Google Cloud release notes

Added support for MonitoringService resource.

Added support for MonitoringServiceLevelObjective resource.

Added support for NetworkConnectivityHub resource.

Added support for OSConfigOSPolicyAssignment resource.

Added support for RecaptchaEnterpriseKey resource.

Added support for regional ComputeSSLCertificate resource.

Added support for resourceID field for SecretManagerSecretVersion resource.

Traffic Director support for Client Status Discovery Service (CSDS) API is now in General Availability. The CSDS API enables you to see which clients are connected to Traffic Director and to inspect the configuration that Traffic Director generates for its clients. For more information, see Understanding Traffic Director client status.

Vertex AI TensorBoard is generally available (GA).

Anthos clusters on VMware 1.7.6-gke.6 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.7.6-gke.6 runs on Kubernetes v1.19.15-gke.1900.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.9, 1.8, and 1.7.

Added ability to create private clouds that contain a single node for testing and proofs of concept with VMware Engine.

Note that VMware Engine deletes private clouds that contain only 1 node after 60 days, and a private cloud must contain at least 3 nodes to be eligible for coverage based on the SLA.

Anthos clusters on VMware 1.8.5-gke.3 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.5-gke.3 runs on Kubernetes v1.20.9-gke.701.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.9, 1.8, and 1.7.

Release 1.8.6

Anthos clusters on bare metal 1.8.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.8.6 runs on Kubernetes 1.20.

The Go 1.16 runtime for App Engine standard environment is now generally available.

The NodeJS 16 runtime for App Engine standard environment is now generally available.

Cloud Functions is now available in the following region:

us-west1 (Oregon)

See Cloud Functions Locations for details.

When you make an internal TCP/UDP load balancer the next hop of a static route, the route can have instance tags (also called network tags).

In addition, there are two different ways to specify the next hop:

• Forwarding rule's name and the load balancer's region
• Internal IP address of the forwarding rule.

This feature is now available in General availability.

For more information, see the following pages:

• Internal TCP/UDP load balancers as next hops
• Creating the static routes that define the load balancers as the next hops

Note that this feature isn't supported in the Console. To configure the route with network tags, use gcloud or the API.

Managed Anthos Service Mesh now supports Certificate Authority (CA) Service. To install managed Anthos Service Mesh with CA Service, see Configure managed Anthos Service Mesh.

Managed Anthos Service Mesh now supports GKE Autopilot as a preview feature in the Rapid Channel. For more information, see Configure managed Anthos Service Mesh with asmcli x.

The following extensions in Cloud SQL for PostgreSQL are generally available:

• auto_explain. Enables you to automatically log execution plans of slow statements, for troubleshooting and more. Provides an automated way to perform the functionality of the EXPLAIN command.
• pg_cron. A cron-based job scheduler, this extension enables cron syntax to schedule commands from a database.
• pg_hint_plan. Enables you to improve PostgreSQL execution plans using hints, which are simple descriptions in SQL comments.
• pg_proctab. Enables you to use pg_top with Cloud SQL for PostgreSQL, and generate reports from the operating system process table.

Security Command Center has launched Mute Findings in general availability.

Mute Findings is a powerful volume management feature that lets you create filters to automatically hide or suppress current and future findings based on criteria you specify. The feature can save you time from reviewing or responding to security findings for assets that are isolated, fall within acceptable business parameters, or aren't relevant to your organization based on your company's policies.

To learn more, see Mute findings in Security Command Center.

The autopackaging feature of the gcloud ai custom-jobs create command is generally available (GA). Autopackaging lets you use a single command to run code on your local computer as a custom training job in Vertex AI.

The gcloud ai customs-jobs local-run command is generally available (GA). You can use this command to containerize and run training code locally.

Workflows can be scheduled through the Workflows page in the Cloud Console.

Anthos clusters on VMware 1.9.2-gke.4 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.2-gke.4 runs on Kubernetes v1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.9, 1.8, and 1.7.

Cloud Monitoring now supports dashboard-wide grouping and filtering. For more information, see Dashboard-wide filters.

Cloud NAT rules is now available in General Availability.

M86 release

• Upgraded all Ubuntu 18.04 LTS Deep Learning Container images to Ubuntu 20.04 LTS (see What is an Ubuntu LTS release?).
• Released PyTorch/XLA 1.10.
• Upgraded TensorFlow Enterprise image to the latest patch version: 2.6.2
• Deprecated CUDA 10.x environments.
• Locked JupyterLab version to 3.2.

M86 release

• Upgraded all Ubuntu 18.04 LTS Deep Learning VM images to Ubuntu 20.04 LTS (see What is an Ubuntu LTS release?).
• Released PyTorch/XLA 1.10.
• Upgraded TensorFlow Enterprise image to the latest patch version: 2.6.2
• Deprecated CUDA 10.x environments.
• Locked JupyterLab version to 3.2.

Runtime version 2.7 is now available. You can use runtime version 2.7 to serve online predictions with TensorFlow 2.7.0, scikit-learn 1.0, or XGBoost 1.4.2. Runtime version 2.7 does not support batch prediction.

See the full list of updated dependencies in runtime version 2.7.

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Assured Workloads
  • assuredworkloads.googleapis.com/Workload
• DocumentAI
  • documentai.googleapis.com/ProcessorVersion

Dataproc is now available in the southamerica-west1 region (Santiago, Chile).

Dialogflow CX Phone Gateway now supports call transfer.

Dialogflow CX webhooks now support custom CA certificates.

Dialogflow CX now supports agent backup.

The following functions have been added:

• sys.sleep_until — Suspends execution until the given time
• time.format — Formats timestamp as a human-readable string
• time.parse — Parses ISO 8601-compatible string into a timestamp

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Vertex AI
  • aiplatform.googleapis.com/PipelineJob

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• BigQuery
  • bigquery.googleapis.com/Model
• Google Kubernetes Engine
  • apps.k8s.io/Deployment
  • apps.k8s.io/ReplicaSet
  • batch.k8s.io/Job

Cloud Bigtable is available in the southamerica-west1 (Santiago) region. For more information, see Bigtable locations.

The following new region is now available: southamerica-west1.

Support for southamerica-west1 (Santiago) region.

Support for southamerica-west1 (Santiago) region.

Support for southamerica-west1 (Santiago) region.

Santiago region (southamerica-west1) launched.

New location for storing your data.

Cloud VPN is now available in region southamerica-west1 (Santiago, Chile).

Pricing is available on the Cloud VPN pricing page.

Generally available: You can now configure N2, N2D, and C2 VMs with up to 100 Gbps of network bandwidth.

This feature is ideal for network-intensive, distributed workloads such as high-performance computing (HPC), machine learning (ML), and deep learning (DL).

Learn more about high-bandwidth network configurations, and the regions and zones where these VMs are available.

Generally available: Santiago, Chile, South America southamerica-west1-a,b,c region has launched with E2, N2, and C2 VMs in all three zones. See VM instance pricing for details.

Dataflow is now available in Santiago (southamerica-west1).

The southamerica-west1 region in Santiago, Chile is now available.

Google Cloud Managed Service for Prometheus is now available in Preview.

Pub/Sub is now available in southamerica-west1 (Santiago).

For auto mode VPC networks, added a new subnet 10.194.0.0/20 for the Santiago southamerica-west1 region. For more information, see Auto mode IP ranges.

Release 1.7.6

Anthos clusters on bare metal 1.7.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.7.6 runs on Kubernetes 1.19.

Release 1.9.2

Anthos clusters on bare metal 1.9.2 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.9.2 runs on Kubernetes 1.21.

Artifact Registry repositories with gcr.io domain support are now available in Preview. These gcr.io repositories provide some features that are backwards-compatible with Container Registry.

Cloud Load Balancing introduces a new version of the external HTTP(S) load balancer. The new global external HTTP(S) load balancer with advanced traffic management capabilities contains many of the features of our existing classic HTTP(S) load balancer, but with an ever-growing list of traffic management capabilities such as weighted traffic splitting, request mirroring, outlier detection, fault injection, and so on.

For details on the new load balancer, see:

• External HTTPS(S) Load Balancing overview
• Load balancer features (External HTTP(S) > Global)
• Setting up a global external HTTP(S) load balancer
• Traffic management for global external HTTP(S) load balancers

This load balancer is available in Public Preview.

Generally available: You can now monitor health state change logs for VM instances in a managed instance group when you use application-based health checking.

Generally available: N2D machine types running on third generation AMD EPYC Milan processors. These machine types are only available in specific regions and zones. See VM instance pricing for details.

Generally available: T2D Tau machine types are available in select regions and zones. Tau T2D VMs offer excellent price-performance for a wide range of scale-out workloads. See VM instance pricing for details.

Private Service Connect with Dataproc Metastore is available in Preview.

Traffic Director service security for GKE is now in General Availability. This provides the following:

• Authentication and encryption using transport layer security (TLS) and mutual TLS (mTLS) for both Traffic Director with Envoy and proxyless gRPC applications. Server TLS policies and client TLS policies control whether services need to prove their identities to each other and use encrypted communication channels.

• Authorization, based on characteristics of the client and the request. Authorization policies control whether a service is permitted to access another service, and which actions are allowed. Authorization is currently available only for Traffic Director with Envoy.

For more information, see the service security documentation and setup guides.

General availability for the following integration:

• Contact Center AI Insights

BigQuery now supports authorized datasets (General Availability).

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Cloud Resource Manager Tags
  • cloudresourcemanager.googleapis.com/TagKey
  • cloudresourcemanager.googleapis.com/TagValue
• Cloud OS Config
  • osconfig.googleapis.com/VulnerabilityReport

Firebase App Check now supports the Firestore iOS and Android SDKs.

Private Service Connect endpoints used to access a managed service are now automatically registered with Service Directory. This feature is available in General Availability.

Converting a single-region legacy network to a custom mode VPC network is now available in Preview.

Access Approval supports Organization Policy Service in Preview stage.

Access Transparency supports Organization Policy Service in GA stage.

You can now view the project-scoped log entries for all projects in a metrics scope on a custom dashboard. For more information, see View logs on a dashboard.

Generally available: You can now use the gcloud command-line and the OS Config API to get inventory and vulnerability report data for your VMs in a specific zone. For more information, see Viewing operating system details.

Added support for PrivateCACertificateTemplate resource.

Added support for ConfigControllerInstance (Alpha) resource.

Added fields spec.nodeConfig.guestAccelerator[].gpuPartitionSize and spec.workloadIdentityConfig.workloadPool to ContainerCluster resource.

Added field spec.nodeConfig.guestAccelerator[].gpuPartitionSize to ContainerNodePool resource.

Released the Read Replicas (Preview) feature for Memorystore for Redis. For more details, see Read replicas.

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Metastore
  • metastore.googleapis.com/Service
  • metastore.googleapis.com/MetadataImport
  • metastore.googleapis.com/Backup

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Metastore
  • metastore.googleapis.com/Service
  • metastore.googleapis.com/MetadataImport
  • metastore.googleapis.com/Backup

Cloud IDS is now in General Availability.

VMware Engine nodes are now available in the following additional zone:

• Frankfurt, Germany: europe-west3-2

The following scripting statements have been added to Google Standard SQL for BigQuery.

• CASE: Executes the first list of SQL statements where a boolean expression is TRUE.
• CASE search_expression: Executes the first list of SQL statements where the search expression matches a WHEN expression.
• LABELS: Provides an unconditional jump to the end of the block or loop associated with a label.
• REPEAT: Repeatedly executes a list of SQL statements until the boolean condition at the end of the list is TRUE.
• FOR...IN: Loops over every row in a table expression.

These features are generally available (GA).

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Monitoring
  • monitoring.googleapis.com/AlertPolicy

Cloud Run support for referencing Secret Manager Secrets is now at general availability (GA).

For GKE Autopilot clusters, Spot Pods are now available in Preview. Spot Pods let you run fault-tolerant workloads at lower costs.

Vertex AI Pipelines is generally available (GA).

The following INFORMATION_SCHEMA views now support a DDL column. The value of the column is the DDL statement that can be used to create the resource.

• ROUTINES
• SCHEMATA
• TABLES

This feature is generally available (GA).

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Service Management
  • servicemanagement.googleapis.com/ManagedService
• Certificate Authority Service
  • privateca.googleapis.com/CaPool
  • privateca.googleapis.com/CertificateAuthority
  • privateca.googleapis.com/CertificateRevocationList
  • privateca.googleapis.com/CertificateTemplate

You can now save a copy of a chart from the Observability tab on Compute Engine's VM instance details page to one of your custom dashboards. To save a copy of the chart, select Add to Custom Dashboard from the More Options menu on the chart. You then select a new or existing custom dashboard, and have the option of renaming the new copy of the chart.

You can now save a copy of a chart from the Observability tab on Compute Engine's VM instance details page to one of your custom dashboards. To save a copy of the chart, select Add to Custom Dashboard from chart option. You then select a new or existing custom dashboard, and have the option of renaming the new copy of the chart.

M85 Release

• Regular package refreshment and bug fixes.

M85 Release

• CUDA 11.3 Debian-10 image is available.
• Regular package refreshment and bug fixes.

Speech-to-Text has launched two new medical speech models, which are tailored for recognition of words that are common in medical settings. See the medical models documentation for more details.

Cloud Data Fusion version 6.5.1 is now available. This release is in parallel with the CDAP 6.5.1 release .

GA: Cloud Data Fusion now supports Customer-Managed Encryption Keys (CMEK), which provides user encryption control over the data written to Google internal resources in tenant projects, and data written by Cloud Data Fusion pipelines. The list of supported plugins has also expanded.

You can now collect Apache Web Server metrics from the Ops Agent, starting with version 2.7.0. For more information, see Monitoring third-party applications: Apache Web Server.

You can now collect Redis metrics from the Ops Agent, starting with version 2.7.0. For more information, see Monitoring third-party applications: Redis.

M84 Release

• TensorFlow Enterprise 2.7 is now available with CUDA 11.3 support. Note that this TensorFlow Enterprise version does not include Long Term Version Support.

M84 Release

• TensorFlow Enterprise 2.7 is now available with CUDA 11.3 support. Note that this TensorFlow Enterprise version does not include Long Term Version Support.

The following procurement processors are now publicly accessible:

• Expense Parser
• Invoice Parser

We have release a new version of the Document OCR Processor called Google default next. This version changes the distribution of confidence scores in the response. You have 90 days from today to test the new model before the changes are applied to the Google default version . After that event, the original version will still be available for another 90 days as legacy. For more information about using different versions of the processor, see Managing processor versions.

TensorFlow Enterprise 2.7 is now available with CUDA 11.3 support. Note that this TensorFlow Enterprise version does not include Long Term Version Support.

Managed Anthos Service Mesh now supports Multi-project with shared VPC in the Rapid Release Channel. For more information, see Configure managed Anthos Service Mesh.

Managed Anthos Service Mesh now supports private GKE clusters with private control plane. This means that all types of private GKE clusters are supported. For more information, see Environments on the Supported features page.

Airflow 2.1.4 is available in Cloud Composer images.

It is now possible to determine the base resource validation level using the projects.locations.datasets.fhirStores.patch method.

You can now create an alerting policy from the alert chart dialog on a custom dashboard, and you can create an alerting policy by converting a chart on custom dashboard to an alert chart. For more information, see Alert charts.

Time to live (TTL) reduces storage costs, improves query performance, and simplifies data retention by automatically removing unneeded data based on user-defined policies.

Added support for memberFrom in IAMPartialPolicy.

DATA_READ and DATA_WRITE Data Access audit logs are now supported at the General Availability release level. See Datastore audit logging information.

Preview launch of the following languages in Dialogflow CX:

Afrikaans, Amharic, Azerbaijani, Belarusian, Bulgarian, Bosnian, Catalan, Cebuano, Corsican, Czech, Welsh, Greek, Esperanto, Estonian, Basque, Persian, Frisian, Irish, Scots Gaelic, Galician, Gujarati, Hausa, Hebrew, Hmong, Croatian, Haitian Creole, Hungarian, Armenian, Igbo, Icelandic, Javanese, Georgian, Kazakh, Khmer, Kannada, Kurdish, Kyrgyz, Latin, Luxembourgish, Lithuanian, Latvian, Malagasy, Maori, Macedonian, Malayalam, Mongolian, Maltese, Nepali, Chichewa, Odia, Punjabi, Pashto, Kinyarwanda, Sindhi, Slovak, Slovenian, Samoan, Shona, Somali, Albanian, Serbian, Sesotho, Sundanese, Swahili, Tajik, Turkmen, Tatar, Uyghur, Urdu, Uzbek, Xhosa, Yiddish, Yoruba, Zulu

DATA_READ and DATA_WRITE Data Access audit logs are now supported at the General Availability release level. See Firestore audit logging information.

You can now use image streaming in GKE to reduce image pull time and improve overall application startup and autoscaling performance. For more information, see Use image streaming to pull container images.

Storage Transfer Service now offers Preview support for agent pools. You can use agent pools to create isolated groups of agents as a source or sink entity in a transfer job. This enables you to transfer data from multiple data centers and filesystems concurrently, without creating multiple projects for a large transfer spanning multiple filesystems and data centers.

Vertex Explainable AI Preview support available for AutoML image classification models

Vertex Explainable AI offers Preview support for the following model type:

• AutoML image classification

Egress settings for Serverless VPC Access are now generally available. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings for Serverless VPC Access are now generally available. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings for Serverless VPC Access are now generally available. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings for Serverless VPC Access are now generally available. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings for Serverless VPC Access are now generally available. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings for Serverless VPC Access are now generally available. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings for Serverless VPC Access are now generally available. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings for Serverless VPC Access are now generally available. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings for Serverless VPC Access are now generally available. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

You can now attest HSM keys using certificate chains via gcloud command-line tool, Cloud Console, or Cloud KMS API. See Verifying attestations to learn more.

Using interactive shells to inspect training jobs is generally available (GA).

You can use these interactive shells with VPC Service Controls.

BigQuery now supports parameterized types. The following parameterized types are supported:

• STRING(L)
• BYTES(L)
• NUMERIC(P) / NUMERIC(P, S)
• BIGNUMERIC(P) / BIGNUMERIC(P, S)

This feature is generally available GA.

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Google Kubernetes Engine
  • networking.k8s.io/NetworkPolicy

Cloud Composer is now available in Singapore (asia-southeast1).

Using interactive shells to inspect custom training jobs is generally available (GA).

You can use these interactive shells with VPC Service Controls.

Cloud Asset Inventory Console is now generally available.

This release enables you to view the following information for your Cloud deployment, using powerful search capabilities and easy filtering.

• Details and history of resources and IAM policies
• Machine type statistics
• Policy statistics
• Insights of your Cloud footprint
• IAM policies as a whole, or scoped to individual IAM policies' details

Learn more about searching resources and searching policies in the console.

Prioritized attribution for your resource-based committed use discounts (CUDs) is now Generally Available.

You can now specify how your credits and, where appropriate, the subscription fees from your resource-based committed use discounts are distributed among your Google Cloud projects.

Learn about how you can allocate your commitments.

Cloud Load Balancing announces a significant increase in the URL map limits for External and Internal HTTP(S) Load Balancing. The new limits let you scale to a much higher number of services behind a single load balancer.

For example, URL maps for external HTTP(S) load balancers can now support up to 1000 host rules. The total size of the URL map is constrained to 64KB for External HTTP(S) Load Balancing and 128KB for Internal HTTP(S) Load Balancing

For the updated list of limits see, URL map limits

You can now collect Cassandra metrics from the Ops Agent, starting with version 2.6.0. For more information, see Monitoring third-party applications: Cassandra.

You can now allocate up to 16GiB of memory to your Cloud Run services.

Committed use discount recommender now automatically generates recommendations to purchase Cloud Run committed use discounts based on historical usage.

List Object V2 is generally available (GA).

Document Translation for Cloud Translation - Advanced (v3) is now Generally Available (GA) and includes the following enhancements:

• Right to left language support for PDFs
• Preserves font size, font color, font style, and hyperlinks for native PDFs only
• Batch document translation requests support PDF to DOCX conversions for native PDFs only

Added support for the ComputeServiceAttachment resource.

config-connector command cli print-resources now includes a column listing whether it supports of related IAM resources.

Added the following new Apache Spark properties to control Cloud Storage flush behavior for event logs for 1.4 and later images:

• spark.history.fs.gs.outputstream.type (default: BASIC)
• spark.history.fs.gs.outputstream.sync.min.interval.ms (default: 5000ms).

Note: The default configuration of these properties enables the display of running jobs in the Spark History Server UI for clusters using Cloud Storage to store spark event logs.

Added support in 1.5 and 2.0 images to filter Spark Applications on the Spark History Server Web UI based on Cloud Storage path. Filtering is accomplished using the eventLogDirFilter parameter, which accepts any Cloud Storage path substring and will return applications that match the Cloud Storage path.

Storage Transfer Service now offers Preview support for exporting data from Cloud Storage to a POSIX file system. You can use this bidirectional data movement capability to move data in and out of Cloud Storage, on-premises clusters, and edge locations including Google Distributed Cloud. For more information, see Download data from Cloud Storage.

Added PHP code samples.

AutoML Action Recognition: The Streaming API is a Beta feature of Video Intelligence API for real-time versions of several capabilities such as object tracking and label detection. This current launch adds streaming support for AutoML Action Recognition models. Customers can now specify their own custom AutoML model when performing action recognition on a stream.

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• BigQuery
  • bigquery.googleapis.com/Model
• Cloud SQL
  • sqladmin.googleapis.com/BackupRun

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Cloud SQL
  • sqladmin.googleapis.com/BackupRun
• Artifact Registry
  • artifactregistry.googleapis.com/Repository
• Cloud Bigtable
  • bigtableadmin.googleapis.com/AppProfile
  • bigtableadmin.googleapis.com/Backup

• The following PostgreSQL minor versions and extension versions are now available. If you use maintenance windows, you might not yet have these versions. In this case, you will see the new versions after your maintenance update occurs. To find your maintenance window or manage maintenance updates, see Finding and setting maintenance windows.
  • 9.6.22 is upgraded to 9.6.23.
  • 10.17 is upgraded to 10.18.
  • 11.12 is upgraded to 11.13.
  • 12.7 is upgraded to 12.8.
  • 13.3 is upgraded to 13.4.
• The hll extension is upgraded to 2.16.
• The pglogical extension is upgraded to 2.4.0.
• The pg_partman extension is upgraded to 4.5.1.
• The pg_repack extension is upgraded to 1.4.7.

The django-spanner plugin is now available, enabling you to use Cloud Spanner as a backend database for the Django Web framework. For more information, see Django ORM with Cloud Spanner.

Generally available: VMware Engine integration with Google Cloud's operations suite using a standalone metrics and logs agent. The agent brings syslog messages and metrics from vCenter and vSAN to Google Cloud's operations suite, where you can set up your own dynamic alerts on over 50 metrics and leverage pre-built dashboards.

For details about this feature, see Setting up Cloud Monitoring with a standalone agent.

The table snapshots feature is now generally available (GA). It includes a Cloud Console interface and support for creating a table snapshot in a different project from its base table.

Recommendations for spend-based committed use discounts (CUDs) are now Generally Available.

You can use these recommendations to optimize your project costs by analyzing your spending trends and signing up for committed use discounts. Recommendations are supported for Cloud Billing accounts billed in US Dollars (USD).

Learn about commitment recommendations.

Generally available: Schedule-based autoscaling for managed instance groups now lets you configure schedules without having another autoscaling signal.

M83 release

• PyTorch 1.10 is now available.

M83 release

• PyTorch 1.10 is now available.

Support for VPC Service Controls is now generally available (GA).

Connectivity Tests now supports private IP addresses outside of the RFC 1918 address space. For more information, see Connectivity Tests overview.

A built-in environment variable, GOOGLE_CLOUD_SERVICE_ACCOUNT_NAME, is now supported to access the service account name for a workflow execution.

Anthos clusters on VMware 1.8.4-gke.1 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.4-gke.1 runs on Kubernetes v1.20.9-gke.701.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.9, 1.8, and 1.7.

Anthos clusters on VMware 1.7.5-gke.0 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.7.5-gke.0 runs on Kubernetes v1.19.12-gke.2101.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.9, 1.8, and 1.7.

SQL column-level encryption using Cloud Key Management Service (KMS) is now generally available (GA), letting you encrypt keysets within AEAD encryption functions.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Vertex AI
  • aiplatform.googleapis.com/MetadataStore
• Dialogflow
  • dialogflow.googleapis.com/Agent
  • dialogflow.googleapis.com/LocationSettings

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Dialogflow
  • dialogflow.googleapis.com/Agent
  • dialogflow.googleapis.com/LocationSettings

Cloud Run now supports network file systems such as NFS, NDB, 9P, CIFS/Samba, and Ceph, as well as Cloud Filestore and Cloud Storage FUSE. (Available in public preview.)

Cloud Run now supports a new second generation execution environment that provides full Linux compatibility rather than system call emulation. This execution environment provides better performance and the ability to use network file systems. (Available in public preview.)

In GKE version 1.22 and later, GKE cluster autoscaler and node auto-provisioning will support working on empty (zero node) clusters, and will support scaling down nodes with pods requesting local storage.

Release 1.9.1

Anthos clusters on bare metal 1.9.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.9.1 runs on Kubernetes 1.21.

Cloud SQL now supports the max_pred_locks_per_page and max_pred_locks_per_relation flags. For information about the Cloud SQL implementation of these flags, see Supported flags.

M82 release

• Released CUDA11.3 container images.
• The Vertex SDK for Python is available across all deep learning environment products; it was previously available only in TensorFlow images.

M82 Release

• The Vertex SDK for Python is available across all deep learning environment products; it was previously available only in TensorFlow images.

For Credential Access Boundaries, you can now use updated authentication libraries for Go, Java, Node.js, and Python to automatically exchange OAuth 2.0 access tokens for downscoped tokens.

For details, see Exchange and refresh the access token automatically.

Migrate VMs using UEFI firmware. Using UEFI firmware you can enable Secure Boot migration details.

BigQuery Omni, a multi-cloud analytics solution, is now generally available.

Bidirectional Forwarding Detection (BFD) for Cloud Router is available in Preview.

Added support for ComputeFirewallPolicyRule resource.

Added support for FilestoreBackup and FilestoreInstance resources.

Added connectionTrackingPolicy field to ComputeBackendService.

Added ipv6AccessConfig, ipv6AccessType and stackType fields to ComputeInstance.

Added ipv6AccessConfig, ipv6AccessType and stackType fields to ComputeInstanceTemplate.

Added ipv6AccessType, stackType, externalIpv6Prefix, ipv6CidrRange fields to ComputeSubnetwork.

Added nodeConfig.workloadMetadataConfig.mode; deprecated nodeConfig.workloadMetadataConfig.nodeMetadata in ContainerCluster.

Added serviceAccountRef field to CloudBuildTrigger.

Added monitoringConfig, dnsConfig and loggingConfig fields to ContainerCluster.

Added importOnly field to KMSCryptoKey.

Added disabled field to IAMServiceAccount.

Added gcsDataSink.path and gcsDataSource.path fields to StorageTransferJob.

The following detectors for unsafe Google Groups changes are generally available (GA):

• Credential Access: Privileged Group Opened To Public
• Credential Access: Sensitive Role Granted To Hybrid Group
• Credential Access: External Member Added To Privileged Group

For more information, see Unsafe Google Groups changes.

Vertex ML Metadata is generally available (GA).

Release 1.8.5

Anthos clusters on bare metal 1.8.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.8.5 runs on Kubernetes 1.20.

Cloud Bigtable app profile cluster groups let you route an app profile's traffic to a subset of an instance's clusters. This feature is generally available (GA).

Preview: You can now configure up to 48 vCPUs and 312 GB memory on virtual machine (VM) instances that have a single T4 GPU attached.

For more information, see Network bandwidths and GPUs.

For GKE Autopilot clusters, CMEK for boot disks and CMEK for application-layer encryption is now generally available.

For GKE Autopilot clusters, Google Groups for RBAC is now generally available.

Traffic Director with internet NEGs of the type INTERNET_FQDN_PORT is now in General Availability. For full details, see Traffic Director with internet network endpoint groups.

Anthos clusters on VMware 1.9.1-gke.6 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.1-gke.6 runs on Kubernetes v1.21.5-gke.400.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.9, 1.8, and 1.7.

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Cloud OS Config
  • osconfig.googleapis.com/PatchDeployment
• Container
  • k8s.io/Service
• Vertex AI
  • aiplatform.googleapis.com/BatchPredictionJob
  • aiplatform.googleapis.com/CustomJob
  • aiplatform.googleapis.com/DataLabelingJob
  • aiplatform.googleapis.com/Dataset
  • aiplatform.googleapis.com/Endpoint
  • aiplatform.googleapis.com/HyperparameterTuningJob
  • aiplatform.googleapis.com/Model
  • aiplatform.googleapis.com/SpecialistPool
  • aiplatform.googleapis.com/TrainingPipeline

You can now collect MySQL logs from the Ops Agent, starting with version 2.5.0. For more information, see Collecting logs from third-party applications: MySQL.

You can now collect Redis logs from the Ops Agent, starting with version 2.5.0. For more information, see Collecting logs from third-party applications: Redis.

You can now collect Cassandra logs from the Ops Agent, starting with version 2.5.0. For more information, see Collecting logs from third-party applications: Cassandra.

Dialogflow ES V2 API now supports regionalization.

New wrap-v2-buildpack experimental command available.

Known issue: some buildpacks (ex: https://github.com/cloudfoundry/java-buildpack) produce directories that do not work with the pack CLI.

Added support for kubectl explain to inspect Kf CRDs.

Traffic Director security service with GKE is now in General Availability for gRPC proxyless services. The changes in this release include:

• Support for the Certificate Authority Service GA API, using CA pools instead of individual CAs.
• Promoting the network-services and network-security CLI/APIs to general availability.
• Security is enabled by default in gRPC libraries and the gRPC PSM bootstrap generator.
• Cloud Logging enhancements to aid in debugging run-time errors and conflicts.
• Support for proxyless gRPC and Envoy interoperability with security enabled.
• Config Connector support for proxyless gRPC security.
• Use of the new --enable-mesh-certificates GKE flag.
• Support for the GA version (security.cloud.google.com/v1) of WorkloadCertificateConfig and TrustConfig in GKE.
• Wallet example upgraded to use PSM security .

General availability for the following integration:

• reCAPTCHA Enterprise

Release 1.7.5

Anthos clusters on bare metal 1.7.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.7.5 runs on Kubernetes 1.19.

Dialogflow CX change history is now available from the API.

Dialogflow CX now provides a continuous testing and deployment preview feature.

Cloud Composer 2 supports Airflow web server plugins.

Cloud Composer is now available in Oregon (us-west1).

Dialogflow CX has a new feature for side-by-side flow version comparison.

Contract DocAI (Preview) released

The Contract parser is now available.

v.4.11.7 Security updates available. See Migrate for Compute Engine Downloads for downloads and upgrade instructions.

GA (general availability) launch of the following languages in Dialogflow CX:

• Arabic
• Bengali
• Filipino
• Finnish
• Malay
• Marathi
• Romanian
• Sinhala
• Tamil
• Telugu
• Vietnamese

GA (general availability) launch of the following languages in Dialogflow ES:

• Bengali
• Filipino
• Finnish
• Malay
• Marathi
• Romanian
• Sinhala
• Tamil
• Telugu
• Vietnamese

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• App Engine Memcache
  • memcache.googleapis.com/Instance
• Filestore
  • file.googleapis.com/Instance
  • file.googleapis.com/Backup

You can now assign request tags and transaction tags in your application code to easily troubleshoot query performance, transaction latency, and lock contentions by correlating introspection statistics to application code.

Cloud EKM keys can now be used to encrypt Cloud Storage data.

• Cloud EKM keys encrypt your Cloud Storage data in the same way as other customer-managed encryption keys.

Preview: Spot VMs are now available! Spot VMs are the latest version of preemptible VM instances. Use Spot VMs for fault-tolerant workloads to get a 60-91% discount over the price of standard VMs. Spot prices can change up to once a month to reflect the underlying supply and demand. Like preemptible VMs, Spot VMs are available for all machine types, regions, and zones.

Preemptible VMs continue to be supported for new and existing VMs, and preemptible VMs now use the same pricing model as Spot VMs. However, Spot VMs provide new features that are not supported for preemptible VMs. For example, preemptible VMs can only run for up to 24 hours at a time, but Spot VMs do not have a maximum runtime.

Learn more about Spot VMs and preemptible VMs.

All new VMware Engine private clouds now deploy with VMware vSphere version 7.0 Update 2 and NSX-T version 3.1.2. Existing private clouds will be upgraded to vSphere version 7.0 Update 2 and NSX-T version 3.1.2 over a period of time in October 2021.

See Service announcements for more details on the contents of this upgrade.

Generally available: vSAN data encryption for data at rest now uses keys generated by Cloud Key Management Service for all new private clouds.

For details about this feature, see About vSAN encryption.

You can now use workload identity federation with any SAML 2.0-compatible identity provider. This feature is in Preview.

Event Threat Detection, a built-in service of Security Command Center Premium, launched an integration with Chronicle that lets you perform advanced analysis of threat findings.

The integration lets you seamlessly send findings to Chronicle, a Google Cloud service that you can use to investigate threats and pivot through related actions and events in a unified timeline. Chronicle enriches Event Threat Detection findings, helping you identify indicators of interest and simplify investigations.

To learn more about Chronicle, see Chronicle overview. For instructions on sending Event Threat Detection findings to Chronicle, see Investigate findings in Chronicle.

The BigQuery Storage Write API is now generally available (GA). The Storage Write API combines the functionality of high-throughput streaming ingestion and batch loading into a single API.

The data profiler for BigQuery is available in Preview. For more information, see Data profiles for BigQuery data.

The PostgreSQL interface is available in Preview, making the capabilities of Spanner accessible from the PostgreSQL ecosystem. The release supports a subset of the PostgreSQL SQL dialect, including core data types, functions, and operators. Applications can connect using updated Spanner drivers for JDBC, Java, Go, and Python. Starting initially with psql, community tools can connect using PGAdapter, a sidecar proxy that implements the PostgreSQL wire protocol. Sign up for the preview today.

Preview: Third generation Intel Xeon Scalable Processor (Ice Lake) N2 VMs are now available in select regions and zones. These new N2 VMs are offered at the same price as existing N2 VMs on second generation Intel Xeon Scalable Processors.

M81 release

• Upgraded R to 4.1.

M81 release

• Upgraded R to 4.1.
• Improved Cloud Storage sync logic so that only newer files sync.

Spot VMs on GKE is now available in Preview.

Using Private Service Connect to publish services that are hosted on the backends of an internal HTTP(S) load balancer is now Generally Available.

Accessing published services using a Private Service Connect endpoint is now available from on-premises hosts that are connected to a VPC network using Cloud VPN. This feature is available in Preview.

Preview: Tau T2D VMs are now available in select regions and zones. T2D VMs are ideal for a wide variety of workloads in a cloud-native environment. See VM instance pricing for details.

Access Approval is now GA for Cloud SQL. Access Approval enables you to require explicit approval before Google Support may access your database for support purposes.To learn about access approval, see Overview of Access Approval. To set up access approval now, see the Access Approval Quickstart.

Access Approval is now GA for Cloud SQL. Access Approval enables you to require explicit approval before Google Support may access your database for support purposes.To learn about access approval, see Overview of Access Approval. To set up access approval now, see the Access Approval Quickstart.

Access Approval is now GA for Cloud SQL. Access Approval enables you to require explicit approval before Google Support may access your database for support purposes.To learn about access approval, see Overview of Access Approval. To set up access approval now, see the Access Approval Quickstart.

Runtime version 2.6 is available. You can use runtime version 2.6 to train with TensorFlow 2.6, scikit-learn 0.24.2, or XGBoost 1.4.2. Runtime version 2.6 supports training with CPUs, GPUs, or TPUs.

See the full list of updated dependencies in runtime version 2.6.

asmcliis generally available for new installations and upgrades of Anthos Service Mesh. You can use asmcli to:

• Install the Anthos Service Mesh in-cluster control plane

• Configure managed Anthos Service Mesh

• Add Compute Engine virtual machines to Anthos Service Mesh

• Set up a multi-cluster mesh on non-private GKE clusters

• Set up a multi-cluster mesh outside Google Cloud

The in-cluster control plane is supported on the on the following platforms using asmcli:

• GKE clusters in a single project
• GKE clusters in multiple projects
• Anthos clusters on VMware
• Anthos on bare metal
• Anthos clusters on AWS
• Amazon EKS

Note: Upgrades from Anthos Service Mesh 1.7 on EKS to Anthos Service Mesh 1.11 aren't supported. You will need to set up a new EKS cluster to install Anthos Service Mesh 1.11.

asmcli requires clusters to be registered with a fleet. asmcli can automatically register a cluster as long as it meets the requirements specified in fleet requirements. asmcli does not support automatic fleet registration for GKE 1.22 clusters, which must be registered manually before installation.

The Anthos Service Mesh integration with Certificate Authority Service (CA Service) is generally available. You can use CA Service as the certificate authority for signing mutual TLS certificates. See Configure Anthos Service Mesh to use CA Service for details.

You can now collect Apache httpd logs from the Ops Agent, starting with version 2.4.0. For more information, see Collecting logs from third-party applications: Apache httpd.

The Ops Agent now supports collecting logs from the systemd-journald service, starting with Ops Agent version 2.4.0. For information on configuring the systemd_journald receiver, see Configuring the Ops Agent: Logging receivers.

You can now specify the statistics package for the query optimizer to use, to ensure predictability in your query plans.

Document AI is now generally available (GA) in the following new locations:

• europe-west2
• northamerica-northeast1

You must request access to use the new locations. For more information, see Regional and multi-regional support.

The following resource types are now publicly available through the resource search API (SearchAllResources), policy search API (SearchAllIamPolicies), and Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning) : + Eventarc + eventarc.googleapis.com/Trigger

Python Client for Cloud Composer version 1.0.0 is released. You can use this library to interact with Cloud Composer API from Python.

Turbo replication is a premium feature designed to provide inter-region replication for newly written objects within 15 minutes.

This feature is now available in Preview.

Fit assessment tool now in GA

The migration fit assessment tool has moved from the Public Preview to General Availability. The migrate fit assessment tool helps users assess their workloads' fit for containerization. The provides users with detailed technical insights and a fit score per workload. The HTML fit assessment report enables users to easily share assessment data offline. The JSON file report allows them to view their assessment directly on the cloud console.

Security Health Analytics, a built-in service of Security Command Center, released new detectors in general availability.

The following detectors, available only in Security Command Center's Premium tier, detect vulnerabilities in your Google Kubernetes Engine clusters and expand the number of detectors that support the CIS Google Kubernetes Engine (GKE) Benchmark v1.0.0:

• ALPHA_CLUSTER_ENABLED: Alpha cluster features are enabled for a GKE cluster.
• BINARY_AUTHORIZATION_DISABLED: Binary Authorization is disabled on a GKE cluster.
• CLUSTER_SECRETS_ENCRYPTION_DISABLED: Application-layer secrets encryption is disabled on a GKE cluster.
• CLUSTER_SHIELDED_NODES_DISABLED: Shielded GKE nodes are not enabled for a cluster.
• INTEGRITY_MONITORING_DISABLED: Integrity monitoring is disabled for a GKE cluster.
• INTRANODE_VISIBILITY_DISABLED: Intranode visibility is disabled for a GKE cluster.
• NODEPOOL_SECURE_BOOT_DISABLED: Secure Boot is disabled for a GKE cluster.
• RELEASE_CHANNEL_DISABLED: A GKE cluster is not subscribed to a release channel.

For more information, see Container vulnerability findings. To learn how to remediate vulnerabilities, see Remediating Security Health Analytics findings

Vertex Feature Store is generally available (GA).

You can now specify a release or snapshot version policy for Maven repositories when you create them. You cannot change the version policy of an existing repository. Repositories created before availability of this feature accept both snapshot and release packages.

BigQuery Migration Service is now in Preview. It includes the following features:

• Interactive SQL Translator
• Batch SQL Translator

Cloud Bigtable provides a CPU utilization by app profile, method, and table metric that gives you more granular observability into the cluster's CPU usage. This metric is generally available (GA).

GKE version 1.20.8-gke.2100 or later offers a Preview of a fully managed metric collection pipeline to scrape Prometheus-style metrics exposed by any GKE workload and send those metrics to Cloud Monitoring for dashboards, alerts, and SLOs. Compared to the Prometheus Stackdriver sidecar, this new pipeline is easy to set up, allows filtering to control cost, supports larger clusters, is fully managed, supports Autopilot and horizontal Pod autoscaling, and offers better pricing. Get started with GKE workload metrics.

Preview: Newly deployed services are now automatically configured to use nip.io as the default domain, providing immediate access to each of your services without configuration. The nip.io default domain is only available through Cloud Run for Anthos fleet installations. Existing services in your fleet that use the previous example.com default domain are automatically upgraded to use the new nip.io domain. Learn more about test domains.

Cloud SQL now supports the ability for you to specify IP CIDR ranges from your VPC network for your Cloud SQL instances allowing you to manage your IP address space better. For more information, see Allocated IP address ranges. To start using this feature now, see Configuring private IP for a new instance.

GKE version 1.20.8-gke.2100 or later offers a Preview of a fully managed metric collection pipeline to scrape Prometheus-style metrics exposed by any GKE workload and send those metrics to Cloud Monitoring for dashboards, alerts, and SLOs. Compared to the Prometheus Stackdriver sidecar, this new pipeline is easy to set up, allows filtering to control cost, supports larger clusters, is fully managed, supports Autopilot and horizontal Pod autoscaling, and offers better pricing. Get started with GKE workload metrics.