The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.
You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml
June 29, 2022
Anthos clusters on bare metalRelease 1.12.0
Anthos clusters on bare metal 1.12.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.0 runs on Kubernetes 1.23.
The dockershim component in Kubernetes enables cluster nodes to use the Docker Engine container runtime. However, Kubernetes 1.24 removed the dockershim component. Starting from Anthos clusters on bare metal 1.12.0, you will not be able to create new clusters that use the Docker Engine container runtime. All new clusters should use the default container runtime containerd
.
Improved cluster lifecycle functionalities:
Upgraded Anthos clusters on bare metal to use Kubernetes version 1.23.Â
Upgraded container runtime to
containerd
1.5.Updated preflight check to forward default SSH key if no key is provided.
Added support for new
GCPAccounts
field in the cluster configuration file. This field enables the assignment of acluster-admin
role to end-users.Added labels to control plane, control plane load balancer, and load balancer node pools, so that these different node pools can be distinguished from each other.
Added nodepool reference label to nodes so that worker nodes can be listed in the UI.
Observability:
GA: Added Summary API metrics. These metrics are scraped from the Kubernetes Summary API and provide CPU, memory, and storage metrics for Pods, containers, and Nodes.
Added separate flags to enable logging and monitoring for user applications separately:
EnableCloudLoggingForApplications
andEnableGMPForApplications
. The legacy flagEnableStackdriverForApplications
will be deprecated and removed in future releases.Preview: Added Google Cloud Managed Service for Prometheus to collect application metrics and monitor cluster health.
Upgraded GKE Metrics Agent (gke-metrics-agent) from version 1.1.0 to 1.8.3. This tool scrapes metrics from each cluster node and publishes them in Cloud Monitoring.
Added the following resource utilization metrics. For more information about these and other metrics, see View Anthos clusters on bare metal metrics:
container/cpu/request_utilization
container/cpu/limit_utilization
container/memory/request_utilization
container/memory/limit_utilization
node/cpu/allocatable_utilization
node/memory/allocatable_utilization
pod/volume/utilization
Added sample dashboards for monitoring cluster health to Cloud Monitoring sample dashboards. Customers can install these dashboards with one click.


Scoped down the RBAC permissions of
stackdriver-operator
, a component that performs logging and monitoring.
Security:
AIS CA deprecation. AIS certs are now signed by cluster CA.
Changed
ca-rotation
container image so that it uses a distroless rather than a Debian-based image.RBAC permissions of the
cluster-operator
component have been eliminated or reduced to address elevated permissions.
Networking:
- Preview: Enabled creation of IPv6 and Dual Stack LoadBalancer services. Border Gateway Protocol (BGP) is used for Dualstack clusters. Advertising IPv4 and IPv6 routes over IPv4 sessions is supported.
Known issues:
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
The BeyondCorp Enterprise client connector is now generally available. The client connector extends identity and context-aware access to non-web applications by creating a secure connection from endpoint devices to apps running in both Google Cloud and non-Google Cloud environments.
For more information, see Securing client-server applications.
You can now set the view
field in the tables.get()
API method to indicate which table information is returned. Setting the value to BASIC
reduces latency by omitting some storage statistics.
Previously, all BigQuery BI Engine projects had a maximum reservation size per project per location limit of 100 GB. This limit is now 250 GB. For more information, see BI Engine quotas and limits.
Customers enrolled in Key Access Justifications will now see justifications listed in Cloud Audit Logs for Cloud KMS.
You can now collect Apache Flink logs from the Ops Agent, starting with version 2.17.0. For more information, see Monitoring third-party applications: Flink.
Cloud Code Extension updated to 1.18.3
Update includes a new and improved Kubernetes development experience with the Development Sessions Explorer, support for private clusters, a refreshed welcome page, and more! Review the Cloud Code release notes for a complete list of features, updates, and fixes.
Cloud Shell Editor is built with Theia 1.25.0
Review the Theia release notes for a complete list of features/updates/bug fixes.
Cloud Shell now defaults to Python 3
Python 2 is still included as a development tool in Cloud Shell and may be invoked using python2
.
Query insights is now generally available. Query Insights helps you visually detect and identify query performance issues for Cloud Spanner databases. You can also dig deeper and analyse the query details to know the root cause of these issues.
To learn more, see Detect query performance issues with Query Insights.
Not-equal (!=), IN, and NOT_IN query filters now available in all client libraries:
- Java
- Python
- PHP
- Node.js
- C#
- Go
- Ruby
Google Cloud Deploy is now available in the following regions:
asia-east2
(Hong Kong)europe-west2
(London)europe-west3
(Frankfurt)us-east4
(N. Virginia)us-west2
(Los Angeles)
You can now give multiple containers time-shared access to the full compute resources of a single NVIDIA GPU accelerator. Time-sharing GPUs is generally available in GKE version 1.23.7-gke.1400 and later. For more information, refer to Time-sharing GPUs on GKE.
Identity Platform Web v9 modular SDK is now available at the GA stage. For details, see Upgrade to the modular Web SDK (v9) .
Expanded overwrite options are new generally available (GA). The overwriteWhen field can be used to specify whether data that already exists in the destination should be overwritten always, never, or only when ETags and checksum values indicate that the file has changed.
Metadata preservation options are now generally available (GA). This includes the option of preserving POSIX attributes and symlinks when transferring to, from, and between POSIX filesystems; as well as object ACLs, CMEK, temporary holds, and object creation time when transferring between Cloud Storage buckets.
See Metadata preservation for details.
Transfer Appliance now supports monitoring of the amount of data stored on your appliance, and whether online transfer is enabled, through Cloud Monitoring. See Monitor Transfer Appliance for details.
June 28, 2022
AlloyDB for PostgreSQLAlloyDB's Frequently asked questions page addresses common questions received by the AlloyDB support team during the product's public preview.
This is the General Availability release of Certificate Manager.
Cloud Bigtable now gives you the option to undelete a table for up to seven days from the time of deletion using the gcloud CLI
. This feature is generally available (GA).
We've added new features to view your billing information and cost estimates in the Google Cloud Console mobile app. You can view your cost trends and forecasts, the costs for your top project, and how much you're spending on your top Google Cloud services.
To see your billing data in the app, select the Billing tab in the navigation bar, then select Overview.
Attribution for your committed use discounts (CUDs) now appears at the same time as eligible usage.
Previously, the subscription fees and credits associated with your CUDs would appear in billing reports and BigQuery usage cost exports after the corresponding eligible resource usage. This could result in apparent spikes in cost if you viewed your billing data before the attribution process completed.
With this release, subscription fees and credits appear at the same time as eligible usage, meaning that your net costs are always accurate whenever you view your billing data.
Learn about how your CUD fees and credits are attributed across your resources.
The new experience for creating metric-based alerting policies by using the Google Cloud console is now Generally Available. For more information, see Create metric-based alert policy.
A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.
A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.
The fix to the silent data corruption when using the CREATE INDEX CONCURRENTLY or REINDEX CONCURRENTLY SQL commands in PostgreSQL 14 (BUG #17485) is now available in the self-service maintenance release POSTGRES_14_2.R20220331.02_012 for PostgreSQL 14.2.
After applying the self service maintenance, you can fix any silent data corruption if it already happens using REINDEX CONCURRENTLY SQL command on the specific indexes, or reindexdb client command for your entire instance.
A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.
Cloud VPN no longer checks a peer's IKE identity.
This change simplifies the configuration of your VPN peers, because you no longer need to explicitly set a peer's IKE identity to a specific value.
Note: Some Cloud VPN tunnels that were previously unestablished due to unmatched IKE identity might now become established.
If you don't want the affected tunnels to become established, delete them as needed on the Cloud VPN side, on the on-premises side, or on both sides.
If you want the affected tunnels to become established, no action is required on your part.
Previously, Cloud VPN required peers to use an IKE identity of type ID_IPV4_ADDR
, which is equal to the peer's public IP address.
Removing this restriction enables easier interoperation with peers that don't support changing their IKE identity, especially when such peers are located behind NAT (Network Address Translation).
If you have any questions or require assistance, contact Google Cloud Support.
Eventarc is available in this region: europe-southwest1
(Madrid, Spain).
The ability to deploy to Anthos user clusters is now generally available.
The issuer switch, which is part of the Payment Gateway, is now Generally Available.
Newly published documentation about the issuer switch features and API is available here: Issuer switch documentation
Vertex AI Forecasting is available in GA. The following features are available:
You can now enable platform logging for reCAPTCHA Enterprise API calls. For more information, see Working with platform logs.
June 27, 2022
Apigee API hubOn June 27, 2022 Apigee hub released a new version of the software.
Bug ID | Description |
---|---|
227334287 | An improved error dialog is displayed when an error occurs on API delete. |
229852889 | Reference lists now filter out their parent API to prevent self-references. |
232250641 | Resource IDs generated from names are now automatically truncated or padded to conform to length requirements. |
236744313 | Fixed an issue where the spinning progress indicator would not go away. |
Regional support for default pools and build triggers is now generally available. To learn more, see Cloud Build locations.
Cloud Composer supports Per-folder Roles Registration.
Cloud Functions now supports Java 17 at the General Availability release level.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.10.0 (2022-06-25)
Features
Documentation
Dependencies
The Cloud Logging agent version 1-18 for Windows is now available. This version updates the location of the position files so they are retained across upgrades. For installation information, see Installing the Cloud Logging agent.
Cloud SQL for MySQL supports in-place major version upgrades in Preview. You can upgrade your instance's major version to a more recent version. For more information, see Upgrade the database major version in-place.
Object Lifecycle Management now supports new conditions and a new action.
The
MatchesPrefix
andMatchesSuffix
conditions allow you to restrict lifecycle actions to objects with specific prefixes and suffixes.The
AbortIncompleteMultipartUpload
action allows you to remove abandoned XML API multipart uploads.
The XML API now supports setting a default Cloud KMS key on a bucket when creating the bucket.
GA: You can now use the SSH troubleshooting tool from the Cloud console to help you determine the cause of failed SSH connections. For more information, see SSH troubleshooting tool.
Support for Firebase Realtime Database is in Preview.
Support for schema extensions in Managed Microsoft AD is available for Preview. Learn how to extend the schema.
In the Cloud console, Policy Troubleshooter for IAM allow policies now reports if there are deny policies that could affect a principal's access.
June 24, 2022
Anthos clusters on VMwareThree new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.
On June 24, 2022 we released an updated version of the Apigee hybrid software, v1.7.2.
For information on upgrading, see Upgrading Apigee hybrid to version 1.7.
Bug ID | Description |
---|---|
233094108 | Fixed Stacktrace truncation in runtime containers to support proxy diagnosis. |
236129944 | Fixed the controller crashloopbackoff resulting from null pointer. |
231313050 | Fixed issue causing Apigee logger pod to remain in crashloopbackoff state. |
236399482 | Added support for ASM v1.13. |
Cloud Bigtable is available in the us-east5
(Columbus) region. For more information, see Bigtable locations.
Database Migration Service now supports the migration of tables without primary keys in PostgreSQL. For tables that don't have primary keys, Database Migration Service supports the migration of the initial snapshot and INSERT
statements during the change data capture (CDC) phase. You should migrate UPDATE
and DELETE
statements manually. Click here to access the documentation.
You can now collect Jetty metrics from the Ops Agent, starting with version 2.17.0. For more information, see Monitoring third-party applications: Jetty.
You can now view the configuration of charts on a dashboard while the dashboard is in read-only mode. For more information, see Show the chart configuration.
Cloud TPU now supports TensorFlow 2.6.5 and TensorFlow 2.7.3.
For more information see TensorFlow 2.6.5 and TensorFlow 2.7.3 release notes.
Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. All Linux clusters (Container-Optimized OS and Ubuntu) are affected. For more information, refer to the GCP-2022-016 security bulletin.
You can now create dual-stack clusters in GKE versions 1.24.1-gke.1000 and later. With dual-stack networking, GKE assigns an IPv4 and an IPv6 address to the cluster nodes and Pods. You can create dual-stack Services of type ClusterIP or NodePort. This feature is now available in Preview. For more information, see the Dual-stack networking.
June 23, 2022
Anthos clusters on AWSThree new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.
Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.
Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.
There is a bug in the Azure OS kernels used by some of the previous Anthos clusters on Azure versions. This bug will randomly cause disks to not mount in the OS when they are attached to the Azure VM. When this happens, clusters won't start up completely.
The following versions are affected:
- 1.21.11-gke.100
- 1.21.11-gke.1100
- 1.22.8-gke.200
- 1.22.8-gke.1300
Please always use the latest patch versions when creating a new cluster to avoid this issue.
For more information, see the Linux kernel bug.
Release 1.11.3
Anthos clusters on bare metal 1.11.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.3 runs on Kubernetes 1.22.
Fixes:
The following container image security vulnerabilities have been fixed:
Known issues:
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
On June 23, 2022 we released an updated version of the Apigee Integrations software.
Apigee Integration trials
Starting with this release, Apigee Integrations is available in an Apigee Eval org which lets you try out the integrations feature without getting billed for the usage. For information, see Enable integrations in an eval org.
Updates to SetIntegrationRequest policy
The SetIntegrationRequest policy has the following updates:
Support for ref attribute in the <Parameter>, <ParameterArray>, and <Value> elements. By using this attribute, you can assign flow variable values to the parameters.
Empty  <Parameter> and <ParameterArray> elements are supported. However, if these elements are empty, Apigee treats the element value as null.
Empty <Value> element is not supported. If the element is empty, Apigee reports an error.
The BI Engine preferred tables feature lets you limit BI Engine acceleration to a specified set of tables. This feature is now in preview.
The earlier issue with DAG and task failures in Public IP environments in Cloud Composer 1 is now resolved for all impacted environments.
(Airflow 2) The apache-airflow-providers-google
package is updated:
- Fixed a regression in
BigQueryToGCPOpertor
after changes to links were introduced in #24416. - Fixed errors related to the usage of the
service_account
attribute byBeamRunJavaPipelineOperator
.
(Cloud Composer 2) Incremental task logs are now correctly refreshed and displayed in Airflow UI.
Cloud Composer 1.19.1 and 2.0.18 images are available:
- composer-1.19.1-airflow-1.10.15 (default)
- composer-1.19.1-airflow-2.1.4
- composer-1.19.1-airflow-2.2.5
- composer-2.0.18-airflow-2.1.4
- composer-2.0.18-airflow-2.2.5
Cloud Composer 1.18.12 is a version with an extended upgrade timeline.
Cloud Composer versions 1.16.7 and 1.17.0.preview.3 have reached their end of full support period.
CloudSQL for PostgreSQL now supports replication from an external server.
The PostgreSQL interface is now generally available, making the capabilities of Cloud Spanner accessible from the PostgreSQL ecosystem. It includes a core subset of the PostgreSQL SQL dialect, support for the psql command-line tool, native language clients, and integration into existing Google tools. For more information, see PostgreSQL interface.
(2022-R15) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.
Stable channel
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.19.16-gke.11000
- 1.20.15-gke.6000
- 1.21.11-gke.1100
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.20.15-gke.8000
- 1.21.11-gke.1900
- 1.22.8-gke.201
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.21.12-gke.1700
- 1.22.9-gke.1300
- 1.23.6-gke.1500
- 1.24.0-gke.1801
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11800 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.
(2022-R15) Version updates
- The following control plane and node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.
(2022-R15) Version updates
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.19.16-gke.11000
- 1.20.15-gke.6000
- 1.21.11-gke.1100
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.
(2022-R15) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.20.15-gke.8000
- 1.21.11-gke.1900
- 1.22.8-gke.201
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.
(2022-R15) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.21.12-gke.1700
- 1.22.9-gke.1300
- 1.23.6-gke.1500
- 1.24.0-gke.1801
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11800 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.
The Recommendations AI documentation set at https://cloud.google.com/retail/recommendations-ai/docs will be removed on July 5, 2022. This documentation set describes how to use the Recommendations console to manage and monitor Recommendations AI. We no longer recommend this console. After July 5, 2022, links to this documentation will redirect to the equivalent page in the Retail documentation at https://cloud.google.com/retail/docs.
We recommend that you use the Retail console to manage Recommendations AI. Find the documentation for the Retail console at https://cloud.google.com/retail/docs.
If you have not yet switched from the Recommendations console to the Retail console, see Switch to the Retail console.
June 22, 2022
ChronicleThe following supported default parsers have changed (listed by product name and ingestion label):
- Akamai WAF (AKAMAI_WAF)
- Aruba IPS (ARUBA_IPS)
- Azure AD Directory Audit (AZURE_AD_AUDIT)
- Carbon Black App Control (CB_APP_CONTROL)
- Check Point (CHECKPOINT_FIREWALL)
- Cisco ACS (CISCO_ACS)
- Cisco Email Security (CISCO_EMAIL_SECURITY)
- Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
- Cisco ISE (CISCO_ISE)
- Cisco Meraki (CISCO_MERAKI)
- Citrix Netscaler (CITRIX_NETSCALER)
- CloudM (CLOUDM)
- CrowdStrike Falcon (CS_EDR)
- EPIC Systems (EPIC)
- Forescout NAC (FORESCOUT_NAC)
- FortiGate (FORTINET_FIREWALL)
- GCP Compute (GCP_COMPUTE)
- IBM DataPower Gateway (IBM_DATAPOWER)
- Imperva (IMPERVA_WAF)
- JAMF Protect (JAMF_PROTECT)
- Linux Auditing System (AuditD) (AUDITD)
- Microsoft Exchange (EXCHANGE_MAIL)
- Netskope (NETSKOPE_ALERT)
- Office 365 (OFFICE_365)
- Okta (OKTA)
- Preempt Alert (PREEMPT)
- RSA (RSA_AUTH_MANAGER)
- SentinelOne EDR (SENTINEL_EDR)
- ServiceNow CMDB (SERVICENOW_CMDB)
- Sourcefire (SOURCEFIRE_IDS)
- Suricata IDS (SURICATA_IDS)
- Symantec Web Isolation (SYMANTEC_WEB_ISOLATION)
- Tripwire (TRIPWIRE_FIM)
- Unix system (NIX_SYSTEM)
- VMware AirWatch (AIRWATCH)
- VMware ESXi (VMWARE_ESX)
- VMware NSX (VMWARE_NSX)
- WatchGuard (WATCHGUARD)
- Workspace Alerts (WORKSPACE_ALERTS)
- Zscaler (ZSCALER_WEBPROXY)
For details about changes in each parser, see Supported default parsers.
Preview: You can now get cost insights in the Recommender API, and use them to detect anomalies in your costs. For example, you see a cost insight in the API if your costs for a day are significantly higher or lower than your typical daily costs.
The CPU utilization observability metric is incorrect for VMs that use one thread per core. For more information, see Known issues.
To deliver a better default price-performance for applications, all GKE clusters created with control plane version 1.24 and later have the Balanced Persistent Disk (PD) by default for attached volumes. Additionally, the node boot disk default has also been changed to Balanced Persistent Disk (PD).
The new default for attached volumes is applied to all clusters running control plane version 1.24 and later. The new default node boot disk is applied to all new node pools of any node pool version created in a cluster with control plane version 1.24 and later. Existing preferences will not be changed.
For more information on boot disks, see Configuring a custom boot disk.
For more information on attached volumes see Persistent volumes and dynamic provisioning.
Private Service Connect supports publishing a service that is hosted on an internal TCP proxy load balancer in a service producer VPC network. The backends can be located in Google Cloud, in other clouds, in an on-premises environment, or any combination of these locations.
This feature is available in Preview.
June 21, 2022
Apigee Integrated PortalOn June 21, we released an updated version of Apigee integrated portal.
Added the ability to sort by Name and Created fields in the Apps and Teams tables. Click the column heading to sort.
For example: On June 21, 2022 we released an updated version of the Apigee UI,
The Data Collectors UI is now generally available.
A search bar has been added to the new Proxy Editor Develop view. This lets you search for items within a proxy or sharedflow bundle.
On June 21, 2022, we released an updated version of Apigee X (1-8-0-apigee-18).
Bug ID | Description |
---|---|
234355351 | Fixed issue with message processor pods restarting frequently. Added backoff polling task for Cloud KMS key listener. The listener is paused only when the flush policy is met. |
N/A | Upgraded infrastructure and libraries. |
Query queues are now available in preview for on-demand and flat-rate customers. When query queues are enabled, BigQuery automatically determines the query concurrency rather than setting a fixed limit. Flat-rate customers can override this setting with a custom concurrency target. Additional queries beyond the concurrency target are queued until processing resources become available.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
You can enable an instance to publish to a subscriber that is external (or internal) to Cloud SQL. In this scenario, Cloud SQL for SQL Server can act as a publisher to an external subscriber. This functionality, which is generally available, uses transactional replication.
For more information, see Configure external replicas.
In Cloud SQL, you can use SQL Server Audit capabilities to track and log server-level and database-level events. This functionality is generally available.
For more information, see SQL Server database auditing.
New sub-minor versions of Dataproc images:
1.5.70-debian10
, 1.5.70-rocky8
, 1.5.70-ubuntu18
2.0.44-debian10
, 2.0.44-rocky8
, 2.0.44-ubuntu18
For 1.5 and 2.0 images, backported YARN-9608 to fix the issue in graceful decommissioning.
The Dialogflow CX search feature is now GA (generally available).
Workflows can invoke private on‑premises, Compute Engine, Google Kubernetes Engine (GKE), or other Google Cloud endpoints that are Identity-Aware Proxy (IAP)-enabled.
June 20, 2022
Cloud ComposerIn July 2022, Cloud Composer 2 environments created in Cloud console will use Private Service Connect configuration by default.
In July 2022, Cloud Composer 1 environments created in Cloud console will use the latest available version of Airflow 2 by default.
Cloud Load Balancing introduces a new version of the external HTTP(S) load balancer. The new global external HTTP(S) load balancer with advanced traffic management capabilities contains many of the features of our existing classic HTTP(S) load balancer, but with an ever-growing list of traffic management capabilities such as weighted traffic splitting, request mirroring, outlier detection, fault injection, and so on.
For details on the new load balancer, see:
- External HTTPS(S) Load Balancing overview
- Load balancer features (External HTTP(S) > Global )
- Setting up a global external HTTP(S) load balancer
- Traffic management for global external HTTP(S) load balancers
This load balancer is available in General Availability.
Support for VPC Service Controls is generally available (GA).
June 17, 2022
Anthos Service MeshThe Fleet Feature API (mesh.googleapis.com
) now enables the Connect Gateway API (connectgateway.googleapis.com
). This change does not incur any additional cost.
Config Controller now uses version 1.87.0 for Config Connector (release notes)
Datastore now supports the not-equal (!=
), IN
and NOT_IN
query filters.
The filters are now available in the Google Cloud console and the following client libraries:
- Java
- Python
- PHP
- Node.js
A feature for protecting tag values from being deleted has launched into general availability. If a tag value has a tag hold, it cannot be deleted by users unless the tag hold is first deleted. For more information about tag holds, see Protecting tag values with tag holds.
Support for IAM resource-level policies for Vertex AI featurestore and entityType resources is available in Preview.
June 16, 2022
Anthos clusters on VMwareAnthos clusters on VMware 1.10.5-gke.26 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.5-gke.26 runs on Kubernetes 1.21.5-gke.1200.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.
Fixed for version 1.10.5
Fixed the issue where admin cluster backup did not back up always-on secrets encryption keys. This caused repairing an admin cluster using
gkectl repair master --restore-from-backup
to fail when always-on secrets encryption was enabled.Fixed the issue of high resource usage when AIDE runs as a cron job by disabling AIDE by default. This fix will affect compliance with CIS L1 Server benchmark 1.4.2:
Ensure filesystem integrity is regularly checked.
To re-enable the AIDE cron job, see Configure AIDE cron job.
Fixed the following vulnerabilities
High-severity container vulnerabilities:
Critical container vulnerabilities:
Container-optimized OS and Ubuntu vulnerabilities:
Preview: Windows VMs now support SSH connections from the gcloud CLI. For more information, see Connect to Windows VMs using SSH.
Datastream now supports the use of tags on its resources, which include private connectivity configurations, connection profiles, and streams. Tags are key-value pairs that you can apply to your Datastream resources for fine-grained access control. To learn more, see Access control with tags. To use tags, see Manage tags.
You can now order Transfer Appliance from the Cloud console, as well as view, track, and manage your orders and appliances. For more info, see the Order Transfer Appliance page.
June 15, 2022
Bare Metal SolutionAdvanced networking capabilities for Bare Metal Solution -- Enables you to use the following features:
- Add multiple VLANs on the same bonded server interface.
- Configure multiple VLAN attachments over a Partner Interconnect connection to your Bare Metal Solution environment.
- Connect the Bare Metal Solution environment to more than one Virtual Private Cloud (VPC) in your Google Cloud project.
- Use network templates to enable a flexible network design of your choice, such as active/active and active/backup, to meet your needs for high availability, redundancy, and load balancing.
Deterministic encryption SQL functions are now generally available (GA). New AEAD encryption functions include DETERMINISTIC_ENCRYPT
, DETERMINISTIC_DECRYPT_BYTES
, and
DETERMINISTIC_DECRYPT_STRING
. These functions allow column-level encryption and decryption of data while supporting aggregation and table joins.
Starting from July 2022, Cloud Composer service will start enforcing the "Act As" organization policy in all projects. It's a follow-up from the announcements sent out earlier. Please, grant the iam.serviceAccounts.actAs
permission to users and service accounts that create, update, and delete Cloud Composer environments. For more information, see Securing Cloud Composer.
The earlier issue with autoscaling in some Cloud Composer 2 environments is now resolved for all impacted environments.
(Airflow 1) New versions of Cloud Composer no longer support Python 2:
- Starting from version 1.19.0, it is not possible to create new environments with Python 2, or upgrade existing environments with Python 2 to 1.19.0 and later versions of Cloud Composer.
- Existing environments with Python 2 are not impacted by this change. It is possible to upgrade such environments to Cloud Composer version 1.18.12 and earlier through gcloud CLI, API, and Terraform.
(Cloud Composer 1) Fixed the problem that caused increased DAG and task failures in Public IP environments because of Airflow database connectivity issues. This change improves the reliability of connections to the Airflow Database in Public IP environments.
You can upgrade your Composer 1 environments where you experience this issue to Cloud Composer 1.19.0 version to fix the problem immediately.
The fix will be applied to all existing Cloud Composer 1 Public IP environments within the next couple of days. We will announce when the issue is resolved. If you have any questions or concerns, please contact Cloud Customer Care.
Logs in Cloud Logging now have Airflow DAG and task annotations for multilined output.
(Airflow 2) Enabled User Stats Chart view in Airflow UI for users with the Admin role.
(Airflow 2) Fix processor cleanup on DagFileProcessorManager #22685
Cloud Composer 1.19.0 and 2.0.17 images are available:
- composer-1.19.0-airflow-1.10.15 (default)
- composer-1.19.0-airflow-2.1.4
- composer-1.19.0-airflow-2.2.5
- composer-2.0.17-airflow-2.1.4
- composer-2.0.17-airflow-2.2.5
Cloud Composer versions 1.16.6 and 1.17.0.preview.2 have reached their end of full support period.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
Added the complexDataTypeReferenceParsing
field to the FHIR store resource, which lets you parse references within complex FHIR data types, such as FHIR extensions.
Cloud console SSH-in-browser connections might fail if you use custom firewall rules. For workarounds, see Known issues.
Confidential GKE Nodes is now generally available in GKE version 1.22 and later for stateful workloads using persistent disks, and in all GKE versions for stateless workloads. Use Confidential GKE Nodes to encrypt your workload data in-use through Compute Engine Confidential VMs.
Google Cloud monitoring agent for SAP NetWeaver version 2.4
Version 2.4 of the Google Cloud monitoring agent for SAP NetWeaver is now available. This version includes bug fixes and supportability improvements.
For more information about the agent, see Monitoring SAP NetWeaver on Google Cloud.
The Video Stitcher API is generally available (GA).
June 14, 2022
Apigee Integrated PortalOn June 14, we released an updated version of Apigee integrated portal.
Use a GraphQL schema to publish your APIs to an integrated portal.
For details, see:
The Python 3.10 runtime (preview) now uses Ubuntu 22.
You can now use the Cloud console to set up VPC service control perimeters to restrict access from BigQuery Omni to external clouds. You can also specify whether you want to grant read or write permission on your external resource. This feature is now generally available (GA).
You can now explore data in Data Studio by using links from your BigQuery query results in the Google Cloud Console. This feature is now generally available (GA).
Enhancements to YARA-L 2.0 syntax in Detection Engine rules
We have enhanced the outcome
section that can be used in Detection Engine rules.
- We now support up to 10 outcome variables.
- We now support integer and string data type outcome variables.
- We have added new aggregate functions:
count()
,count_distinct()
,array()
,array_distinct()
For more details about the outcome section, see Outcome section syntax.
Authorized networks support is now generally available (GA).
The Python 3.10 runtime (preview) now uses Ubuntu 22.
For enhanced security with built-in authentication, Cloud SQL now lets you set password policies at the instance level.
Generally Available: The image import tool now supports importing Windows Server 2022 images to Google Cloud.
Generally available: Optimize the distribution of VMs in sole-tenant node groups. For more information, see About manual live migration.
Announcing the General Availability (GA) release of Dataproc Custom OSS Metrics GA, which collects then integrates Dataproc cluster OSS component metrics into Cloud Monitoring.
New sub-minor versions of Dataproc images:
1.5.69-debian10
, 1.5.69-rocky8
, 1.5.69-ubuntu18
2.0.43-debian10
, 2.0.43-rocky8
, 2.0.43-ubuntu18
Backported the patch for HBASE-23287 to HBase 1.5.0 in 1.5 image
The following organization policy constraints to restrict resource creation of global security configuration have launched into general availability:
- Disable Creation of Cloud Armor Security Policies
- Disable Creation of global self-managed SSL Certificates
- Disable Global Load Balancing
- Disable Enabling Identity-Aware Proxy (IAP) on global resources
- Disable Enabling Identity-Aware Proxy (IAP) on regional resources
June 13, 2022
BigQueryA new system variable, @@dataset_project_id
, is now generally available. @@dataset_project_id
allows you to set a default project where one is not specified for a dataset in your query. This variable is also available as a Connection Property.
Cloud DNS per resource IAM permissions are available in Preview.
You can now set up specific read, write, or administrator permissions for different managed zones under the same project.
The following extensions in Cloud SQL for PostgreSQL are generally available:
- pg_bigm. Enables full text search and allows a two-gram (bigram) index for faster full text search.
- refint. Enables the checking of foreign key restraints, the referencing table, and the referenced table.
- decoderbufs. A logical decoder that delivers output data as Protocol Buffers, adapted for Debezium.
- pg_wait_sample. Collects sampling statistics of wait events, providing wait event data for processes on servers.
Additionally, users with the cloudsqlsuperuser
role have full access to the pg_largeobject
system catalog.
Cloud SQL enables you to access to the pg_shadow
view. You can use the pg_shadow
view to work with the properties of roles that are marked as rolcanlogin
in the pg_authid
catalog.
For more information, see Access to the pg_shadow view.
Generally Available: Compute Engine can now use a maximum network packet size of 8896
when communicating between VMs on the same subnet. For details, see the maximum transmission unit overview.
Announcing the General Availability (GA) release of Ranger Cloud Storage plugin. This plugin activates an authorization service on each Dataproc cluster VM, which evaluates requests from the Cloud Storage connector against Ranger policies and, if the request is allowed, returns an access token for the cluster VM service account
Dataproc is now available in the us-south1
region (Dallas, Texas).
The Dialogflow ES Google Assistant integration will be removed on June 13, 2023. This is due to the Google Assistant Conversational Actions planned sunsetting.
Document AI is now generally available (GA) in the following new locations:
asia-south1
(Mumbai)australia-southeast1
(Sydney)
You must request access to use the new locations. For more information, see Regional and multi-regional support.
New Identity Processor (Preview)
The France Passport Parser is now available in limited preview.
(2022-R14) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.22.8-gke.202 is now the default version.
- Control plane version 1.19.16-gke.9400 is now available.
- The following control plane and node versions are now available:
- Control plane version 1.21.11-gke.900 is no longer available.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.11-gke.1900 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.5-gke.1503 with this release.
Stable channel
- Version 1.21.11-gke.1900 is now the default version in the Stable channel.
- Version 1.22.8-gke.202 is now available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.11-gke.1900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.
Regular channel
- Version 1.22.8-gke.202 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.20.15-gke.6000
- 1.21.11-gke.1100
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.8-gke.202 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.5-gke.1503 with this release.
Rapid channel
- Version 1.23.6-gke.1501 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.21.12-gke.1500
- 1.22.8-gke.2200
- 1.23.5-gke.2400
- 1.24.0-gke.1000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.9-gke.1300 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.6-gke.1501 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.6-gke.1501 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.0-gke.1801 with this release.
CVE-2022-25235 has been patched in the PD CSI driver in 1.22 and 1.23 clusters. If your cluster is not configured for auto-upgrade, please manually upgrade to eliminate this vulnerability.
GKE Node System Configuration now supports setting pod pid limits.
(2022-R14) Version updates
- Version 1.22.8-gke.202 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.20.15-gke.6000
- 1.21.11-gke.1100
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.8-gke.202 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.5-gke.1503 with this release.
(2022-R14) Version updates
- Version 1.23.6-gke.1501 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.21.12-gke.1500
- 1.22.8-gke.2200
- 1.23.5-gke.2400
- 1.24.0-gke.1000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.9-gke.1300 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.6-gke.1501 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.6-gke.1501 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.0-gke.1801 with this release.
(2022-R14) Version updates
- Version 1.21.11-gke.1900 is now the default version in the Stable channel.
- Version 1.22.8-gke.202 is now available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.11-gke.1900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.
(2022-R14) Version updates
- Version 1.22.8-gke.202 is now the default version.
- Control plane version 1.19.16-gke.9400 is now available.
- The following control plane and node versions are now available:
- Control plane version 1.21.11-gke.900 is no longer available.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.11-gke.1900 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.5-gke.1503 with this release.
Live Stream API is now in GA.
VPC networks now support jumbo frame MTUs within the same subnet. MTU can be set from 1300
to 8896
. For details, see the maximum transmission unit overview.
Parallel steps are available in Preview.
June 10, 2022
Anthos Service MeshThere is a known issues with the signatures of the revisions released June 9, 2022. To avoid this issue, upgrade to one of the following versions instead:
- 1.13.4-asm.4
- 1.12.7-asm.2
- 1.11.8-asm.4
1.13.4-asm.4 is now available.
This patch release contains a fix for the known issue with the signatures of the revisions released June 9, 2022 as well as the fixes for the security vulnerabilities listed in GCP-2022-015. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.
1.12.7-asm.2 is now available.
This patch release contains a fix for the known issue with the signatures of the revisions released June 9, 2022 as well as the fixes for the security vulnerabilities listed in GCP-2022-015. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.
1.11.8-asm.4 is now available.
This patch release contains a fix for the known issue with the signatures of the revisions released June 9, 2022 as well as the fixes for the security vulnerabilities listed in GCP-2022-015. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.
Quotas for multi-statement queries have changed. The cumulative time limit for a multi-statement query has increased from 6 hours to 24 hours.
Cloud SQL now supports faster machine type changes, with connectivity dropping to less than 60 seconds. For more information, see Impact of changing instance settings.
Cloud SQL now supports faster machine type changes, with connectivity dropping to less than 60 seconds. For more information, see Impact of changing instance settings.
Cloud SQL now supports faster machine type changes, with connectivity dropping to less than 60 seconds. For more information, see Impact of changing instance settings.
Commit timestamps enable a Cloud Spanner optimization that can reduce query I/O when retrieving data written after a particular time.
The Contract Parser is now more accurate, can extract more fields and supports higher page limits.
You can now easily identify clusters that use deprecated Kubernetes APIs removed in version 1.22. Kubernetes deprecation insights are now available in Preview.
Added support for customer-managed encryption keys (Preview) for Memorystore for Redis. For more details, see Customer-managed encryption keys.
June 09, 2022
Anthos Service MeshThe Istio and Envoy projects recently disclosed a series of CVEs that can expose Anthos Service Mesh to remotely exploitable vulnerabilities. For more information, see the security bulletin.
1.13.4-asm.3 is now available.
This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-015. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.
1.12.7-asm.1 is now available.
This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-015. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.
1.11.8-asm.3 is now available.
This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-015. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.
Release 1.9.8
Anthos clusters on bare metal 1.9.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.9.8 runs on Kubernetes 1.21.
Fixes:
The following container image security vulnerabilities have been fixed:
Known issues:
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
Audit logs for Maven, npm, and Python repositories are now available in Cloud Logging.
Cloud Data Fusion version 6.7.0 is in Preview. This release is in parallel with the CDAP 6.7.0 release.
Features in 6.7.0:
- Connection Management is generally available (GA).
- DNS Resolution is available in Preview. Cloud Data Fusion supports using domain or hostnames for sources instead of IP addresses for pipeline design-time activities, such as getting schema, wrangling, and previewing pipelines.
- Transformation Pushdown is generally available (GA) for
JOIN
operations. Several new transformations are available in Preview, includingGroup By
and deduplicate aggregations. Added support for the BigQuery Storage Read API to improve performance when extracting data from BigQuery. For more information, see the Transformation Pushdown overview. - Dataplex Source and Sink plugins are available in Preview as system plugins in Cloud Data Fusion. You no longer need to install the plugins.
Changes in 6.7.0:
- Increased pipeline launch and run scalability in Enterprise instances.
- In Transformation Pushdown, added the ability to use existing connections.
- Added the ability to parse files before loading data into a Wrangler workspace.
- Added the ability to import the schema in JSON and some Avro formats, where schema inference isn't possible before loading data into the Wrangler workspace.
- In Connection Management:
- Added the ability to edit connections.
- Added support for connections for several plugins and sinks.
- Added the ability to browse partial hierarchies, such as BigQuery datasets and Dataplex zones.
- In the Cloud Storage Done File Marker Post-Action plugin, added support for the Location property, which lets you have buckets and customer-managed encryption keys in locations that are not
US
locations. - In the BigQuery Execution Action plugin and the BigQuery Argument Setter action plugin, added support for the Dataset Project ID property, the Project ID of the dataset that stores the query results. It's required if the dataset is in a different project than the BigQuery job.
- In BigQuery sinks, added support for the
BigNumeric
data type. - In the BigQuery Table Batch Source, added the ability to query any temporary table in any project when you set the Enable querying views property to
Yes
. Previously, you could only query views. - In Cloud Data Loss Prevention plugins, added support for templates from other projects.
- Added a new pipeline state for when you manually stop a pipeline run:
Stopping
. - In the BigQuery Execute plugin, added the ability to look up the drive scope for the service account to read from external tables created from the drive.
- Improved the generic Database source plugin to correctly read decimal data.
- Improved the Google Cloud Platform plugins to validate the Encryption Key Name property.
- In the replication configurations, added the ability to enable soft deletes from a BigQuery target.
- In Wrangler, added support for nested arrays, such as the BigQuery
STRUCT
data type. - In the Cloud Storage File Reader Batch Source plugin, added the Allow Empty Input property.
- In the Cloud Storage File Reader Batch Source and Amazon S3 Batch Source plugins, added the Enable Quoted Values property, which lets you treat content between quotes as a value.
- In the Joiner transformation, added the Input with Larger Data Skew property.
- Behavior change: In the Pipeline Studio, if you click Stop on a running pipeline and the pipeline doesn't stop after 6 hours, the pipeline is forcefully terminated.
- Behavior change: In the Deduplicate Analytics plugin, limited the Filter Operation property to one record. If this property isn't set, a random record is chosen from the group of duplicate records.
- Behavior change: The BigQuery sink supports Nullable Arrays. A
NULL
array is converted to an empty array at insertion time.
Fixed in 6.7.0:
- Fixed an issue in the
Group By
transformation whereLongest String
andShortest String
aggregators returned an empty string, even when all records contained null values in the specified field. TheGroup By
transformation returns null for empty input. - Fixed an issue in the
Group By
transformation that caused theConcat
andConcat Distinct
aggregate functions to produce incorrect results in some cases. - Fixed an issue in the
Group By
transformation that caused theVariance
,Variance If
, andStandard Deviation
aggregate functions to produce incorrect results in some cases. - In the Oracle and MySQL Batch Source plugins, fixed an issue to treat all timestamps, specifically the ones older than the Gregorian cutover date (October 15, 1582), from the database in Gregorian calendar format.
- Improved the generic Database source plugin to correctly read data when the data type is
NUMBER
, scale is set, and the data contains integer values. - Fixed an issue in sources (such as File and Cloud Storage) that resulted in an error if you clicked Get Schema when the source file contained delimiters used in regular expressions, such as "
|
" or ".
". You no longer need to escape delimiters for sources. - Fixed an issue where Datastore sources read a maximum of 300 records. Datastore sources read all records.
- Fixed an issue in BigQuery sinks where the output table was not partitioned correctly in the following cases:
- The output table didn't exist.
- Partitioning type was set to
Time
. - Operation was set to
Upsert
.
- Fixed an issue that caused pipelines with BigQuery sinks that have input schemas with nested array fields to fail.
- Fixed issues that caused failures when reading maps and named enums from Avro files.
Cloud Data Fusion version 6.7.0 does not support Dataproc version 1.3. For more information, see the compatible versions of Dataproc.
The June maintenance changelog is now available. For more information, use the links at Maintenance changelog.
The June maintenance changelog is now available. For more information, use the links at Maintenance changelog.
The June maintenance changelog is now available. For more information, use the links at Maintenance changelog.
Cloud Scheduler jobs that are paused can now be edited. See Create and configure cron jobs.
Config Connector version 1.88.0 is now available.
Added support for ServiceDirectoryNamespace
and ServiceDirectoryService
resources.
Added fields spec.maintenancePolicy
and spec.maintenanceSchedule
to MemcacheInstance
resource.
June 08, 2022
BigQueryBatch and interactive translation services are now generally available (GA), and include support for most major SQL dialects. This release also includes preview availability of SQL object name mapping and metadata extraction tools that you can use to increase the accuracy of your batch translation jobs.
The following supported default parsers have changed (listed by product name and ingestion label):
- Amazon Guardduty (GUARDDUTY)
- Atlassian Jira (ATLASSIAN_JIRA)
- AWS CloudFront (AWS_CLOUDFRONT)
- AWS Cloudtrail (AWS_CLOUDTRAIL)
- AWS CloudWatch (AWS_CLOUDWATCH)
- AWS Config (AWS_CONFIG)
- AWS Elastic Load Balancer (AWS_ELB)
- AWS Key Management Service (AWS_KMS)
- AWS VPC Flow (AWS_VPC_FLOW)
- Check Point (CHECKPOINT_FIREWALL)
- Cisco ACS (CISCO_ACS)
- Cisco Email Security (CISCO_EMAIL_SECURITY)
- CrowdStrike Falcon (CS_EDR)
- Elastic Audit Beats (ELASTIC_AUDITBEAT)
- Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
- ESET Threat Intelligence (ESET_IOC)
- F5 BIGIP LTM (F5_BIGIP_LTM)
- Fastly WAF (FASTLY_WAF)
- GCP Cloud IOT (GCP_CLOUDIOT)
- HCL BigFix (HCL_BIGFIX)
- IBM z/OS (IBM_ZOS)
- Imperva (IMPERVA_WAF)
- Infoblox DNS (INFOBLOX_DNS)
- Juniper IPS (JUNIPER_IPS)
- Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
- Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
- Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
- Microsoft SQL Server (MICROSOFT_SQL)
- Okta (OKTA)
- Tanium Stream (TANIUM_TH)
- Trend Micro AV (TRENDMICRO_AV)
- Unix system (NIX_SYSTEM)
- Windows Event (WINEVTLOG)
- Zscaler (ZSCALER_WEBPROXY)
For details about changes in each parser, see Supported default parsers.
The LOCATION_COORDINATES infoType detector is available in all regions.
Session affinity is now available for Cloud Run service revisions.
An addendum to the May maintenance changelog shows additional security patches. For more information, use the links at Maintenance changelog.
New maintenance versions are now available through self-service maintenance. See the maintenance changelog to learn more about these new maintenance versions.
An addendum to the May maintenance changelog shows additional security patches. For more information, use the links at Maintenance changelog.
An addendum to the May maintenance changelog shows additional security patches. For more information, use the links at Maintenance changelog.
Config Controller is now supported in region europe-west1
, europe-west3
and australia-southeast2
Beta stage support for the following integration:
June 07, 2022
Cloud ComposerThis version fixes a problem with autoscaling not working properly in Cloud Composer 2 environments when GKE version 1.22 is used for the environment's cluster:
- The issue could impact your Cloud Composer 2 environment if you created it between June 2, 2022 and June 7, 2022.
- If you were impacted by this issue, you can recreate such an environment. As another option, Google will apply a fix to all impacted environments in a few days.
- We will announce when the issue is resolved. If you have any questions or concerns, please contact Cloud Customer Care.
(Airflow 1.10.15) Upgraded apache-beam
and google
provider packages to version 2022.6.1:
- Support impersonation_chain parameter for Dataflow runner in Apache Beam operators
- Added missing project_id parameter for wait_for_job method in the Dataflow operators
- Added key_secret_project_id parameter which specifies a project with KeyFile
Cloud Composer 1.18.12 and 2.0.16 images are available:
- composer-1.18.12-airflow-1.10.15 (default)
- composer-1.18.12-airflow-2.1.4
- composer-1.18.12-airflow-2.2.5
- composer-2.0.16-airflow-2.1.4
- composer-2.0.16-airflow-2.2.5
Cloud KMS is available in the following region:
us-south1
For more information, see Cloud KMS locations.
The following new region is now available: us-south1
.
Support for us-south1 (Dallas).
Support for us-south1 (Dallas).
Support for us-south1 (Dallas).
You can create Cloud Spanner regional instances in Dallas (us-south1
).
Cloud VPN is available in region us-south1 (Dallas, US).
Pricing is available on the Cloud VPN pricing page.
Generally available: Dallas, Texas us-south1-a,b,c
has launched with E2 and N2 VMs available in all three zones.
See VM instance pricing for details.
Dataflow is now available in Dallas, Texas (us-south1
).
Google Cloud Armor Threat Intelligence (Threat Intel) is available in public preview. Threat Intel lets you secure your traffic by allowing or blocking traffic to your HTTP(S) load balancers based on threat intelligence data. For more information, see Configuring Threat Intelligence.
The Google Cloud Terraform provider now supports creating Google Cloud Deploy delivery pipelines and targets.
The us-south1
region in Dallas, Texas
is now available.
Pub/Sub is now available in us-south1
(Dallas, Texas).
The following Pub/Sub metrics are deprecated and will be discontinued in 12 months.
- subscription/streaming_pull_message_operation_count
- subscription/streaming_pull_ack_message_operation_count
- subscription/streaming_pull_mod_ack_deadline_message_operation_count
- subscription/pull_message_operation_count
- subscription/pull_ack_message_operation_count
- subscription/mod_ack_deadline_message_operation_count
- topic/send_message_operation_count
General availability for the following integration:
For auto mode VPC networks, added a new subnet 10.206.0.0/20
for the Dallas us-south1
region. For more information, see Auto mode IP ranges.
June 06, 2022
Anthos clusters on AWSYou can now launch clusters with the following Kubernetes versions:
- 1.21.11-gke.1800
- 1.22.8-gke.2100
Windows nodes on 1.22.8-gke.2100 now use pigz to improve image layer extraction performance.
You can now launch clusters with the following Kubernetes versions:
- 1.21.11-gke.1800
- 1.22.8-gke.2100
Windows nodes on 1.22.8-gke.2100 now use pigz to improve image layer extraction performance.
On June 6, 2022 Apigee hub released a new version of the software
Bug ID | Description |
---|---|
234772624 | Fixed an issue where an API could not be deleted if it had deployments. |
The Java 17 runtime (preview) now uses Ubuntu 22.
You can now attach Resource Manager tags to datasets. This feature is supported in Preview. Tags let you conditionally apply Identity and Access Management (IAM) policies to resources.
The following Storage Read API quotas and limits have changed:
- There is now a limit of 2,000 concurrent
ReadRows
calls per project in theUS
andEU
multi-regions and 400 concurrentReadRows
calls in other regions. - The number of data plane requests per user per project per minute has increased from 5,000 to 25,000.
For more information, see Storage Read API quotas and limits.
The Java 17 runtime (preview) now uses Ubuntu 22.
External TCP/UDP Network Load Balancing now supports load-balancing GRE traffic. To handle GRE protocol traffic, you set the load balancer's forwarding rule protocol to L3_DEFAULT
and set the backend service protocol to UNSPECIFIED
.
For details, see:
This feature is available in General Availability.
You can now create and edit Cloud Run jobs using the Cloud console.
Cloud Storage is now available in Dallas, Texas (us-south1
region).
Generally available: NVIDIA A100 GPUs are now available in the following additional regions and zones:
Las Vegas, Nevada, North America : us-west4-b
For more information about using GPUs on Compute Engine, see GPU platforms.
Preview: When you create VMs in bulk, you can now use the following new values with the TARGET_SHAPE
flag:
ANY
: Use this value to place VMs in zones to maximize unused zonal reservations.BALANCED
: Use this value to place VMs uniformly across zones.
Config Controller now uses the following versions of its included products:
- Anthos Config Management v1.11.2, release notes
- Config Connector v1.86.0, release notes
Announcing the General Availability (GA) release of Dataproc Persistent History Server, which provides web interfaces to view job history for jobs run on active or deleted Dataproc clusters.
Dataproc Serverless for Spark now uses runtime version 1.0.13.
New sub-minor versions of Dataproc images:
1.5.68-debian10
, 1.5.68-rocky8
, 1.5.68-ubuntu18
2.0.42-debian10
, 2.0.42-rocky8
, 2.0.42-ubuntu18
Dataproc Serverless for Spark runtime versions 1.0.2, 1.0.3 and 1.0.4 are unavailable for new batch submissions.
Dataproc on GKE Spark 3.1 images upgraded to Spark version 3.1.3.
Upgrade Cloud Storage connector version 2.1.8 for 1.5 images only.
Fixed a bug where HDFS directories initialization could fail when user names in a project contain special characters.
Fix a Dataproc on GKE bug that caused upload of driver logs to Cloud Storage to fail.
Updated Dataproc Metastore auxiliary versions to support the Spanner database type.
If you've created private offers that use a prepay payment schedule, you see new fields when you manage entitlements with the Partner Procurement API, and also additional information in your Customer Insights report.
BigQuery Connector for SAP version 2.1
Version 2.1 of BigQuery Connector for SAP is now available. For more information, see What's new with BigQuery Connector for SAP.
Storage Transfer Service now offers a merged, unified console experience for cloud and file system transfers. All transfer jobs irrespective of source can be tracked though a single interface. This launch simplifies job creation, monitoring, and troubleshooting.
June 03, 2022
Anthos clusters on VMwareCluster lifecycle improvements
GA: You can use the Cloud console to create, update, and delete Anthos on VMware user clusters. For more information, see Create a user cluster in the Cloud console.
BigQuery Omni now supports Reservation and Access Control DCL. This feature is in Preview.
You can now add, edit, and remove alerting policy user labels by using the Cloud console when you use the preview alerting interface. To configure policy labels, edit the policy and go to the Notifications and name step. For more information, see Create an alerting policy.
Google Cloud Deploy is now available in the following region: australia-southeast1
(Syndey)
The basic tier for Translation Hub (a self-serve document translation service) is generally available (GA).
June 02, 2022
Anthos clusters on bare metalRelease 1.10.5
Anthos clusters on bare metal 1.10.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.5 runs on Kubernetes 1.21.
Fixes:
The following container image security vulnerabilities have been fixed:
Known issues:
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
On June 2, 2022, we released an updated version of Apigee X.
Apigee X APIs for managing key value entries in a key value map scoped to an organization, environment, or API proxy are now available. For more information, see the Apigee API reference documentation.
On June 2, 2022 we released an updated version of the Apigee hybrid software, v1.7.1.
For information on upgrading, see Upgrading Apigee hybrid to version 1.7.
Bug ID | Description |
---|---|
233349518 | Fixed "Invalid Resource" error generated for job/apigee-resources-install . |
232977937 | Fixed an issue where deployment would become stuck on "Applying routing changes on" for multiple ingress gateways. |
216018530 | Fixed an issue where the apigee-logger-apigee-telemetry DaemonSet could still be left running after turning off logger. |
226964206 | MART, runtime and synchronizer would write to the pod file system. |
211716827 | Fixed an issue where a non-default gateway could cause routing errors in certain circumstances. |
225198475 | Fixed an issue where resource reference changes could not be detected. |
225939342 | Fixed an error where deployment status would show as "Applying routing changes on {env}". |
229824389 | Fixed an issue in hybrid 1.7.0 where the output apigeectl init could be generated in the wrong order. |
229639530 | Fixed an error harmonizing the container process ID to use Apigee ID for Hybrid on OpenShift |
229804717 | Fixed upgrade envoy to use distroless v1.22.0. |
227538469 | Fixed an issue where configuration actions would write logs to the pod file system. |
205616792 | Fixed core dump on running user schema setup. |
225081332 | Fixed allow privileged pods issue. |
Cloud Bigtable now provides increased observability by letting you identify and monitor hot tablets in a cluster. This feature is generally available (GA). To learn more, see Hot tablets.
Turbo replication is generally available (GA).
June 01, 2022
Anthos clusters on AWS (previous generation)Anthos Clusters on AWS aws-1.11.1-gke.7 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:
- 1.22.9-gke.800
- 1.21.12-gke.1000
- 1.20.15-gke.7500
This release fixes the following CVEs:
Web server restarting is available in Preview in Cloud Composer 2.
IP Masquerade agent support is now generally available (GA) in Cloud Composer 1 and Cloud Composer 2.
(Cloud Composer 2) Environment's size can now be updated for environments with Private Service Connect.
(Cloud Composer 2) The amount of memory available to Redis queue now scales with the environment's size.
Fixed a problem where an upgrade operation could fail when deleting the previous Cloud Composer namespace.
Airflow 2.2.3 is no longer included in Cloud Composer images.
Cloud Composer 1.18.11 and 2.0.15 images are available:
- composer-1.18.11-airflow-1.10.15 (default)
- composer-1.18.11-airflow-2.1.4
- composer-1.18.11-airflow-2.2.5
- composer-2.0.15-airflow-2.1.4
- composer-2.0.15-airflow-2.2.5
De-identification operations are now billed progressively as the work completes. An operation that does not complete might still incur billing for the work that was completed successfully.
When a FHIR resource is modified, the full contents of the FHIR resource can be sent in a Pub/Sub notification. For more information, see FHIR notifications containing FHIR data.
Forwarding rules for external TCP/UDP network load balancers can now be configured to direct traffic coming from a specific range of source IP addresses to a specific backend service (or target instance). This is called traffic steering.
For details, see:
Config Connector version 1.87.0 is now available.
Added spec.pscTargetService
field to ComputeRegionNetworkEndpointGroup
.
Added spec.enableDynamicPortAllocation
field to ComputeRouterNAT
.
Added spec.maintenancePolicy.maintenanceExclusion[].exclusionOptions
field to ContainerCluster
.
Added spec.settings.activeDirectoryConfig
field to SQLInstance
.
Added spec.gateways
field to NetworkServicesTCPRoute
.
Dataproc is now available in the us-east5
region (Columbus, Ohio).
Identity DocAI General availability (GA) release
The following Identity DocAI processors are now Generally Available (GA).
For more information, see Document AI for Identity.
Support for VPC Service Controls is now available in General Availability.
Support for VPC Service Controls is now available in General Availability.
Google Cloud Deploy support for Skaffold version 1.37.1 has been updated to version 1.37.2, which is now the default Skaffold version.
Google Cloud storage manager for SAP HANA standby nodes version 2.5
Version 2.5 of the Google Cloud storage manager for SAP HANA standby nodes is now available. This version includes bug fixes and supportability improvements.
For more information about the storage manager, see Storage Manager for SAP HANA.
General availability for the following integrations:
Workflows is now available in the europe-west8
(Milan, Italy) region.
May 31, 2022
AlloyDB for PostgreSQLVPC Service Controls, a Cloud-wide feature that helps mitigate the risk of data exfiltration, is available with AlloyDB.
On May 31, 2022 we released an updated version of the Apigee UI.
API Monitoring Timeline charts were not displayed correctly in the Timeline view.
Previously, you needed to navigate to another API Monitoring view (such as Investigate) and then return to the Timeline view to see charts. This has been fixed: now you can go directly to the Timeline view to see charts.
hybrid v1.6.8
On May 31, 2022 we released an updated version of the Apigee hybrid software, v1.6.8.
For information on upgrading, see Upgrading Apigee hybrid to version 1.6.
Bug ID | Description |
---|---|
233349518 | Fixed "Invalid Resource" error generated for job/apigee-resources-install . |
225939342 | Fixed an error where deployment status would show as "Applying routing changes on {env}". |
225198475 | Fixed an issue where resource reference changes could not be detected. |
232977937 | Fixed an issue where deployment would become stuck on "Applying routing changes on" for multiple ingress gateways. |
229804717 | Fixed upgrade envoy to use distroless v1.22.0. |
Column-level data masking is now available in preview. You can use data masking to selectively obscure column data for groups of users, while still allowing access to the column. When you use data masking in combination with column-level access control, you can configure a range of access to column data, from full access to no access, based on the requirements of different groups of users.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
Granular instance sizing is now generally available. You can now create production instances of fewer than 1000 processing units. To learn more, see Compute capacity, nodes and processing units.
Generally available: NVIDIA A100 GPUs are now available in the following additional regions and zones:
Seoul, South Korea, APAC : asia-northeast3-a,b
For more information about using GPUs on Compute Engine, see GPU platforms.
Dataproc is now available in the europe-southwest1
region (Madrid, Spain).
Dataproc is now available in the europe-west9
region (Paris, France).
Private cloud creation now uses the HCX Enterprise license level by default, enabling the following premium HCX features:
- HCX Replication Assisted vMotion (bulk, no-downtime migration)
- Migrations from KVM and Hyper-V to vSphere
- Traffic engineering
- Mobility groups
- Mobility-optimized networking
The Pub/Sub Java client library now supports gRPC compression to save networking costs before your publisher client sends out the publish request.
General availability for the following integration:
May 30, 2022
Cloud LoggingThe Logs Explorer has now replaced the Legacy Log Viewer.
The Logs Explorer is the updated version of the Logging interface, and lets you quickly and efficiently retrieve, view, and analyze logs from your queries. For a detailed tour of the Logs Explorer's features, see Using the Logs Explorer.
New sub-minor versions of Dataproc images:
1.5.67-debian10
, 1.5.67-ubuntu18
, 1.5.67-rocky8
2.0.41-debian10
, 2.0.41-ubuntu18
, 2.0.41-rocky8
Dataproc on GKE error messages now provide additional information.
Backported fixes for HIVE-22098, HIVE-23809, HIVE-20462, HIVE-21675 to Hive 3.1 in Dataproc 2.0 images.
Fix a bug where properties related to Kerberos cross realm trust were not properly set.
Fixed a bug where older-image (for example, 1.3.95) cluster create operations failed with the error message : "does not support specifying local SSD interface other than 'SCSI'".
A dedicated user interface is generally available (GA).
Google Cloud Connector for SAP Landscape Management version 2.3.2
Version 2.3.2 of the Google Cloud Connector for SAP Landscape Management is now available. This version includes bug fixes and supportability improvements.
For more information about the connector, see Connector for SAP Landscape Management planning guide.
Cloud Storage Backint agent for SAP HANA version 1.0.18
Version 1.0.18 of the Cloud Storage Backint agent for SAP HANA is now available. This version includes supportability improvements and backup stability enhancements.
For more information about the agent, see Cloud Storage Backint agent for SAP HANA overview.
May 27, 2022
Cloud LoggingSupport has been removed for two previously deprecated system metrics: logging.googleapis.com/excluded_log_entry_count
and logging.googleapis.com/excluded_byte_count
.
Cloud Spanner change streams capture and stream out inserts, updates, and deletes in near real-time—useful for analytics, archiving, and triggering downstream application workflows.
Cloud TPU now supports Tensorflow 2.8.2 and 2.9.1. For more information see TensorFlow 2.8.2 release notes and TensorFlow 2.9.1 release notes.
Add a new operator on companyDisplayNames filter to further support fuzzy match by treating input value as a multi word token
Add a new option TELECOMMUTE_JOBS_EXCLUDED under enum TelecommutePreference to completely filter out the telecommute jobs in response
Deprecate option TELECOMMUTE_EXCLUDED under enum TelecommutePreference
Preview: You can now use the SSH troubleshooting tool from the Cloud console to help you determine the cause of failed SSH connections.
Config Controller is now supported in region northamerica-northeast2
and asia-northeast2
Data Catalog is now available in Santiago (southamerica-west1
). For more information on region and feature availability, see regions.
M93 Release
- Starting with this release, information on known vulnerabilities for Deep Learning Containers images is now available on Cloud Storage at
gs://deeplearning-platform-release/vulnerabilities/
. For example, container analysis reports for the M93 images are located at:gs://deeplearning-platform-release/vulnerabilities/m93/
.
M93 Release
- Fixed a bug that prevented kernels from shutting down properly in Vertex AI Workbench managed notebooks.
The compliances
, exfiltration
, and processes
attributes were added to the Finding
object.
- The
compliances
attribute provides details about security standards that are unmet. - The
exfiltration
attribute provides details about the sources and targets of an exfiltration attempt. - The
processes
attribute provides details about operating system processes relevant to a finding.
For more information, see the API documentation for the Finding
object.
M93 Release
The M93 release of Vertex AI Workbench managed notebooks includes the following:
- Fixed a bug that prevented kernels from shutting down properly in Vertex AI Workbench managed notebooks.
May 26, 2022
Anthos clusters on VMwareAnthos clusters on VMware 1.11.1-gke.53 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.1-gke.53 runs on Kubernetes 1.22.8-gke.200.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.
Fixed for v1.11.1
Fixed the known issue where v1.11.0 user clusters cannot be created with a v1.10.x admin cluster.
Fixed the issue where the gkectl logs might be truncated when admin cluster creation has failed.
Fixed the issue that Anthos Identity Service with LDAP failed to authenticate against some older Active Directory servers when the user id contains a comma.
Fixed the following vulnerabilities
High-severity CVEs
Medium-severity CVEs
Anthos clusters on VMware 1.10.4-gke.32 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.4-gke.32 runs on Kubernetes 1.21.5-gke.1200.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.
Fixed for v1.10.4
Fixed the following vulnerabilities
High-severity CVEs
- CVE-2022-1271
- CVE-2021-4160
- CVE-2022-27666
- CVE-2018-25032
- CVE-2022-1055
- CVE-2022-23219
- CVE-2022-23218
- CVE-2021-3999
- CVE-2018-25032
RBAC fixes
anetd
- Changed to use kubelet kubeconfig to only allow the anetd to update its own node resource, and the pod resources that are running on the node.
antrea-controller / anetd-win
- Instead of reusing the RBAC config for anetd, created a dedicated RBAC config for antrea and reduced the unnecessary permissions.
clusterdns-controller
- Scoped down clusterdns permissions to
default
resource name. - Scoped down configmap permissions to
coredns
resource name. - Removed create/delete permissions for configmaps. The
coredns
configmap is now created by the bundle, withcreate-only
annotation to ensure we don't overwrite existing config on upgrade.
- Scoped down clusterdns permissions to
dns-autoscaler
- Removed unneeded permissions, and scoped down needed permissions to a particular resource using
resourceNames
. - Restricted
get configmap
for dns autoscaler.
- Removed unneeded permissions, and scoped down needed permissions to a particular resource using
gke-usage-metering
- Restricted the permission to the kube-system namespace where possible
seesaw-load-balancer
- Restricted the permission by setting resource names.
Release 1.11.2
Anthos clusters on bare metal 1.11.2 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.2 runs on Kubernetes 1.22.
Starting with Anthos clusters on bare metal release 1.11.2, you can enable or disable Anthos VM Runtime by updating the VMRuntime
custom resource only. The legacy spec.kubevirt
settings in the cluster configuration are no longer supported. The VMRuntime
custom resource is installed by default on version 1.10 and later hybrid, standalone, and user clusters. The VMRuntime
custom resource can't be applied to admin clusters.
If you have Anthos VM Runtime enabled for your Anthos clusters on bare metal, you must disable it before upgrading clusters to version 1.11.2 or higher. If this step is not completed, your cluster upgrade will fail. You can re-enable Anthos VM Runtime after the upgrade is complete.
Starting with Anthos clusters on bare metal release 1.11.2, the Anthos VM Runtime API version has changed from v1alpha1
to v1
. This version change doesn't affect the VMRuntime
custom resource, but most other resources are affected.
Functionality changes:
The
containerd
runtime has been upgraded to 1.5.11-gke.0 to address CVE-2022-24769Added a preflight check that disallows Ubuntu 18.04 distributions with 4.15.x Linux kernels.
Fixes:
Fixed cluster custom resource status reporting for pending reconciliations.
Fixed a
bmctl check cluster
command issue that caused the user cluster kubeconfig Secret to be overwritten.Fixed an issue with manifest installation when
last-applied-config
is broken that caused upgrades to fail.Fixed an issue to ensure that the 20-minute timeout for node draining is enforced during cluster upgrades. This timeout provides ample time for nodes to drain, but ensures that upgrades can always proceed.
Known issues:
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
- Updated the Java SDK to version 1.9.97.
- Added missing classes in the
appegine-jsr107cache.jar
file.
The following resource types are now publicly available through the Export APIs (ExportAssets
and BatchGetAssetsHistory
) , Feed API, and Search APIs (SearchAllResources
and SearchAllIamPolicies
):
- Cloud Run
run.googleapis.com/Execution
run.googleapis.com/Job
- API Keys
apikeys.googleapis.com/Key
The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy
and AnalyzeIamPolicyLongrunning
):
- Certificate Authority Service
privateca.googleapis.com/Certificate
(Airflow 2) If your DAGs use the google-ads
package version 14.0.0 or earlier, please upgrade your environment to Cloud Composer version 2.0.14 so that your environment uses Google Ads API v10. Google Ads API v8 and v9 are deprecated and will not be available in the near future.
Added new database metrics: a metric that shows the total limit of database connections, and a metric for the number of active database connections.
(Airflow 1) The google-cloud-bigquery
package is upgraded from 1.28.0 to 2.13.0.
(Airflow 2) Updates for the apache-airflow-providers-google
package:
Breaking changes:
- Upgrade to support Google Ads v10 (#22965)
Features:
- [FEATURE] google provider - BigQueryInsertJobOperator log query (#23648)
- [FEATURE] google provider - split GkeStartPodOperator execute (#23518)
- Add exportContext.offload flag to CLOUD_SQL_EXPORT_VALIDATION. (#23614)
- Create links for BiqTable operators (#23164)
- implements #22859 - Add .sql as templatable extension (#22920)
GCSFileTransformOperator
: New templated fields 'source_object', 'destination_object' (#23328)
Bug Fixes
- Fix
PostgresToGCSOperator
does not allow nested JSON (#23063) - Fix
GCSToGCSOperator
ignores replace parameter when there is no wildcard (#23340) - update processor to fix broken download URLs (#23299)
LookerStartPdtBuildOperator
,LookerCheckPdtBuildSensor
: fix empty materialization id handling (#23025)- Change ComputeSSH to throw provider import error instead paramiko (#23035)
- Fix cancel_on_kill after execution timeout for DataprocSubmitJobOperator (#22955)
- Fix select * query xcom push for BigQueryGetDataOperator (#22936)
- MSSQLToGCSOperator fails: datetime is not JSON Serializable (#22882)
- Update credentials when using ADC in Compute Engine #23773
Misc changes
- Add Stackdriver assets and migrate system tests to AIP-47 (#23320)
- CloudTasks assets & system tests migration (AIP-47) (#23282)
- TextToSpeech assets & system tests migration (AIP-47) (#23247)
- Fix code-snippets in google provider (#23438)
- BigQuery assets (#23165)
- Remove redundant docstring in
BigQueryUpdateTableSchemaOperator
(#23349) - Migrate gcs to new system tests design (#22778)
- add missing docstring in 'BigQueryHook.create_empty_table' (#23270)
- Cleanup Google provider CHANGELOG.rst (#23390)
- migrate system test
gcs_to_bigquery
into new design (#22753) - Add example DAG for demonstrating usage of
GCS
sensors (#22808)
(Cloud Composer 2) Several false error log messages are no longer generated after an environment is created.
(Cloud Composer 2) Fixed a problem where the Airflow web server becomes unavailable after all PyPI packages are uninstalled from an environment.
Fixed a problem where Cloud Composer always reported an error when checking for connectivity to the PyPI repository during PyPI package installation in Private IP environments.
Cloud Composer 1.18.10 and 2.0.14 images are available:
- composer-1.18.10-airflow-1.10.15 (default)
- composer-1.18.10-airflow-2.1.4
- composer-1.18.10-airflow-2.2.3
- composer-1.18.10-airflow-2.2.5
- composer-2.0.14-airflow-2.1.4
- composer-2.0.14-airflow-2.2.3
- composer-2.0.14-airflow-2.2.5
Cloud Composer versions 1.16.5 and 1.17.0.preview.1 have reached their end of full support period.
Regional external and regional internal HTTP(S) load balancers now support regional SSL policies. SSL policies give you the ability to control the features of SSL that your Google Cloud load balancers negotiate with clients.
For details, see:
This feature is in Preview.
You can now collect IIS logs and additional metrics from the Ops Agent, starting with versions 2.14.0 (logs) and 2.15.0 (additional metrics). For more information, see Monitoring third-party applications: IIS.
You can now collect Varnish logs and metrics from the Ops Agent, starting with versions 2.16.0 (logs) and 2.15.0 (metrics). For more information, see Monitoring third-party applications: Varnish.
You can now collect Active Directory Domain Services logs and metrics from the Ops Agent, starting with version 2.15.0. For more information, see Monitoring third-party applications: Active Directory Domain Services.
You can now collect Jetty logs from the Ops Agent, starting with version 2.16.0. For more information, see Monitoring third-party applications: Jetty.
You can now configure an uptime check to validate a specific JSONpath. For more information, see Validate response data.
A new version of Managed Service for Prometheus is now available. Version 0.4.1 of managed collection has been released, along with v2.35.0-gmp.2 of the managed-service binary that v0.4.1 depends on (container image: gke.gcr.io/prometheus-engine/prometheus:v2.35.0-gmp.2-gke.0
). For details about the changes included, see the release page on GitHub.
You can now collect IIS logs and additional metrics from the Ops Agent, starting with versions 2.14.0 (logs) and 2.15.0 (additional metrics). For more information, see Monitoring third-party applications: IIS.
You can now collect Varnish logs and metrics from the Ops Agent, starting with versions 2.16.0 (logs) and 2.15.0 (metrics). For more information, see Monitoring third-party applications: Varnish.
You can now collect Active Directory Domain Services logs and metrics from the Ops Agent, starting with version 2.15.0. For more information, see Monitoring third-party applications: Active Directory Domain Services.
Cloud SQL for MySQL now supports minor version 8.0.29. To upgrade your existing instance to the new version, see Upgrade the database minor version.
1.24 is now available in the Rapid channel
Kubernetes 1.24 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.24 Release Notes, especially the action required and deprecation sections.
New API versions
- storage.k8s.io/v1 CSIStorageCapacity
Notable changes
- GKE does not support node images that use Docker as the runtime in GKE version 1.24 and later. For more information, see migrating from Docker to containerd.
Secret
API objects containing service account tokens are not automatically created in 1.24.- This change improves security by reducing readable, permanent, Secret-based tokens to ones that have been explicitly requested, and improves performance by reducing the amount of persisted Secret data and avoiding unnecessary utilization of application-layer secrets encryption.
- Existing Secret-based tokens from previous versions remain valid on upgrade.
- Secret-based tokens are not used by nodes or pods on version 1.21 and later.
- Only node versions 1.22 and later are supported running against 1.24 clusters.
- Clients retrieving tokens directly from the API can still obtain a token using these methods supported in all available GKE versions:
- Preferred: Use the TokenRequest API to obtain time-bound tokens that are not readable by other API clients. The
kubectl create token
command is available in kubectl 1.24+ to simplify use of this API from the command line. - Secret-based tokens can still be obtained by creating a Secret object and waiting for it to be populated with a token.
- Preferred: Use the TokenRequest API to obtain time-bound tokens that are not readable by other API clients. The
- Examples of incorrect ways to obtain Secret-based tokens from the API include:
- Scanning the
secrets[*].name
field of a ServiceAccount object; this field lists secrets usable by pods running as that service account, not for other purposes, and secrets in that list have never been guaranteed to be service account token secrets. - Looking for existing Secret objects of type
kubernetes.io/service-account-token
created by other clients; a Secret created by another client is owned by that client, and cannot be assumed to be stable for use by other clients.
- Scanning the
Kubernetes 1.24 deprecates support for insecure serving certificates signed with a SHA-1 hash. Aggregated API servers, admission webhooks, and custom resource conversion webhooks using TLS certificates that are signed by SHA-1 should replace the serving certificates as soon as possible.
At cluster version 1.24.0 and later, GKE provides a Cloud Audit log to check if your cluster contains an affected service. You can use the following filter to search for the logs of a 1.24+ cluster:
logName: "projects/$PROJECT/logs/cloudaudit.googleapis.com%2Factivity" resource.type = "k8s_cluster" operation.producer = "k8s.io" "invalid-cert.kubernetes.io" ```
If you are not affected you won't see any logs. If you do see such an audit log, it will include the name of the service (whether webhook or aggregated API).
Deprecated API versions
These APIs are still served in version 1.24 but are in a deprecation period:
-
- policy/v1beta1 PodSecurityPolicy
- Deprecated in 1.21 with removal targeted for version 1.25.
- 1.24 is the last version supporting the beta PodSecurityPolicy feature. Use of this feature must be discontinued before clusters will upgrade to 1.25. For more information, see PodSecurityPolicy deprecation.
The following Beta versions of graduated APIs will be removed in 1.25 in favor of their newer versions:
- discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
- policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
- batch/v1beta1 CronJob, deprecated since 1.21
- node.k8s.io/v1beta1 RuntimeClass
- autoscaling/v2beta1 HorizontalPodAutoscaler
The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:
- flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
- deprecated since 1.23
- use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
- autoscaling/v2beta2 HorizontalPodAutoscaler
- deprecated since 1.23
- use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)
- flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
The following Beta versions of graduated APIs will be removed in 1.27 in favor of new versions:
- storage.k8s.io/v1beta1 CSIStorageCapacity, deprecated since 1.24
Nodes on version 1.24.0-gke.1000 with more than 80GB of memory will fail to start successfully due to a known bug, which will be resolved in future 1.24 versions.
(2022-R13) Version updates
- Version 1.22.8-gke.201 is now the default version.
The following control plane and node version are now available:
The following control plane versions are no longer available:
- 1.19.16-gke.10800
- 1.20.15-gke.3400
- 1.20.15-gke.3600
- 1.20.15-gke.4100
- 1.20.15-gke.5000
- 1.20.15-gke.5200
- 1.21.10-gke.400
- 1.21.10-gke.1300
- 1.21.10-gke.1500
- 1.21.10-gke.2000
- 1.22.6-gke.300
- 1.22.6-gke.1000
- 1.22.7-gke.300
- 1.22.7-gke.900
- 1.22.7-gke.1300
- 1.22.7-gke.1500
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.8-gke.201 with this release.
(2022-R13) Version updates
Version 1.21.11-gke.1100 is now the default version in the Stable channel.
The following versions are now available in the Stable channel:
The following versions are no longer available in the Stable channel:
- 1.19.16-gke.10800
- 1.20.15-gke.5200
- 1.21.11-gke.900
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.6000 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.11-gke.1100 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.11-gke.1100 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.8-gke.201 with this release.
(2022-R13) Version updates
- Version 1.22.8-gke.201 is now the default version in the Regular channel.
- Version 1.22.8-gke.200 is no longer available in the Regular channel.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.22.8-gke.201 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.8-gke.201 with this release.
(2022-R13) Version updates
Version 1.23.5-gke.2400 is now the default version in the Rapid channel.
The following versions are now available in the Rapid channel:
The following versions are no longer available in the Rapid channel:
- 1.21.11-gke.1900
- 1.22.8-gke.201
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.12-gke.1500 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.12-gke.1500 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.5-gke.2400 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.24.0-gke.1000 with this release.
(2022-R13) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.22.8-gke.201 is now the default version.
The following control plane and node version are now available:
The following control plane versions are no longer available:
- 1.19.16-gke.10800
- 1.20.15-gke.3400
- 1.20.15-gke.3600
- 1.20.15-gke.4100
- 1.20.15-gke.5000
- 1.20.15-gke.5200
- 1.21.10-gke.400
- 1.21.10-gke.1300
- 1.21.10-gke.1500
- 1.21.10-gke.2000
- 1.22.6-gke.300
- 1.22.6-gke.1000
- 1.22.7-gke.300
- 1.22.7-gke.900
- 1.22.7-gke.1300
- 1.22.7-gke.1500
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.8-gke.201 with this release.
Stable channel
Version 1.21.11-gke.1100 is now the default version in the Stable channel.
The following versions are now available in the Stable channel:
The following versions are no longer available in the Stable channel:
- 1.19.16-gke.10800
- 1.20.15-gke.5200
- 1.21.11-gke.900
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.6000 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.11-gke.1100 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.11-gke.1100 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.8-gke.201 with this release.
Regular channel
- Version 1.22.8-gke.201 is now the default version in the Regular channel.
- Version 1.22.8-gke.200 is no longer available in the Regular channel.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.22.8-gke.201 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.8-gke.201 with this release.
Rapid channel
Version 1.23.5-gke.2400 is now the default version in the Rapid channel.
The following versions are now available in the Rapid channel:
The following versions are no longer available in the Rapid channel:
- 1.21.11-gke.1900
- 1.22.8-gke.201
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.12-gke.1500 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.12-gke.1500 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.5-gke.2400 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.24.0-gke.1000 with this release.
reCAPTCHA Enterprise for WAF and Google Cloud Armor integration is now generally available (GA). For more information, see the Overview of reCAPTCHA Enterprise for WAF and Google Cloud Armor integration and Cloud Armor bot management overview.
May 25, 2022
Access ApprovalAccess Approval lets you know if the notification emails for access requests don't get delivered to you because you provided an incorrect email address while setting up the notification configurations.
Preview release of new Connectors for Apigee
On May 20, 2022, we released the preview version of the Connectors for Apigee.
The Zendesk connector is available for Apigee. For more information, see Zendesk connection.
You can now create and manage Private Service Connect (PSC) endpoint attachments in the Apigee UI. For details, see Creating an endpoint attachment.
The following supported default parsers have changed, listed by product name and ingestion label:
- Apache Hadoop (HADOOP)
- Suricata IDS (SURICATA_IDS)
- GCP Compute (GCP_COMPUTE)
- Elastic Audit Beats (ELASTIC_AUDITBEAT)
- Cloudflare (CLOUDFLARE)
- Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
- FortiGate (FORTINET_FIREWALL)
- CSV Custom IOC (CSV_CUSTOM_IOC)
- CrowdStrike Falcon (CS_EDR)
- Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
- CIS Albert Alerts (CIS_ALBERT_ALERT)
- SonicWall (SONIC_FIREWALL)
- Okta User Context (OKTA_USER_CONTEXT)
- Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
- Check Point (CHECKPOINT_FIREWALL)
- Barracuda Email (BARRACUDA_EMAIL)
- Microsoft Azure Activity (AZURE_ACTIVITY)
- Carbon Black App Control (CB_APP_CONTROL)
- OpenSSH (OPENSSH)
- OneLogin (ONELOGIN_SSO)
- Office 365 (OFFICE_365)
- FireEye NX (FIREEYE_NX)
- ExtraHop RevealX (EXTRAHOP)
- Cisco Umbrella DNS (UMBRELLA_DNS)
- Kaspersky AV (KASPERSKY_AV)
- IBM Guardium (GUARDIUM)
- F5 ASM (F5_ASM)
- Cisco Email Security (CISCO_EMAIL_SECURITY)
- Workspace Activities (WORKSPACE_ACTIVITY)
- Forcepoint Proxy (FORCEPOINT_WEBPROXY)
- Azure AD Organizational Context (AZURE_AD_CONTEXT)
- Tanium Stream (TANIUM_TH)
- Apache (APACHE)
For details about the changes in each parser, see Supported default parsers.
The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy
and AnalyzeIamPolicyLongrunning
):
- Cloud KMS
cloudkms.googleapis.com/EkmConnection
- Cloud Run
run.googleapis.com/Job
run.googleapis.com/Execution
Private Service Connect support in Cloud Composer 2 is now generally available (GA).
Privately used public IP addresses are now generally available (GA).
We have updated the documentation to clarify that to get the updates and security patches for runtimes and their dependencies, you need to deploy a function. Security patches are not applied otherwise.
Google Cloud Armor integration with reCAPTCHA Enterprise is now in General Availability. See the Cloud Armor bot management overview and the Overview of reCAPTCHA Enterprise for WAF and Google Cloud Armor integration.
When creating software as a service (SaaS) products, the roles granted to cloud-commerce-procurement@system.gserviceaccount.com
have changed.
The Service Management Service Consumer and Service Management Service Controller roles replace the Service Management Admin and Service Usage Admin roles. The previous roles are still valid, but new projects require that you grant the Service Management Service Consumer and Service Management Service Controller roles to cloud-commerce-procurement@system.gserviceaccount.com
.
This is a patch release of Google Distributed Cloud Edge (version 1.0.2).
The following changes have been introduced in this release of of Distributed Cloud Edge:
Configuring a maintenance window now controls the scheduling of software updates for the Kubernetes control plane and Kubernetes nodes.
You can now deploy KubeVirt virtual machines on Distributed Cloud Edge in unmanaged namespaces with support for the Containerized Data Importer (CDI) plug-in.
The following issues have been resolved in this release of Distributed Cloud Edge:
Intermittent VPN connection persistence after deletion has been resolved. You no longer need to manually check whether the VPN connection and its associated resources have been successfully deleted.
The
localpv-shared
Persistent Volume has been eliminated. You will no longer see this Persistent Volume on the filesystem of your Distributed Cloud Edge nodes.
This release of Distributed Cloud Edge contains the following known issues:
The NodePort Service is not supported. This release of Distributed Cloud Edge only supports the LoadBalancer and ClusterIP Kubernetes Services.
The Kubernetes control planes associated with Distributed Cloud Clusters can briefly go down during Distributed Cloud Cluster software updates.
A large number of webhook calls might cause the Konnectivity proxy to temporarily fail.
The metrics agents running on Distributed Cloud Edge nodes can accumulate a backlog of events and stall, preventing the capture of further metrics.
You can now easily assess the running cost implications at cluster creation time. The GKE cluster cost widget lets you get an estimated cost range when you are creating a cluster.
This information can help you get a better understanding of the upper and lower monthly cost to expect based on your cluster autoscaling setup. This feature is now available in Preview.
For more information, see Introducing GKE cost estimator, built right into the Google Cloud console.
GKE clusters that run control plane versions 1.21 or later and node versions 1.16 or earlier might experience:
- Readiness check failures.
- Network endpoint groups (NEGs) and load balancers (LBs) not created or synced.
This occurs because the Ingress controllers running in GKE cluster control plane versions 1.21 or later are not compatible with node versions 1.16 and earlier. To resolve this issue, upgrade your node pools.
For more information, see Node version not compatible with control plane version.
The Kafka Shim Java client library for Pub/Sub Lite is now GA.
May 24, 2022
Artifact RegistryArtifact Registry is now available in the us-east5
region (Columbus, United States).
You can now load data into BigQuery using Informatica Data Loader. This feature is generally available. Informatica provides connectors that can ingest data into BigQuery.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
Cloud KMS is available in the following region:
us-east5
For more information, see Cloud KMS locations.
The following new region is now available: us-east5
.
Support for us-east5 (Columbus).
Support for us-east5 (Columbus).
Support for us-east5 (Columbus).
Cloud Storage is now available in Columbus, Ohio (us-east5
region).
Cloud VPN is available in region us-east5 (Columbus, US).
Pricing is available on the Cloud VPN pricing page.
Generally available: Columbus, Ohio, USA us-east5-a,b,c
has launched with E2, N2, and N2D VMs in all three zones. Additionally, you can create C2 VMs in zones a and b.
See VM instance pricing for details.
Config Connector version 1.86.0 is now available.
Added support for ComputeRegionNetworkEndpointGroup
resource.
Added spec.serviceDirectoryRegistrations
field to ComputeForwardingRule
.
Fixed issue where webhooks were unintentionally returning 500 errors when rejecting immutable field changes.
Dataflow is now available in Columbus (us-east5
).
The us-east5
region in Columbus, Ohio
is now available.
Added new Memorystore for Memcached region: Columbus (us-east5
).
Added new Memorystore for Redis region: Milan (europe-west8
).
Pub/Sub is now available in us-east5
(Columbus, Ohio).
Google Cloud monitoring agent for SAP NetWeaver version 2.3
Version 2.3 of the Google Cloud monitoring agent for SAP NetWeaver is now available. This version includes bug fixes and supportability improvements.
For more information about the agent, see Monitoring SAP NetWeaver on Google Cloud.
Monitoring agent for SAP HANA version 2.4
Version 2.4 of the monitoring agent for SAP HANA is now available. This version includes bug fixes and supportability improvements.
For more information about the agent, see Monitoring agent for SAP HANA.
For auto mode VPC networks, added a new subnet 10.202.0.0/20
for the Columbus us-east5
region. For more information, see Auto mode IP ranges.
May 23, 2022
Apigee XOn May 23, 2022, we released an updated version of Apigee X (1-8-0-apigee-9).
Bug ID | Description |
---|---|
N/A | Upgraded infrastructure and libraries |
You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.
You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.
You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.
You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.
You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.
You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.
You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.
Metrics for query/statement_scanned_bytes and query/statement_scanned_bytes_billed are no longer delayed for 6 hours in order to smooth reporting over the duration of the job. Values are now reported every 180 seconds without smoothing. For more information about metrics, see Google Cloud metrics.
Users can now receive build status notifications in Google Chat via a Google Chat notifier. The Google Chat notifier is available as an experimental release. To learn more, see Configuring Google Chat notifications.
Google Cloud Platform Plugins version 0.19.1 is generally available (GA). This version includes Dataplex Source and Sink plugins in Preview. For more information, see the CDAP Hub release log.
JSON copy requests and XML copy requests now return a permanent error on timeouts for objects larger than 2.5 GiB and a retryable error on timeouts for objects smaller than 2.5 GiB.
The Dataplex Source and Sink plugins are available in Public Preview for ingesting and processing data in Cloud Data Fusion versions 6.6.0 and later.
New sub-minor versions of Dataproc images:
1.5.66-debian10
, 1.5.66-ubuntu18
, 1.5.66-rocky8
2.0.40-debian10
, 2.0.40-ubuntu18
, 2.0.40-rocky8
Upgraded Spark to 3.1.3 in Dataproc image version 2.0.
Fixed a bug where job was not being marked as terminated after master node reboot.
Fixed a bug where Flink was not able to run on HA clusters.
Backported the fix for HIVE-20514 to Hive 2.3 in Dataproc image version 1.5.
Fixed a bug with HDFS directories initialization when core:fs.defaultFS
is set to an external HDFS.
Dialogflow CX now supports version-specific webhooks.
Dialogflow CX now supports fine-grained webhook errors for built-in events.
May 20, 2022
Anthos Service MeshEnabling endpoint discovery multi-cluster installations with declarative API is now available as a preview feature in all release channels. For more information, see Enable endpoint discovery between public clusters with declarative API.
You can now see more log entries in the Logs Explorer as a result of several style changes.
OCR model migration
The TEXT_DETECTION
and DOCUMENT_TEXT_DETECTION
models have been upgraded to newer versions. The API interface and client library will be the same as the previous version. The API follows the same Service Level Agreement.
The legacy models can still be accessed until August 20 2022. Specify "builtin/legacy" in the model field of a Feature object to get the old model results. After August 20, 2022 the legacy models will no longer be offered.
Support for 3rd generation AMD EPYC Milan processors on general purpose N2D machine types is now available in Preview, featuring:
- AMD Secure Encrypted Virtualization (SEV) which can encrypt the memory of the VM to protect data in-use
Support for compute-optimized C2D machine types is now available in Preview, featuring:
- 3rd generation AMD EPYC Milan processors
- AMD Secure Encrypted Virtualization (SEV) which can encrypt the memory of the VM to protect data in-use
- Large VM sizes
- Optimized for high-performance computing (HPC)
Config Controller now uses version 1.84.0 for Config Connector (release notes)
CCAI Insights now offers GA support for Access Transparency integration. See the Access Transparency documentation for details.
Beginning on May 30 2022, the VMware Engine operations team will continue performing essential maintenance of the network infrastructure to improve equipment robustness and apply security patches. Users affected by this upgrade will receive an email with planned maintenance dates and times.
For details about the upgrade and steps to prepare, see Service announcements.
You can now quickly identify which of your workloads are underutilized in the Cost Optimization tab. You can also quickly apply suggested values for resource requests and limits (or your own preferred values).
This feature is now available in Preview. For more information, see GKE workload rightsizing.
May 19, 2022
Anthos Config ManagementFixed metrics to use correct reconciler Pod name for multiple RootSync and RepoSync objects. The metrics are documented at Config Sync metrics
Anthos clusters on VMware 1.9.6-gke.1 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.6-gke.1 runs on Kubernetes 1.21.5-gke.1200.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.
Secret encryption key rotation does not fail when the cluster has more than 1000 secrets.
Fixed the following vulnerabilities
Changed scope of certain RBAC permissions
We have scoped down the over-privileged RBAC permissions for the following components in this release:
clusterdns-controller:
- Scope down clusterdns permissions to 'default' resource name.
- Scope down configmap permissions to 'coredns' resource name.
- Remove create/delete permissions for configmaps.
seesaw-load-balancer:
- Restrict the permission to access secrets by specifying certain secret names instead of allowing the access for all secrets.
coredns-autoscaler:
- Reduce the get configmap permission to a specific configmap resource name.
anetd / anet-operator:
- Changed to use kubelet kubeconfig to restrict the anetd to only update its own node resource, and the pod resources that are running on the node.
gke-usage-metering:
- Restrict the permission to only kube-system namespace.
ANG (Anthos Network Gateway)
- Remove/modify RBAC roles and lower the use of kube-rbac proxy in ANG.
Airflow 2.2.5 is available in Cloud Composer images.
(Cloud Composer 2) You can now assign permissions for an environment's service account on the service account level instead of the project level. To use this feature, create environments using gcloud
, API, or Terraform. Cloud Console support for this feature will be released at a later date.
(Cloud Composer 2) Increased the memory limit for the Redis queue and made it scale with the environment's size.
New Airflow metrics for pools, smart sensor, and SLA email notifications are available for Cloud Composer environments.
If it is not possible to create an environment because of CMEK-related organization policies constraints/gcp.restrictCmekCryptoKeyProjects
and constraints/gcp.restrictNonCmekServices
, then such attempts fail with an error immediately.
It is now possible to use upper-case symbols in the versions of PyPI packages.
If it is not possible to create an environment because of constraints/compute.vmCanIpForward
and compute.vmExternalIpAccess
organization policies, then such attempts fail with an error immediately.
(Airflow 1) If your DAGs use the google-ads
package version 14.0.0 or earlier, please upgrade your environment to Cloud Composer version 1.18.9 so that your environment uses Google Ads API v10. Google Ads API v8 and v9 are deprecated and will not be available in the near future. This change is available only for Airflow 1. We will provide a similar change for Airflow 2 in a future release.
Cloud Composer 1.18.9 and 2.0.13 images are available:
- composer-1.18.9-airflow-1.10.15 (default)
- composer-1.18.9-airflow-2.1.4
- composer-1.18.9-airflow-2.2.3
- composer-1.18.9-airflow-2.2.5
- composer-2.0.13-airflow-2.1.4
- composer-2.0.13-airflow-2.2.3
- composer-2.0.13-airflow-2.2.5
Config Connector version 1.85.0 is now available.
Fixed spec.topics
in SecretManagerSecret
(Issue #655).
Added support for PrivateCACertificate
resource.
Fixed the reference configs for AccessContextManagerServicePerimeter
.
Added spec.subsetting
field to ComputeBackendService
.
Added spec.secondaryIpRange
field to RedisInstance
.
Changed spec.readReplicasMode
in RedisInstance
from immutable to optional.
(2022-R12) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.21.11-gke.1100 is now the default version.
The following control plane and node versions are now available:
The following control plane versions are no longer available:
- 1.19.16-gke.9400
- 1.19.16-gke.9900
- 1.21.9-gke.1002
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.16-gke.10800 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.
Stable channel
Version 1.21.11-gke.900 is now the default version in the Stable channel.
The following versions are now available in the Stable channel:
The following versions are no longer available in the Stable channel:
- 1.19.16-gke.9900
- 1.20.15-gke.3400
- 1.20.15-gke.3600
- 1.20.15-gke.4100
- 1.21.10-gke.2000
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.10800 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.
Regular channel
- Version 1.21.11-gke.1100 is now the default version in the Regular channel.
The following versions are now available in the Regular channel:
The following versions are no longer available in the Regular channel:
- 1.20.15-gke.5200
- 1.21.9-gke.1002
- 1.21.10-gke.400
- 1.21.10-gke.2000
- 1.21.11-gke.900
- 1.22.6-gke.300
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.
Rapid channel
The following versions are now available in the Rapid channel:
The following versions are no longer available in the Rapid channel:
- 1.21.11-gke.1100
- 1.22.7-gke.1500
- 1.22.8-gke.200
- 1.23.5-gke.1500
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.11-gke.1900 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.11-gke.1900 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.5-gke.2400 with this release.
(2022-R12) Version updates
- Version 1.21.11-gke.1100 is now the default version.
The following control plane and node versions are now available:
The following control plane versions are no longer available:
- 1.19.16-gke.9400
- 1.19.16-gke.9900
- 1.21.9-gke.1002
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.16-gke.10800 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.
(2022-R12) Version updates
Version 1.21.11-gke.900 is now the default version in the Stable channel.
The following versions are now available in the Stable channel:
The following versions are no longer available in the Stable channel:
- 1.19.16-gke.9900
- 1.20.15-gke.3400
- 1.20.15-gke.3600
- 1.20.15-gke.4100
- 1.21.10-gke.2000
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.10800 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.
(2022-R12) Version updates
- Version 1.21.11-gke.1100 is now the default version in the Regular channel.
The following versions are now available in the Regular channel:
The following versions are no longer available in the Regular channel:
- 1.20.15-gke.5200
- 1.21.9-gke.1002
- 1.21.10-gke.400
- 1.21.10-gke.2000
- 1.21.11-gke.900
- 1.22.6-gke.300
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.
(2022-R12) Version updates
The following versions are now available in the Rapid channel:
The following versions are no longer available in the Rapid channel:
- 1.21.11-gke.1100
- 1.22.7-gke.1500
- 1.22.8-gke.200
- 1.23.5-gke.1500
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.11-gke.1900 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.11-gke.1900 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.5-gke.2400 with this release.
May 18, 2022
Apigee MonetizationOn May 18, 2022 we released an updated version of the Apigee Monetization software.
Export support for additional monetization-related values
Apigee X now supports export of additional fee-based values for organizations using monetization. For more information, see Generating monetization reports.
On May 18, 2022, we released an updated version of the Apigee UI.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now a generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Specifying a user-managed service account for each App Engine version during deployment is now generally available.
Updated versions of ODBC and JDBC drivers for BigQuery are now available that include enhancements.
The following resource types are now publicly available through the Export APIs (ExportAssets
and BatchGetAssetsHistory
), the Feed API, and the Search APIs (SearchAllResources
and SearchAllIamPolicies
):
- Cloud Firestore
firestore.googleapis.com/Database
The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy
and AnalyzeIamPolicyLongrunning
):
- Datastream
datastream.googleapis.com/Stream
datastream.googleapis.com/ConnectionProfile
datastream.googleapis.com/PrivateConnection
N2D VMs are now available in Paris, France europe-west9-a,b,c
.
See VM instance pricing for details.
Traffic Director for GKE now supports using the Kubernetes Gateway APIs to create a service mesh.
Traffic Director control plane logging and monitoring now supports request count by zone, in addition to DS API Connected Streams and request count.
The ability to configure Vertex AI private endpoints is now general available (GA). Vertex AI private endpoints provide a low-latency, secure connection to the Vertex AI online prediction service. You can configure Vertex AI private endpoints by using VPC Network Peering. For more information, see Use private endpoints for online prediction.
May 17, 2022
Cloud BuildUsers can view build logs directly in GitHub or GitHub Enterprise without logging into Cloud Build. For more information, see Building repositories from GitHub and Building repositories from GitHub Enterprise. This feature is generally available.
Generally available: You can access Google APIs and services from Compute Engine instances using either internal IPv6 addresses with Private Google access or external IPv6 addresses.
Google Cloud Deploy support for VPC Service Controls is now generally available (GA).
V1 API
Migrate for Anthos and GKE API has graduated to v1 in 1.11.1 release. The v1beta2 Migration API is deprecated and will be supported until May 2023.
Building and deploying Windows containers with Skaffold
Skaffold yamls generated as part of the migration artifacts for Windows flow now help operators to accelerate container image build and deploy to GKE and Anthos clusters.
Artifact Repository Health Checks
When creating a new artifacts repository, or updating an existing one, migctl will wait for health information and produce a warning in case the provided service account does not have permissions to upload artifacts to the specified bucket. To skip the synchronous health checks, –async can be passed to the migctl command.
When creating a new migration, migctl will query the migration's specified artifact repository (or the default if it was not specified), and produce a warning in case the provided service account does not have permissions to upload artifacts to the specified bucket.
When generating artifacts for the migration, migctl will query the migration's specified artifact repository (or the default one if it was not specified), and produce a warning in case the provided service account does not have permissions to upload artifacts to the specified bucket.
Tomcat improvements
On the migration plan
fromImage
field, in case the tool did not automatically discover the Tomcat version used on original VM, a placeholder text (example:tomcat:<TomcatVersion>-jre11-openjdk
) was added that would need to be populated by the user. If the information is not populated a blocking warning will be surfaced on Artifacts generation step, requiring the user to provide the Tomcat version details.Renaming
catalinaHome.tar.gz
artifact totomcatServer.tar.gz
.bin
andlib
directories are filtered from thetomcatServer.tar.gz
file.Users can now choose to upload certificates into the repository by setting on the migration plan the
includeSensitiveData
parameter to true.
227137961: Prevent concurrent migration on the same migrating VM when using M4CE5.X source.
224485583: null value of serverautostart
for some Windows migration plans.
224545749: Linux system container extraction step getting stuck in some scenarios.
225638684: OpenLiberty containers may fail to run web applications deployed as WAR archives.
220853359: ABM can be installed without specifying all of –gcp-project
, –gcp-region
and –json-sa
. In this case the default repositories are simply not created.
Uninstall might be stuck when a sourcesnapshot CRD cannot be deleted. To workaround please run kubectl edit sourcesnapshot -n v2k-system
and remove all finalizers
204879458: If image repository permissions are invalid, migration will get stuck in ExtractImage instead of UploadImage step
218855996: Windows global path variables and short folders names are not migrated
223553376: Secrets created by migctl (for example when creating a source provider) may not always be cleaned up when the objects that depend on them are deleted (for example when issuing migctl source delete …
).
216537540: migctl cannot be used to upgrade the m2c installation newer than the migctl version. For example, if migctl is 1.9.0, it cannot upgrade a cluster to have 1.11.0.
208361449: Artifact repository Health checks are not implemented for S3 repositories. Migctl commands that query the health state of the repository will warn that health checks cannot be performed.
General availability for the following integration:
Accessing Google APIs and services from Compute Engine instances using either internal IPv6 addresses with Private Google Access or external IPv6 addresses is available in General Availability.
May 16, 2022
Apigee API hubOn May 16, 2022 Apigee hub released a new version of the software.
Bug ID | Description |
---|---|
232129385 | Users without artifact write permission encountered errors when loading various pages if the default API hub artifacts were not yet initialized by the system. |
The following resource types are now publicly available through the Export APIs (ExportAssets
and BatchGetAssetsHistory
), the Feed API, and the Search APIs (SearchAllResources
and SearchAllIamPolicies
):
- Cloud KMS
cloudkms.googleapis.com/EkmConnection
Cloud Debugger is deprecated and is scheduled for shutdown on May 31 2023. For an alternative, use the open source CLI tool, Snapshot Debugger.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
The pricing for Google Cloud Managed Service for Prometheus has been reduced by 25-50%, depending on volume and usage. Existing pricing tiers have been reduced by 25%, and a new high-volume tier has been added at 50% of the current cost. For pricing details, see Cloud Monitoring pricing summary, and for a set of examples, see Pricing examples based on samples ingested.
You can now tag services using Resource Manager tags for fine-grained access control.
Config Controller now uses version 1.11.1 for Anthos Config Management (release note)
M92 Release
- TensorFlow Enterprise 2.9 is now available. Note that this TensorFlow Enterprise version does not include Long Term Version Support.
- Starting with PyTorch 1.11, PyTorch environments now support XLA by default.
- TensorFlow Enterprise patch releases: 2.6.4 and 2.8.1.
- Deep Learning Containers are now available on Artifact Registry.
M92 Release
- TensorFlow Enterprise 2.9 is now available. Note that this TensorFlow Enterprise version does not include Long Term Version Support.
- Starting with PyTorch 1.11, PyTorch environments now support XLA by default.
- TensorFlow Enterprise patch releases: 2.6.4 and 2.8.1.
- Fixed an issue in the Cloud Storage backup and restore feature. This fix helps prevent the deletion of local files after a reboot when the VM loses connectivity to the configured Cloud Storage backup bucket.
Eventarc is available in the following regions:
europe-west8
(Milan, Italy)europe-west9
(Paris, France)
The rule source for Cloud Armor preconfigured rules now includes ModSecurity Core Rule Set (CRS) 3.3 in public preview. For more information, see Tuning Google Cloud Armor WAF rules.
Updates were made to the applications that let you send Security Command Center data to to the following SIEM and SOAR platforms:
- Cortex XSOAR—see Sending Security Command Center data to Cortex XSOAR.
- Elastic Stack—see Sending Security Command Center data to Elastic Stack and Sending Security Command Center data to Elastic Stack using Docker.
- IBM QRadar—see Sending Security Command Center data to IBM QRadar.
In addition, Security Command Center can automatically send findings, assets, audit logs, and security sources to Splunk. For more information, see Sending Security Command Center data to Splunk.
TensorFlow Enterprise 2.9 is now available. Note that this TensorFlow Enterprise version does not include Long Term Version Support.
TensorFlow Enterprise 2.6 has been updated to 2.6.4.
TensorFlow Enterprise 2.8 has been updated to 2.8.1.
Workflows using callbacks that were deployed on or before January 11, 2022 must be redeployed to continue executing workflows without failures.
May 13, 2022
Cloud ComposerCloud Composer 1.18.8 and 2.0.12 release started on May 13, 2022. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.
Cloud Composer performs several retries when checking pip
connectivity.
(Cloud Composer 2) Workers and schedulers generate a warning log message when storage usage is close to the limit.
(Airflow 2) The default value for the [webserver]worker_refresh_interval
Airflow configuration option is changed to 600 seconds.
(Cloud Composer 1) Increased the memory limit for GCSfuse on machine types that have more than 4 GB of memory. This change improves the stability of the syncing process between the environment's bucket and worker pods.
(Available without upgrading) The domain prefix for Private Service Connect subnetwork (connection_subnetwork
) is now omitted in environment details.
(Airflow 2.2.3) Web server log messages in Airflow UI now have a correct time zone.
Fixed a problem where DAG import errors were not displayed in Cloud Console for Private IP environments in certain versions of Cloud Composer.
(Airflow 1.10.15) Fixed the variables set
command. Now it correctly sets values for specified variables.
Cloud Composer 1.18.8 and 2.0.12 images are available:
- composer-1.18.8-airflow-1.10.15 (default)
- composer-1.18.8-airflow-2.1.4
- composer-1.18.8-airflow-2.2.3
- composer-2.0.12-airflow-2.1.4
- composer-2.0.12-airflow-2.2.3
Cloud Composer versions 1.16.3, 1.16.4, and 1.17.0.preview.0 have reached their end of full support period.
New maintenance versions are now available through self-service maintenance. See the maintenance changelog to learn more about these new maintenance versions.
New maintenance versions are now available through self-service maintenance. See the maintenance changelog to learn more about these new maintenance versions.
Datastream now supports backfilling Oracle database tables that have more than 100 million rows. Click here to access the documentation.
Firebase App Check now supports Firestore at the General Availability release level. Use App Check in your mobile or web app to ensure that only your app can access your Firestore data.
Tags are now available. You can use tags to group or organize your clusters according to custom business dimensions. This is in addition to the hierarchical resource organization provided by GCP's resource manager. The integration of tags with policy engines (via conditional rules) such as IAM or Organization Policy, also allows you to apply centralized policies to custom security perimeters defined through tag bindings.
May 12, 2022
Anthos Service Mesh1.11.8-asm.1 is now available.
This patch release includes the features of Istio 1.11.8 subject to the list of Anthos Service Mesh Supported features. Anthos Service Mesh version 1.11.8-asm.1 uses envoy v1.19.3.
1.12.6-asm.3 is now available.
This patch release contains the features of Istio 1.12.6 subject to the list of Anthos Service Mesh Supported features. Anthos Service Mesh version 1.12.6-asm.3 uses envoy v1.20.3.
1.13.2-asm.5 is now available.
This patch release contains the features of Istio 1.13.2 subject to the list of Anthos Service Mesh Supported features. Anthos Service Mesh version 1.13.2-asm.5 uses envoy v1.21.2.
Preview release of new Connectors for Apigee
On May 12, 2022, we released the preview version of new Connectors for Apigee.
The following new connectors are available for Apigee:
The Healthcare Natural Language API is now available in the europe-west2
location.
Eventarc for Google Kubernetes Engine (GKE) is available in Preview.
General availability for the following integration:
M91 release
The M91 release of Vertex AI Workbench managed notebooks includes the following:
- Log streaming to the consumer project via Logs Viewer is now supported.
- Added the
net-tools
package. - Regular package refreshments and bug fixes.
- Fixed an issue that caused Spark server networking errors when using Dataproc Serverless Spark and VPC Peering.
The following functions have been added:
default
andif
support conditions within expressionsmap.get
performs a safe lookup on a map, returningnull
if a key is not found
A Status
field that tracks the current steps and progress of an execution is available in Preview. See the Workflows Executions REST API Overview.
May 11, 2022
AlloyDB for PostgreSQLAlloyDB for PostgreSQL is available in Preview.
On May 11, 2022 we released an updated version of the Apigee Integrated Portal software.
Bug ID | Description |
---|---|
228603948 | Fixed an issue that prevented users from editing custom fields for account creation and signup. |
228339667 | Documentation now reflects support for the STARTTLS SMTP authorization type. |
227511014 | Fixed an issue that prevented V1 Portals from being upgraded to V2. |
224991572 | Improvements to the Get Started documentation bundled with a new portal. Create a new portal and then click Get Started to see the new content. |
220980189 | Fixed issue with publishing API Products on a Portal when the organization has over 1,000 API Products. |
218320618 | Page descriptions are now limited to 1,000 characters. Page content is now limited to 1 MB. |
210651558 | Fixed issue where adding a new API Product subscription to an App would remove all scopes on the Apps credentials. |
hybrid v1.6.7
On May 11, 2022 we released an updated version of the Apigee hybrid v1.6.7 software.
For information on upgrading, see Upgrading Apigee hybrid to version 1.6.
Bug ID | Description |
---|---|
227600373 | Fixed an installation issue with Cassandra. |
227538469 | Configuration actions would write logs to the pod file system. |
226964206 | MART, runtime and synchronizer would write to the pod file system. |
226464960 | Apigee hybrid fresh installations on OpenShift 4.6 and 4.8 would fail. |
225081332 | Allow privileged pods issue. |
224620542 | On some Kubernetes platforms, logging would fail without adding an empty directory for the logs. |
223081301 | Fixed organization-level UDCA incorrect http-proxy secret name. |
222649295 | Organization-level UDCA would hang. |
221266789 | Hybrid logging functionality has been reworked. This should resolve issues with excessive log volume generation, frequent logger restarts, and ensure correct logger functionality with both docker and containerd runtimes. |
213261445 | Fixed reliance on keystore generated by cert manager for metrics endpoint and removed the need for a custom generate_cert script. |
205616792 | Fixed core dump on running user schema setup. |
The following supported default parsers have changed (listed by product name and ingestion label):
- ExtraHop RevealX (EXTRAHOP)
- Imperva (IMPERVA_WAF)
- Windows Event (WINEVTLOG)
- Azure AD Organizational Context (AZURE_AD_CONTEXT)
- Citrix Netscaler (CITRIX_NETSCALER)
- Elastic Packet Beats (ELASTIC_PACKETBEATS)
- Elastic Audit Beats (ELASTIC_AUDITBEAT)
- Sendmail (SENDMAIL)
- VMware vCenter (VMWARE_VCENTER)
- AWS VPC Flow (AWS_VPC_FLOW)
- Bluecat DDI (BLUECAT_DDI)
- Cisco ACS (CISCO_ACS)
- Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
- Forcepoint Proxy (FORCEPOINT_WEBPROXY)
- McAfee ePolicy Orchestrator (MCAFEE_EPO)
- Office 365 (OFFICE_365)
- Apple MacOS (MACOS)
- Archer Integrated Risk Management (ARCHER_IRM)
- Cisco Meraki (CISCO_MERAKI)
- Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
- IBM DB2 (DB2_DB)
- Cisco ISE (CISCO_ISE)
- F5 BIGIP LTM (F5_BIGIP_LTM)
- Juniper Junos (JUNIPER_JUNOS)
- Microsoft Exchange (EXCHANGE_MAIL)
- VMware ESXi (VMWARE_ESX)
- Digital Shadows SearchLight (DIGITAL_SHADOWS_SEARCHLIGHT)
- Azure Firewall (AZURE_FIREWALL)
- ForgeRock OpenAM (OPENAM)
- FortiGate (FORTINET_FIREWALL)
- ZScaler NGFW (ZSCALER_FIREWALL)
- OpenVPN (OPEN_VPN)
For details about the changes in each parser, see Supported default parsers.
The following methods now look up references to resource versions and return them if they exist:
fhir.search
with an_include
parameterfhir.Patient-everything
Private uptime checks are now generally available. Private uptime checks enable HTTP requests into a customer Virtual Private Cloud (VPC) network while enforcing Identity and Access Management (IAM) restrictions and VPC Service Controls perimeters. Private uptime checks can send requests over the private network to resources like a virtual machine (VM) or an L4 internal load balancer (ILB).
For more information, see Create private uptime checks.
Cloud Run jobs are now available in Preview.
(2022-R11) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.21.11-gke.900 is now the default version.
- The following control plane versions are no longer available:
- 1.21.6-gke.1503
- 1.21.9-gke.300
- 1.21.9-gke.1001
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to 1.23.5-gke.1501 with this release.
Stable channel
The following versions are now available in the Stable channel:
Version 1.19.16-gke.9400 is no longer available in the Stable channel.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.
Regular channel
- Version 1.21.11-gke.900 is now the default version in the Regular channel.
The following versions are now available in the Regular channel:
The following versions are no longer available in the Regular channel:
- 1.20.15-gke.5000
- 1.21.6-gke.1503
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.5200 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.
Rapid channel
- Version 1.22.8-gke.2200 is now the default version in the Rapid channel.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.8-gke.2200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.8-gke.2200 with this release.
(2022-R11) Version updates
- Version 1.21.11-gke.900 is now the default version.
- The following control plane versions are no longer available:
- 1.21.6-gke.1503
- 1.21.9-gke.300
- 1.21.9-gke.1001
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to 1.23.5-gke.1501 with this release.
(2022-R11) Version updates
The following versions are now available in the Stable channel:
Version 1.19.16-gke.9400 is no longer available in the Stable channel.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.
(2022-R11) Version updates
- Version 1.21.11-gke.900 is now the default version in the Regular channel.
The following versions are now available in the Regular channel:
The following versions are no longer available in the Regular channel:
- 1.20.15-gke.5000
- 1.21.6-gke.1503
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.5200 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.
(2022-R11) Version updates
- Version 1.22.8-gke.2200 is now the default version in the Rapid channel.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.8-gke.2200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.8-gke.2200 with this release.
Network Analyzer is now available in Preview.
May 10, 2022
Apigee hybridIssue ID | Affects | Status | Description |
---|---|---|---|
231758700 231976420 |
Apigee hybrid 1.7.x Apigee hybrid 1.6.x Apigee hybrid 1.5.x |
OPEN | Apigee Hybrid Dockerhub customers unable to pull images with Docker Content Trust enabled. Users are encountering the following error when pulling images for Apigee Hybrid from Docker Hub: ERRO[0001] Metadata for targets expired . This applies to the following hybrid components: - google/apigee-authn-authz - google/apigee-mart-server - google/apigee-runtime - google/apigee-synchronizer Workaround If you encounter this error, you can use one of the two following workarounds: - Switch to using gcr.io/apigee-release to pull hybrid images. - Disable docker content trust by setting the DOCKER_CONTENT_TRUST environment variable to 0 |
Artifact Registry is now available in the europe-southwest1
region (Madrid, Spain).
The following new fields are available in the Unified Data Model:
- parent_session_id was added to the Network object.
- first_seen_time was added to the Asset object.
For a list of fields in the Unified Data Model, and descriptions, see the Unified Data Model field list.
You can now use Cloud Build attestors to secure your image deployments. To learn how to set up gated deployments, see Securing image deployments to Cloud Run and Google Kubernetes Engine. To learn how to view build integrity records, see Viewing build provenance. This feature is generally available.
Cloud Composer Service Level Agreement is available.
The following deprecated operators are no longer actively maintained and will be removed in one of the future versions of operators for Airflow 2. Make sure to switch to alternative operators.
Deprecated operators: BigQueryExecuteQueryOperator, BigQueryPatchDatasetOperator, DataflowCreateJavaJobOperator, DataflowCreatePythonJobOperator, DataprocScaleClusterOperator, DataprocSubmitPigJobOperator, DataprocSubmitSparkSqlJobOperator, DataprocSubmitSparkJobOperator, DataprocSubmitHadoopJobOperator, DataprocSubmitPySparkJobOperator, MLEngineManageModelOperator, MLEngineManageVersionOperator, GCSObjectsWtihPrefixExistenceSensor.
Cloud KMS is available in the following region:
europe-southwest1
For more information, see Cloud KMS locations.
Cloud Router now supports MD5 authentication of BGP sessions. This feature is available in preview. For more information, see Use MD5 authentication.
Cloud Storage is now available in Madrid, Spain (europe-southwest1
region).
- Jobs within same state will rank higher in results when search jobs in a state level location with TELECOMMUTE_ALLOWED option
- keywordSearchable will be returned correctly in Job instance responses
- Fix compensation histogram query to return correct histogram result
Cloud VPN is now available in region europe-southwest1 (Madrid, Spain).
Pricing is available on the Cloud VPN pricing page.
Generally available: Madrid, Spain europe-southwest1-a,b,c
has launched with E2 and N2 VMs available in all three zones.
See VM instance pricing for details.
Config Connector version 1.84.0 is now available.
Added IAMPolicy
and IAMPolicyMember
support for
AccessContextManagerAccessPolicy
.
Added spec.approvalConfig
field to CloudBuildTrigger
.
Added spec.rule.redirectOptions
field to ComputeSecurityPolicy
.
Added spec.addonsConfig.gkeBackupAgentConfig
field to ContainerCluster
.
Added cnrm.cloud.google.com/skip-wait-on-job-termination
directive to DataflowFlexTemplateJob
and DataflowJob
.
Added spec.rrdatasRefs
field to DNSRecordSet
.
Added spec.columnLayout.columns.widgets.logsPanel
, spec.gridLayout.widgets.logsPanel
, spec.mosaicLayout.tiles.widget.logsPanel
, and spec.rowLayout.rows.widgets.logsPanel
fields to MonitoringMonitorDashboard
.
Added spec.enableExactlyOnceDelivery
field to PubSubSubscription
.
Reduced reconciliation frequency of ConfigConnector
object.
Deprecated spec.rrdatas
field in DNSRecordSet
.
Renamed spec.template.volumes.cloudSqlInstance.connections
to spec.template.volumes.cloudSqlInstance.instances
in RunService
(Alpha).
Removed spec.template.confidential
field from RunService
(Alpha).
Removed status.terminalCondition.domainMappingReason
and status.terminalCondition.internalReason
fields from RunService
(Alpha).
Removed spec.gateways
field from NetworkServicesTCPRoute
(Alpha).
Dataflow is now available in Madrid (europe-southwest1
).
Google Cloud Deploy now lets you change the timeout for Cloud Build operations, from the default setting of 1 hour.
The europe-southwest1
region in Madrid
is now available.
Managed Microsoft AD is available in the following regions:
australia-southeast2
(Melbourne)europe-central2
(Warsaw)northamerica-northeast2
(Toronto)us-west3
(Salt Lake City)us-west4
(Las Vegas)
For more information, see Adding and removing regions.
Added new Memorystore for Memcached region: Madrid (europe-southwest1
).
Pub/Sub is now available in europe-southwest1
(Madrid) .
For auto mode VPC networks, added a new subnet 10.204.0.0/20
for the Madrid europe-southwest1
region. For more information, see Auto mode IP ranges.
May 09, 2022
Anthos clusters on AWSYou can now launch clusters with Kubernetes versions 1.21.11-gke.1100 and 1.22.8-gke.1300
In 1.22.8-gke.1300, fixed an issue where add ons cannot be applied when Windows node pools are enabled.
In 1.22.8-gke.1300, fixed an issue where logging agent could fill up attached disk space.
These releases includes the following Role-based access control (RBAC) changes:
- Scoped down
anet-operator
permissions for Lease update. - Scoped down
anetd
Daemonset permissions for Nodes and pods. - Scoped down
fluentbit-gke
permissions for service account tokens. - Scoped down
gke-metrics-agent
for service account tokens. - Scoped down
coredns-autoscaler
permissions for Nodes, ConfigMaps and Deployments.
These releases fix the following CVEs:
- Fixed CVE-2022-1055.
- Fixed CVE-2022-0886.
- Fixed CVE-2022-0492.
- Fixed CVE-2022-24769.
You can now launch clusters with Kubernetes versions 1.21.11-gke.1100 and 1.22.8-gke.1300
In 1.22.8-gke.1300, fixed an issue where logging agent could fill up attached disk space.
In 1.22.8-gke.1300, fixed an issue where add ons cannot be applied when Windows node pools are enabled.
These releases fix the following CVEs:
- Fixed CVE-2022-1055.
- Fixed CVE-2022-0886.
- Fixed CVE-2022-0492.
- Fixed CVE-2022-24769.
These releases includes the following Role-based access control (RBAC) changes:
- Scoped down
anet-operator
permissions for Lease update. - Scoped down
anetd
Daemonset permissions for Nodes and pods. - Scoped down
fluentbit-gke
permissions for service account tokens. - Scoped down
gke-metrics-agent
for service account tokens. - Scoped down
coredns-autoscaler
permissions for Nodes, ConfigMaps and Deployments.
On May 9, 2022 Apigee hub released a new version of the software.
Bug ID | Description |
---|---|
231715589 | When viewing the API hub getting started page in the Google Cloud console, if you switched to another un-provisioned project, the browser encountered a redirect loop. |
On May 9, 2022 we released an updated version of the Apigee X software (1-8-0-apigee-5).
The GoogleIDToken.Audience
tag now includes the useTargetUrl
attribute to simplify audience configuration of Google ID tokens for Apigee policies.
Bug ID | Description |
---|---|
221292104 | Fix to address failure to capture requests in Debug sessions involving PostClientFlow ServiceCallouts. |
228855520 | Upgraded ASM to the latest version. |
Bug ID | Description |
---|---|
217497793 | A security issue was addressed. |
Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. This is configured using a serverless network endpoint group (NEG).
For details, see:
- Serverless NEG concepts
- Setting up a regional external HTTP(S) load balancer with a Cloud Run backend
- Setting up an internal HTTP(S) load balancer with a Cloud Run backend
This feature is available in Preview.
The following new region is now available: europe-southwest1
.
Generally available: Insights for idle VM and machine size recommendations help you assess the utilization of your Compute Engine resources. Insights are automatically generated based on system metrics or metrics gathered by the Cloud Monitoring service.
Learn more about VM insights and MIG insights.
Config Controller now uses version 1.83.0 for Config Connector (release notes)
New sub-minor versions of Dataproc images:
1.5.65-debian10
, 1.5.65-ubuntu18
, 1.5.65-rocky8
2.0.39-debian10
, 2.0.39-ubuntu18
, 2.0.39-rocky8
Dataproc Serverless for Spark now uses runtime version 1.0.12.
Fixed an issue where chronyd
systemd service failed to start due to a race condition between systemd-timesyncd
and chronyd
.
Dataproc Serverless for Spark runtime version 1.0.1 is unavailable for new batch submissions.
Reserving static regional external IPv6 addresses is available as a limited Preview feature. Contact your sales representative for access.
May 06, 2022
Cloud MonitoringYou can now configure Metrics Explorer and charts on dashboards to display a ratio of metrics by using the Cloud Console. For more information, see Ratios of metrics.
Us-east4
is now available for dual-region storage. This feature is now in Preview.
Google Cloud Deploy now supports Skaffold version 1.37.1, as the default.
The feature for listing the effectively evaluated tags on a resource has launched into public preview. For more information, see Listing effective tags on a resource.
Extreme persistent disks are available for SAP HANA with improved functionality
Recent enhancements have further optimized extreme persistent disks, removing any potential limitations for using extreme persistent disks with SAP HANA.
For more information about extreme persistent disks and SAP HANA, see:
May 05, 2022
BigQueryThe new format element %J
is generally available (GA) for DATE
, TIME
, DATETIME
, and TIMESTAMP
functions. This format element lets you use the ISO 8601 1-based day of the year.
PARSE_DATE
, PARSE_TIME
, PARSE_DATETIME
, and PARSE_TIMESTAMP
now support the following date and time format elements: %a
, %A
, %g
, %G
, %j
, %u
, %U
, %V
, %w
, and %W
.
Documentation for Policy Analyzer has moved to the Policy Intelligence documentation.
A Cloud Bigtable table overview page in the Cloud console is now generally available (GA). The table overview displays monitoring metrics and replication details for a selected table.
Cloud Build now supports a script
field, which allows users to specify shell scripts to execute in a build step. This feature is available as a preview release. To learn more, see Using the script field.
Regional external HTTP(S) load balancers now support Shared VPC configurations where the load balancer's forwarding rule, target proxy, and URL map, can be created in a host or service project, while the backend services and backends can be distributed across multiple service projects in the Shared VPC environment. This is referred to as cross-project service referencing. Cross-project backend services can be referenced from a single URL map.
Cross-project service referencing gives service developers and admins autonomy over the exposure of their services through the centrally managed load balancer.
For details, see:
This feature is available in Preview.
You can now hide large amounts of similar log entries from your query results in the Logs Explorer. To learn more, see Hide similar logs.
SLO monitoring: Cloud Monitoring can now detect potential GKE- and Cloud Run-based services in your project. Monitoring provides a list of such candidate services, and you can now identify the candidates you want to monitor and create SLOs for them by using the Cloud Console. For more information, see Defining a microservice.
You can now define service-level objectives (SLOs) for your Cloud Run services using SLO monitoring in Cloud Monitoring or the Cloud Run service page.
OCR model migration reverted
We have switched the "builtin/stable" model back to the original version temporarily while we fix a bug resulting from this migration. The week of May 16th, we will update the "builtin/stable" model used for OCR again with the model from "builtin/latest" and create a new release note.
You will be able to use the original model as "builtin/legacy" for 90 more days after we upgrade "builtin/stable".
Documentation for Activity Analyzer, IAM insights, IAM Policy Troubleshooter, IAM role recommendations, and IAM Policy Simulator has moved to the Policy Intelligence documentation.
May 04, 2022
Anthos clusters on bare metalRelease 1.10.4
Anthos clusters on bare metal 1.10.4 is now available for download. To upgrade, see Upgrade Anthos on bare metal. Anthos clusters on bare metal 1.10.4 runs on Kubernetes 1.21.
Fixes:
The following container image security vulnerabilities have been fixed:
Role-based access control (RBAC) fixes:
Set
AutomountServiceAccountToken
field for Node Problem Detector jobs andetcd-defrag
Daemonsets to false.Set
capi-kubeadm-bootstrap-controller-manager
to use a dedicated service account.Scoped down
configmap/(get, list, watch)
permissions tometallb-config
resource name.Scoped down
configmap/get
permission tocore-dns-autoscaler
resource name.Removed
services.update
permission for the MetalLBkube-system:controller
role.anetd
Removed Cilium service account and replaced it with the account used by
kubelet
.Removed pod and node access from Cilium cluster role.
Added Cilium cluster role to the
kubelet
service account.Removed
pods/(delete)
role fromcilium-operator
cluster role.Scoped down leases permissions in
cilium-operator
cluster role tocilium-operator-resource-lock
resource name andkube-controller-manager
resource name.
Known issues:
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
On May 4, 2022 Apigee API hub began the release of a new version of the software for Public Preview.
At Public Preview, products or features are ready for testing by customers. Preview offerings are often publicly announced, but are not necessarily feature-complete, and no SLAs or technical support commitments are provided for these. Unless stated otherwise by Google, Preview offerings are intended for use in test environments only.
Added the API Hub
label in the Apigee community.
Added provisioning instructions.
Documentation: Provision API hub
Added instructions on how to get support.
Documentation: Get support
Action buttons in the UI are now disabled if you do not have appropriate permissions to perform the action.
On May 4, 2022 we released an updated version of the Apigee Integrated Portal software.
Error messages for rejected logins for an inactive user are now more informative to the user.
Emails from portal-sso
will either be the email address of the sender that the user sets up in the custom smtp
settings, or it will be no-reply@google.com
, instead of the human-readable name orgname-portalname
. This screenshot illustrates emails sent from portal-sso
in e2e
. It shows one email with custom smtp
settings (tsnow-custom-smtp
) and one email with the default settings (no-reply
).
Bug ID | Description |
---|---|
220993729 | Portal SSO showed the Apigee domain when hovering over footer links in third-party web pages. |
220188030 | Reset password was not working for LDAP configurations. |
214146121 | An authentication issue with Apigee SSO has been fixed. |
204952689 | Fixed miscellaneous logback error. |
194469693 | Enabled SAML config error so that it is visible. |
194053231 | Added server-side validation for the password field. If the password is non-compliant, the response is 422:Unprocessable Entity . |
190609332 | Improved error output for failures while enabling SSO for Apigee |
157131343 | Added support for the parenthesis () and plus + characters for built-in IDP custom fields. Other special characters will continue to be blocked due to security reasons. |
ID | Description |
---|---|
200604177 | Upgraded jQuery and Bootstrap |
On May 4, 2022 we released an updated version of the Apigee UI.
We have released a new version of the Develop tab in the Proxy Editor. See Introducing the new Proxy Editor.
The Ruby 3.0 runtime for App Engine standard environment is now generally available.
Rebilling is now available in the Partner Sales Console and Cloud Channel API. This new billing data service helps you simplify your customer billing process by configuring discounts and exporting your billing data to a BigQuery dataset.
Cloud Functions now supports Ruby 3.0 at the General Availability release level.
Support for europe-west9 (Paris).
Support for europe-west9 (Paris).
Support for europe-west9 (Paris).
Spot Pods for GKE Autopilot clusters is now generally available. Use Spot Pods to run your fault-tolerant workloads at reduced costs.
Spot VMs on GKE is now generally available. Spot VMs let you run fault-tolerant workloads at lower costs.
The resource usage restriction Organization Policy constraint has launched into general availability.
May 03, 2022
AnthosAnthos component releases for April 2022
Anthos clusters on VMware:
- April 11, 2022: security bulletin
- April 12, 2022: security bulletin
- April 18, 2022: 1.10.3-gke.49 patch release
- April 27, 2022: 1.11.0-gke.543 quarterly minor release
- April 28, 2022: security bulletin
Anthos clusters on bare metal:
- April 12, 2022: security bulletin
- April 27, 2022: 1.9.7 patch release
- April 28, 2022: security bulletin
Anthos clusters on AWS:
- April 05, 2022: (previous generation) security bulletin
- April 07, 2022: (previous generation) security bulletin
- April 12, 2022: (previous generation) security bulletin
- April 13, 2022: release updates
- April 19, 2022: (previous generation) issue announcement
- April 26, 2022: security bulletin
- April 26, 2022: (previous generation) security bulletin
Anthos clusters on Azure:
Anthos Config Management:
Anthos Service Mesh:
Connect:
- N/A
Cloud Run for Anthos:
- N/A
Migrate for Anthos and GKE:
- N/A
Cloud Logging:
Cloud Monitoring:
Version 1.13 is now available for managed Anthos Service Mesh and is rolling out into the Rapid Release Channel.
Version 1.12 is being promoted to the Regular Release Channel, and version 1.11 is being promoted to the Stable Release Channel.
See Select a managed Anthos Service Mesh release channel for more information.
In addition to the existing labels, you can now use the "istio-injection" label as an alias. For more information, see Injection labels.
Artifact Registry is now available in the europe-west9
region (Paris, France).
The following new features are now generally available (GA) for ARIMA_PLUS
models:
- You can use ML.EVALUATE to calculate new forecasting accuracy metrics such as MAPE, SMAPE, and MSE.
- You can perform fast model training with little or no loss of forecasting accuracy by using the
TIME_SERIES_LENGTH_FRACTION
,MIN_TIME_SERIES_LENGTH
andMAX_TIME_SERIES_LENGTH
options.
To learn how to achieve one hundred times higher scalability with the ARIMA_PLUS
model while using the new forecasting accuracy metrics, see the Accelerate ARIMA_PLUS
to forecast 1 million time series within hours. You can also read ARIMA_PLUS
best practices.
The following resource types are now publicly available through the Export APIs (ExportAssets
and BatchGetAssetsHistory
), the