Google Cloud release notes

Preview: Select AI Platform (Unified) resources can now be configured to use Customer-managed encryption keys (CMEK).

Anthos 1.5.3 is now available.

Updated components:

• Anthos GKE on-prem release notes

Anthos GKE on-prem 1.5.3-gke.0 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.5.3-gke.0 clusters run on Kubernetes 1.17.9-gke.4400.

Database auditing in Cloud SQL for PostgreSQL is generally available, through the open-source pgAudit extension. Using this extension, you can selectively record and track SQL operations performed against a given database instance.

The pgAudit extension helps you configure many of the logs often required to comply with government, financial, and ISO certifications.

Preview support for the following integration:

• Connectivity Tests

AI Platform Training now provides pre-built PyTorch containers for PyTorch 1.6.

In addition to training with CPUs or GPUs, you can use one of the PyTorch 1.6 containers to perform PyTorch training with a TPU.

Regionalized builds from Cloud Functions and App Engine deployments are now visible in the Cloud Build History UI. To learn more, see Viewing build results.

You can now run SQL queries to retrieve lock statistics to investigate lock conflicts in your database.

The Network Topology graph now includes a checkbox, Show connections for child nodes only on focus, to display only the traffic paths between top-level entities, such as regions. When this checkbox is selected, you can still view the traffic paths between lower-level entities by selecting or holding the pointer over the lower-level entities.

Query statistics now includes information about queries that failed, queries that timed out, and queries that were canceled by the user.

Managed Microsoft AD now supports audit logging. This feature is in the Preview stage.

• Preview: You can now restart the Airflow web server using the command gcloud beta composer environments restart-web-server or the Beta API.

Cloud Functions has added support for a new runtime, Node 14, in Preview.

Cloud Functions has added support for a new runtime, Python 3.9, in Preview.

Cloud SQL now exposes the metric database/memory/total_usage. This metric provides visibility into the database working set (including buffer cache). You can find this metric in the Metrics explorer within the Monitoring dashboard.

For more information about database/memory/total_usage, see Cloud SQL Metrics.

Cloud SQL now exposes the metric database/memory/total_usage. This metric provides visibility into the database working set (including buffer cache). You can find this metric in the Metrics explorer within the Monitoring dashboard.

For more information about database/memory/total_usage, see Cloud SQL Metrics.

Cloud SQL now exposes the metric database/memory/total_usage. This metric provides visibility into the database working set (including buffer cache). You can find this metric in the Metrics explorer within the Monitoring dashboard.

For more information about database/memory/total_usage, see Cloud SQL Metrics.

GA: Network ACL support for the Airflow web server is now generally available.

Preview: Composer can now be configured to use Customer-managed encryption keys (CMEK).

• You can now set the machine type for the Airflow web server and Cloud SQL database using the v1 Composer API.
• Preview: Added support for the Airflow Role-Based Access Control (RBAC) UI for Airflow version 1.10.10 or newer and Python 3. You can enable the Airflow RBAC UI by setting the [webserver]rbac=True Airflow configuration override.

Added support for user configuration of Compute Engine Shielded VMs in a Dataproc Cluster.

Users can now specify their own service accounts for Cloud Build to run builds. For more information, see User-specified service accounts.

The API for updating ResourceRecordSets in Cloud DNS is now available in Beta.

Cloud Functions has added support for a new runtime, Ruby, in Preview. This runtime supports Ruby 2.6 and Ruby 2.7.

• The Ruby Runtime
• Blog post

Support for 1500 MTU for Cloud Interconnect is now available in General Availability.

You can now create N2D VM instances in us-east4-c Northern Virginia. See VM instance pricing for details.

Configuring an internal load balancer in Service Directory is available in Preview.

Support for 1500 MTU for Cloud Interconnect is now available in General Availability.

Added support for new persistent disk type, pd-balanced.

General availability for the following integration:

• Compute Engine

You can now use a pre-built container to perform custom training with TensorFlow 2.3.

Hybrid Jobs are now available for inspecting external data sources.

Added support for IAM Member References. This allows users to create an IAMPolicyMember that references another resource as the IAM member (e.g. IAMServiceAccount, LoggingLogSink). For more information, see the memberFrom field in the IAMPolicyMember reference documentation. Support for IAM Member References is added only to IAMPolicyMember, not IAMPolicy.

Added support for the GameServicesRealm resource.

Added IAM support for ComputeDisk.

Added cacheMode, clientTtl, defaultTtl, maxTtl, negativeCaching, negativeCachingPolicy, serveWhileStale, and customResponseHeaders fields to ComputeBackendBucket.

Added customTimeBefore, daysSinceCustomTime, daysSinceNoncurrentTime, and noncurrentTimeBefore fields to StorageBucket.

Added support for UpdateFailed, DeleteFailed, DependencyNotFound, and DependencyNotReady events to IAMPolicy, IAMPoicyMember, IAMAuditConfig.

Traffic Director now supports TCP-based services in Preview. This brings service discovery, global load balancing, failover and many other Traffic Director capabilities to your non-HTTP services. See the setup guide to get started and the target proxies documentation for helpful background information.

BigQuery standard SQL now supports the BigNumeric data type for high-precision computations. The BigNumeric data type is in Preview.

IAM database authentication for Cloud SQL for PostgreSQL is now generally available. To get started using IAM database authentication, see the Overview of Cloud SQL IAM database authentication.

Cloud Run now allows you to restrict ingress of your Cloud Run services.

You can now allocate up to 8GiB of memory to your Cloud Run services.

AI Platform (Unified) now stores and processes your data only in the region you specify for most features. Learn more.

GKE on AWS now supports Kubernetes 1.18.

The Kubernetes 1.18 version includes CoreDNS 1.7.1 and Cluster Autoscaler 1.18.

GKE on AWS now supports mounting AWS Elastic File System file systems without having to install a driver.

In Cloud SQL for MySQL, parallel replication is generally available for improving replication performance.

Cloud SQL has expanded support for PostgreSQL extensions. Three additional PostgreSQL extensions are now available:

• dblink
• ip4r
• prefix

For additional information, see PostgreSQL extensions.

The following PostgreSQL minor versions have been upgraded:

• PostgreSQL 9.6.18 is upgraded to 9.6.19.
• PostgreSQL 10.13 is upgraded to 10.14.
• PostgreSQL 11.8 is upgraded to 11.9.
• PostgreSQL 12.3 is upgraded to 12.4.

A new multi-region instance configuration is now available in Europe - eur6 (Netherlands/Frankfurt/Zurich).

A new multi-region instance configuration is now available in North America - nam12 (Iowa/Northern Virginia/Oregon/Oklahoma).

The m1-node-96-1433 sole-tenant node type is now Generally Available.

You can now attach service accounts to resources in other projects. This feature is available in Preview.

Added support for TLS encryption on Memorystore for Redis.

Added TensorFlow 2.4 Deep Learning Containers images.

M60 release

• Added TensorFlow 2.4 Deep Learning VM Images

You can now configure AI Platform Prediction to automatically scale prediction nodes for model versions that use GPUs for online prediction.

Previously, you could only configure manual scaling for model versions that use GPUs. Now, you can choose between automatic and manual scaling.

Using automatic scaling with GPUs is available in preview.

1.8.1-asm.5 is now available.

Multi-cluster support for GKE on-prem Beta

Anthos Service Mesh now supports multi-cluster meshes when running on GKE on-prem. For more information, see Add clusters to Anthos Service Mesh on-prem.

New flags for the install_asm script

The install_asm script was enhanced to provide you with more granular control over the changes that the script makes on your project and GKE on Google Cloud cluster. For more information, see the Enablement flags section in the documentation for the script.

BigQuery Data Transfer Service is now fully integrated with VPC Service Controls, and can be protected using a service perimeter. Please refer to VPC-SC supported products page for more info.

Preview: A new Logs tab has been added to the Environment details page.

The ability to enable or disable Endpoint-Independent Mapping for your gateway is available in General Availability.

You can now build and deploy source code to Cloud Run using a single command: gcloud beta run deploy --source .

Cloud SQL for PostgreSQL now supports the effective_cache_size flag.

Compute-optimized (C2) machines are now available in Montréal, in all three zones , northamerica-northeast1-a,b,c. For pricing, see VM instance pricing.

Access to Google APIs and services using Private Service Connect is now available in Preview.

DNS peering for private services access is now available in General Availability.

Users can now create manual triggers to run builds at a specified time. To learn more about how to schedule your builds, see Scheduling your build.

Preview: Accelerator-optimized (A2) machine types are now available in the following three regions:

• Iowa, North America: us-central1-a,c
• Netherlands, Europe: europe-west4-a,b
• Singapore, APAC: asia-southeast1-c

Preview: NVIDIA® A100 GPUs are now available in the following three regions:

• Iowa, North America: us-central1-a,c
• Netherlands, Europe: europe-west4-a,b

• Singapore, APAC: asia-southeast1-c

  For more information, see GPUs on Compute Engine.

GA (general availability) launch of Dialogflow CX.

CX Regionalization expanded to multiple regions globally.

CX Analytics for agent activity statistics.

CX Prebuilt agents for common agent use cases.

CX Customer-managed encryption keys (CMEK) to manage your own Dialogflow data encryption keys.

CX Security settings to control data redaction and data retention.

CX DTMF input for telephony partner integrations.

CX Parameter redaction to redact end-user parameter data from logs.

The following new WAF rules have been added in public preview:

• Method enforcement
• Scanner detection
• Protocol attack
• PHP injection attack
• Session fixation

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in Preview. This feature presently only works with individual VM instances, not with instance templates or managed instance groups.

Cloud Billing Reports page now allows you to save your report views.

The Cloud Billing Reports in the Google Cloud Console allows you to view and visualize your Google Cloud spend over time. You can filter and break down your usage by different dimensions, including: time range, projects, products, SKUs, labels, and subaccounts. Prior to this update, if you wanted to save your filter settings, your only options were to bookmark or make a copy of your report's URL. To offer a better user experience, you can now save your custom report views and access your saved views.

For information on the saved views feature, refer to Saving and sharing report views in the Cloud Billing documentation.

• Composer will now fail faster when the network settings in Private IP environments prohibit the download of publicly stored Python packages.

Cloud Run container instances can now process up to 250 concurrent requests, see Configuring maximum concurrency. The default is still 80.

Cloud TPU now supports Shared VPC

Shared VPC allows an organization to connect resources from multiple projects to a common VPC network to communicate with each other securely and efficiently using internal IPs from that network. This release enables connecting to Cloud TPU Nodes from Shared VPC networks.

OCR On-Prem General Availability (GA) release

OCR On-Prem is now generally available for approved customers. OCR On-Prem enables easy integration of Google image text recognition technologies into your on-premises solution.

For more information, refer to the product documentation. Approved customers can also view the marketplace entry .

When VMware Engine replaces a failed node, node customizations now transfer from the failed node to the replacement node. Customizations include vSphere labels, vSphere custom attributes, vSphere tags, and any affinity and anti-affinity rules.

VMware Engine now advertises routes learned from a VPC to your VMware Engine private cloud network, and advertises routes learned from your private cloud to a VPC. This allows network communication between Google Cloud resources and private cloud resources.

Preview support for the following integration:

• Dataproc Metastore

Anthos 1.6.0 is now available.

Updated components:

• Anthos clusters on VMware release notes
• Anthos Config Management release notes

Anthos Policy Controller now includes additional policies covering many of the CIS Kubernetes Benchmark 1.5.1 controls. To learn more, see the Constraint template library.

Anthos Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: 1de87b6).

Anthos clusters on VMware 1.6.0-gke.7 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.6.0-gke.7 clusters run on Kubernetes 1.18.6-gke.6600.

Note: The fully supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.6, 1.5, and 1.4.

Users can use a credential configuration file with gkeadm (credential.yaml), which is generated during running the gkeadm create config command, to improve security by removing credentials from admin-ws-config.yaml.

Node Problem Detector and Node Auto Repair automatically detect and repair additional failures, such as Kubelet-API server connection loss (an OSS issue) and long-lasting DiskPressure conditions.

Preview: Repair administrator master VM failures by using the new command, gkectl repair admin-master.

Preview: Secrets Encryption for user clusters using Thales Luna Network HSM Devices.

Preview: Service Account Key Rotation in gkectl for Usage Metering, Cloud Audit Logs, and Google Cloud's operations suite service accounts.

Anthos Identity Service enables dynamic configuration changes for OpenID Connect (OIDC) configuration without needing to recreate user clusters.

Added support for CIDR in IP block file for static IP.

Google Cloud's operations suite support for bundled Seesaw load balancing:

Metrics and logs of bundled Seesaw load balancers are now uploaded to Google Cloud through Google Cloud's operations suite to provide the best observability experience.

Cloud Audit Logs

Offline buffer for Cloud Audit Logs: Audit logs are now buffered on disk if not able to reach Cloud Audit Logs and can withstand at least 4 hours of network outage.

CSI volume snapshots

The CSI snapshot controllers are now automatically deployed in user clusters, enabling the users to create snapshots of persistent volumes and restore the volumes' data by provisioning new volumes from these snapshots.

Filestore resource type now available

The following Filestore resource type is now publicly available through the Cloud Asset APIs.

• file.googleapis.com/Instance

Preview: You can configure how your regional managed instance group distributes instances across zones by using capacity-aware distribution shapes, which can automatically deploy instances to zones where capacity is available and optionally prioritize the use of reservations.

You can migrate a VM instance from one network to another. This feature is Generally available.

Dataflow now supports custom containers as a Preview offering.

Workflows launched a visualization feature. The Google Cloud Console now displays a visualization of the workflow during editing.

Runtime version 2.3 is now available. You can use runtime version 2.3 to serve online predictions with TensorFlow 2.3.1, scikit-learn 0.23.2, or XGBoost 1.2.1. Runtime version 2.3 does not support batch prediction.

See the full list of updated dependencies in runtime version 2.3.

Runtime version 2.3 is now available. You can use runtime version 2.3 to train with TensorFlow 2.3.1, scikit-learn 0.23.2, or XGBoost 1.2.1. Runtime version 2.3 supports training with CPUs, GPUs, or TPUs.

See the full list of updated dependencies in runtime version 2.3.

OS inventory management resource type now available

The following OS inventory management resource type is now publicly available through the Cloud Asset APIs.

• compute.googleapis.com/Instance

This resource type provides information on the operating system, installed packages, and available package updates for a Compute Engine VM instance.

• Support for VPC Security Controls is now generally available (GA).

Health check logging is now available in General Availability.

Preview: Schedule-based autoscaling for managed instance groups lets you improve the availability of your workloads by scheduling capacity ahead of anticipated load.

GA: You can now access OS inventory data from Cloud Asset Inventory. For more information, see OS inventory and Cloud Asset Inventory integration.

GA: Per-group metrics let you autoscale a zonal managed instance group based on any Cloud Monitoring metric—for example, a Pub/Sub queue size or custom metrics from your application.

Added support for the ComputeProjectMetadata resource

Added resourceID field to ServiceUsageService and StorageNotification

Added computeResponseHeaders field to ComputeBackendService

Added maintenancePolicy.maintenanceExclusion field to ContainerCluster

Added description and disabled fields to LoggingLogSink

DataflowJobs can now be acquired via name

Added IAM support to BigtableTable

The Google Terraform provider now supports the latest Cloud CDN features, including cache modes, TTL overrides, and custom response headers.

Refer to the documentation for the compute_backend_bucket and compute_backend_service for how to configure and use the new features with Terraform.

Restartable jobs: Added the ability for users to specify the maximum number of total failures when a job is submitted.

Support for Redis AUTH on Memorystore for Redis is now Generally Available.

Private Catalog launches an updated Cloud Console experience for cloud admins. The updates include more options for managing access control, sharing catalogs, and bulk editing solutions.

Preview support for the following integration:

• Identity-Aware Proxy for TCP forwarding

Workflows is now available in the following regions:

• asia-southeast1 (Singapore)
• europe-west4 (Netherlands)

Cloud Bigtable resource type now available

The following Cloud Bigtable resource types are now publicly available through the Cloud Asset APIs.

• bigtableadmin.googleapis.com/Cluster
• bigtableadmin.googleapis.com/Instance
• bigtableadmin.googleapis.com/Table

Added whole document classification support with the following infoType detectors:

• DOCUMENT_TYPE/FINANCE/REGULATORY
• DOCUMENT_TYPE/FINANCE/SEC_FILING
• DOCUMENT_TYPE/HR/RESUME
• DOCUMENT_TYPE/LEGAL/BLANK_FORM
• DOCUMENT_TYPE/LEGAL/BRIEF
• DOCUMENT_TYPE/LEGAL/COURT_ORDER
• DOCUMENT_TYPE/LEGAL/LAW
• DOCUMENT_TYPE/LEGAL/PLEADING
• DOCUMENT_TYPE/R&D/PATENT
• DOCUMENT_TYPE/R&D/SOURCE_CODE
• DOCUMENT_TYPE/R&D/SYSTEM_LOG
• DOCUMENT_TYPE/R&D/DATABASE_BACKUP

In the Logs Explorer, you can now stream your log entries in real time as Cloud Logging ingests them. To learn more, see Streaming logs.

Cloud Spanner supports a new statement hint, LOCK_SCANNED_RANGES, allowing you to request an exclusive lock on a set of ranges scanned by a transaction.

Confidence score field addition for TEXT_DETECTION

You can now provide the flag TextDetectionParams.enable_text_detection_confidence_score to a TEXT_DETECTION request to get a confidence score for response information.

Packet Mirroring direction control is now available in General Availability.

DNS peering for private services access is now available in Preview.

Cloud TPU resource type now available

The following Cloud TPU resource type is now publicly available through the Cloud Asset APIs.

• tpu.googleapis.com/Node

• You can now set web server network access control using the v1 Composer API.
• New metrics have been added to monitor web server CPU and memory usage:
  • CPU usage time
  • CPU reserved cores
  • Memory bytes used
  • Memory quota
• During environment creation and updates, Composer will now verify whether you have chosen a region compliant with any location restriction organization policies. Error reporting has also been improved in cases where location restrictions cause environment updates to fail.

Added the resourceID field to Folder, BigQueryTable, BigQueryJob, and BigQueryDataset. (Issue #147 and #128)

Added the customResponseHeaders field to ComputeBackendService.

Added the maintenancePolicy.maintenanceExclusion field to ContainerCluster.

Added the description and disabled fields to LoggingLogSink.

Anthos on bare metal is generally available

Anthos on bare metal is a deployment option to run Anthos on physical or virtual servers, deployed on an operating system provided by you, without a hypervisor layer. Anthos on bare metal ships with built-in networking, lifecycle management, diagnostics, health checks, logging, and monitoring. Anthos on bare metal supports CentOS, Red Hat Enterprise Linux (RHEL), and Ubuntu—all validated by Google. With Anthos on bare metal, you can use your company's standard hardware and operating system images, taking advantage of existing investments, which are automatically checked and validated against Anthos infrastructure requirements.

Anthos on bare metal is available today, with either subscription or pay-as-you-go pricing. Anthos on bare metal lets you leverage existing investments in hardware, OS, and networking infrastructure. The minimum system requirement to run Anthos on bare metal is 2 nodes with a minimum total of 4 cores, 32 GB RAM, and 128 GB of disk space with no specialized hardware. The setup lets you run Anthos on bare metal on almost any infrastructure.

Anthos on bare metal uses a "bring your own operating system" model. It runs atop physical or virtual instances, and supports Red Hat Enterprise Linux 8.1/8.2, CentOS 8.1/8.2, or Ubuntu 18.04/20.04 LTS. Anthos provides overlay networking and L4/L7 load balancing. You can also integrate with your own load balancer such as F5 and Citrix. For storage, you can deploy persistent workloads using CSI integration with your existing infrastructure.

You can deploy Anthos on bare metal using one of the following deployment models:

• A standalone model lets you manage every cluster independently. This is a good choice when running in an edge location or if you want your clusters to be administered independent of one another.
• The multiple-cluster model lets central IT teams manage a fleet of clusters from a centralized cluster, called the admin cluster. This is more suitable if you want to build automation or tooling, or if you want to delegate the lifecycle of clusters to individual teams without sharing sensitive credentials such as SSH keys or Google Cloud service account details.

Like with all Anthos environments, a bare metal cluster has a thin, secure connection back to Google Cloud called Connect. After it's installed in your clusters, you can centrally view, configure, and monitor your clusters from the Google Cloud Console.

Anthos on bare metal, which is part of the Anthos 1.6 release, provides the following features and capabilities:

• Kubernetes 1.18
• Ubuntu/RHEL/CentOS support
• Standalone and multiple-cluster architecture
• In-place upgrades (minor and major)
• Overlay networking, Ingress (L7), integrated load balancing (L4, L2-Mode)
• Manual load balancing (F5, Citrix)
• Installs behind proxy support
• Preflight and health checks
• Node maintenance mode
• Cloud Monitoring and Cloud Logging
• ACM, ASM, identity, hub or connect, billing, and pay-as-you-go
• NVIDIA GPU support
• Scales to 500 nodes
• Virtual machine management (Kubevirt) preview

You can now automate the deployment of SAP HANA in a SUSE Linux Enterprise Server high-availability (HA) cluster that uses the recommended TCP internal load balancer implementation for the virtual IP address.

For more information, see Automated deployment of Linux high-availability clusters for SAP HANA.

New sole-tenant node types:

• GA:

  • c2-node-60-240
  • m1-node-160-3844
  • m2-node-416-11776
  • n2-node-80-640
  • n2d-node-224-896

• Beta:

  • m1-node-96-1433

The Dialogflow CX test cases feature is now launched and documented.

BigQuery ML integration with AI Platform for Boosted Tree models is now generally available (GA). For more information, see the following documentation:

• CREATE MODEL statement for Boosted Tree models using XGBoost

• ML.FEATURE_IMPORTANCE function

BigQuery ML integration with AI Platform for Deep Neural Network (DNN) models is now generally available (GA). For more information, see CREATE MODEL statement for Deep Neural Network (DNN) models.

Exporting BigQuery ML models to Cloud Storage and using them for online prediction is now generally available (GA). For more information, see Exporting models and the EXPORT MODEL statement.

Cloud Composer is now available in Los Angeles (us-west2).

Added support for the ComputeTargetGRPCProxy resource

Added support for the ResourceManagerLien resource