Google Cloud release notes

BigQuery now supports the INTERVAL type, which represents a duration or an amount of time. This type is in Preview.

Explainable artificial intelligence (XAI) helps you understand the results that your predictive machine-learning model generates for classification and regression tasks by defining how each feature in a row of data contributed to the predicted result. This feature is now available for preview.

Cloud Build private pools are now generally available. Private pools offer regionalization and greater customization over the build environment, including the ability to access resources in a private network with support for VPC Service Controls. For more information, see Private pools overview.

When you make an internal TCP/UDP load balancer the next hop of a static route, the route can now have network tags.

In addition, you now have two different ways to specify the next hop:

• Forwarding rule's name and the load balancer's region
• Internal IP address of the forwarding rule

For more information, see the following pages:

• Internal TCP/UDP load balancers as next hops
• Creating the static routes that define the load balancers as the next hops

Cloud Run VPC Service Controls are now at General Availability (GA).

The following organization policies are now at General Availability (GA): Cloud Run Allowed ingress settings and Allowed VPC egress settings.

Recommender now generates lateral movement insights, which identify roles that allow a service account in one project to impersonate a service account in another project. You can manage lateral movement insights using the gcloud command-line tool or the Recommender REST API. This feature is available in Preview.

The Organization Policy constraints Allowed ingress settings and Allowed VPC egress settings for Cloud Run have launched into general availability.

The following features are generally available (GA):

• Access Transparency for Vertex AI
• Using a custom service account for custom training and prediction
• Using VPC Service Controls with Vertex AI
• Setting up VPC Network Peering with Vertex AI and using private IP for custom training (Using private IP for prediction and vector matching with Matching Engine remains in preview.)

DML query jobs now return statistics about the number of rows that were inserted, deleted, or updated. For more information, see DmlStats in the Job resource type. In addition, DML statistics are now available in the INFORMATION_SCHEMA.JOBS_BY_* views. This feature is generally available (GA).

Time series models now support holiday effects for weekly time series, in addition to the daily time series that was previously supported. This feature is now generally available (GA).

The new External HTTP(S) Load Balancers dashboard in Monitoring provides powerful visualizations to help you understand and troubleshoot connectivity issues on your external load balancers.

Cloud Run container instances can now process up to 1,000 concurrent requests, see Setting maximum concurrency. The default is still 80.

• The following PostgreSQL minor versions and extension versions are now available. If you use maintenance windows, you might not yet have these versions. In this case, you will see the new versions once your maintenance update occurs. To find your maintenance window or manage maintenance updates, see Finding and setting maintenance windows.
  • 9.6.21 is upgraded to 9.6.22.
  • 10.16 is upgraded to 10.17.
  • 11.11 is upgraded to 11.12.
  • 12.6 is upgraded to 12.7.
  • 13.2 is upgraded to 13.3.
• pglogical extension is upgraded to 2.3.4.
• PostGIS extension is upgraded to 3.0.3 for all PostgreSQL major versions.

Artifact Registry now supports Cloud External Key Manager (Cloud EKM) when using customer-managed encryption keys.

Connectivity Tests now includes a feature that verifies connectivity to and from Google-managed services, such as Google Kubernetes Engine (GKE) control planes or Cloud SQL instances. The Connectivity Tests configuration analysis can now run a test and provide an overall reachability result for Google-managed services. For more information, see Connectivity Tests overview.

Anthos clusters on VMware 1.8.1-gke.7 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.1-gke.7 runs on Kubernetes v1.20.8-gke.1500.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.8, 1.7, and 1.6.

Cloud Composer environments with Airflow 2 can run more than one Airflow scheduler. This feature brings Airflow HA scheduler to Cloud Composer environments.

Preview: You can use the Help Assistant in the Google Cloud Console to find answers to questions about Compute Engine.

Added support for GKEHubFeatureMembership resource.

Added spec.projectRef to ServiceUsageService.

Added the following output-only fields:

• BigQueryJob: query.destinationEncryptionConfiguration.kmsKeyVersion, load.destinationEncryptionConfiguration.kmsKeyVersion, and copy.destinationEncryptionConfiguration.kmsKeyVersion.
• BigQueryTable: encryptionConfiguration.kmsKeyVersion.

Added advancedMachineFeatures to ComputeInstance.

Dataflow now supports custom containers in GA.

Avro based imports and exports are now in GA.

A C++ client library for IAM is now available. The client library supports the IAM API and the Service Account Credentials API.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Time to live (TTL) is now available in public preview. This feature lets database administrators periodically delete unneeded data from Cloud Spanner tables, and so decrease storage and backup costs and potentially increase query performance. To use this feature, a database owner defines a row deletion policy on a table schema.

Google Groups for RBAC is now generally available.

Cloud Run is now covered by FedRAMP Moderate

Granular instance sizing is now available in public preview. Historically, the most granular unit for provisioning compute capacity on Spanner has been the node. To provide more granular control, we are introducing Processing Units (PUs); one Spanner node is equal to 1,000 PUs. You can now provision in batches of 100 PUs, and get a proportionate amount of compute and storage resources. Learn more.

gcloud alpha storage commands are now available.

• These commands provide faster uploading and downloading performance over the gsutil command line tool.

Added support for Maintenance Windows for Memorystore for Redis.

Private endpoints for online prediction are now available in preview. After you set up VPC Network Peering with Vertex AI, you can create private endpoints for low-latency online prediction within your private network.

Additionally, the documentation for VPC Network Peering with custom training has moved. The general instructions for setting up VPC Network Peering with Vertex AI are available at the original link, https://cloud.google.com/vertex-ai/docs/general/vpc-peering. The documentation for custom training is now available here: Using private IP with custom training.

External IPv6 addresses for VM instances is now available in General Availability in supported regions.

You can now use an interactive shell to inspect your training container while it runs. The interactive shell can be helpful for monitoring and debugging training jobs.

This feature is available in preview.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

BigQuery now supports workload management data control language (DCL) statements:

• CREATE CAPACITY
• CREATE RESERVATION
• CREATE ASSIGNMENT
• DROP CAPACITY
• DROP RESERVATION
• DROP ASSIGNMENT

This feature is generally available GA.

BigQuery now supports the following SQL query operators:

• PIVOT operator
• UNPIVOT operator

This feature is generally available (GA).

BigQuery standard SQL now supports the CONTAINS_SUBSTR function. This feature is generally available (GA).

The end-to-end user journey for BigQuery ML documents an overview of the complete machine-learning flow for each available model including feature preprocessing, model creation, hyperparameter tuning, inference, evaluation, model export, etc.

Key Visualizer for Cloud Spanner is now available. Key Visualizer is an interactive monitoring tool to analyze usage patterns in Spanner databases. It reveals trends and outliers in important performance and resource metrics.

Private Catalog launches improvements for using Terraform, including updating solutions, noting version highlights, and updating deployments. Learn more

Security Health Analytics, a built-in service of Security Command Center, has launched a new detector, DATASET_CMEK_DISABLED, in general availability. The detector, available to Security Command Center Premium customers, detects BigQuery datasets that are not encrypted using customer-managed encryption keys (CMEK). For more information, see the DATASET_SCANNER table in Vulnerabilities findings.

Event Threat Detection, a built-in service of Security Command Center Premium, has launched a public preview of new detectors to protect your Google Workspace domains. The detectors identify suspicious activities in member accounts and your Admin Console, including leaked passwords, attempted account breaches, settings changes, and possible government-backed attacks. For more information, see Event Threat Detection overview.

You can now use an interactive shell to inspect your custom training container while it runs. The interactive shell can be helpful for monitoring and debugging training.

This feature is available in preview.

This feature has been moved to a future release. It is not currently available.

Added DATA_READ and DATA_WRITE Data Access audit logs. See Firestore in Datastore mode audit logging information. This feature is available in Preview.

This feature has been moved to a future release. It is not currently available.

Added DATA_READ and DATA_WRITE Data Access audit logs. See Firestore audit logging information. This feature is available in Preview.

M75 Release

• Enhanced environment configurations so it is easier to install additional frameworks in CUDA containers.

M75 Release

• Improved the clarity of error messages for custom container users.

Traffic Director can now use internet NEGs of the type INTERNET_FQDN_PORT to route traffic to private services that are reachable using hybrid connectivity, including named on-premises, multi-cloud, and internet services. For full details, see Traffic Director with internet network endpoint groups.

Airflow 2.0.2 is available in Cloud Composer images.

You can now use the gcloud beta ai custom-jobs create command to build a Docker image based on local training code, push the image to Container Registry, and create a CustomJob resource.

The VM instances page has a new Processes tab in Preview. This tab adds charts for process metrics to the charts provided by the existing CPU, Memory, Disk, and Network tabs.

Preview: Access the Compute Engine API using Cloud Client Libraries built on our latest client library model. An updated client library is now available in the following language:

• Go

For more information, see Compute Engine client libraries.

Preview: The Observability tab on Compute Engine's VM instance details page includes a new category for process metrics. You can use the new charts and reports to troubleshoot the behavior of processes running on your VMs.

Added support for ComputeInstanceGroupManager resource (Issue #314).

Added support for BinaryAuthorizationPolicy resource.

Added cluster.kmsKeyRef field to BigtableInstance.

Added expire, rotation, topics, and ttl fields to SecretManagerSecret (Issue #471).

Added timestamp to log messages.

Aggregated the cnrm-admin ClusterRole to the admin and edit ClusterRoles, and aggregated the cnrm-viewer ClusterRole to view ClusterRole. See Aggregated ClusterRoles for details (Issue #486).

Transcoder v1 API is now available. See the migration guide for information on how to update your job templates to the new version.

You can now install the Logging and Monitoring agents on multiple VMs from the Inventory tab on the Cloud Monitoring VM Instances page. You can select multiple VMs in your fleet for agent installation. The page generates the necessary installation command and provides a link to Cloud Shell, where you can run the command.

You can now install the Logging and Monitoring agents on multiple VMs from the Inventory tab on the Cloud Monitoring VM Instances page. You can select multiple VMs in your fleet for agent installation. The page generates the necessary installation command and provides a link to Cloud Shell, where you can run the command.

List object V2 for the XML API^Preview launched.

• List object V2 provides improved interoperability with Amazon S3 tools and libraries.

Cloud Trace announces that the OpenTelemetry library for Java is now generally available. For information about configuring your Java application to use Open Telemetry, see Java and OpenTelemetry.

Backing up and restoring service metadata are now in GA.

Anthos clusters on VMware 1.8.0-gke.25 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.0-gke.25 runs on Kubernetes v1.20.5-gke.1301.

IAM database authentication for Cloud SQL for MySQL is now generally available. To get started using IAM database authentication, see Cloud SQL IAM database authentication.

The NUMERIC data type is now supported as a valid key column type, so you can now use NUMERIC type columns when specifying primary keys, foreign keys, and secondary indexes.

You can now containerize and run your training code locally by using the new gcloud beta ai custom-jobs local-run command. This feature is available in preview.

BigQuery now supports materialized views without aggregation and materialized views with inner join. This feature is in Preview.

Cloud Functions now logs pending queue requests abort error messages.

External TCP/UDP Network Load Balancing now allows you to configure a connection tracking policy. A connection tracking policy introduces the following new properties to let you customize your load balancer's connection tracking behavior:

• Tracking mode
• Connection persistence on unhealthy backends

To learn about how connection tracking works, see Backend selection and connection tracking.

To learn how to configure a connection tracking policy, see Configure a connection tracking policy.

This feature is available in Preview.

The Share link feature for queries in the Logs Explorer now lets you choose whether to include an absolute time range or a relative time range. With an absolute time range, the query includes static time values for the results, so the query always returns the same results. With a relative time range, you can set a value like "last 1 hour", and the results change as time passes.

Preview: Cloud Logging now supports alerts based on matching the content of your logs. When triggered, a log-based alert notifies you that a match has appeared in your logs and opens an incident in Cloud Monitoring. You can create log-based alerts by using the Logs Explorer or the Monitoring API. For more information, see Monitoring your logs and Using log-based alerts.

Preview: Cloud Logging now supports alerts based on matching the content of your logs. When triggered, a log-based alert notifies you that a match has appeared in your logs and opens an incident in Cloud Monitoring. You can create log-based alerts by using the Logs Explorer or the Monitoring API. For more information, see Monitoring your logs and Using log-based alerts.

Added NetworkServicesEndpointPolicy support

• In Debian 10 GPU images, updated NVIDIA drivers to 460.73.01 and CUDA to 11.0.3.
• Added support for controlling the Cloud Storage backup synchronization time and reducing the output of synchronization.
• Preinstalled the table of contents extension in JupyterLab.
• Added fastai 2.4 to the PyTorch 1.9 GPU image.

The Cloud Healthcare API offers single-region support in the europe-west3 (Frankfurt) region.

The Cloud Healthcare API offers single-region support in the asia-northeast3 (Seoul) region.

The Cloud Healthcare API offers single-region support in the asia-south1 (Mumbai) region.

Release 1.8.1

Anthos clusters on bare metal release 1.8.1 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos on bare metal 1.8.1 runs on Kubernetes 1.20.

You can now display summaries of single-condition alerting policies on a custom dashboard. A policy summary includes a display of the monitored time series, the threshold, and chips that show the number of open incidents and whether the policy is disabled. For more information about Alert charts, see the following pages:

• Managing dashboards by API
• Adding an alerting policy to a dashboard by using the Cloud Console.

In Dialogflow CX, you can now use the Search feature (Preview launch) to search, filter, and access the core resources within an agent.

In Dialogflow CX, you can now use the sys.long-utterance built-in event to handle user queries exceeding the maximum length (256 characters).

Human in the Loop (HITL) now supports priority queues for each processor, based on the urgency of each document. For more information, see HITL.

Config Management is now available on GKE. Config Management provides you with the following benefits:

• You can now use Policy Controller. Policy Controller enables the enforcement of fully programmable policies for your clusters. To learn more, see Policy Controller overview.
• You can now install Config Sync using the Cloud Console or the gcloud command line tool. To learn more, see Installing Config Sync.

Connectivity to Google-managed services is now generally available in Network Topology. Google Cloud users can use Network Topology to audit their networking configuration and troubleshoot networking issues related to the different Google services in use.

General availability for the following integration:

• Certificate Authority Service

Config Sync now supports accessing Cloud Source Repositories through a Google service account when Workload Identity is enabled in your cluster. To learn more, see Granting Config Sync read-only access to Git.

Config Management is now available on GKE. Config Management enables you to use Policy Controller. GKE users can also now install Config Sync using the Cloud Console or by using the gcloud command-line tool. To learn more, see Installing Config Sync.

You can now configure your cluster with the same settings used by another cluster by using gcloud fetch-for-apply. To learn more, see Configuring Config Sync.

Config Sync cluster selectors now support CustomResourceDefinitions.

You can now launch Kubernetes 1.20 clusters.

Workload identity to authenticate to Google Cloud services from your user clusters is now available. Using workload identity is supported on user clusters running version 1.20 and higher.

You can now update the security groups associated with user clusters and node pools. For more information, see Updating a user cluster

You can now modify proxy settings on a running cluster. For more information, see Changing Cluster Proxy Settings

Asset Namespaces

The asset namespaces feature enables you to classify categories of assets sharing a common network environment, or namespace, and then perform searches for those assets within the Chronicle user interface based on that namespace. See also the Linux Forwarder documentation for information on how to configure the Forwarder to add namespaces to your security data before it is ingested into your Chronicle account.

Public access prevention^Preview launched.

• Enforcing public access prevention prevents data in your organization or project from being accidentally exposed to the public.

Cloud Translation - Advanced (v3) support for a regional EU endpoint is now in Preview. For more information, see Specify a regional endpoint.

Preview: You can now configure N2D VMs with up to 100 Gbps of network bandwidth.

This feature is ideal for network-intensive distributed workloads.

Learn more about higher bandwidth configurations, the regions and zones where these machines are available, and the post preview pricing for this new feature.

Secret Manager now offers a limited number of free resources as part of the Google Cloud Free program.

For more details on free resources, see Secret Manager pricing.

Transfer service for on-premises data support for delete from source is now Generally Available. For more information, see Data consistency details.

Storage Transfer Service offers Preview for Integration with AWS Security Token Service. Security conscious customers can now use Storage Transfer Service to perform transfers from AWS S3 without passing any security credentials. This release will alleviate the security burden associated with passing long-term AWS S3 credentials, which have to be rotated or explicitly revoked when they are no longer needed. Refer Amazon Web Services (AWS) S3 Federated Identity credentials when setting up access to your data source.

Anthos Service Mesh user authentication is now generally available (GA). This feature lets you use existing Identity Providers (IDP) for user authentication and access control to your workloads. For more information, see Configuring Anthos Service Mesh user authentication.

New features include:

• Private clusters with private IPs
• gcloud alpha container azure clusters and node-pools support
• Application-layer secrets encryption
• Choice of volume type, size, and customer-managed encryption keys
• Cluster Autoscaler

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Downloading Events

You can download large numbers of the events associated with each threat detection as a CSV file, enabling you to search across a broad set of the data stored in your Chronicle account to hunt for security issues.

Cloud Logging lets you copy logs from a Cloud Logging bucket to a Cloud Storage bucket. To learn more, see Copying log entries.

The Monitoring dashboards page in the Cloud Console now includes a collection of sample dashboards. The sample dashboards provide support for many common applications. You can preview, install, and then customize these dashboards. For more information, see Installing sample dashboards.

Cloud Run is now available in the following region:

• asia-south2 (Delhi, India)

Cloud SQL for MySQL now offers stored procedures that you can execute on your instances. You can use stored procedures to add or drop secondary indexes on read replicas. See Cloud SQL stored procedures.

Cloud Spanner now supports Cloud External Key Manager (Cloud EKM) when using customer-managed encryption keys. Cloud EKM also provides Key Access Justification to give you more visibility into key access requests.

GPU support on Dataflow is now in General Availability.

The Dialogflow ES API now provides methods for managing versions and environments.

Google Cloud Armor now supports parsing of the JSON content of POST bodies when preconfigured WAF rules are evaluated. JSON parsing must be enabled on a per-security-policy basis. In addition, you can enable verbose request logging to provide more details about why a particular rule was triggered. These features are Generally Available.

Pub/Sub message schemas are now GA.

Secret Manager now has a guide for rotating secrets and binding a secret version to your application.

To learn more, see Rotation of secrets.

Deleting a private services access connection now also removes configurations created by the service producer, if Google is the service producer (for example, Cloud SQL). The improved deletion process simplifies administration if you delete a private services access connection, but later want to recreate it. This feature is now available in General Availability.

BigQuery now supports multi-statement transactions. These allow you to perform mutating operations, such as inserting or deleting rows, on one or more tables, and either commit or roll back the changes atomically. This feature is in Preview.

Cloud Bigtable is now available in the asia-south2 (Delhi) region.

Summary bar now available in the Cost Table report

To provide additional flexibility when analyzing your data in the cost table report, we've added the summary bar as another analysis tool.

When you select a subset of rows in your cost table, a floating summary bar opens and shows you the total gross costs, credits, the percentage of savings, and the total net costs, summarized for the selected rows. The summary bar is available for both the nested and flat table views.

For more information about using the summary bar on the Cost table report, see View and download the cost details of your invoice or statement.

Cloud SQL for MySQL now supports the innodb_flush_log_at_trx_commit flag.

Support for asia-south2 (Delhi) region.

Support for asia-south2 (Delhi) region.

Support for asia-south2 (Delhi) region.

Delhi region (asia-south2) launched.

• New location for storing your data.

Cloud VPN is now available in region asia-south2 (Delhi, India).

Pricing is available on the Cloud VPN pricing page.

Preview: You can now autoscale both regional and zonal managed instance groups based on a Cloud Monitoring metric that provides an aggregated value for the group. You can also apply filters to group metrics to further scope the scaling signal. For more information, see Scaling based on Cloud Monitoring metrics.

Delhi, India asia-south2-a,b,c region has launched with E2, N2, N1, and C2 virtual machine (VM) instances in all three zones. See VM instance pricing for details.

Dataflow is now able to use workers, Dataflow Shuffle, Streaming Engine, FlexRS, and regional endpoints in zones in Delhi (asia-south2).

Filestore is available in the europe-central2 (Warsaw) region. See Regions and zones.

Kf Cloud Service Broker for Google Cloud for Google managed services.

Added new Memorystore for Memcached region: Delhi (asia-south2).

Added new Cloud Memorystore for Redis region: Delhi (asia-south2)

Enhanced runtime support added which lets you deploy containers to GKE Autopilot clusters and to Cloud Run, and simplifies the process of deploying containers to Anthos clusters on AWS that use workload identity. This feature is in preview.

See Enhanced runtime for more.

Added support for the preview release of the fit assessment tool that is intended to eventually replace the existing Linux discovery tool. The new fit assessment tool provides you with:

• Ability to get the inventory information about VMware VMs through direct connection to vCenter.
• Enhanced HTML output that makes it easier to view the assessment results.
• New collection script, mfit_linux_collect.sh, and new assessment tool, mfit.

See Using the fit assessment tool for more.

Secret Manager is now available in asia-south2 (Delhi). See Secret Manager locations for more information.

Secret Manager now has a guide for using Cloud Asset Inventory to identify and audit secrets.

To learn more, see Analyze secrets with Cloud Asset Inventory.

You can now use VPC Service Controls with Traffic Director. You can add projects to service perimeters that protect resources and services (like Traffic Director) from requests that originate outside the perimeter. To learn more about VPC Service Controls, see the VPC Service Controls Overview.

General availability for the following integration:

• Traffic Director

This note is incorrect; see entry for July 5, 2021

For auto mode VPC networks, added a new subnet 10.190.0.0/20 for the Delhi asia-south2 region. For more information, see Auto mode IP ranges.

Anthos clusters on VMware 1.8.0-gke.21 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.0-gke.21 runs on Kubernetes v1.20.5-gke.1301.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.8, 1.7, and 1.6.

Platform enhancements:

• Preview: Cluster autoscaling is now available in preview. With cluster autoscaling, you can horizontally scale node pools in proportion to workload demand. When demand is high, the cluster autoscaler adds nodes to the node pool. When demand is low, the cluster autoscaler removes nodes from the node pool, scaling back down to a minimum size that you designate. Cluster autoscaling can increase the availability of your workloads while controlling costs.

• Preview: User cluster control-plane node and admin cluster add-on node auto sizing are now available in preview. The features can be enabled separately in user cluster or admin cluster configurations. When you enable user cluster control-plane node auto sizing, user cluster control-plane nodes are automatically resized in proportion to the number of node pool nodes in the given user cluster. When you enable admin cluster add-on node auto sizing, admin cluster add-on nodes are automatically resized in proportion to the number nodes in the admin cluster.

• Preview: Windows Server container support for Anthos clusters on VMware is now available in preview. This allows you to modernize and run your Windows-based apps more efficiently in your data centers without having to go through risky application rewrites. You can use Windows containers alongside Linux containers for your container workloads. The same experience and benefits that you have come to enjoy with Anthos clusters on VMware using Linux--application portability, consolidation, cost savings, and agility--can now be applied to Windows Server applications also.

• Preview: Admin cluster backup is now available in preview. With this feature enabled, admin cluster backups are automatically performed before and after user and admin cluster creation, update, and upgrade. A new gkectl backup admin command performs manual backup. Upon admin cluster storage failure, you can restore the admin cluster from a backup with the gkectl repair admin-cluster --restore-from-backup command.

Security enhancements:

• The Ubuntu node image is qualified with the CIS (Center for Internet Security) L1/L2 Server Benchmark.

• Generally available: Workload identity support is now generally available. For more information, see Fleet workload identity. The connect-agent service account key is no longer required during installation. The connect agent uses workload identity to authenticate to Google Cloud instead of an exported Google Cloud service account key.

• You can now use gkectl to rotate system root CA certificates for user clusters.

• You can now use gkectl to update vCenter CA certificates for both admin clusters and user clusters.

• Preview: You can enable Secrets encryption with internally generated keys instead of a hardware security model (HSM). This feature will be enabled by default in a future release.

Network feature enhancements:

Preview: Egress NAT gateway is now available in preview. To be able to access off-cluster workloads, traffic originating within the cluster that is related to specific flows must have deterministic source IP addresses. Egress NAT gateway gives you fine-grained control over which traffic gets a deterministic source IP address, and then provides that address. The Egress NAT Gateway functionality is built on top of Dataplane V2.

Storage enhancements:

• The Anthos vSphere CSI driver now supports both offline and online volume expansion for dynamically and statically created block volumes only.

  • Offline volume expansion is available in vSphere 7.0 and later. Online expansion is available in vSphere 7.0u2 and later.

  • The vSphere CSI driver StorageClass standard-rwo, which is installed in user clusters automatically, sets allowVolumeExpansion to true by default for newly created clusters running on vSphere 7.0 or later. You can use both online and offline expansion for volumes using this StorageClass.

• The volume snapshot feature now supports v1 versions of VolumeSnapshot, VolumeSnapshotContent, and VolumeSnapshotClass objects. The v1beta1 versions are deprecated and will soon stop being served.

Simplify day-2 operations:

• You can now use Anthos Identity Service (AIS) and OpenID Connect (OIDC) for authentication to admin clusters in addition to user clusters.

• Preview: Anthos Identity Service can now resolve groups with Okta as identity provider. This allows administrators to write RBAC policy with Okta groups.

• Preview: Anthos Identity service now supports LDAP authentication methods in addition to OIDC. You can use AIS with Microsoft Active Directory without the need for provisioning Active Directory Federation Services.

• The Anthos metadata agent replaces the original metadata agent to collect and send Anthos metadata to Google Cloud Platform, so that Google Cloud Platform can use this metadata to build a better user interface for Anthos clusters. You must 1) enable the Config Monitoring for Ops API in your logging-monitoring project, 2) grant the Ops Config Monitoring Resource Metadata Writer role to your logging-monitoring service account, and 3) add opsconfigmonitoring.googleapis.com to your proxy allowlist (if applicable).

• You can use gkectl diagnose snapshot --upload-to [GCS_BUCKET] --service-account-key-file [SA_KEY_FILE] to automatically upload snapshots to a Google Cloud Storage (GCS) bucket. The provided service account must have the roles/storage.admin IAM role enabled.

BigQuery now supports access management data control language (DCL) statements and corresponding views:

• GRANT
• REVOKE
• INFORMATION_SCHEMA.OBJECT_PRIVILEGES view

GRANT and REVOKE statements are generally available (GA). OBJECT_PRIVILEGES table is available in Preview.

BigQuery now supports the following casting features:

• PARSE_BIGNUMERIC
• PARSE_NUMERIC
• Format clause for CAST available for the following data types:
  • String type
  • Date type
  • Datetime type
  • Time type
  • Timestamp type
  • Numeric types
  • Bytes type
• Numeric type INT64 aliases (INT, SMALLINT, INTEGER, BIGINT, TINYINT, BYTEINT)
• ST_GEOGFROM

These features are generally available (GA).

BigQuery now supports the ALTER COLUMN SET OPTIONS data definition language (DDL) statement. This feature is generally available (GA).

Table functions are now available in Preview. These user-defined functions, commonly known as table-valued functions (TVFs), return a table value.

The Google Trends dataset is now available in Preview and available in the Google Cloud Marketplace.

Audit logging, Cloud Logging, and Cloud Monitoring for the BigQuery Data Transfer Service are now generally available (GA).

Detection Engine API

The VerifyRule method has been added to the Detection Engine API. This method verifies that a rule is a valid YARA-L 2.0 rule without creating a new rule or evaluating it over data.

Cloud Functions is now available in the following region:

asia-east1 (Taiwan)

See Cloud Functions Locations for details.

Cloud Monitoring is launching a new Observability tab on Compute Engine's VM instance details page. This tab replaces the Monitoring tab. The enhanced Observability tab provides access to logs and greater visibility into CPU, disk, and network metrics.

Integration of SQL Server with Managed Service for Microsoft Active Directory is generally available.

This provides capabilities for authentication, authorization, and more.

Joining an instance to a managed Active Directory domain enables you to log in to your SQL Server instances using Windows Authentication. Additionally, you can integrate with your on-premises AD domains by establishing a trust with the Managed Service for Microsoft Active Directory.

Generally available: Compute Engine's VM instance details page has a new Observability tab, which replaces the Monitoring tab. The enhanced Observability tab provides access to logs and greater visibility into CPU, disk, and network metrics.

General-purpose N2D VMs are now available in us-west4-b Las Vegas, NV. See VM instance pricing for details.

Dataflow snapshots are now available in GA.

Dialogflow CX now supports the asia-south1 (Mumbai) region.

In GKE node version 1.21.1-gke.2200 and later, Containerd is available as a runtime for Windows Server LTSC and SAC node images. Containerd is the recommended container runtime for GKE. For more information, see Node images.

The Speech-to-Text now supports multi-region endpoints as a GA feature. See the multi-region endpoints documentation for more information.

BigQuery table snapshots are now in Preview. A table snapshot is a low-cost, read-only copy of a table's data as it was at a particular time. For more information, see Introduction to table snapshots.

Cloud Run is now available in the following region:

• australia-southeast2 (Melbourne)

Dataproc Metastore performs a Hive metadata schema validation when importing metadata into a service.

• For SQL dump, it verifies the tables in the SQL dump file.
• For Avro import, it verifies the Avro file names.
• Both approaches ensure that all tables exist in the import source.

If the verification fails, the operation fails with INVALID_ARGUMENT code and an error message describing which table is missing.

New System functions are now available in Dialogflow CX.

You can now secure your Filestore instances using a VPC service perimeter. For details, see Securing instances with a service perimeter.

You can now use NVIDIA A100 GPUs and several accelerator-optimized (A2) machine types for training. You must use A100 GPUs and A2 machine types together. Learn about their pricing.

Syntax for updating list values and map values is now supported.

Anthos Policy Controller now supports the ability for users to mutate resources as a preview feature. For more information see Mutating resources.

Anthos Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: f6c2fe8).

1.10.2-asm.2 is now available.

This patch release contains the same bug fixes that are in Istio 1.10.2. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

• Upgrading on GKE using the install_asm script
• Upgrading on Anthos clusters on VMware

Anthos clusters on-premises support Mesh CA.

New installations of Anthos Service Mesh 1.10x on Anthos clusters on VMWare and bare metal support the Anthos Service Mesh certificate authority (Mesh CA). For details on the installation, see Installing Anthos Service Mesh on-premises.

When you install Anthos Service Mesh on-premises with Mesh CA, this enables Cloud Monitoring and Cloud Logging by default. Additionally, you can use Cloud Trace (which you enable separately) as needed for troubleshooting.

Google-managed control plane release channels are available.

Anthos Service Mesh releases updates often, to deliver security updates, fix known issues, and introduce new features. Release channels offer you the ability to balance between stability and the feature set of the Anthos Service Mesh version. Google automatically manages the version and upgrade cadence for each release channel. To learn more, see the following:

• 1.9x Google-managed control plane

• 1.10x Google-managed control plane

Migrating to Mesh CA from Istio CA with little or no downtime.

Migrating to Anthos Service Mesh certificate authority (Mesh CA) from Istio CA (also known as Citadel) requires migrating the root of trust. Prior to Anthos Service Mesh 1.10, if you wanted to migrate from Istio on to Anthos Service Mesh with Mesh CA, you needed to schedule downtime because Anthos Service Mesh was not able to load multiple root certificates, which interrupted mutual TLS (mTLS) traffic during the migration.

With Anthos Service Mesh 1.10 and higher, you can install a new in-cluster control plane with an option that distributes the Mesh CA root of trust to all proxies. After switching to the new control plane and restarting workloads, all proxies are configured with both the Istio CA and Mesh CA root of trust. Next, you install a new in-cluster control plane that has Mesh CA enabled. As you switch workloads over to the new control plane, mTLS traffic isn't interrupt. For details, see Migrating to Mesh CA.

New resource types are now available.

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Managed Service For Microsoft Active Directory
  • managedservices.googapis.com/Domain

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Secret Manager (Newly added real-time feed support)
  • secretmanager.googleapis.com/Secret
  • secretmanager.googleapis.com/SecretVersion

Cloud SQL for SQL Server now supports SQL Server 2019. The default version continues to be SQL Server 2017 Standard. See Database versions and version policies.

Preview: Use patch alerting to monitor the patch jobs running in your environment. For more information, see Monitoring patch jobs.

Added support for the following resources:

• MonitoringDashboard
• GKEHubFeature
• IAMPartialPolicy
• NetworkSecurityAuthorizationPolicy
• BinaryAuthorizationAttestor

Versions of included products

• Anthos Config Management v1.8.0, release notes
• Config Connector v1.52.0, release notes

Config Controller can be used to deploy a landing zone blueprint.

Internal load balancer subsetting for GKE is now generally available in GKE versions 1.18.19-gke.1400 and later.

Console Table Management for Cloud Bigtable is now generally available. You can now use the Google Cloud Console to create, edit, and delete Cloud Bigtable tables, column families, and garbage collection policies.

Preview: You can now replicate data continuously and in real time from operational data stores in Oracle into BigQuery using the Oracle (by Datastream) plugin. The plugin is available in Cloud Data Fusion version 6.4.0 or later.

Cloud Router now supports the following:

• Enabling and disabling BGP sessions
• Updating the BGP keepalive interval

Cloud SQL storage limits are now increased to support up to 64 TB. See Cloud SQL storage limits for more information.

The following MySQL minor versions have been upgraded:

• MySQL 5.6.50 is upgraded to 5.6.51
• MySQL 5.7.32 is upgraded to 5.7.33

Cloud SQL storage limits are now increased to support up to 64 TB. See Cloud SQL storage limits for more information.

Cloud SQL storage limits are now increased to support up to 64 TB. See Cloud SQL storage limits for more information.

Best practices are now available for the Compute Engine API.

Added new Memorystore for Memcached region: Melbourne (australia-southeast2).

BigQuery Data Transfer Service now supports Google Merchant Center data transfers for local inventories and regional inventories.

BigQuery ML is releasing the following features for preview:

• The ML.DETECT_ANOMALIES function is now available. This function provides anomaly detection for BigQuery ML. The function runs against time-series data using ARIMA_PLUS models. The function runs against independent and identically distributed (IID) random variables data using AUTOENCODER and KMEANS models.
• The AUTOENCODER model type is now available for CREATE MODEL statements. This is a TensorFlow-based, deep-learning model that supports sparse data representations, and is commonly used in ML tasks such as feature embedding, unsupervised anomaly detection, and non-linear dimensionality reduction. The ML.PREDICT function can use previously built AUTOENCODER models to reduce the dimensionality of query results.
• Hyperparameter tuning is now available and can be used to improve model performance by searching for the optimal hyperparameters when training ML models using CREATE MODEL statements. View the BigQuery ML Hypertuning tutorial to learn how to improve model performance by 40%.

External HTTP(S) Load Balancing and Cloud CDN now support HTTP/3. HTTP/3 is based on the IETF QUIC transport protocol. Compared to HTTP/2, it reduces request latency, improves throughput, and mitigates head-of-line blocking. HTTP/3 is already supported on most major web browsers.

To learn how to enable HTTP/3 on your external HTTP(S) load balancer, visit the documentation.

External HTTP(S) Load Balancing and Cloud CDN now support HTTP/3. HTTP/3 is based on the IETF QUIC transport protocol. Compared to HTTP/2, it reduces request latency, improves throughput, and mitigates head-of-line blocking. HTTP/3 is already supported on most major web browsers.

To learn how to enable HTTP/3 on your external HTTP(S) load balancer, visit the documentation.

Symmetric hashing for internal TCP/UDP load balancers as next hops—When load balancing to multiple NICs on the backends, you no longer need to use source network address translation (SNAT). SNAT isn't required because Google Cloud uses symmetric hashing. This means that when packets belong to the same flow, Google Cloud calculates the same hash. In other words, the hash doesn't change when the source IP address:port is swapped with the destination IP address:port.

This feature is in General Availability.

Dataflow is now able to use workers, Dataflow Shuffle, Streaming Engine, FlexRS, and regional endpoints in zones in Melbourne (australia-southeast2).

M73 Release

• Upgraded TensorFlow Enterprise 2.1.3 to 2.1.4.
• Upgraded TensorFlow Enterprise 2.3.2 to 2.3.3.
• Miscellaneous bug fixes and updates.

M73 Release

• Upgraded TensorFlow Enterprise 2.1.3 to 2.1.4.
• Upgraded TensorFlow Enterprise 2.3.2 to 2.3.3.
• Disabled automatic updates for Ubuntu to be in line with the behavior in Debian images.
• Miscellaneous bug fixes and updates.

General availability for the following integration:

• Identity-Aware Proxy for TCP forwarding

Cloud Data Loss Prevention is supported by Access Approval in Preview stage.

Cloud External Key Manager is supported by Access Approval in Preview stage.

Cloud HSM is supported by Access Approval in Preview stage.

Release 1.8.0

Anthos clusters on bare metal release 1.8.0 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.8.0 runs on Kubernetes 1.20.

Extended installation support:

• Provided support to use containerd as the container runtime as GA for Anthos clusters on bare metal release 1.8.0. Cluster upgrades to 1.8.0 are blocked for 1.7.x clusters that are configured to use the preview containerd capability. For more information, see Upgrading 1.7.x clusters that use containerd in Known Issues.
• Preview: Improved virtual machine (VM) management capability. Anthos VM Runtime uses KubeVirt to orchestrate VMs on clusters, allowing you to work with your VM-based apps and workloads in a uniform development environment. Anthos VM Runtime has worked with Anthos clusters on bare metal as a preview feature since November 2020 and we have continued to enhance its capability. For more information, see Working with VM-based workloads.
• Added edge profile support for standalone clusters. The edge profile is recommended for edge devices with limited resources. Add profile: edge to the cluster config file when you create a standalone cluster to produce a cluster that has significantly reduced system resource requirements. The edge profile is only available for standalone clusters, it is ignored for other cluster types. For more information, see Creating standalone clusters.
• Added support to specify provider ID for Nodes (controlPlane.nodePoolSpec.nodes.providerID) to support deploying on OpenStack using Load Balancing as a Service (LBaaS) resources. For more information, see Configure your clusters to use OpenStack.
• Preview: Added support for installing Anthos clusters on bare metal, using your own registry service, instead of gcr.io. For instructions and additional information, see Installing Anthos Bare Metal using registry mirror.

Improved upgrade:

• Enabled support for upgrading non-SELinux clusters to SELinux. For more information, see Enable SELinux in Upgrading Anthos clusters on bare metal.
• Cluster upgrades are not blocked by excessive Node draining durations. During a cluster upgrade, if the draining process takes longer than 20 minutes for any specific Node, the upgrade process will carry on without waiting for draining to complete.

Updated user cluster lifecycle management:

• Added bmctl improvements for resetting user cluster and adding additional preflight checks to confirm machine and network readiness for cluster creation:

Enhanced monitoring and logging:

• Preview: Added Cloud Audit Logging capability, which enables audit logs to be written to Cloud Audit Logs in your Google project. Audit logs are useful for investigating suspicious API requests and for collecting statistics. For more information, see Enable Audit Logging.

Introduced new networking capabilities in preview:

• Preview: Added multi-NIC capability to provide additional interfaces to your Pods.
• Preview: Added egress NAT gateway capability to provide persistent, deterministic routing for the egress traffic from your clusters. For more information, see Configure an egress NAT gateway for external communication.
• Preview: Added option for BGP bundled load balancer for Layer-3 (L3) topologies. This feature can be used with user clusters and admin clusters.

Enhanced security:

• Workload Identity is GA. The Connect Agent Service Account Key is no longer required during installation. Connect Agent uses Workload Identity to authenticate to GCP instead of an exported GCP Service Account Key.

Expanded support for newer versions of operating systems:

• Added support for installing Anthos clusters on bare metal on Red Hat Enterprise Linux (RHEL) 8.4, and CentOS 8.4

Row-level security on table data is now generally available in BigQuery.

Uppercase Alerts

For Chronicle customers who are also Uppercase customers, Uppercase alerts are now displayed on the Enterprise Insights page. Uppercase alerts are derived from both Google's internal threat detection infrastructure and research provided by Uppercase security analysts.

You can view these alerts in Uppercase Alert view. This view also enables you to provide feedback that can be shared with your own security team and with Uppercase.

You can also use the Uppercase API to retrieve alerts from your Chronicle account.

Cloud Bigtable is now available in the australia-southeast2 (Melbourne) region.

Several fields related to verifying end-to-end data integrity for cryptographic operations are generally available (GA).

Support for australia-southeast2 (Melbourne) region.

Support for australia-southeast2 (Melbourne) region.

A preview enables you to use replication in Cloud SQL for SQL Server. Additionally, the preview enables you to make cross-region replicas.

You can use replication to scale the use of data in a database without degrading performance. Other reasons include migrating or maintaining data duplicates between regions.

For more information, see Replication in Cloud SQL.

Support for australia-southeast2 (Melbourne) region.

Melbourne region (australia-southeast2) launched.

• New location for storing your data.

Cloud VPN is now available in region australia-southeast2 (Melbourne, Australia).

Pricing is available on the Cloud VPN pricing page.

Melbourne, Australia australia-southeast2-a,b,c has launched with E2, N2, N1, and M1 machines. M1 machines are only available in zones b and c.

See VM instance pricing for details.

Added support for NetworkSecurityClientTLSPolicy

Added support for NetworkSecurityServerTLSPolicy

Added support for strong hierarchal references to several resources:

• Add spec.projectRef to DataprocAutoScalingPolicy
• Add spec.projectRef to DataprocCluster
• Add spec.projectRef to DataprocWorkflowTemplate
• Add spec.projectRef to MonitoringGroup

Added new Memorystore for Redis region: Melbourne (australia-southeast2).

Secret Manager is now available in australia-southeast2 (Melbourne). See Secret Manager locations for more information.

For auto mode VPC networks, added a new subnet 10.192.0.0/20 for the Melbourne australia-southeast2 region. For more information, see Auto mode IP ranges.

Generally available: You can now create application consistent snapshots of disks attached to Linux VMs. For more information, see Creating Linux application consistent snapshots.

Support for Compute Reservations. Notebooks API allows the use of Compute Reservations during instance creation.

Storage Transfer Service offers Preview support for transferring data from Azure ADLS Gen 2 to Cloud Storage.

Cloud Composer is now available in Warsaw (europe-central2).

Query Insights is now supported for read replicas.

You can now customize E2 shared-core machine types. Shared-core machine types provide a fractional vCPU with the ability to burst to 2 vCPU for a short period of time.

• E2 shared-core machine types support predefined platforms with Intel or AMD EPYC Rome processors.

• The custom memory range is:

  • 1 to 2 GB for micro machines
  • 1 to 4 GB for small machines
  • 1 to 8 GB for medium machines

E2 shared-core custom machine pricing is the same as E2 custom machine pricing. E2 machines are available in all regions and zones.

Create a custom E2 shared-core machine using gcloud or the API.

Memory-optimized M2 machine types are now available in Belgium, europe-west1-b,c. See VM instance pricing for details.

M72 Release

• Added PyTorch 1.9 and PyTorch/XLA 1.9 containers.

M72 Release

• Added PyTorch 1.9 and PyTorch/XLA 1.9 images.

Added autoscale policies that can automatically expand or shrink a cluster in your private cloud based on factors like CPU utilization or storage capacity thresholds. All clusters begin with a default autoscale policy that adds a node based on a storage capacity threshold.

For details about this feature, see Autoscale policies.

Preview: vSAN data encryption for data at rest now uses keys generated by Cloud Key Management Service for all new private clouds.

For details about this feature, see Configuring vSAN encryption for your private cloud.

Text-to-Speech now offers voices in the following new languages. See the supported voices page for a complete list of voices and audio samples.

• ms-MY (Malay, Malaysia)
• nl-BE (Dutch, Belgium)

New resource types are now available.

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Google Kubernetes Engine
  • apps.k8s.io/Deployment
  • apps.k8s.io/ReplicaSet
  • batch.k8s.io/Job
• Hub
  • gkehub.googleapis.com/Membership
• API Gateway
  • apigateway.googleapis.com/Api
  • apigateway.googleapis.com/ApiConfig
  • apigateway.googleapis.com/Gateway
• Document AI
  • documentai.googleapis.com/HumanReviewConfig
  • documentai.googleapis.com/LabelerPool
  • documentai.googleapis.com/Processor
• Vertex AI
  • aiplatform.googleapis.com/BatchPredictionJob
  • aiplatform.googleapis.com/CustomJob
  • aiplatform.googleapis.com/DataLabelingJob
  • aiplatform.googleapis.com/Dataset
  • aiplatform.googleapis.com/Endpoint
  • aiplatform.googleapis.com/HyperparameterTuningJob
  • aiplatform.googleapis.com/Model
  • aiplatform.googleapis.com/SpecialistPool
  • aiplatform.googleapis.com/TrainingPipeline

The SAP accelerator for the order to cash process is now available. It provides sample pipelines that you can use to build your end-to-end order to cash process and analytics with Cloud Data Fusion, BigQuery, and Looker. The accelerator is a sample implementation of the SAP Table Batch Source plugin, which enables bulk data integration from SAP applications with Cloud Data Fusion. The accelerator is available in Cloud Data Fusion environments running in version 6.3.0 and above.

Cloud Tasks is now available in us-west1, asia-east1, and asia-southeast1.

Google-managed control plane is now a generally available (GA) feature. This feature lets you move from managing Istiod in your clusters to configuring the control plane as a service. Google will manage the availability, scalability and security of the control plane.

In addition, it offers these new features:

• Support for CNI
• Support for private clusters with a public IP address/endpoint access for the control plane
• Support for private clusters with Master Authorized Network (MAN)

Using the Google-managed control plane also simplifies multi-cluster mesh configuration and reduces the Kubernetes Engine privileges needed to install Anthos Service Mesh. For more information see Configuring the Google-managed control plane.

The SQL mathematical functions EXP, LN, LOG, LOG10 and SQRT now directly support NUMERIC data as input. You no longer need to cast NUMERIC data to FLOAT64 data before passing it as input to these functions.

Support for Identity and Access Management custom roles.

Support for Identity and Access Management custom roles.

Kf Operator to manage Kf installation.

Added Operator diagnostics to kf doctor.

Allow target command to take arg instead of flag.

Bring your own IP (BYOIP) is now available in General Availability.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

Cloud Functions is now available in the following region:

• asia-southeast1 (Singapore)

See Cloud Functions Locations for details.

In addition to scalar functions, Dataflow SQL now supports aggregate user-defined functions (UDFs) for Java. For more information, see Dataflow SQL user-defined functions. This feature is in Preview.

Support for the following additional locations:

• asia-southeast1 Singapore
• us-west1 Oregeon
• asia-east1 Taiwan

See the full list of locations.

Support for the following additional locations:

• asia-southeast1 Singapore
• us-west1 Oregeon
• asia-east1 Taiwan

See the full list of locations.

Added support for ComputeURLMap, DataFusionInstance, LoggingLogExclusion.

IAMServiceAccount: added support for resourceID.

GKE Multi-cluster Services support for pod-specific addressing is now generally available.

You can now use a pre-built container to serve predictions from TensorFlow 2.5 models.

You can now use a pre-built container to serve predictions from XGBoost 1.4 models.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, BatchGetAssetsHistory) and the Feed API:

• Serverless VPC Access
  • vpcaccess.googleapis.com/Connector
• Certificate Authority Service
  • privateca.googleapis.com/CaPool
  • privateca.googleapis.com/CertificateAuthority
  • privateca.googleapis.com/CertificateRevocationList
  • privateca.googleapis.com/CertificateTemplate

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Cloud KMS
  • cloudkms.googleapis.com/KeyRing
  • cloudkms.googleapis.com/CryptoKey
  • cloudkms.googleapis.com/CryptoKeyVersion
  • cloudkms.googleapis.com/ImportJob
• Service Usage
  • serviceusage.googleapis.com/Service
• Cloud Data Fusion
  • datafusion.googleapis.com/Instance

NVIDIA® T4 GPUs are now available in the following additional regions and zones:

• St. Ghislain, Belgium: europe-west1-b,c,d

For more information about using GPUs on Compute Engine, see GPUs on Compute Engine.

Volume snapshots is now generally available. Starting in GKE version 1.21 and later, you can now use v1 snapshots; v1beta1 snapshots will continue to operate as expected until further notice.

Committed use discounts are now generally available to purchase for Google Kubernetes Engine (Autopilot Mode).

Google Kubernetes Engine (Autopilot Mode) committed use discounts apply to all Autopilot Pod workload vCPU, memory, and ephemeral storage usage in the region in which you have committed. Google Kubernetes Engine (Autopilot Mode) committed use discounts do not apply to the cluster management fee or to GKE Standard mode compute nodes.

See the documentation for more details.

For GKE clusters running Windows Server node pools, you can see the version mapping between GKE versions and Windows Server versions for all available GKE versions by using a gcloud command. This feature is now available in preview.

For more details, see Use gcloud tool to get version mapping.

Added support for Upgrading the Redis version of an instance with the Google Cloud Console.

Released support for Redis version 6.x (Preview) on Memorystore for Redis. For more details, see Supported versions.

Network Load Balancing now supports load-balancing ESP (Encapsulating Security Payload) and ICMP (Internet Control Message Protocol) traffic. To handle these protocols, you specify the new L3_DEFAULT protocol on the load balancer's forwarding rule.

For details, see:

• Forwarding rule protocols for backend service-based network load balancers
• Setting up Network Load Balancing for multiple protocols

This feature is available in Preview.

Dataflow SQL now supports user-defined functions (UDFs) written using Java. For more information, see Dataflow SQL user-defined functions. This feature is in Preview.

VPC Service Controls

Integration with Document AI VPC Service Controls is now generally available.

Integration with Document AI VPC Service Controls is now generally available.

Runtime version 2.5 is now available. You can use runtime version 2.5 to serve online predictions with TensorFlow 2.5.1, scikit-learn 0.24.1, or XGBoost 1.4.0. Runtime version 2.5 does not support batch prediction.

See the full list of updated dependencies in runtime version 2.5.

Anthos clusters on VMware 1.5.4-gke.2 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.5.4-gke.2 runs on Kubernetes v.1.17.9-gke.4400. The supported versions that offer the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.7, 1.6, and 1.5.

Committed use discounts for Google Kubernetes Engine (GKE) are now Generally Available to purchase for workloads running on GKE Autopilot.

They provide discounted prices in exchange for your commitment to use a minimum level of resources for a specified term. The spend-based committed use discounts apply to all GKE Autopilot Pod workload CPU, memory, and ephemeral storage usage in the region in which you have committed. This gives you low, predictable costs, without the need to make any manual changes or updates yourself. This flexibility saves you time and helps you to save more by achieving high utilization rates across your commitments.

GKE Autopilot Mode commitments do not apply to the cluster management fee or to GKE Standard mode compute nodes.

See the documentation for more details.

You can check for VPN tunnel overutilization using the VPN tunnel utilization recommender. A recommender is a service in Google Cloud that provides usage recommendations for cloud resources.

Generally available: You can configure how your regional managed instance group distributes instances across zones by using capacity-aware distribution shapes, which can automatically deploy instances to zones where capacity is available and optionally prioritize the use of reservations.

Preview: When rolling out configuration or application updates to a stateful or stateless managed instance group, use the minimum and most disruptive allowed actions to control disruption to your workload.

Transition the underlying OS used by Migrate for Compute Engine components (Manager, Cloud Extensions, Importers, and Exporters) to use Ubuntu Advantage.

The Resource Settings API has entered general availability. You can use Resource Settings to centrally configure settings for your Google Cloud projects, folders, and organization. For more information, see Resource Settings overview.

Anthos clusters on VMware 1.6.3-gke.3 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.6.3-gke.3 runs on Kubernetes v1.18.18-gke.100. The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.7, 1.6, and 1.5.

BigQuery now supports parameterized types. The following parameterized types are supported:

• STRING(L)
• BYTES(L)
• NUMERIC(P) / NUMERIC(P, S)
• BIGNUMERIC(P) / BIGNUMERIC(P, S)

This feature is in Preview.

New resource types are now available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Cloud Redis
  • redis.googleapis.com/Instance

You can now store values for the smtp_password Airflow configuration option in Secret Manager.

Cloud SQL now offers faster maintenance, with connectivity dropping for less than 60 seconds on average.

Cloud SQL now offers faster maintenance, with connectivity dropping for less than 60 seconds on average.

Cloud SQL now offers faster maintenance, with connectivity dropping for less than 120 seconds on average.

String processing functions are now available in the text module of the Workflows standard library.

Maven, npm, and Python repositories are now in Preview.

Storage and network egress charges apply to all formats that are in Preview or are generally available.

Cloud Asset Inventory Console Preview is now publicly available. It enables you to see insights about Google Cloud footprint, details and history of resources, and provides powerful and easy filtering and search capabilities.

Both the Cloud SQL Java Connector and Cloud SQL Python Connector now support IAM Authentication for PostgreSQL.

Artifact Registry now supports Access Transparency. Access Transparency provides you with logs of actions that Google staff have taken when accessing your data. To learn more about Access Transparency, see the Overview of Access Transparency.

New resource types are now available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Cloud Bigtable
  • bigtableadmin.googleapis.com/AppProfile

N2D machine types are now available in us-west4-a , Las Vegas, Nevada. See VM instance pricing for details.

Anthos 1.7.2 is now available.

Updated components

• Anthos clusters on VMware release notes

• Anthos clusters on bare metal release notes

• Anthos clusters on AWS release notes

• Anthos Config Management release notes

Release 1.7.2

Anthos clusters on bare metal release 1.7.2 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.7.2 runs on Kubernetes 1.19.

M71 release

• Upgraded TensorFlow Probability, TensorFlow I/O, and TensorFlow Estimator in TensorFlow 2.5 containers.

M71 Release

• Refreshed the Debian-10 images (Ubuntu images not refreshed in this release).
• Upgraded TensorFlow Probability, TensorFlow I/O, and TensorFlow Estimator in TensorFlow 2.5 images.
• Added support for a Post Startup script and provided status in guest attributes.
• TensorFlow 2.x image names are now available in two formats: tf-xxx-2-y-zzz (the new standard format) tf2-xxx-2-y-zzz (the previous standard format). Image names in the previous standard format will be deprecated in a future release.

Transfer Appliance offers the Transfer Appliance Cloud Setup Application. The application prompts for several settings, and uses the information you provide to configure your Google Cloud permissions, preferred Cloud Storage bucket, and Cloud KMS key for your transfer.

Publishing services and accessing published services using Private Service Connect is now available in Preview.

Chronicle Automated GCP Log Ingestion

Google Cloud customers can now send logs directly to their Chronicle account. Customers can send both Cloud Audit and Cloud DNS logs. See Ingesting GCP Logs in to Chronicle for more information.

A JSON editor has been integrated with the dashboard page. In addition to using the JSON editor to change the contents of the dashboard, you can save the current dashboard definition to a local system, and you can upload a dashboard definition to your Google Cloud project. For more information, see Managing dashboards through the Cloud Console.

CloudSQL for MySQL now supports the MySQL flags expire_logs_days (for MySQL 5.6 and 5.7) and binlog_expire_logs_seconds (for MySQL 8.0). Note that if you enable point-in-time recovery, the expiration period of your binary logs will be determined by the lesser of your transaction log retention period and the value of these flags.

The logical replication and decoding functionality of PostgreSQL is available as a preview. These features enable logical replication workflows and change data capture workflows.

For more information, see Setting up logical replication and decoding.

Cloud SQL for PostgreSQL now supports the pg_similarity extension, which provides support for similarity queries in PostgreSQL.

Also, the default value for the database flag autovacuum_vacuum_cost_delay is changed to 2 milliseconds in PostgreSQL 9.6, 10 and 11.

The minor versions for various extensions have also been upgraded:

Preview: Access the Compute Engine API using Cloud Client Libraries built on our latest client library model. Updated client libraries are now available in the following languages:

• Java
• .NET
• Node.js
• PHP
• Python
• Ruby

For more information, see Compute Engine client libraries.