring with explanations on the Google Cloud - New production ML solution to monitor events in IT and industrial operations and explain their symptoms; such as IT infra, IoT, Clouds, applications.

Vertex Forecast: An overview - An overview of Vertex Forecast.

SQL + jinja is not enough — why we need DataFrames - Working with BigQuery as with a dataframe.

Cool BigQuery Features Using Standard SQL Syntax - There are several cool features in BigQuery that we can use via standard SQL syntax, often unknown to even the most frequent users.

Predicting the Fare on a Billion Taxi Trips with BigQuery - How long time does it take and how much does it cost to analyse and train a model on a billion taxi trips in the cloud?

Connecting Steampipe with Google BigQuery - Query your cloud metadata within BigQuery!

Slides, Videos, Audio

Kubernetes Podcast - #170 Kubernetes: The Documentary, with Josiah McGarvie.

Security Podcast - #54 Container Security: The Past or The Future?

Retail Analytics & BI with Looker, BigQuery, GCP and Leigha Jarett

Releases

Anthos clusters on bare metal - 1.9. Release 1.9.5 Anthos clusters on bare metal 1.9.5 is now available for download. Fixes: The following container image security vulnerabilities have been fixed: CVE-2021-3997 CVE-2021-37750 CVE-2021-45079. Known issues: When you upgrade Anthos clusters on bare metal from a version with a security patch to the next minor release, we recommend that you upgrade to the highest patch version to ensure that you have the latest security fixes.

Anthos clusters on VMware - Anthos clusters on VMware 1.10.2-gke.34 is now available. Changes gkectl diagnose now reports a broken cluster caused by an admin cluster registration error during creation. Fixes Fixed issue: Failure to register admin cluster during creation You can upgrade an admin cluster to version 1.10.2 without applying the documented mitigation, even if the cluster failed to register with the provided gkeConnect configuration during its creation. When cluster autoscaling is enabled in a Dataplane-v2 cluster, scale down may sometimes take longer than expected.

Cloud Asset Inventory - The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API: Firestore firestore.googleapis.com/Database.

BigQuery - Session support for BigQuery is now generally available (GA).

Cloud Build - The operating system of the machine that Cloud Build uses to run builds has been upgraded to Debian 11.

Cloud Composer - Cloud Composer 2 supports Customer Managed Encryption Keys (CMEK). Java Client for Cloud Composer version 1.1.3 is released. (New environments only) Temporary Pub/Sub topics created during environment operations are now labeled. (Airflow 2) The google-cloud-datastore package was added to the list of preinstalled packages. (Airflow 2) Fix the problem with task logs not being exported to Cloud Logging. (Airflow 1) The apache-airflow-backport-providers-google package is updated to version 2022.2.11. (Cloud Composer 2) Fixed the problem with an environment having 0 workers after an unsuccessful upgrade operation is rolled back. (Available without upgrading) Improved the handling of errors in DAG UI for tasks without a set operator. Cloud Composer 1.18.1 and 2.0.5 images are available: composer-2.0.5-airflow-2.2.3 composer-2.0.5-airflow-2.1.4 composer-1.18.1-airflow-2.2.3 composer-1.18.1-airflow-2.1.4 composer-1.18.1-airflow-1.10.15 (default). Cloud Composer 1.14.4 has reached its end of full support period.

Compute Engine - Public Preview: You can set the maximum amount of time that Compute Engine waits before terminating or restarting an unresponsive VM.

Dataflow - You can now use the Apache Beam SDK for Go to create batch Dataflow pipelines.

Dataproc Metastore - v1beta1. gRPC endpoint protocol is available in Preview. v1beta1. Fixed the issue causing metadata batch sync from Dataproc Metastore to Data Catalog to not work.

Deep Learning Containers - M90 Release CUDA has been upgraded from 11.3.0 to 11.3.1 to address some NCCL issues.

Deep Learning VM - M90 Release Vertex AI sample notebooks are now included in the /usr/share/tutorials folder. In M90 release instances, gRPC 1.44.0 can generate spurious error logs, though this doesn't affect the VM's ability to boot up.

Cloud Deploy - Google Cloud Deploy is now available in the following region: asia-northeast3 (Seoul). Deploying your application to Anthos user clusters is now supported in preview.

Eventarc - Eventarc triggers for Workflows is now available in Preview.

IAM - You can now use deny policies to prevent principals from using certain permissions, regardless of the roles they're granted.

KMS - Cloud HSM resources are now available in the following regions: asia1 eur3 eur4 nam3 nam4 nam6 nam9 For information about which locations are supported by Cloud KMS, Cloud HSM, and Cloud EKM, see Cloud KMS locations.

Google Kubernetes Engine - Some unexpected paths to access the node VM on GKE Autopilot clusters could have been used to escalate privileges in the cluster. Public clusters created on GKE versions 1.22 and later, and created between October 28, 2021 and February 17, 2022 use Private Service Connect (PSC).

Load Balancing - You can now use a combination of zonal NEGs (of type GCE_VM_IP_PORT) and hybrid NEGs (of type NON_GCP_PRIVATE_IP_PORT) as backends for your global external HTTP(S) load balancers.

KF - 2.8.0. Add a feature that supports adding node selectors for Kf Builds to isolate Kf Build pods in specific node pool. Remove Config Connector as a dependency of Kf.

Cloud Monitoring - You can now organize your dashboard widgets into collapsible groups. GA: Google Cloud Managed Service for Prometheus, Google Cloud's fully managed, Prometheus-compatible monitoring solution, is now generally available.

Security Command Center - You can now configure automatic exports of Security Command Center findings to a BigQuery dataset. The vulnerability.cve.upstreamFixAvailable attribute was added to the Finding object.

Service Mesh - 1.12.x. 1.12.4-asm.2 is now available. Anthos Service Mesh now supports certificate templates with the Certificate Authority Service integration.

Cloud Spanner - You can now view aggregated Cloud Spanner statistics related to transactions, reads, queries, and lock contentions in Cloud Monitoring. A new multi-region instance configuration is now available in North America - nam13 (Iowa/Oklahoma/Salt Lake City).

Cloud SQL MySQL - Cloud SQL for MySQL 8.0.26 is now the default minor version.

Cloud Storage Transfer - Storage Transfer Service now supports Cloud Client Libraries, which are the recommended option for accessing Cloud APIs programmatically.

Transcoder API - v1. The following preprocessing configurations are not supported: Color, Denoise, Deblock, and Boost.

Workflows - Support for VPC Service Controls is now in Beta stage. Eventarc triggers for Workflows is now available in Preview.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko