Welcome to issue #290 April 18th, 2022

News

Automating income taxes with Document AI - In the United States, Tax Season descends upon the country every April, requiring millions of Americans to spend hours deciphering cryptic documents and performing complex math just to figure out what they owe. Lending Document AI from Google Cloud supports common document types used for Income Tax Filing, such as W-2s and 1099s. This article illustrates how to build a Tax Processing Pipeline using Document AI.

Running Spark on Kubernetes with Dataproc - Derive benefits from fully automated, most scalable and cost optimized Kubernetes service for your Spark and open source workloads.

Automatic data risk management for BigQuery using DLP - Automatic DLP for BigQuery, a fully managed service that continuously scans your data to give visibility of data risk, is now generally available.

Up for an update? Cloud SQL launches support for in-place upgrades - You can now upgrade your PostgreSQL and SQL Server instances in-place to the latest major version.

BigQuery Omni innovations enhance customer experience to combine data with cross cloud analytics - Use BigQuery Omni’s single-pane-of-glass to analyze data across clouds and build pipeless pipelines to drive advanced analytics.

Google Cloud launches Optimization AI: Cloud Fleet Routing API to help customers make route planning easier - Google Cloud Optimization AI: Cloud Fleet Routing API to improve last-mile fleet planning and management.

Some beans and gems, some snakes and elephants, with Java 17, Ruby 3, Python 3.10 and PHP 8.1 in App Engine and Cloud Functions - New Java, Ruby, Python, and PHP runtimes for Google App Engine and Cloud Functions, with bundled services.

MongoDB Announces a Pay-As-You-Go Offering on Google Cloud - With this new pay-as-you-go MongoDB Atlas offering, customers only pay for the resources they use and can scale based on their needs, with no up-front commitments while using their Google accounts.

Introducing the Google SRE Prodcast - Discover Prodcast, Google’s Site Reliability Engineering Podcast. This limited-edition series explores fundamental topics in reliability engineering from the perspective of experienced Google SREs.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

The journey to the cloud mitigates enterprise risk - Learn how enterprises can mitigate risk by moving data to the public cloud and examining what does and doesn’t work when it comes to data security.

What's new with Cloud EKM - This blog post represents a roundup of major functionality that has been added to Cloud EKM since it was first launched to GA.

Securing Containers With Google’s Container Optimized OS & Distroless Container Images - An overview of Container-Optimized OS.

Google Cloud: Managed Microsoft Active Directory - Tutorial on creating Microsoft Active Directory.

Deploy Infrastructure using CDK for Terraform with Go

App Development, Serverless, Databases, DevOps

Moloco handles 5 million+ ad requests per second with Cloud Bigtable - Moloco uses Cloud Bigtable to build their ad tech platform and process 5+ million ad requests per second.

Follow the pink pony: A story of CSRF, managed services, and unicorns - One engineer's story into the depths of managed services, web server gateway interfaces, and magic strings.

Is there a limit to Cloud VMs? A conversation - In this week's "VM End to End,” Carter and Brian discuss cutting-edge technology, really pushing Cloud Compute machines to the limit.

The definitive guide to databases on Google Cloud: Part 1 - Data modeling basics - In this blog we discuss the business attributes, technical aspects, design questions, considerations to keep in mind while “Designing the Database Model”.

Your ultimate guide to Speech on Google Cloud - From speech-to-text to natural language processing, from captions to chatbots, learn how to do more with Google Cloud Speech AI.

Using Memorystore for Redis to cache your Django applications - With the release of Django 4.0, Redis is now a core supported caching backend. Learn how to implement caching for your Django deployments on Google Cloud.

Easy CSV importing into Cloud Bigtable - Learn how to use Bigtable by importing data using the CSV import functionality in the Bigtable command line tool.

GCP Operations Suite Alerts into Google Chat - Publishing Monitoring notifications to Google Chat using custom solution built with Pub/Sub and Cloud Functions.

Login to GCP VM Instance without Public IP using Identity-Aware proxy (IAP) - This article explains how you can use Identity-Aware Proxy to login into GCE instance without public/external IP.

GCP Cloud Functions (gen 2nd) Pub/Sub Development & Testing - Developing, deploying, and testing 2nd generation Cloud Function that receives Pub/Sub messages.

Deploying Cloud Functions with GitLab CI/CD - End to end example of deploying Cloud Functions via Gitlab CI/CD.

Regain Cloud SQL disk space with Database Migration Service - Using Database Migration Service to lower DB disk size.

Serving Assets a CDN with Google Cloud - Serve static content via a Google Cloud CDN to improve load times. Fine-tune your load balancer and caching to match your app’s needs.

Building a Mobility Dashboard with Cloud Run and Firestore - Monitoring data that is actively changing every second using a real-time dashboard using Cloud Run and Cloud Firestore.

If you are using Python and Google Cloud Platform, this will Simplify Life for you (Part 1) - Manage your Private Packages with Artifact Registry And Import them in your Cloud Functions and Cloud Run Services.

CloudSeed: Let’s Make Cloud Apps Easier - Cloud Seed is a joint GitLab and Google Cloud open source project. The goal is to make deployments "ridiculously simple".

Big Data, Analytics, ML&AI

Google Data Cloud Summit 2022: Recap - An overview of the many new updates coming to Google Cloud Platform!

Top 5 Takeaways from Data Cloud Summit ‘22 - Data Cloud Summit 2022 was a great success thanks to all of our customers, partners, and members of the data community. Here’s what you missed.

Hands-on learning lab: Stream Google Cloud data into Splunk Cloud - Google Cloud and Splunk’s hands on lab takes you through core scenarios for data ingestion and data input in Google Cloud in 90 minutes or less.

GCP BigLake introduction - BigLake is the name given by Google to an underlying data access engine used to provide access to data stored in either BigQuery or in….

Processing databricks Delta Lake data in Google Cloud Dataproc Serverless for Spark - Migrating from Dataproc to Serverless Spark.

Dataproc Serverless & Airflow 2 Powered Event Driven Pipelines - Event-driven pipeline built with Cloud Composer and Serverless Spark.

Various

Meet the people of Google Cloud: Grace Mollison, solutions architect and professional problem solver - Hear how Grace Mollison, a Google Cloud solutions architect, solves customer problems with empathy.

Introducing the Professional Cloud Database Engineer certification - Google Cloud announced the new Professional Cloud Database Engineer certification, to help database engineers be ready for today’s changing environment.

On-demand training for Google Workspace—from beginner to advanced - Explore cloud-based productivity tools with online and in-person Google Workspace training for all experience levels.

National Pet Day 2022 - Although it’s on 11th of April every year, if you are a pet owner, you know that there’s not a day that goes by that you don’t celebrate….

Slides, Videos, Audio

GCP Podcast - #300 GKE Gateway Controller with Bowei Du and Abdelfettah Sghiouar.

Kubernetes Podcast - #176 Language, Learning and Leadership, with Divya Mohan.

Security Podcast - #60 EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM?

SRE Podcast - #2 - Silvia Esparrachiari talks about the challenges of monitoring and the importance of understanding your users.

Releases

Anthos clusters on AWS - A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification.

Anthos clusters on Azure - Anthos Clusters on Azure now supports Kubernetes versions 1.22.8-gke.200 and 1.21.11-gke.100. Kubernetes 1.22 removes support for several deprecated v1beta1 APIs. When you create a new cluster using Kubernetes version 1.22, you can now configure custom logging parameters. As a preview feature, you can now choose Windows as your node pool image type when you create node pools with Kubernetes version 1.22.8. You can now set the autoscaler's minimum node count to zero. This release of Anthos Clusters on Azure adds the ability to update your control plane and node pool VM size cluster annotations Azure admin users control plane root volume size. You can now set the autoscaler's minimum node count to zero. You can now view most common asynchronous cluster and nodepool boot errors in the long running operation error field. This release fixes the following security issues: CVE-2021-22600 CVE-2022-23648 CVE-2022-23648 CVE-2022-0001 CVE-2022-0002 CVE-2022-23960 CVE-2022-0847. A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root. A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification.

Anthos clusters on VMware - A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root.

AppEngine Standard Go - The App Engine legacy bundled services for Go 1.12+ are now available at the General Availability release level.

AppEngine Standard Java - The App Engine legacy bundled services for Java 11/17 are now available at the General Availability release level.

AppEngine Standard PHP - The App Engine legacy bundled services for PHP 7+ are now available at the Preview release level.

AppEngine Standard Python3 - The App Engine legacy bundled services for Python 3 are now available at the General Availability release level.

BigQuery - Starting in July 2022, the projects.list API method will return results in unsorted order.

Cloud Build - Cloud Build default pools now support regional builds at the preview release stage. Cloud Build now supports regional build triggers at the preview release stage.

Certificate Authority Service - Learn how to get started with using the Cloud Client Libraries for the Certificate Authority Service API.

Chronicle - Chronicle Detection Engine now supports the min() function and subtraction operator in the outcome section of a rule. The following supported default parsers have changed (listed by ingestion label) AKAMAI_WAF ARUBA_WIRELESS AWS_CLOUDTRAIL AWS_CONFIG AZURE_AD_CONTEXT AZURE_COSMOS_DB BITDEFENDER CA_ACCESS_CONTROL CASSANDRA CISCO_EMAIL_SECURITY CISCO_FIREPOWER_FIREWALL CISCO_ISE CISCO_MERAKI CISCO_TACACS CS_EDR D3_BANKING ELASTIC_WINLOGBEAT FILEZILLA_FTP GCP_CLOUDIDENTITY_DEVICES GCP_CLOUDIDENTITY_DEVICEUSERS GMV_CHECKER GUARDDUTY GUARDIUM IIS INFOBLOX_DHCP KASPERSKY_AV KEA_DHCP MCAFEE_DLP MCAFEE_EPO MICROSOFT_DEFENDER_ENDPOINT NETSKOPE_WEBPROXY OFFICE_365 OKTA OKTA_USER_CONTEXT ONELOGIN_SSO ORDR_IOT PAN_FIREWALL PROOFPOINT_ON_DEMAND PULSE_SECURE_VPN RH_ISAC_IOC SALESFORCE SERVICENOW_CMDB SLACK_AUDIT SOPHOS_UTM SYMANTEC_EDR TANIUM_TH UMBRELLA_DNS UNIFI_AP VANDYKE_SFTP VMWARE_ESX VMWARE_VREALIZE WINDOWS_DHCP WINDOWS_DNS WINDOWS_SYSMON WORKSPACE_ACTIVITY WORKSPACE_ALERTS WORKSPACE_USERS For details about the changes in each parser, see Supported default parsers.

Access Transparency - Access Transparency supports Secret Manager in GA stage.

Cloud Composer - Cloud Composer 1.18.6 and 2.0.10 release started on April 13, 2022. Cloud Composer now supports CMEK encryption using keys stored in External Key Managers. (Cloud Composer 2) Airflow webserver and worker-scheduler images in multiregional repositories are now tagged with their image version (for example, composer-2.0.10-airflow-2.1.4). It is now possible to use upper case symbols in the names of PyPI packages. (Airflow 2) Exception traces from Airflow task executions are now properly annotated with labels in Cloud Logging. (Cloud Composer 2) Fixed a problem where some info log messages were logged as errors during environment operations. (Available without upgrading) DAG schedule intervals are now correctly displayed in the list of DAGs in Cloud Console. (Airflow 1.10.15) Backported the fix for KubernetesPodOperator. (Airflow 1.10.15) Airflow Upgrade Checker updated to version 1.4.0. (Airflow 1.10.15) Fixes in the apache-airflow-backport-providers-google package: DataprocCreateBatchOperator, Dataplex operators, YAML safe load. Cloud Composer 1.18.6 and 2.0.10 images are available: composer-1.18.6-airflow-1.10.15 (default) composer-1.18.6-airflow-2.1.4 composer-1.18.6-airflow-2.2.3 composer-2.0.10-airflow-2.1.4 composer-2.0.10-airflow-2.2.3. Cloud Composer 1.16.0 has reached its end of full support period.

Compute Engine - Generally available: NVIDIA A100 GPUs are now available in the following additional regions and zones: Tokyo, Japan, APAC: asia-northeast1-a,c For more information about using GPUs on Compute Engine, see GPU platforms. Tau T2D VMs are now available in the following regions and zones: Las Vegas, NV (us-west4-a,b) São Paulo, Chile, South America (southamerica-east1-a,b,c) St.

Config Connector - Config Connector version 1.81.0 is now available. Added support for ApigeeEnvironment resource. Added field spec.cluster[].autoscalingConfig to BigtableInstance resource. Added field spec.edgeSecurityPolicy to ComputeBackendBucket resource. Added field spec.type to ComputeSecurityPolicy resource. Added field spec.schedule.repeatInterval to StorageTransferJob resource. Fixed the bug introduced in version 1.62.0 that list fields can't be set to empty lists.

Dataproc - Announcing the General Availability (GA) release of Dataproc on GKE, which allows you to execute Big Data applications using the Dataproc jobs API on GKE clusters. The dataproc:dataproc.performance.metrics.listener.enabled cluster property, which is enabled by default, listens on port 8791 on all master nodes to extract performance-related telemetry Spark metrics. New sub-minor versions of Dataproc images: 1.5.62-debian10, 1.5.62-ubuntu18, and 1.5.62-rocky8 2.0.36-debian10, 2.0.36-ubuntu18, and 2.0.36-rocky8. Dataproc Serverless for Spark now uses runtime version 1.0.9. Changed the owner of /usr/lib/knox/conf/gateway-site.xml from root:root to knox:knox. Fixed and issue in which the Dataproc autoscaler would sometimes try to scale down a cluster by more than one thousand secondary worker nodes at one time. Fixed bugs that could cause Dataproc to delay marking a job cancelled.

Cloud Data Loss Prevention - The data profiler for BigQuery is generally available (GA).

Eventarc - Eventarc is now available in the following regions: australia-southeast2 (Melbourne, Australia) northamerica-northeast2 (Toronto, Ontario, North America) southamerica-west1 (Santiago, Chile, South America).

Cloud Filestore - You can now use customer-managed encryption keys (CMEK) to protect data at rest in Filestore's High Scale SSD Tier instances.

Google Kubernetes Engine - A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Egress NAT policy to configure IP masquerade is now generally available on GKE Autopilot clusters with Dataplane v2 in versions 1.22.7-gke.1500+ or 1.23.4-gke.1600+. (2022-R8) Version updates GKE cluster versions have been updated.

GKE - (2022-R8) Version updates The following control plane and node versions are now available: 1.19.16-gke.10800 1.20.15-gke.5000 1.21.11-gke.900 The following control plane versions are no longer available: 1.19.16-gke.6800 1.20.15-gke.300 Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to version 1.19.16-gke.8300 with this release.

Google Kubernetes Engine Rapid - (2022-R8) Version updates Version 1.22.8-gke.200 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2022-R8) Version updates Version 1.20.15-gke.3600 is now available in the Regular channel.

Google Kubernetes Engine Stable - (2022-R8) Version updates Version 1.20.15-gke.2500 is now the default version in the Stable channel.

Cloud Monitoring - You can now define template variables and permanent filters for your dashboards.

Anthos Service Mesh 1.5 - 1.13.x. 1.13.2-asm.2 is now available.

SAP Solutions - Storage Manager for SAP HANA Standby Nodes version 2.4 Version 2.4 adds support for HANA 2.0 SPS 05 revision 59 and later.

Cloud Spanner - You can now define a default value for a non-key table column when creating or altering a table. A new three-continent, nine-replica multi-region instance configuration is available for Cloud Spanner: nam-eur-asia3 (Iowa/South Carolina/Belgium/Netherlands/Taiwan/Oklahoma).

Cloud SQL - Customer-managed encryption key (CMEK) organization policy constraints are now available in Preview. Cloud SQL for PostgreSQL supports in-place major version upgrades in Preview.

Cloud Storage Transfer - Storage Transfer Service now offers a predefined role to simplify permission assignment to transfer agents.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko