Google Cloud release notes

Release 1.12.0

Anthos clusters on bare metal 1.12.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.0 runs on Kubernetes 1.23.

Improved cluster lifecycle functionalities:

• Upgraded Anthos clusters on bare metal to use Kubernetes version 1.23. 

• Upgraded container runtime to containerd 1.5.

• Updated preflight check to forward default SSH key if no key is provided.

• Added support for new GCPAccounts field in the cluster configuration file. This field enables the assignment of a cluster-admin role to end-users.

• Added labels to control plane, control plane load balancer, and load balancer node pools, so that these different node pools can be distinguished from each other.

• Added nodepool reference label to nodes so that worker nodes can be listed in the UI.

Observability:

• GA: Added Summary API metrics. These metrics are scraped from the Kubernetes Summary API and provide CPU, memory, and storage metrics for Pods, containers, and Nodes.

• Added separate flags to enable logging and monitoring for user applications separately: EnableCloudLoggingForApplications and EnableGMPForApplications. The legacy flag EnableStackdriverForApplications will be deprecated and removed in future releases.

• Preview: Added Google Cloud Managed Service for Prometheus to collect application metrics and monitor cluster health.

• Upgraded GKE Metrics Agent (gke-metrics-agent) from version 1.1.0 to 1.8.3. This tool scrapes metrics from each cluster node and publishes them in Cloud Monitoring.

• Added the following resource utilization metrics. For more information about these and other metrics, see View Anthos clusters on bare metal metrics:

  • container/cpu/request_utilization
  • container/cpu/limit_utilization
  • container/memory/request_utilization
  • container/memory/limit_utilization
  • node/cpu/allocatable_utilization
  • node/memory/allocatable_utilization
  • pod/volume/utilization

• Added sample dashboards for monitoring cluster health to Cloud Monitoring sample dashboards. Customers can install these dashboards with one click.



• Scoped down the RBAC permissions of stackdriver-operator, a component that performs logging and monitoring.

Security:

• AIS CA deprecation. AIS certs are now signed by cluster CA.

• Changed ca-rotation container image so that it uses a distroless rather than a Debian-based image.

• RBAC permissions of the cluster-operator component have been eliminated or reduced to address elevated permissions.

Networking:

• Preview: Enabled creation of IPv6 and Dual Stack LoadBalancer services. Border Gateway Protocol (BGP) is used for Dualstack clusters. Advertising IPv4 and IPv6 routes over IPv4 sessions is supported.

The BeyondCorp Enterprise client connector is now generally available. The client connector extends identity and context-aware access to non-web applications by creating a secure connection from endpoint devices to apps running in both Google Cloud and non-Google Cloud environments.

For more information, see Securing client-server applications.

You can now set the view field in the tables.get() API method to indicate which table information is returned. Setting the value to BASIC reduces latency by omitting some storage statistics.

Customers enrolled in Key Access Justifications will now see justifications listed in Cloud Audit Logs for Cloud KMS.

You can now collect Apache Flink logs from the Ops Agent, starting with version 2.17.0. For more information, see Monitoring third-party applications: Flink.

Query insights is now generally available. Query Insights helps you visually detect and identify query performance issues for Cloud Spanner databases. You can also dig deeper and analyse the query details to know the root cause of these issues.

To learn more, see Detect query performance issues with Query Insights.

Not-equal (!=), IN, and NOT_IN query filters now available in all client libraries:

• Java
• Python
• PHP
• Node.js
• C#
• Go
• Ruby

You can now give multiple containers time-shared access to the full compute resources of a single NVIDIA GPU accelerator. Time-sharing GPUs is generally available in GKE version 1.23.7-gke.1400 and later. For more information, refer to Time-sharing GPUs on GKE.

Expanded overwrite options are new generally available (GA). The overwriteWhen field can be used to specify whether data that already exists in the destination should be overwritten always, never, or only when ETags and checksum values indicate that the file has changed.

Metadata preservation options are now generally available (GA). This includes the option of preserving POSIX attributes and symlinks when transferring to, from, and between POSIX filesystems; as well as object ACLs, CMEK, temporary holds, and object creation time when transferring between Cloud Storage buckets.

See Metadata preservation for details.

Transfer Appliance now supports monitoring of the amount of data stored on your appliance, and whether online transfer is enabled, through Cloud Monitoring. See Monitor Transfer Appliance for details.

Cloud Bigtable now gives you the option to undelete a table for up to seven days from the time of deletion using the gcloud CLI. This feature is generally available (GA).

A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

The fix to the silent data corruption when using the CREATE INDEX CONCURRENTLY or REINDEX CONCURRENTLY SQL commands in PostgreSQL 14 (BUG #17485) is now available in the self-service maintenance release POSTGRES_14_2.R20220331.02_012 for PostgreSQL 14.2.

After applying the self service maintenance, you can fix any silent data corruption if it already happens using REINDEX CONCURRENTLY SQL command on the specific indexes, or reindexdb client command for your entire instance.

A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

Newly published documentation about the issuer switch features and API is available here: Issuer switch documentation

Vertex AI Forecasting is available in GA. The following features are available:

• Forecasting with ARIMA+
• Explainable AI for Forecasting
• Hierarchical Forecasting
• Model training with AutoML or Seq2Seq+
• Forecasting window configuration during model training
• Holiday effect modeling during model training

You can now enable platform logging for reCAPTCHA Enterprise API calls. For more information, see Working with platform logs.

Regional support for default pools and build triggers is now generally available. To learn more, see Cloud Build locations.

Cloud Composer supports Per-folder Roles Registration.

Cloud SQL for MySQL supports in-place major version upgrades in Preview. You can upgrade your instance's major version to a more recent version. For more information, see Upgrade the database major version in-place.

Object Lifecycle Management now supports new conditions and a new action.

• The MatchesPrefix and MatchesSuffix conditions allow you to restrict lifecycle actions to objects with specific prefixes and suffixes.

• The AbortIncompleteMultipartUpload action allows you to remove abandoned XML API multipart uploads.

GA: You can now use the SSH troubleshooting tool from the Cloud console to help you determine the cause of failed SSH connections. For more information, see SSH troubleshooting tool.

Support for Firebase Realtime Database is in Preview.

Support for schema extensions in Managed Microsoft AD is available for Preview. Learn how to extend the schema.

Cloud Bigtable is available in the us-east5 (Columbus) region. For more information, see Bigtable locations.

You can now collect Jetty metrics from the Ops Agent, starting with version 2.17.0. For more information, see Monitoring third-party applications: Jetty.

You can now view the configuration of charts on a dashboard while the dashboard is in read-only mode. For more information, see Show the chart configuration.

You can now create dual-stack clusters in GKE versions 1.24.1-gke.1000 and later. With dual-stack networking, GKE assigns an IPv4 and an IPv6 address to the cluster nodes and Pods. You can create dual-stack Services of type ClusterIP or NodePort. This feature is now available in Preview. For more information, see the Dual-stack networking.

Release 1.11.3

Anthos clusters on bare metal 1.11.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.3 runs on Kubernetes 1.22.

Apigee Integration trials

Starting with this release, Apigee Integrations is available in an Apigee Eval org which lets you try out the integrations feature without getting billed for the usage. For information, see Enable integrations in an eval org.

Updates to SetIntegrationRequest policy

The SetIntegrationRequest policy has the following updates:

• Support for ref attribute in the <Parameter>, <ParameterArray>, and <Value> elements. By using this attribute, you can assign flow variable values to the parameters.

• Empty  <Parameter> and <ParameterArray> elements are supported. However, if these elements are empty, Apigee treats the element value as null.

• Empty <Value> element is not supported. If the element is empty, Apigee reports an error.

The BI Engine preferred tables feature lets you limit BI Engine acceleration to a specified set of tables. This feature is now in preview.

CloudSQL for PostgreSQL now supports replication from an external server.

The PostgreSQL interface is now generally available, making the capabilities of Cloud Spanner accessible from the PostgreSQL ecosystem. It includes a core subset of the PostgreSQL SQL dialect, support for the psql command-line tool, native language clients, and integration into existing Google tools. For more information, see PostgreSQL interface.

Preview: You can now get cost insights in the Recommender API, and use them to detect anomalies in your costs. For example, you see a cost insight in the API if your costs for a day are significantly higher or lower than your typical daily costs.

• Learn about using cost insights to detect anomalies in your costs.
• Read an overview of insights in Recommender.

Private Service Connect supports publishing a service that is hosted on an internal TCP proxy load balancer in a service producer VPC network. The backends can be located in Google Cloud, in other clouds, in an on-premises environment, or any combination of these locations.

This feature is available in Preview.

Added the ability to sort by Name and Created fields in the Apps and Teams tables. Click the column heading to sort.

The Data Collectors UI is now generally available.

A search bar has been added to the new Proxy Editor Develop view. This lets you search for items within a proxy or sharedflow bundle.

Query queues are now available in preview for on-demand and flat-rate customers. When query queues are enabled, BigQuery automatically determines the query concurrency rather than setting a fixed limit. Flat-rate customers can override this setting with a custom concurrency target. Additional queries beyond the concurrency target are queued until processing resources become available.

You can enable an instance to publish to a subscriber that is external (or internal) to Cloud SQL. In this scenario, Cloud SQL for SQL Server can act as a publisher to an external subscriber. This functionality, which is generally available, uses transactional replication.

For more information, see Configure external replicas.

In Cloud SQL, you can use SQL Server Audit capabilities to track and log server-level and database-level events. This functionality is generally available.

For more information, see SQL Server database auditing.

The Dialogflow CX search feature is now GA (generally available).

Workflows can invoke private on‑premises, Compute Engine, Google Kubernetes Engine (GKE), or other Google Cloud endpoints that are Identity-Aware Proxy (IAP)-enabled.

Cloud Load Balancing introduces a new version of the external HTTP(S) load balancer. The new global external HTTP(S) load balancer with advanced traffic management capabilities contains many of the features of our existing classic HTTP(S) load balancer, but with an ever-growing list of traffic management capabilities such as weighted traffic splitting, request mirroring, outlier detection, fault injection, and so on.

For details on the new load balancer, see:

• External HTTPS(S) Load Balancing overview
• Load balancer features (External HTTP(S) > Global )
• Setting up a global external HTTP(S) load balancer
• Traffic management for global external HTTP(S) load balancers

This load balancer is available in General Availability.

Datastore now supports the not-equal (!=), IN and NOT_IN query filters. The filters are now available in the Google Cloud console and the following client libraries:

• Java
• Python
• PHP
• Node.js

A feature for protecting tag values from being deleted has launched into general availability. If a tag value has a tag hold, it cannot be deleted by users unless the tag hold is first deleted. For more information about tag holds, see Protecting tag values with tag holds.

Support for IAM resource-level policies for Vertex AI featurestore and entityType resources is available in Preview.

Anthos clusters on VMware 1.10.5-gke.26 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.5-gke.26 runs on Kubernetes 1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.

Preview: Windows VMs now support SSH connections from the gcloud CLI. For more information, see Connect to Windows VMs using SSH.

Datastream now supports the use of tags on its resources, which include private connectivity configurations, connection profiles, and streams. Tags are key-value pairs that you can apply to your Datastream resources for fine-grained access control. To learn more, see Access control with tags. To use tags, see Manage tags.

You can now order Transfer Appliance from the Cloud console, as well as view, track, and manage your orders and appliances. For more info, see the Order Transfer Appliance page.

Advanced networking capabilities for Bare Metal Solution -- Enables you to use the following features:

• Add multiple VLANs on the same bonded server interface.
• Configure multiple VLAN attachments over a Partner Interconnect connection to your Bare Metal Solution environment.
• Connect the Bare Metal Solution environment to more than one Virtual Private Cloud (VPC) in your Google Cloud project.
• Use network templates to enable a flexible network design of your choice, such as active/active and active/backup, to meet your needs for high availability, redundancy, and load balancing.

Deterministic encryption SQL functions are now generally available (GA). New AEAD encryption functions include DETERMINISTIC_ENCRYPT, DETERMINISTIC_DECRYPT_BYTES, and DETERMINISTIC_DECRYPT_STRING. These functions allow column-level encryption and decryption of data while supporting aggregation and table joins.

Added the complexDataTypeReferenceParsing field to the FHIR store resource, which lets you parse references within complex FHIR data types, such as FHIR extensions.

Confidential GKE Nodes is now generally available in GKE version 1.22 and later for stateful workloads using persistent disks, and in all GKE versions for stateless workloads. Use Confidential GKE Nodes to encrypt your workload data in-use through Compute Engine Confidential VMs.

Use a GraphQL schema to publish your APIs to an integrated portal.

For details, see:

• What is GraphQL schema
• GraphQL Explorer

You can now use the Cloud console to set up VPC service control perimeters to restrict access from BigQuery Omni to external clouds. You can also specify whether you want to grant read or write permission on your external resource. This feature is now generally available (GA).

You can now explore data in Data Studio by using links from your BigQuery query results in the Google Cloud Console. This feature is now generally available (GA).

Authorized networks support is now generally available (GA).

For enhanced security with built-in authentication, Cloud SQL now lets you set password policies at the instance level.

Generally Available: The image import tool now supports importing Windows Server 2022 images to Google Cloud.

Generally available: Optimize the distribution of VMs in sole-tenant node groups. For more information, see About manual live migration.

The following organization policy constraints to restrict resource creation of global security configuration have launched into general availability:

• Disable Creation of Cloud Armor Security Policies
• Disable Creation of global self-managed SSL Certificates
• Disable Global Load Balancing
• Disable Enabling Identity-Aware Proxy (IAP) on global resources
• Disable Enabling Identity-Aware Proxy (IAP) on regional resources

A new system variable, @@dataset_project_id, is now generally available. @@dataset_project_id allows you to set a default project where one is not specified for a dataset in your query. This variable is also available as a Connection Property.

Cloud DNS per resource IAM permissions are available in Preview.

You can now set up specific read, write, or administrator permissions for different managed zones under the same project.

The following extensions in Cloud SQL for PostgreSQL are generally available:

• pg_bigm. Enables full text search and allows a two-gram (bigram) index for faster full text search.
• refint. Enables the checking of foreign key restraints, the referencing table, and the referenced table.
• decoderbufs. A logical decoder that delivers output data as Protocol Buffers, adapted for Debezium.
• pg_wait_sample. Collects sampling statistics of wait events, providing wait event data for processes on servers.

Additionally, users with the cloudsqlsuperuser role have full access to the pg_largeobject system catalog.

Cloud SQL enables you to access to the pg_shadow view. You can use the pg_shadow view to work with the properties of roles that are marked as rolcanlogin in the pg_authid catalog.

For more information, see Access to the pg_shadow view.

Generally Available: Compute Engine can now use a maximum network packet size of 8896 when communicating between VMs on the same subnet. For details, see the maximum transmission unit overview.

Dataproc is now available in the us-south1 region (Dallas, Texas).

New Identity Processor (Preview)

The France Passport Parser is now available in limited preview.

GKE Node System Configuration now supports setting pod pid limits.

VPC networks now support jumbo frame MTUs within the same subnet. MTU can be set from 1300 to 8896. For details, see the maximum transmission unit overview.

Parallel steps are available in Preview.

Cloud SQL now supports faster machine type changes, with connectivity dropping to less than 60 seconds. For more information, see Impact of changing instance settings.

Cloud SQL now supports faster machine type changes, with connectivity dropping to less than 60 seconds. For more information, see Impact of changing instance settings.

Cloud SQL now supports faster machine type changes, with connectivity dropping to less than 60 seconds. For more information, see Impact of changing instance settings.

Commit timestamps enable a Cloud Spanner optimization that can reduce query I/O when retrieving data written after a particular time.

You can now easily identify clusters that use deprecated Kubernetes APIs removed in version 1.22. Kubernetes deprecation insights are now available in Preview.

Added support for customer-managed encryption keys (Preview) for Memorystore for Redis. For more details, see Customer-managed encryption keys.

Release 1.9.8

Anthos clusters on bare metal 1.9.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.9.8 runs on Kubernetes 1.21.

Audit logs for Maven, npm, and Python repositories are now available in Cloud Logging.

Cloud Data Fusion version 6.7.0 is in Preview. This release is in parallel with the CDAP 6.7.0 release.

Features in 6.7.0:

• Connection Management is generally available (GA).
• DNS Resolution is available in Preview. Cloud Data Fusion supports using domain or hostnames for sources instead of IP addresses for pipeline design-time activities, such as getting schema, wrangling, and previewing pipelines.
• Transformation Pushdown is generally available (GA) for JOIN operations. Several new transformations are available in Preview, including Group By and deduplicate aggregations. Added support for the BigQuery Storage Read API to improve performance when extracting data from BigQuery. For more information, see the Transformation Pushdown overview.
• Dataplex Source and Sink plugins are available in Preview as system plugins in Cloud Data Fusion. You no longer need to install the plugins.

The June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

The June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

The June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

Cloud Scheduler jobs that are paused can now be edited. See Create and configure cron jobs.

Added support for ServiceDirectoryNamespace and ServiceDirectoryService resources.

Added fields spec.maintenancePolicy and spec.maintenanceSchedule to MemcacheInstance resource.

Batch and interactive translation services are now generally available (GA), and include support for most major SQL dialects. This release also includes preview availability of SQL object name mapping and metadata extraction tools that you can use to increase the accuracy of your batch translation jobs.

Session affinity is now available for Cloud Run service revisions.

An addendum to the May maintenance changelog shows additional security patches. For more information, use the links at Maintenance changelog.

New maintenance versions are now available through self-service maintenance. See the maintenance changelog to learn more about these new maintenance versions.

An addendum to the May maintenance changelog shows additional security patches. For more information, use the links at Maintenance changelog.

An addendum to the May maintenance changelog shows additional security patches. For more information, use the links at Maintenance changelog.

Config Controller is now supported in region europe-west1, europe-west3 and australia-southeast2

Beta stage support for the following integration:

• AlloyDB

Cloud KMS is available in the following region:

us-south1

For more information, see Cloud KMS locations.

The following new region is now available: us-south1.

Support for us-south1 (Dallas).

Support for us-south1 (Dallas).

Support for us-south1 (Dallas).

You can create Cloud Spanner regional instances in Dallas (us-south1).

Cloud VPN is available in region us-south1 (Dallas, US).

Pricing is available on the Cloud VPN pricing page.

Generally available: Dallas, Texas us-south1-a,b,c has launched with E2 and N2 VMs available in all three zones.

See VM instance pricing for details.

Dataflow is now available in Dallas, Texas (us-south1).

Google Cloud Armor Threat Intelligence (Threat Intel) is available in public preview. Threat Intel lets you secure your traffic by allowing or blocking traffic to your HTTP(S) load balancers based on threat intelligence data. For more information, see Configuring Threat Intelligence.

The us-south1 region in Dallas, Texas is now available.

Pub/Sub is now available in us-south1 (Dallas, Texas).

General availability for the following integration:

• Migrate for Compute Engine

For auto mode VPC networks, added a new subnet 10.206.0.0/20 for the Dallas us-south1 region. For more information, see Auto mode IP ranges.

You can now attach Resource Manager tags to datasets. This feature is supported in Preview. Tags let you conditionally apply Identity and Access Management (IAM) policies to resources.

External TCP/UDP Network Load Balancing now supports load-balancing GRE traffic. To handle GRE protocol traffic, you set the load balancer's forwarding rule protocol to L3_DEFAULT and set the backend service protocol to UNSPECIFIED.

For details, see:

• Backend service-based external TCP/UDP Network Load Balancing overview

This feature is available in General Availability.

You can now create and edit Cloud Run jobs using the Cloud console.

Cloud Storage is now available in Dallas, Texas (us-south1 region).

Generally available: NVIDIA A100 GPUs are now available in the following additional regions and zones:

Las Vegas, Nevada, North America : us-west4-b

For more information about using GPUs on Compute Engine, see GPU platforms.

Preview: When you create VMs in bulk, you can now use the following new values with the TARGET_SHAPE flag:

• ANY: Use this value to place VMs in zones to maximize unused zonal reservations.
• BALANCED: Use this value to place VMs uniformly across zones.

Cluster lifecycle improvements

GA: You can use the Cloud console to create, update, and delete Anthos on VMware user clusters. For more information, see Create a user cluster in the Cloud console.

BigQuery Omni now supports Reservation and Access Control DCL. This feature is in Preview.

You can now add, edit, and remove alerting policy user labels by using the Cloud console when you use the preview alerting interface. To configure policy labels, edit the policy and go to the Notifications and name step. For more information, see Create an alerting policy.

Google Cloud Deploy is now available in the following region: australia-southeast1 (Syndey)

The basic tier for Translation Hub (a self-serve document translation service) is generally available (GA).

Release 1.10.5

Anthos clusters on bare metal 1.10.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.5 runs on Kubernetes 1.21.

Apigee X APIs for managing key value entries in a key value map scoped to an organization, environment, or API proxy are now available. For more information, see the Apigee API reference documentation.

Cloud Bigtable now provides increased observability by letting you identify and monitor hot tablets in a cluster. This feature is generally available (GA). To learn more, see Hot tablets.

Web server restarting is available in Preview in Cloud Composer 2.

IP Masquerade agent support is now generally available (GA) in Cloud Composer 1 and Cloud Composer 2.

When a FHIR resource is modified, the full contents of the FHIR resource can be sent in a Pub/Sub notification. For more information, see FHIR notifications containing FHIR data.

Forwarding rules for external TCP/UDP network load balancers can now be configured to direct traffic coming from a specific range of source IP addresses to a specific backend service (or target instance). This is called traffic steering.

For details, see:

• Network load balancer overview: Traffic steering
• Configure traffic steering

Added spec.pscTargetService field to ComputeRegionNetworkEndpointGroup.

Added spec.enableDynamicPortAllocation field to ComputeRouterNAT.

Added spec.maintenancePolicy.maintenanceExclusion[].exclusionOptions field to ContainerCluster.

Added spec.settings.activeDirectoryConfig field to SQLInstance.

Added spec.gateways field to NetworkServicesTCPRoute.

Dataproc is now available in the us-east5 region (Columbus, Ohio).

Support for VPC Service Controls is now available in General Availability.

Support for VPC Service Controls is now available in General Availability.

General availability for the following integrations:

• Firestore
• Firestore in Datastore mode

Workflows is now available in the europe-west8 (Milan, Italy) region.

VPC Service Controls, a Cloud-wide feature that helps mitigate the risk of data exfiltration, is available with AlloyDB.

Column-level data masking is now available in preview. You can use data masking to selectively obscure column data for groups of users, while still allowing access to the column. When you use data masking in combination with column-level access control, you can configure a range of access to column data, from full access to no access, based on the requirements of different groups of users.

Granular instance sizing is now generally available. You can now create production instances of fewer than 1000 processing units. To learn more, see Compute capacity, nodes and processing units.

Generally available: NVIDIA A100 GPUs are now available in the following additional regions and zones:

Seoul, South Korea, APAC : asia-northeast3-a,b

For more information about using GPUs on Compute Engine, see GPU platforms.

Dataproc is now available in the europe-southwest1 region (Madrid, Spain).

Dataproc is now available in the europe-west9 region (Paris, France).

Private cloud creation now uses the HCX Enterprise license level by default, enabling the following premium HCX features:

• HCX Replication Assisted vMotion (bulk, no-downtime migration)
• Migrations from KVM and Hyper-V to vSphere
• Traffic engineering
• Mobility groups
• Mobility-optimized networking

The Pub/Sub Java client library now supports gRPC compression to save networking costs before your publisher client sends out the publish request.

General availability for the following integration:

• Cloud Domains

A dedicated user interface is generally available (GA).

Support for backing up and restoring Managed Microsoft AD domains is generally available.

Cloud Spanner change streams capture and stream out inserts, updates, and deletes in near real-time—useful for analytics, archiving, and triggering downstream application workflows.

Add a new operator on companyDisplayNames filter to further support fuzzy match by treating input value as a multi word token

Add a new option TELECOMMUTE_JOBS_EXCLUDED under enum TelecommutePreference to completely filter out the telecommute jobs in response

Preview: You can now use the SSH troubleshooting tool from the Cloud console to help you determine the cause of failed SSH connections.

Config Controller is now supported in region northamerica-northeast2 and asia-northeast2

M93 Release

• Starting with this release, information on known vulnerabilities for Deep Learning Containers images is now available on Cloud Storage at gs://deeplearning-platform-release/vulnerabilities/. For example, container analysis reports for the M93 images are located at: gs://deeplearning-platform-release/vulnerabilities/m93/.

M93 Release

The compliances, exfiltration, and processes attributes were added to the Finding object.

• The compliances attribute provides details about security standards that are unmet.
• The exfiltration attribute provides details about the sources and targets of an exfiltration attempt.
• The processes attribute provides details about operating system processes relevant to a finding.

For more information, see the API documentation for the Finding object.

M93 Release

The M93 release of Vertex AI Workbench managed notebooks includes the following:

Anthos clusters on VMware 1.11.1-gke.53 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.1-gke.53 runs on Kubernetes 1.22.8-gke.200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.

Anthos clusters on VMware 1.10.4-gke.32 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.4-gke.32 runs on Kubernetes 1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.

Release 1.11.2

Anthos clusters on bare metal 1.11.2 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.2 runs on Kubernetes 1.22.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) , Feed API, and Search APIs (SearchAllResources and SearchAllIamPolicies):

• Cloud Run
  • run.googleapis.com/Execution
  • run.googleapis.com/Job
• API Keys
  • apikeys.googleapis.com/Key

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Certificate Authority Service
  • privateca.googleapis.com/Certificate

Added new database metrics: a metric that shows the total limit of database connections, and a metric for the number of active database connections.

Regional external and regional internal HTTP(S) load balancers now support regional SSL policies. SSL policies give you the ability to control the features of SSL that your Google Cloud load balancers negotiate with clients.

For details, see:

• SSL policies overview
• Using SSL policies

This feature is in Preview.

You can now collect IIS logs and additional metrics from the Ops Agent, starting with versions 2.14.0 (logs) and 2.15.0 (additional metrics). For more information, see Monitoring third-party applications: IIS.

You can now collect Varnish logs and metrics from the Ops Agent, starting with versions 2.16.0 (logs) and 2.15.0 (metrics). For more information, see Monitoring third-party applications: Varnish.

You can now collect Active Directory Domain Services logs and metrics from the Ops Agent, starting with version 2.15.0. For more information, see Monitoring third-party applications: Active Directory Domain Services.

You can now collect Jetty logs from the Ops Agent, starting with version 2.16.0. For more information, see Monitoring third-party applications: Jetty.

You can now configure an uptime check to validate a specific JSONpath. For more information, see Validate response data.

You can now collect IIS logs and additional metrics from the Ops Agent, starting with versions 2.14.0 (logs) and 2.15.0 (additional metrics). For more information, see Monitoring third-party applications: IIS.

You can now collect Varnish logs and metrics from the Ops Agent, starting with versions 2.16.0 (logs) and 2.15.0 (metrics). For more information, see Monitoring third-party applications: Varnish.

You can now collect Active Directory Domain Services logs and metrics from the Ops Agent, starting with version 2.15.0. For more information, see Monitoring third-party applications: Active Directory Domain Services.

Cloud SQL for MySQL now supports minor version 8.0.29. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Access Approval lets you know if the notification emails for access requests don't get delivered to you because you provided an incorrect email address while setting up the notification configurations.

The Zendesk connector is available for Apigee. For more information, see Zendesk connection.

You can now create and manage Private Service Connect (PSC) endpoint attachments in the Apigee UI. For details, see Creating an endpoint attachment.

Apt and Yum repositories are now generally available.

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Cloud KMS
  • cloudkms.googleapis.com/EkmConnection
• Cloud Run
  • run.googleapis.com/Job
  • run.googleapis.com/Execution

Private Service Connect support in Cloud Composer 2 is now generally available (GA).

Privately used public IP addresses are now generally available (GA).

Google Cloud Armor integration with reCAPTCHA Enterprise is now in General Availability. See the Cloud Armor bot management overview and the Overview of reCAPTCHA Enterprise for WAF and Google Cloud Armor integration.

You can now easily assess the running cost implications at cluster creation time. The GKE cluster cost widget lets you get an estimated cost range when you are creating a cluster.

This information can help you get a better understanding of the upper and lower monthly cost to expect based on your cluster autoscaling setup. This feature is now available in Preview.

For more information, see Introducing GKE cost estimator, built right into the Google Cloud console.

The Kafka Shim Java client library for Pub/Sub Lite is now GA.

Artifact Registry is now available in the us-east5 region (Columbus, United States).

You can now load data into BigQuery using Informatica Data Loader. This feature is generally available. Informatica provides connectors that can ingest data into BigQuery.

Cloud KMS is available in the following region:

• us-east5

For more information, see Cloud KMS locations.

The following new region is now available: us-east5.

Support for us-east5 (Columbus).

Support for us-east5 (Columbus).

Support for us-east5 (Columbus).

Cloud Storage is now available in Columbus, Ohio (us-east5 region).

Cloud VPN is available in region us-east5 (Columbus, US).

Pricing is available on the Cloud VPN pricing page.

Generally available: Columbus, Ohio, USA us-east5-a,b,c has launched with E2, N2, and N2D VMs in all three zones. Additionally, you can create C2 VMs in zones a and b.

See VM instance pricing for details.

Added support for ComputeRegionNetworkEndpointGroup resource.

Added spec.serviceDirectoryRegistrations field to ComputeForwardingRule.

Dataflow is now available in Columbus (us-east5).

The us-east5 region in Columbus, Ohio is now available.

Added new Memorystore for Memcached region: Columbus (us-east5).

Added new Memorystore for Redis region: Milan (europe-west8).

Pub/Sub is now available in us-east5 (Columbus, Ohio).

For auto mode VPC networks, added a new subnet 10.202.0.0/20 for the Columbus us-east5 region. For more information, see Auto mode IP ranges.

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

Users can now receive build status notifications in Google Chat via a Google Chat notifier. The Google Chat notifier is available as an experimental release. To learn more, see Configuring Google Chat notifications.

The Dataplex Source and Sink plugins are available in Public Preview for ingesting and processing data in Cloud Data Fusion versions 6.6.0 and later.

Dialogflow CX now supports version-specific webhooks.

Dialogflow CX now supports fine-grained webhook errors for built-in events.

Enabling endpoint discovery multi-cluster installations with declarative API is now available as a preview feature in all release channels. For more information, see Enable endpoint discovery between public clusters with declarative API.

You can now see more log entries in the Logs Explorer as a result of several style changes.

Support for 3rd generation AMD EPYC Milan processors on general purpose N2D machine types is now available in Preview, featuring:

• AMD Secure Encrypted Virtualization (SEV) which can encrypt the memory of the VM to protect data in-use

Support for compute-optimized C2D machine types is now available in Preview, featuring:

• 3rd generation AMD EPYC Milan processors
• AMD Secure Encrypted Virtualization (SEV) which can encrypt the memory of the VM to protect data in-use
• Large VM sizes
• Optimized for high-performance computing (HPC)

CCAI Insights now offers GA support for Access Transparency integration. See the Access Transparency documentation for details.

You can now quickly identify which of your workloads are underutilized in the Cost Optimization tab. You can also quickly apply suggested values for resource requests and limits (or your own preferred values).

This feature is now available in Preview. For more information, see GKE workload rightsizing.

Anthos clusters on VMware 1.9.6-gke.1 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.6-gke.1 runs on Kubernetes 1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.

Airflow 2.2.5 is available in Cloud Composer images.

(Cloud Composer 2) You can now assign permissions for an environment's service account on the service account level instead of the project level. To use this feature, create environments using gcloud, API, or Terraform. Cloud Console support for this feature will be released at a later date.

(Cloud Composer 2) Increased the memory limit for the Redis queue and made it scale with the environment's size.

New Airflow metrics for pools, smart sensor, and SLA email notifications are available for Cloud Composer environments.

Added support for PrivateCACertificate resource.

Added spec.subsetting field to ComputeBackendService.

Added spec.secondaryIpRange field to RedisInstance.

Export support for additional monetization-related values

Apigee X now supports export of additional fee-based values for organizations using monetization. For more information, see Generating monetization reports.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now a generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the Feed API, and the Search APIs (SearchAllResources and SearchAllIamPolicies):

• Cloud Firestore
  • firestore.googleapis.com/Database

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Datastream
  • datastream.googleapis.com/Stream
  • datastream.googleapis.com/ConnectionProfile
  • datastream.googleapis.com/PrivateConnection

N2D VMs are now available in Paris, France europe-west9-a,b,c.

See VM instance pricing for details.

Traffic Director for GKE now supports using the Kubernetes Gateway APIs to create a service mesh.

Traffic Director control plane logging and monitoring now supports request count by zone, in addition to DS API Connected Streams and request count.

The ability to configure Vertex AI private endpoints is now general available (GA). Vertex AI private endpoints provide a low-latency, secure connection to the Vertex AI online prediction service. You can configure Vertex AI private endpoints by using VPC Network Peering. For more information, see Use private endpoints for online prediction.

Users can view build logs directly in GitHub or GitHub Enterprise without logging into Cloud Build. For more information, see Building repositories from GitHub and Building repositories from GitHub Enterprise. This feature is generally available.

Generally available: You can access Google APIs and services from Compute Engine instances using either internal IPv6 addresses with Private Google access or external IPv6 addresses.

V1 API

Migrate for Anthos and GKE API has graduated to v1 in 1.11.1 release. The v1beta2 Migration API is deprecated and will be supported until May 2023.

Building and deploying Windows containers with Skaffold

Skaffold yamls generated as part of the migration artifacts for Windows flow now help operators to accelerate container image build and deploy to GKE and Anthos clusters.

Artifact Repository Health Checks

• When creating a new artifacts repository, or updating an existing one, migctl will wait for health information and produce a warning in case the provided service account does not have permissions to upload artifacts to the specified bucket. To skip the synchronous health checks, –async can be passed to the migctl command.

• When creating a new migration, migctl will query the migration's specified artifact repository (or the default if it was not specified), and produce a warning in case the provided service account does not have permissions to upload artifacts to the specified bucket.

• When generating artifacts for the migration, migctl will query the migration's specified artifact repository (or the default one if it was not specified), and produce a warning in case the provided service account does not have permissions to upload artifacts to the specified bucket.

Tomcat improvements

• On the migration plan fromImage field, in case the tool did not automatically discover the Tomcat version used on original VM, a placeholder text (example: tomcat:<TomcatVersion>-jre11-openjdk) was added that would need to be populated by the user. If the information is not populated a blocking warning will be surfaced on Artifacts generation step, requiring the user to provide the Tomcat version details.

• Renaming catalinaHome.tar.gz artifact to tomcatServer.tar.gz.

• bin and lib directories are filtered from the tomcatServer.tar.gz file.

• Users can now choose to upload certificates into the repository by setting on the migration plan the includeSensitiveData parameter to true.

General availability for the following integration:

• Google Cloud Deploy

Accessing Google APIs and services from Compute Engine instances using either internal IPv6 addresses with Private Google Access or external IPv6 addresses is available in General Availability.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the Feed API, and the Search APIs (SearchAllResources and SearchAllIamPolicies):

• Cloud KMS
  • cloudkms.googleapis.com/EkmConnection

You can now tag services using Resource Manager tags for fine-grained access control.

M92 Release

• TensorFlow Enterprise 2.9 is now available. Note that this TensorFlow Enterprise version does not include Long Term Version Support.
• Starting with PyTorch 1.11, PyTorch environments now support XLA by default.
• TensorFlow Enterprise patch releases: 2.6.4 and 2.8.1.
• Deep Learning Containers are now available on Artifact Registry.

M92 Release

• TensorFlow Enterprise 2.9 is now available. Note that this TensorFlow Enterprise version does not include Long Term Version Support.
• Starting with PyTorch 1.11, PyTorch environments now support XLA by default.
• TensorFlow Enterprise patch releases: 2.6.4 and 2.8.1.

The rule source for Cloud Armor preconfigured rules now includes ModSecurity Core Rule Set (CRS) 3.3 in public preview. For more information, see Tuning Google Cloud Armor WAF rules.

Updates were made to the applications that let you send Security Command Center data to to the following SIEM and SOAR platforms:

• Cortex XSOAR—see Sending Security Command Center data to Cortex XSOAR.
• Elastic Stack—see Sending Security Command Center data to Elastic Stack and Sending Security Command Center data to Elastic Stack using Docker.
• IBM QRadar—see Sending Security Command Center data to IBM QRadar.

In addition, Security Command Center can automatically send findings, assets, audit logs, and security sources to Splunk. For more information, see Sending Security Command Center data to Splunk.

TensorFlow Enterprise 2.9 is now available. Note that this TensorFlow Enterprise version does not include Long Term Version Support.

TensorFlow Enterprise 2.6 has been updated to 2.6.4.

TensorFlow Enterprise 2.8 has been updated to 2.8.1.

Cloud Composer performs several retries when checking pip connectivity.

(Cloud Composer 2) Workers and schedulers generate a warning log message when storage usage is close to the limit.

New maintenance versions are now available through self-service maintenance. See the maintenance changelog to learn more about these new maintenance versions.

New maintenance versions are now available through self-service maintenance. See the maintenance changelog to learn more about these new maintenance versions.

Datastream now supports backfilling Oracle database tables that have more than 100 million rows. Click here to access the documentation.

Tags are now available. You can use tags to group or organize your clusters according to custom business dimensions. This is in addition to the hierarchical resource organization provided by GCP's resource manager. The integration of tags with policy engines (via conditional rules) such as IAM or Organization Policy, also allows you to apply centralized policies to custom security perimeters defined through tag bindings.

The following new connectors are available for Apigee:

• Apache Cassandra connection
• BigCommerce connection
• Email connection
• JIRA Cloud connection

Eventarc for Google Kubernetes Engine (GKE) is available in Preview.

General availability for the following integration:

• Database Migration Service

M91 release

The M91 release of Vertex AI Workbench managed notebooks includes the following:

• Log streaming to the consumer project via Logs Viewer is now supported.
• Added the net-tools package.
• Regular package refreshments and bug fixes.

The following functions have been added:

• default and if support conditions within expressions
• map.get performs a safe lookup on a map, returning null if a key is not found

A Status field that tracks the current steps and progress of an execution is available in Preview. See the Workflows Executions REST API Overview.

Cloud Run jobs are now available in Preview.

Network Analyzer is now available in Preview.

Artifact Registry is now available in the europe-southwest1 region (Madrid, Spain).

You can now use Cloud Build attestors to secure your image deployments. To learn how to set up gated deployments, see Securing image deployments to Cloud Run and Google Kubernetes Engine. To learn how to view build integrity records, see Viewing build provenance. This feature is generally available.

Cloud KMS is available in the following region:

• europe-southwest1

For more information, see Cloud KMS locations.

Cloud Router now supports MD5 authentication of BGP sessions. This feature is available in preview. For more information, see Use MD5 authentication.

Cloud Storage is now available in Madrid, Spain (europe-southwest1 region).

• Jobs within same state will rank higher in results when search jobs in a state level location with TELECOMMUTE_ALLOWED option

Cloud VPN is now available in region europe-southwest1 (Madrid, Spain).

Pricing is available on the Cloud VPN pricing page.

Generally available: Madrid, Spain europe-southwest1-a,b,c has launched with E2 and N2 VMs available in all three zones.

See VM instance pricing for details.

Added IAMPolicy and IAMPolicyMember support for AccessContextManagerAccessPolicy.

Added spec.approvalConfig field to CloudBuildTrigger.

Added spec.rule.redirectOptions field to ComputeSecurityPolicy.

Added spec.addonsConfig.gkeBackupAgentConfig field to ContainerCluster.

Added cnrm.cloud.google.com/skip-wait-on-job-termination directive to DataflowFlexTemplateJob and DataflowJob.

Added spec.rrdatasRefs field to DNSRecordSet.

Added spec.columnLayout.columns.widgets.logsPanel, spec.gridLayout.widgets.logsPanel, spec.mosaicLayout.tiles.widget.logsPanel, and spec.rowLayout.rows.widgets.logsPanel fields to MonitoringMonitorDashboard.

Added spec.enableExactlyOnceDelivery field to PubSubSubscription.

Dataflow is now available in Madrid (europe-southwest1).

Google Cloud Deploy now lets you change the timeout for Cloud Build operations, from the default setting of 1 hour.

The europe-southwest1 region in Madrid is now available.

Managed Microsoft AD is available in the following regions:

• australia-southeast2 (Melbourne)
• europe-central2 (Warsaw)
• northamerica-northeast2 (Toronto)
• us-west3 (Salt Lake City)
• us-west4 (Las Vegas)

For more information, see Adding and removing regions.

Added new Memorystore for Memcached region: Madrid (europe-southwest1).

Pub/Sub is now available in europe-southwest1 (Madrid) .

For auto mode VPC networks, added a new subnet 10.204.0.0/20 for the Madrid europe-southwest1 region. For more information, see Auto mode IP ranges.

The GoogleIDToken.Audience tag now includes the useTargetUrl attribute to simplify audience configuration of Google ID tokens for Apigee policies.

Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. This is configured using a serverless network endpoint group (NEG).

For details, see:

• Serverless NEG concepts
• Setting up a regional external HTTP(S) load balancer with a Cloud Run backend
• Setting up an internal HTTP(S) load balancer with a Cloud Run backend

This feature is available in Preview.

The following new region is now available: europe-southwest1.

Generally available: Insights for idle VM and machine size recommendations help you assess the utilization of your Compute Engine resources. Insights are automatically generated based on system metrics or metrics gathered by the Cloud Monitoring service.

Learn more about VM insights and MIG insights.

Reserving static regional external IPv6 addresses is available as a limited Preview feature. Contact your sales representative for access.

You can now configure Metrics Explorer and charts on dashboards to display a ratio of metrics by using the Cloud Console. For more information, see Ratios of metrics.

The feature for listing the effectively evaluated tags on a resource has launched into public preview. For more information, see Listing effective tags on a resource.

The new format element %J is generally available (GA) for DATE, TIME, DATETIME, and TIMESTAMP functions. This format element lets you use the ISO 8601 1-based day of the year.

A Cloud Bigtable table overview page in the Cloud console is now generally available (GA). The table overview displays monitoring metrics and replication details for a selected table.

Cloud Build now supports a script field, which allows users to specify shell scripts to execute in a build step. This feature is available as a preview release. To learn more, see Using the script field.

Regional external HTTP(S) load balancers now support Shared VPC configurations where the load balancer's forwarding rule, target proxy, and URL map, can be created in a host or service project, while the backend services and backends can be distributed across multiple service projects in the Shared VPC environment. This is referred to as cross-project service referencing. Cross-project backend services can be referenced from a single URL map.

Cross-project service referencing gives service developers and admins autonomy over the exposure of their services through the centrally managed load balancer.

For details, see:

• Shared VPC architectures
• Setting up a regional external HTTP(S) load balancer with Shared VPC

This feature is available in Preview.

You can now hide large amounts of similar log entries from your query results in the Logs Explorer. To learn more, see Hide similar logs.

You can now define service-level objectives (SLOs) for your Cloud Run services using SLO monitoring in Cloud Monitoring or the Cloud Run service page.

Release 1.10.4

Anthos clusters on bare metal 1.10.4 is now available for download. To upgrade, see Upgrade Anthos on bare metal. Anthos clusters on bare metal 1.10.4 runs on Kubernetes 1.21.

Added the API Hub label in the Apigee community.

Added provisioning instructions.

Documentation: Provision API hub

Added instructions on how to get support.

Documentation: Get support

Action buttons in the UI are now disabled if you do not have appropriate permissions to perform the action.

Error messages for rejected logins for an inactive user are now more informative to the user.

Emails from portal-sso will either be the email address of the sender that the user sets up in the custom smtp settings, or it will be no-reply@google.com, instead of the human-readable name orgname-portalname. This screenshot illustrates emails sent from portal-sso in e2e. It shows one email with custom smtp settings (tsnow-custom-smtp) and one email with the default settings (no-reply).

We have released a new version of the Develop tab in the Proxy Editor. See Introducing the new Proxy Editor.

The Ruby 3.0 runtime for App Engine standard environment is now generally available.

Rebilling is now available in the Partner Sales Console and Cloud Channel API. This new billing data service helps you simplify your customer billing process by configuring discounts and exporting your billing data to a BigQuery dataset.

• Read an overview of rebilling
• Learn about enabling your rebilling data export

Support for europe-west9 (Paris).

Support for europe-west9 (Paris).

Support for europe-west9 (Paris).

Spot Pods for GKE Autopilot clusters is now generally available. Use Spot Pods to run your fault-tolerant workloads at reduced costs.

Spot VMs on GKE is now generally available. Spot VMs let you run fault-tolerant workloads at lower costs.

The resource usage restriction Organization Policy constraint has launched into general availability.

Anthos component releases for April 2022

Anthos clusters on VMware:

• April 11, 2022: security bulletin
• April 12, 2022: security bulletin
• April 18, 2022: 1.10.3-gke.49 patch release
• April 27, 2022: 1.11.0-gke.543 quarterly minor release
• April 28, 2022: security bulletin

Anthos clusters on bare metal:

• April 12, 2022: security bulletin
• April 27, 2022: 1.9.7 patch release
• April 28, 2022: security bulletin

Anthos clusters on AWS:

• April 05, 2022: (previous generation) security bulletin
• April 07, 2022: (previous generation) security bulletin
• April 12, 2022: (previous generation) security bulletin
• April 13, 2022: release updates
• April 19, 2022: (previous generation) issue announcement
• April 26, 2022: security bulletin
• April 26, 2022: (previous generation) security bulletin

Anthos clusters on Azure:

• April 13, 2022: release updates
• April 26, 2022: security bulletin

Anthos Config Management:

• April 21, 2022: 1.11.1 patch release

Anthos Service Mesh:

• April 14, 2022: 1.13.2-asm.2 patch release

Connect:

• N/A

Cloud Run for Anthos:

• N/A

Migrate for Anthos and GKE:

• N/A

Cloud Logging:

• April 2022: release updates

Cloud Monitoring:

• April 2022: release updates

In addition to the existing labels, you can now use the "istio-injection" label as an alias. For more information, see Injection labels.

Artifact Registry is now available in the europe-west9 region (Paris, France).

The following new features are now generally available (GA) for ARIMA_PLUS models:

• You can use ML.EVALUATE to calculate new forecasting accuracy metrics such as MAPE, SMAPE, and MSE.
• You can perform fast model training with little or no loss of forecasting accuracy by using the TIME_SERIES_LENGTH_FRACTION, MIN_TIME_SERIES_LENGTH and MAX_TIME_SERIES_LENGTH options.

To learn how to achieve one hundred times higher scalability with the ARIMA_PLUS model while using the new forecasting accuracy metrics, see the Accelerate ARIMA_PLUS to forecast 1 million time series within hours. You can also read ARIMA_PLUS best practices.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the