Google Cloud release notes

The following release notes cover the most recent changes over the last 30 days. For a comprehensive list, see the individual product release note pages .

You can see the latest product updates for all of Google Cloud on the Google Cloud release notes page.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

November 25, 2020

Cloud Monitoring

If you created Slack notification channels after October 25, 2020, your channels are not receiving notifications. For information about resolving this issue, see Adding the Monitoring app to a Slack channel.

Istio on Google Kubernetes Engine

Upgrading the cluster to GKE versions 1.17 and higher causes the built-in ingress gateway to be unavailable for approximately 5 minutes during the upgrade process. We recommend installing and managing separate user-defined gateways to avoid this issue, as described in Adding gateways.

SAP on Google Cloud

New SAP certifications: For SAP NetWeaver, the following Compute Engine virtual machine types that use the AMD CPU platform are certified by SAP:

  • n2d-highmem-48
  • n2d-highmem-64
  • n2d-highmem-80
  • n2d-highmem-96
  • n2d-standard-48
  • n2d-standard-64
  • n2d-standard-80
  • n2d-standard-96

For more information, see N2D general-purpose machine types.

You can now automate the deployment of SAP HANA in a SUSE Linux Enterprise Server high-availability (HA) cluster that uses the recommended TCP internal load balancer implementation for the virtual IP address.

For more information, see Automated deployment of Linux high-availability clusters for SAP HANA.

The sap_hana_ha/template.yaml file that is provided by Google Cloud to deploy SAP HANA in a SLES high-availability cluster that uses a virtual IP address (VIP) with an alias-IP implementation is deprecated.

As a replacement, use the new sap_hana_ha_ilb/template.yaml file that uses a TCP internal load balancer for the VIP, as described in Automated SAP HANA HA deployment on SLES with load-balancer VIP implementation.

The deprecated template and the corresponding documentation, Automated SAP HANA SLES HA deployment with alias-IP VIP implementation, will continue to be available for at least 12 months from today.

November 24, 2020

Compute Engine

New sole-tenant node types:

  • GA:

    • c2-node-60-240
    • m1-node-160-3844
    • m2-node-416-11776
    • n2-node-80-640
    • n2d-node-224-896
  • Beta:

    • m1-node-96-1433
Dialogflow

The Dialogflow CX test cases feature is now launched and documented.

Identity and Access Management

IAM Conditions: Starting on February 26, 2021, if a permission check encounters an unsupported attribute in a conditional role binding, it will never interpret that part of the condition as granting access.

To prevent access issues, limit the scope of conditions when necessary, especially if a condition checks the resource.name attribute.

November 23, 2020

BigQuery ML

BigQuery ML integration with AI Platform for Boosted Tree models is now generally available (GA). For more information, see the following documentation:

BigQuery ML integration with AI Platform for Deep Neural Network (DNN) models is now generally available (GA). For more information, see CREATE MODEL statement for Deep Neural Network (DNN) models.

Exporting BigQuery ML models to Cloud Storage and using them for online prediction is now generally available (GA). For more information, see Exporting models and the EXPORT MODEL statement.

Cloud Composer

Cloud Composer is now available in Los Angeles (us-west2).

Config Connector

Config Connector version 1.31.0 is now available

Added support for the ComputeTargetGRPCProxy resource

Added support for the ResourceManagerLien resource

Fixed issue where IAMPolicyMember and IAMPolicy resources cannot be deleted if an invalid configuration is applied (such as referencing a non-existent resource)

Fixed issue where notificationConfig.pubsub.topicRef was not usable

Google Cloud VMware Engine

Beginning in the middle of December 2020, VMware Engine will upgrade the VMware stack from version 6.7 to 7.0 and the NSX-T stack from version 2.5 to 3.0. Users affected by this upgrade will receive an email with planned maintenance dates and times.

For details about the upgrade and steps to prepare, see Service announcements.

November 20, 2020

Cloud Composer

Composer version 1.12.5 or newer: File synchronization between buckets in Domain restricted sharing compliant environments has been improved. If your environment was created before November 20, 2020 you must upgrade your environment to access this feature

Compute Engine Dialogflow

The Dialogflow Messenger integration is now implemented for Dialogflow CX.

Agent Validation is now implemented for Dialogflow CX.

Network Intelligence Center

Firewall Insights is available in General Availability.

November 19, 2020

Cloud Build

Users can now transfer Cloud Build metrics to BigQuery through the BigQuery notifier, a new open-source notifier.

Cloud Functions

Cloud Functions has added support for a new runtime, .NET, in Preview. This runtime is based on .NET Core 3.1.

Cloud SQL for MySQL

Cloud SQL for MySQL now supports retention settings for automated backups. You can configure retention of your automated backups for shorter or longer periods (1 to 365 days). The default setting remains 7 days.

Cloud SQL for MySQL now supports retention settings for point-in-time recovery. You have the option of retaining logs, used for point-in-time recovery, for shorter periods (1 to 7 days). The default setting is 7 days.

Cloud SQL for PostgreSQL

Cloud SQL for PostgreSQL now supports retention settings for automated backups. You can configure retention of your automated backups for shorter or longer periods (1 to 365 days). The default setting remains 7 days.

Cloud SQL for PostgreSQL now supports retention settings for point-in-time recovery. You have the option of retaining logs, used for point-in-time recovery, for shorter periods (1 to 7 days). The default setting is 7.

Cloud SQL for SQL Server

Cloud SQL for SQL Server now supports retention settings for automated backups. You can configure retention of your automated backups for shorter or longer periods (1 to 365 days). The default setting iremains 7 days.

Private Catalog

Private Catalog launches an updated Cloud Console experience for cloud admins. The updates include more options for managing access control, sharing catalogs, and bulk editing solutions.

November 18, 2020

App Engine standard environment PHP

The PHP7.4 runtime for the App Engine standard environment are now generally available.

App Engine standard environment Ruby

The Ruby 2.6 and 2.7 runtimes for the App Engine standard environment are now generally available.

Filestore

Filestore now supports access over VPN. With this new capability, you can mount Filestore file shares on an on-premises client, as well as clients on a remote VPC. To learn how to set up a VPN connection with Cloud VPN, see Creating an HA VPN gateway to a Peer VPN gateway.

Pub/Sub

Pub/Sub message filtering is now available in GA.

November 17, 2020

BigQuery

BigQuery column-level security is now generally available. Policy tags can be replicated across locations. For more information, see Introduction to BigQuery column-level security.

Compute Engine

You can now use security keys as a 2-step verification method when connecting to VMs using OS Login. For more information, see Setting up OS Login with 2-step verification.

November 16, 2020

AI Platform (Unified)

Preview release

AI Platform (Unified) is now available in Preview.

For more information, see the product documentation.

Anthos

Anthos 1.5.2 is now available.

Updated components:

Anthos GKE on-prem

Anthos GKE on-prem 1.5.2-gke.3 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.5.2-gke.3 clusters run on Kubernetes 1.17.9-gke.4400.

GKE Data Plane V2 Preview is now available.

  • GKE Data Plane V2 is a new programmable data path that enables Google to offer new network security features like Network Policy Logging and Node Network Policy.

Binary Authorization for GKE on-prem 0.2.1 is now available.

  • Binary Authorization for GKE on-prem 0.2.1 adds a proxy side cache that caches AdmissionReview responses. This can improve the reliability of the webhook.

Fixes:

  • Fixed false warning in gkectl check-config for admin cluster for manual load balancing category.
  • Updated Istio Ingress (Kubernetes) Custom Resource Definitions (CRDs) to use v1beta1.
  • Fixed issue where GKE on-prem upgrade is stuck because of Cloud Run for Anthos on-prem pods crash looping.
Artifact Registry

Artifact Registry is now generally available. To learn about transitioning from Container Registry, see the transition overview.

Cloud Functions

Cloud Functions now supports  Node.js 12 at the General Availability release level.

Cloud Monitoring

A new dashboard editor is available in Preview. The new editor lets you create and edit all dashboard widget types, including gauges, scorecards, and text boxes. With mosaic-mode, you can resize and reposition widgets. The configuration tabs - Basic, Advanced, MQL - let you choose how you want to configure your widgets. For more information, see Custom dashboards.

Cloud Run for Anthos

Cloud Run for Anthos on Google Cloud version 0.18.0-gke.5 is now available for following GKE minor version:

  • 1.17
  • 1.18
  • 1.19

Authentication failures when image tags used during private container image deployment from Artifact Registry. Learn more

Compute Engine

N2D machine types are now available in us-west1-a, The Dalles, Oregon. See VM instance pricing for pricing details.

Dataproc

New sub-minor versions of Dataproc images: 1.3.77-debian10, 1.3.77-ubuntu18, 1.4.48-debian10, 1.4.48-ubuntu18, 1.5.23-debian10, 1.5.23-ubuntu18, 2.0.0-RC19-debian10, and 2.0.0-RC19-ubuntu18.

Image 2.0 preview

  • Upgraded Hue to version 4.8.0
VPC Service Controls

General availability support for the following integration:

November 13, 2020

Cloud Logging

You can now use the Share link button in the Logs Explorer to create and share a shortened URL of your current query. For more information, see Using the Logs Explorer.

November 12, 2020

AI Platform Deep Learning VM Image

M59 release

  • Miscellaneous bug fixes.
  • tensorflow_enterprise_addon package is renamed to tensorflow-cloud
Anthos Service Mesh

Anthos Service Mesh, Mesh CA and the Anthos Service Mesh dashboards in Google Cloud Console are now available for any GKE customer and do not require the purchase of Anthos. See pricing for details.

There are slight changes to the behavior of Google Cloud Console for customers who use Anthos Service Mesh without an Anthos subscription. See details here.

Added a shell script to automate Anthos Service Mesh installation and migration from Istio and the Istio on GKE add-on. For details, see the following guides:

App Engine flexible environment Go

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

App Engine flexible environment Java

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

App Engine flexible environment Node.js

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

App Engine flexible environment PHP

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

App Engine flexible environment Python

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

App Engine flexible environment Ruby

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

App Engine standard environment Go

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

App Engine standard environment Java

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

App Engine standard environment Node.js

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

App Engine standard environment PHP

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

App Engine standard environment Python

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

App Engine standard environment Ruby

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer. This feature is now generally available.

Compute Engine

The VM instance details page for Compute Engine now displays Memory Utilization and Disk Space Utilization charts. In addition, a new Monitor VM Instances link lets you go directly to the VM instances dashboard in Cloud Monitoring.

Identity and Access Management

IAM Conditions now provides resource attributes for Pub/Sub Lite. You can use these resource attributes to grant access to a subset of your Pub/Sub Lite subscriptions and topics.

Istio on Google Kubernetes Engine

Migrations from the 1.6 version of the add-on to Anthos Service Mesh 1.7 or 1.6 using a Google-provided script is available. For details see Upgrading to Istio 1.6 with Operator

Traffic Director

Traffic Director now supports multi-environment deployments. The hybrid connectivity network endpoint group (NEG) is in General Availability. The documentation includes an overview of the feature and a tutorial, Network edge services for multi-environment (on-premises, multi-cloud) deployments.

November 11, 2020

AI Platform Prediction

The following regional endpoints are now generally available for online prediction, in addition to the regional endpoints that were already available:

  • us-east1-ml.googleapis.com
  • us-east4-ml.googleapis.com
  • us-west1-ml.googleapis.com
  • northamerica-northeast1-ml.googleapis.com
  • europe-west1-ml.googleapis.com
  • europe-west2-ml.googleapis.com
  • europe-west3-ml.googleapis.com
  • asia-northeast1-ml.googleapis.com
  • asia-southeast1-ml.googleapis.com
  • australia-southeast1-ml.googleapis.com

On some of these regional endpoints, you can use GPUs to accelerate prediction. Learn which types of GPUs are available on which regional endpoints.

Pricing for online prediction varies between regional endpoints. Read about the pricing for each regional endpoint.

Cloud Billing

Cost table report now includes invoice header information and project-level taxes.

The cost table report presents a detailed, tabular view of your monthly costs for a given invoice or statement. The cost table has been updated to include invoice or statement header information that is viewable in the cost table page as well as downloadable to CSV.

Additionally, the cost table report now breaks out your tax costs by each project. Prior to this update, your tax costs were listed at the end of the cost table as a row for each type of tax incurred, aggregated for the whole invoice or statement. To view the details of your tax costs, in the cost table, look for rows with a Cost type: Tax and SKU description: description and percentage of tax (for example, PST/QST/RST (9.975%) or State sales tax (4.71%)).

For information on using the cost table report to view and analyze the details of your invoice or statement, refer to the Cost table reports documentation.

Cloud Build

Cloud Build now enables you to create triggers that you can invoke manually through the Cloud Console. To learn how to create and run manual triggers, see Creating manual triggers.

Cloud Data Loss Prevention

PERSON_NAME, FIRST_NAME, LAST_NAME, MALE_NAME and FEMALE_NAME infoType detectors are now available in all regions.

Cloud Functions

Cloud Functions now supports Python 3.8 at the General Availability release level.

Compute Engine

Compute-optimized (C2) machine types are now available in Hong Kong, asia-east2, in all three zones. For pricing information, see VM instance pricing.

Data Catalog

Data Catalog is now available in Singapore (asia-southeast1).

Dataflow

Dataflow now supports Interactive Notebooks in GA.

November 10, 2020

Cloud Healthcare API

The following methods have been added to update or view the storage information for your DICOM data: * projects.locations.datasets.storageOptions.setBlobStorageSettings sets the storage class for all instances in a study. * projects.locations.datasets.storageOptions.getStorageInfo displays the storage details for the instances in a DICOM store.

Cloud Load Balancing

External TCP/UDP Network Load Balancing is now supported with backend services. Compared to the target pool backend, a backend service gives you more fine-grained control over your load balancer, including access to features such as connection draining, failover policies, and support for managed instance groups as backends.

Network load balancers with a backend service can also use health checks that match the traffic (TCP, SSL, HTTP, HTTPS, or HTTP/2) they are distributing.

To get started, see:

This feature is available in Preview.

Config Connector

Config Connector version 1.30.0 is now available.

Added support for the MonitoringAlertPolicy resource.

Added maintenancePolicy field to ComputeNodeGroup.

Added exclusions field to LoggingLogSink.

Added authEnabled field to RedisInstance.

Added interface field to ComputeDisk.

Added mtu field to ComputeNetwork.

Added privateIpv6GoogleAccess field to ComputeSubnetwork.

Added confidentialNodes field to ContainerCluster.

Added skipInitialVersionCreation field to KMSCryptoKey.

Added "Immutable." to CRD descriptions for immutable fields in IAMPolicy, IAMPolicyMember, IAMAuditConfig.

Added more field descriptions.

Fixed bug where DataflowJob would fail to create if zone is unspecified even if region is specified.

Fixed bug in operator where ConfigConnector was not being re-enqueued for reconciliation when there is an error during reconciliation.

November 09, 2020

Cloud Billing Cloud Build

Cloud Build allows you to specify git operations in your build configuration file and run your file using the git repository cloned onto your workspace. The cloned repository can exceed 500 MB.

Cloud Composer
  • New versions of Cloud Composer images: composer-1.13.0-airflow-1.10.6, composer-1.13.0-airflow-1.10.9, composer-1.13.0-airflow-1.10.10, and composer-1.13.0-airflow-1.10.12. The default is composer-1.13.0-airflow-1.10.10. Upgrade your Cloud SDK to use features in this release.
  • Airflow 1.10.12: api-auth_backend is now set to airflow.api.auth.backend.deny_all by default. To use the experimental REST API, change the api-auth_backend configuration override to airflow.api.auth.backend.default.
  • Airflow 1.10.12 is now available for Cloud Composer.
  • The GKE release channel is set to STABLE for new and upgraded Composer environments.
  • The following Cloud Composer versions have been deprecated:
    • Composer-1.7.2
    • Composer-1.7.3
    • Composer-1.7.4
    • Composer-1.7.5
    • Composer-1.7.6
    • Composer-1.7.7
    • Composer-1.8.0
Cloud Monitoring

Monitoring Query Language (MQL) adds Preview support for macros. For more information, see MQL macros.

Cloud Run for Anthos

Cloud Run for Anthos on Google Cloud version 0.18.0-gke.4 is now available for following GKE minor version:

  • 1.18
  • 1.19

Events for Cloud Run for Anthos version 0.17.0-gke.105 is now available for the following GKE minor version:

  • 1.18
  • 1.19
Cloud Spanner

A new multi-region instance configuration is now available in North America - nam8 (Los Angeles/Oregon/Salt Lake City).

Compute Engine

Identify resources like persistent disks, IP addresses, and custom disk images that aren't in use. Viewing and applying idle resources recommendations can help reduce unused resources and reduce your Compute Engine bill. This feature is Generally available.

Compute-optimized (C2) machine types are now available in Sydney, Australia, australia-southeast1-c. For pricing details, see VM instance pricing.

Dataproc

Clusters that use Dataproc Metastore must be created in the same region as the Dataproc Metastore service that they will use.

New sub-minor versions of Dataproc images: 1.3.76-debian10, 1.3.76-ubuntu18, 1.4.47-debian10, 1.4.47-ubuntu18, 1.5.22-debian10, 1.5.22-ubuntu18, 2.0.0-RC18-debian10, and 2.0.0-RC18-ubuntu18.

Image 2.0 preview

Fixed a bug where the Jupyter optional component depended on the availability of GitHub at cluster creation time.

Storage Transfer Service

Storage Transfer Service support for specifying an end time to scheduling transfer jobs is in Preview.

November 06, 2020

Cloud Bigtable

The default data points used for disk load charts on the Cloud Bigtable Monitoring page have changed to reflect the maximum for a displayed alignment period. Previously, data points on the charts reflected the mean for the alignment period. This change ensures that charts clearly show the peaks that are important for monitoring the health of a Cloud Bigtable instance. Disk load charts are only applicable for HDD clusters.

Cloud Logging

By using the new gcloud command and API for live tailing, you can now stream your logs in real time as your applications write them to the Cloud Logging API. To learn more, see Live tailing log entries.

Config Connector

Config Connector version 1.29.0 is now available.

Field descriptions now document immutability.

DataflowJob labels are now mutable.

SAP on Google Cloud

New SAP certifications: SAP has certified the following operating systems for SAP HANA on Google Cloud:

  • Red Hat Enterprise Linux 7.7
  • Red Hat Enterprise Linux 8.1
  • SUSE Linux Enterprise Server 15 SP2

See Certified operating systems for SAP HANA.

November 05, 2020

Cloud Healthcare API

The Cloud Healthcare API offers single-region support in the europe-west6 (Zurich, Switzerland) region.

Cloud Logging

Beta release: You can set the region in which you want to store your logs data. For information about this feature, refer to the Regionalization documentation.

Cloud Monitoring

Enhancements to the VM Details page. A new Event Timeline shows important events as bars on a timeline. Hovering over any event bar displays summary information about the event and provides a link to the Incident Details page for the event.

Cloud SQL for PostgreSQL

PostgreSQL version 13 is now generally available. To start using PostgreSQL 13, see Creating instances.

Dataflow

Dataflow now supports Dataflow Shuffle, Streaming Engine, FlexRS, and the following regional endpoints in GA:

  • us-west2 (Los Angeles)
  • southamerica-east1 (São Paulo)
  • europe-west6 (Zurich)
  • asia-south1 (Mumbai)

Pub/Sub I/O metrics in the Dataflow and Cloud Monitoring UIs may be unavailable for Dataflow jobs using Streaming Engine.

November 04, 2020

Cloud Build

Users can now build containers without a Dockerfile or a Cloud Build config file using Cloud Native Buildpacks.

Cloud CDN

Added a new tutorial for configuring Cloud CDN with a serverless app: Setting up Cloud CDN with Cloud Run, Cloud Functions, or App Engine

Dialogflow

Dialogflow CX now supports the same languages as Dialogflow ES.

Since October 2020, Dialogflow ES no longer automatically creates service accounts upon agent creation. Some service accounts may still be automatically created once you continue working with an agent.

Transfer Appliance

Transfer Appliance version 4.0 is released.

VPC Service Controls

Preview support for the following integration:

November 03, 2020

Anthos Service Mesh

1.7.3-asm.6 is now available

Anthos Service Mesh 1.7 is compatible with and has the feature set of Istio 1.7, subject to the list of Anthos Service Mesh supported features.

Added support for on-premises secure key management, provided by Thales Luna HSM 7+ and Hashicorp Vault.

Added a shell script to automate Anthos Service Mesh installation and migration from Istio 1.6. See the installation guide for details.

Added revision label support to sidecar injection for greater control over various scenarios, such as canary upgrades and more.

The beta validation tool asmctl is retired and the lessons learned are built into the new, streamlined Anthos Service Mesh install script.

If you use unsupported Istio features in your Anthos Service Mesh deployment, see Istio upgrade notes for changes that might affect you.

November 02, 2020

Anthos Anthos GKE on AWS

Anthos GKE on AWS 1.5.1-gke.1 is now available and clusters run on 1.16.15-gke.701 and v1.17.9-gke.2801. To upgrade your clusters, perform the following steps:

Upgrade your Management service to 1.5.1-gke.1. Upgrade your user clusters to 1.16.15-gke.701 or v1.17.9-gke.2801

You can now use Private Google Access to provision images for your GKE on AWS environment. For more information, see spec.ubuntuRepositoryMirror in the AWSManagementService resource.

Bug fixes and performance improvements.

Anthos GKE on-prem

Anthos GKE on-prem 1.4.4-gke.1 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.4.4-gke.1 clusters run on Kubernetes 1.16.11-gke.11.

Fixes:

  • Updated Istio Ingress (Kubernetes) Custom Resource Definitions (CRDs) to use v1beta1.

Anthos GKE on-prem 1.3.5-gke.2 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.3.5-gke.2 clusters run on Kubernetes 1.15.12-gke.6400.

Fixes:

Cloud CDN

You can now configure cache modes, cache TTLs and set custom response headers in the Cloud Console, in addition to the existing gcloud and REST API support.

Secret Manager

Secret Manager support for Customer-Managed Encryption Keys (CMEK) is available to all customers via public preview.

Learn more at Enabling CMEK in Secret Manager.