Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

June 29, 2022

Anthos clusters on bare metal

Release 1.12.0

Anthos clusters on bare metal 1.12.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.0 runs on Kubernetes 1.23.

The dockershim component in Kubernetes enables cluster nodes to use the Docker Engine container runtime. However, Kubernetes 1.24 removed the dockershim component. Starting from Anthos clusters on bare metal 1.12.0, you will not be able to create new clusters that use the Docker Engine container runtime. All new clusters should use the default container runtime containerd.

Improved cluster lifecycle functionalities:

  • Upgraded Anthos clusters on bare metal to use Kubernetes version 1.23. 

  • Upgraded container runtime to containerd 1.5.

  • Updated preflight check to forward default SSH key if no key is provided.

  • Added support for new GCPAccounts field in the cluster configuration file. This field enables the assignment of a cluster-admin role to end-users.

  • Added labels to control plane, control plane load balancer, and load balancer node pools, so that these different node pools can be distinguished from each other.

  • Added nodepool reference label to nodes so that worker nodes can be listed in the UI.

Observability:

  • GA: Added Summary API metrics. These metrics are scraped from the Kubernetes Summary API and provide CPU, memory, and storage metrics for Pods, containers, and Nodes.

  • Added separate flags to enable logging and monitoring for user applications separately: EnableCloudLoggingForApplications and EnableGMPForApplications. The legacy flag EnableStackdriverForApplications will be deprecated and removed in future releases.

  • Preview: Added Google Cloud Managed Service for Prometheus to collect application metrics and monitor cluster health.

  • Upgraded GKE Metrics Agent (gke-metrics-agent) from version 1.1.0 to 1.8.3. This tool scrapes metrics from each cluster node and publishes them in Cloud Monitoring.

  • Added the following resource utilization metrics. For more information about these and other metrics, see View Anthos clusters on bare metal metrics:

    • container/cpu/request_utilization
    • container/cpu/limit_utilization
    • container/memory/request_utilization
    • container/memory/limit_utilization
    • node/cpu/allocatable_utilization
    • node/memory/allocatable_utilization
    • pod/volume/utilization
  • Added sample dashboards for monitoring cluster health to Cloud Monitoring sample dashboards. Customers can install these dashboards with one click.



  • Scoped down the RBAC permissions of stackdriver-operator, a component that performs logging and monitoring.

Security:

  • AIS CA deprecation. AIS certs are now signed by cluster CA.

  • Changed ca-rotation container image so that it uses a distroless rather than a Debian-based image.

  • RBAC permissions of the cluster-operator component have been eliminated or reduced to address elevated permissions.

Networking:

  • Preview: Enabled creation of IPv6 and Dual Stack LoadBalancer services. Border Gateway Protocol (BGP) is used for Dualstack clusters. Advertising IPv4 and IPv6 routes over IPv4 sessions is supported.

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

BeyondCorp Enterprise

The BeyondCorp Enterprise client connector is now generally available. The client connector extends identity and context-aware access to non-web applications by creating a secure connection from endpoint devices to apps running in both Google Cloud and non-Google Cloud environments.

For more information, see Securing client-server applications.

BigQuery

You can now set the view field in the tables.get() API method to indicate which table information is returned. Setting the value to BASIC reduces latency by omitting some storage statistics.

Previously, all BigQuery BI Engine projects had a maximum reservation size per project per location limit of 100 GB. This limit is now 250 GB. For more information, see BI Engine quotas and limits.

Cloud Key Management Service

Customers enrolled in Key Access Justifications will now see justifications listed in Cloud Audit Logs for Cloud KMS.

Cloud Logging

You can now collect Apache Flink logs from the Ops Agent, starting with version 2.17.0. For more information, see Monitoring third-party applications: Flink.

Cloud Shell

Cloud Code Extension updated to 1.18.3

Update includes a new and improved Kubernetes development experience with the Development Sessions Explorer, support for private clusters, a refreshed welcome page, and more! Review the Cloud Code release notes for a complete list of features, updates, and fixes.

Cloud Shell Editor is built with Theia 1.25.0

Review the Theia release notes for a complete list of features/updates/bug fixes.

Cloud Shell now defaults to Python 3

Python 2 is still included as a development tool in Cloud Shell and may be invoked using python2.

Cloud Spanner

Query insights is now generally available. Query Insights helps you visually detect and identify query performance issues for Cloud Spanner databases. You can also dig deeper and analyse the query details to know the root cause of these issues.

To learn more, see Detect query performance issues with Query Insights.

Firestore in Datastore mode

Not-equal (!=), IN, and NOT_IN query filters now available in all client libraries:

  • Java
  • Python
  • PHP
  • Node.js
  • C#
  • Go
  • Ruby
Google Cloud Deploy

Google Cloud Deploy is now available in the following regions:

  • asia-east2 (Hong Kong)
  • europe-west2 (London)
  • europe-west3 (Frankfurt)
  • us-east4 (N. Virginia)
  • us-west2 (Los Angeles)
Google Kubernetes Engine

You can now give multiple containers time-shared access to the full compute resources of a single NVIDIA GPU accelerator. Time-sharing GPUs is generally available in GKE version 1.23.7-gke.1400 and later. For more information, refer to Time-sharing GPUs on GKE.

Identity Platform

Identity Platform Web v9 modular SDK is now available at the GA stage. For details, see Upgrade to the modular Web SDK (v9) .

Storage Transfer Service

Expanded overwrite options are new generally available (GA). The overwriteWhen field can be used to specify whether data that already exists in the destination should be overwritten always, never, or only when ETags and checksum values indicate that the file has changed.

Metadata preservation options are now generally available (GA). This includes the option of preserving POSIX attributes and symlinks when transferring to, from, and between POSIX filesystems; as well as object ACLs, CMEK, temporary holds, and object creation time when transferring between Cloud Storage buckets.

See Metadata preservation for details.

Transfer Appliance

Transfer Appliance now supports monitoring of the amount of data stored on your appliance, and whether online transfer is enabled, through Cloud Monitoring. See Monitor Transfer Appliance for details.

June 28, 2022

AlloyDB for PostgreSQL

AlloyDB's Frequently asked questions page addresses common questions received by the AlloyDB support team during the product's public preview.

Certificate Manager

This is the General Availability release of Certificate Manager.

Cloud Bigtable

Cloud Bigtable now gives you the option to undelete a table for up to seven days from the time of deletion using the gcloud CLI. This feature is generally available (GA).

Cloud Billing

We've added new features to view your billing information and cost estimates in the Google Cloud Console mobile app. You can view your cost trends and forecasts, the costs for your top project, and how much you're spending on your top Google Cloud services.

To see your billing data in the app, select the Billing tab in the navigation bar, then select Overview.

Get the Google Cloud Console app for iOS or Android.

Attribution for your committed use discounts (CUDs) now appears at the same time as eligible usage.

Previously, the subscription fees and credits associated with your CUDs would appear in billing reports and BigQuery usage cost exports after the corresponding eligible resource usage. This could result in apparent spikes in cost if you viewed your billing data before the attribution process completed.

With this release, subscription fees and credits appear at the same time as eligible usage, meaning that your net costs are always accurate whenever you view your billing data.

Learn about how your CUD fees and credits are attributed across your resources.

Cloud Monitoring

The new experience for creating metric-based alerting policies by using the Google Cloud console is now Generally Available. For more information, see Create metric-based alert policy.

Cloud SQL for MySQL

A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

Cloud SQL for PostgreSQL

A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

The fix to the silent data corruption when using the CREATE INDEX CONCURRENTLY or REINDEX CONCURRENTLY SQL commands in PostgreSQL 14 (BUG #17485) is now available in the self-service maintenance release POSTGRES_14_2.R20220331.02_012 for PostgreSQL 14.2.

After applying the self service maintenance, you can fix any silent data corruption if it already happens using REINDEX CONCURRENTLY SQL command on the specific indexes, or reindexdb client command for your entire instance.

Cloud SQL for SQL Server

A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

Cloud VPN

Cloud VPN no longer checks a peer's IKE identity.

This change simplifies the configuration of your VPN peers, because you no longer need to explicitly set a peer's IKE identity to a specific value.

Note: Some Cloud VPN tunnels that were previously unestablished due to unmatched IKE identity might now become established.

  • If you don't want the affected tunnels to become established, delete them as needed on the Cloud VPN side, on the on-premises side, or on both sides.

  • If you want the affected tunnels to become established, no action is required on your part.

Previously, Cloud VPN required peers to use an IKE identity of type ID_IPV4_ADDR, which is equal to the peer's public IP address. Removing this restriction enables easier interoperation with peers that don't support changing their IKE identity, especially when such peers are located behind NAT (Network Address Translation).

If you have any questions or require assistance, contact Google Cloud Support.

Eventarc

Eventarc is available in this region: europe-southwest1 (Madrid, Spain).

Google Cloud Deploy Issuer switch

The issuer switch, which is part of the Payment Gateway, is now Generally Available.

Newly published documentation about the issuer switch features and API is available here: Issuer switch documentation

Vertex AI reCAPTCHA Enterprise

You can now enable platform logging for reCAPTCHA Enterprise API calls. For more information, see Working with platform logs.

June 27, 2022

Apigee API hub

On June 27, 2022 Apigee hub released a new version of the software.

Bug ID Description
227334287 An improved error dialog is displayed when an error occurs on API delete.
229852889 Reference lists now filter out their parent API to prevent self-references.
232250641 Resource IDs generated from names are now automatically truncated or padded to conform to length requirements.
236744313 Fixed an issue where the spinning progress indicator would not go away.
Cloud Build

Regional support for default pools and build triggers is now generally available. To learn more, see Cloud Build locations.

Cloud Composer

Cloud Composer supports Per-folder Roles Registration.

Cloud Functions

Cloud Functions now supports Java 17 at the General Availability release level.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.10.0 (2022-06-25)

Features
  • Add support for library instrumentation (#979) (2749974)
Documentation
  • sample: update README for native image sample (#974) (1512487)
Dependencies
  • update dependency com.google.cloud:google-cloud-shared-dependencies to v2.13.0 (#980) (18acf1f)
  • update dependency org.graalvm.buildtools:junit-platform-native to v0.9.12 (#976) (01d3213)

The Cloud Logging agent version 1-18 for Windows is now available. This version updates the location of the position files so they are retained across upgrades. For installation information, see Installing the Cloud Logging agent.

Cloud SQL for MySQL

Cloud SQL for MySQL supports in-place major version upgrades in Preview. You can upgrade your instance's major version to a more recent version. For more information, see Upgrade the database major version in-place.

Cloud Storage

Object Lifecycle Management now supports new conditions and a new action.

The XML API now supports setting a default Cloud KMS key on a bucket when creating the bucket.

Compute Engine

GA: You can now use the SSH troubleshooting tool from the Cloud console to help you determine the cause of failed SSH connections. For more information, see SSH troubleshooting tool.

Eventarc

Support for Firebase Realtime Database is in Preview.

Managed Service for Microsoft Active Directory

Support for schema extensions in Managed Microsoft AD is available for Preview. Learn how to extend the schema.

Policy Intelligence

In the Cloud console, Policy Troubleshooter for IAM allow policies now reports if there are deny policies that could affect a principal's access.

June 24, 2022

Anthos clusters on VMware

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.

Apigee hybrid

On June 24, 2022 we released an updated version of the Apigee hybrid software, v1.7.2.

For information on upgrading, see Upgrading Apigee hybrid to version 1.7.

Bug ID Description
233094108 Fixed Stacktrace truncation in runtime containers to support proxy diagnosis.
236129944 Fixed the controller crashloopbackoff resulting from null pointer.
231313050 Fixed issue causing Apigee logger pod to remain in crashloopbackoff state.
236399482 Added support for ASM v1.13.
Cloud Bigtable

Cloud Bigtable is available in the us-east5 (Columbus) region. For more information, see Bigtable locations.

Cloud Database Migration Service

Database Migration Service now supports the migration of tables without primary keys in PostgreSQL. For tables that don't have primary keys, Database Migration Service supports the migration of the initial snapshot and INSERT statements during the change data capture (CDC) phase. You should migrate UPDATE and DELETE statements manually. Click here to access the documentation.

Cloud Monitoring

You can now collect Jetty metrics from the Ops Agent, starting with version 2.17.0. For more information, see Monitoring third-party applications: Jetty.

You can now view the configuration of charts on a dashboard while the dashboard is in read-only mode. For more information, see Show the chart configuration.

Cloud TPU

Cloud TPU now supports TensorFlow 2.6.5 and TensorFlow 2.7.3.

For more information see TensorFlow 2.6.5 and TensorFlow 2.7.3 release notes.

Google Kubernetes Engine

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. All Linux clusters (Container-Optimized OS and Ubuntu) are affected. For more information, refer to the GCP-2022-016 security bulletin.

You can now create dual-stack clusters in GKE versions 1.24.1-gke.1000 and later. With dual-stack networking, GKE assigns an IPv4 and an IPv6 address to the cluster nodes and Pods. You can create dual-stack Services of type ClusterIP or NodePort. This feature is now available in Preview. For more information, see the Dual-stack networking.

June 23, 2022

Anthos clusters on AWS

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.

Anthos clusters on AWS (previous generation)

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.

Anthos clusters on Azure

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.

There is a bug in the Azure OS kernels used by some of the previous Anthos clusters on Azure versions. This bug will randomly cause disks to not mount in the OS when they are attached to the Azure VM. When this happens, clusters won't start up completely.

The following versions are affected:

  • 1.21.11-gke.100
  • 1.21.11-gke.1100
  • 1.22.8-gke.200
  • 1.22.8-gke.1300

Please always use the latest patch versions when creating a new cluster to avoid this issue.

For more information, see the Linux kernel bug.

Anthos clusters on bare metal

Release 1.11.3

Anthos clusters on bare metal 1.11.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.3 runs on Kubernetes 1.22.

Fixes:

The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee Integration

On June 23, 2022 we released an updated version of the Apigee Integrations software.

Apigee Integration trials

Starting with this release, Apigee Integrations is available in an Apigee Eval org which lets you try out the integrations feature without getting billed for the usage. For information, see Enable integrations in an eval org.

Updates to SetIntegrationRequest policy

The SetIntegrationRequest policy has the following updates:

  • Support for ref attribute in the <Parameter>, <ParameterArray>, and <Value> elements. By using this attribute, you can assign flow variable values to the parameters.

  • Empty  <Parameter> and <ParameterArray> elements are supported. However, if these elements are empty, Apigee treats the element value as null.

  • Empty <Value> element is not supported. If the element is empty, Apigee reports an error.

BigQuery

The BI Engine preferred tables feature lets you limit BI Engine acceleration to a specified set of tables. This feature is now in preview.

Cloud Composer

The earlier issue with DAG and task failures in Public IP environments in Cloud Composer 1 is now resolved for all impacted environments.

(Airflow 2) The apache-airflow-providers-google package is updated:

  • Fixed a regression in BigQueryToGCPOpertor after changes to links were introduced in #24416.
  • Fixed errors related to the usage of the service_account attribute by BeamRunJavaPipelineOperator.

(Cloud Composer 2) Incremental task logs are now correctly refreshed and displayed in Airflow UI.

Cloud Composer 1.19.1 and 2.0.18 images are available:

  • composer-1.19.1-airflow-1.10.15 (default)
  • composer-1.19.1-airflow-2.1.4
  • composer-1.19.1-airflow-2.2.5
  • composer-2.0.18-airflow-2.1.4
  • composer-2.0.18-airflow-2.2.5

Cloud Composer 1.18.12 is a version with an extended upgrade timeline.

Cloud Composer versions 1.16.7 and 1.17.0.preview.3 have reached their end of full support period.

Cloud SQL for PostgreSQL

CloudSQL for PostgreSQL now supports replication from an external server.

Cloud Spanner

The PostgreSQL interface is now generally available, making the capabilities of Cloud Spanner accessible from the PostgreSQL ecosystem. It includes a core subset of the PostgreSQL SQL dialect, support for the psql command-line tool, native language clients, and integration into existing Google tools. For more information, see PostgreSQL interface.

Google Kubernetes Engine

(2022-R15) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.16-gke.11000
    • 1.20.15-gke.6000
    • 1.21.11-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8000
    • 1.21.11-gke.1900
    • 1.22.8-gke.201
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.1700
    • 1.22.9-gke.1300
    • 1.23.6-gke.1500
    • 1.24.0-gke.1801
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.

(2022-R15) Version updates

(2022-R15) Version updates

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.16-gke.11000
    • 1.20.15-gke.6000
    • 1.21.11-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.

(2022-R15) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8000
    • 1.21.11-gke.1900
    • 1.22.8-gke.201
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.

(2022-R15) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.1700
    • 1.22.9-gke.1300
    • 1.23.6-gke.1500
    • 1.24.0-gke.1801
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.
Recommendations AI

The Recommendations AI documentation set at https://cloud.google.com/retail/recommendations-ai/docs will be removed on July 5, 2022. This documentation set describes how to use the Recommendations console to manage and monitor Recommendations AI. We no longer recommend this console. After July 5, 2022, links to this documentation will redirect to the equivalent page in the Retail documentation at https://cloud.google.com/retail/docs.

We recommend that you use the Retail console to manage Recommendations AI. Find the documentation for the Retail console at https://cloud.google.com/retail/docs.

If you have not yet switched from the Recommendations console to the Retail console, see Switch to the Retail console.

June 22, 2022

Chronicle

The following supported default parsers have changed (listed by product name and ingestion label):

  • Akamai WAF (AKAMAI_WAF)
  • Aruba IPS (ARUBA_IPS)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Check Point (CHECKPOINT_FIREWALL)
  • Cisco ACS (CISCO_ACS)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • CloudM (CLOUDM)
  • CrowdStrike Falcon (CS_EDR)
  • EPIC Systems (EPIC)
  • Forescout NAC (FORESCOUT_NAC)
  • FortiGate (FORTINET_FIREWALL)
  • GCP Compute (GCP_COMPUTE)
  • IBM DataPower Gateway (IBM_DATAPOWER)
  • Imperva (IMPERVA_WAF)
  • JAMF Protect (JAMF_PROTECT)
  • Linux Auditing System (AuditD) (AUDITD)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Netskope (NETSKOPE_ALERT)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Preempt Alert (PREEMPT)
  • RSA (RSA_AUTH_MANAGER)
  • SentinelOne EDR (SENTINEL_EDR)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • Sourcefire (SOURCEFIRE_IDS)
  • Suricata IDS (SURICATA_IDS)
  • Symantec Web Isolation (SYMANTEC_WEB_ISOLATION)
  • Tripwire (TRIPWIRE_FIM)
  • Unix system (NIX_SYSTEM)
  • VMware AirWatch (AIRWATCH)
  • VMware ESXi (VMWARE_ESX)
  • VMware NSX (VMWARE_NSX)
  • WatchGuard (WATCHGUARD)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • Zscaler (ZSCALER_WEBPROXY)

For details about changes in each parser, see Supported default parsers.

Cloud Billing

Preview: You can now get cost insights in the Recommender API, and use them to detect anomalies in your costs. For example, you see a cost insight in the API if your costs for a day are significantly higher or lower than your typical daily costs.

Compute Engine

The CPU utilization observability metric is incorrect for VMs that use one thread per core. For more information, see Known issues.

Google Kubernetes Engine

To deliver a better default price-performance for applications, all GKE clusters created with control plane version 1.24 and later have the Balanced Persistent Disk (PD) by default for attached volumes. Additionally, the node boot disk default has also been changed to Balanced Persistent Disk (PD).

The new default for attached volumes is applied to all clusters running control plane version 1.24 and later. The new default node boot disk is applied to all new node pools of any node pool version created in a cluster with control plane version 1.24 and later. Existing preferences will not be changed.

For more information on boot disks, see Configuring a custom boot disk.

For more information on attached volumes see Persistent volumes and dynamic provisioning.

Virtual Private Cloud

Private Service Connect supports publishing a service that is hosted on an internal TCP proxy load balancer in a service producer VPC network. The backends can be located in Google Cloud, in other clouds, in an on-premises environment, or any combination of these locations.

This feature is available in Preview.

June 21, 2022

Apigee Integrated Portal

On June 21, we released an updated version of Apigee integrated portal.

Added the ability to sort by Name and Created fields in the Apps and Teams tables. Click the column heading to sort.

Apigee UI

For example: On June 21, 2022 we released an updated version of the Apigee UI,

The Data Collectors UI is now generally available.

A search bar has been added to the new Proxy Editor Develop view. This lets you search for items within a proxy or sharedflow bundle.

Apigee X

On June 21, 2022, we released an updated version of Apigee X (1-8-0-apigee-18).

Bug ID Description
234355351 Fixed issue with message processor pods restarting frequently. Added backoff polling task for Cloud KMS key listener. The listener is paused only when the flush policy is met.
N/A Upgraded infrastructure and libraries.
BigQuery

Query queues are now available in preview for on-demand and flat-rate customers. When query queues are enabled, BigQuery automatically determines the query concurrency rather than setting a fixed limit. Flat-rate customers can override this setting with a custom concurrency target. Additional queries beyond the concurrency target are queued until processing resources become available.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for SQL Server

You can enable an instance to publish to a subscriber that is external (or internal) to Cloud SQL. In this scenario, Cloud SQL for SQL Server can act as a publisher to an external subscriber. This functionality, which is generally available, uses transactional replication.

For more information, see Configure external replicas.

In Cloud SQL, you can use SQL Server Audit capabilities to track and log server-level and database-level events. This functionality is generally available.

For more information, see SQL Server database auditing.

Dataproc

New sub-minor versions of Dataproc images:

1.5.70-debian10, 1.5.70-rocky8, 1.5.70-ubuntu18

2.0.44-debian10, 2.0.44-rocky8, 2.0.44-ubuntu18

For 1.5 and 2.0 images, backported YARN-9608 to fix the issue in graceful decommissioning.

Dialogflow

The Dialogflow CX search feature is now GA (generally available).

Workflows

June 20, 2022

Cloud Composer

In July 2022, Cloud Composer 2 environments created in Cloud console will use Private Service Connect configuration by default.

In July 2022, Cloud Composer 1 environments created in Cloud console will use the latest available version of Airflow 2 by default.

Cloud Load Balancing

Cloud Load Balancing introduces a new version of the external HTTP(S) load balancer. The new global external HTTP(S) load balancer with advanced traffic management capabilities contains many of the features of our existing classic HTTP(S) load balancer, but with an ever-growing list of traffic management capabilities such as weighted traffic splitting, request mirroring, outlier detection, fault injection, and so on.

For details on the new load balancer, see:

This load balancer is available in General Availability.

Workflows

Support for VPC Service Controls is generally available (GA).

June 17, 2022

Anthos Service Mesh

The Fleet Feature API (mesh.googleapis.com) now enables the Connect Gateway API (connectgateway.googleapis.com). This change does not incur any additional cost.

Config Controller

Config Controller now uses version 1.87.0 for Config Connector (release notes)

Firestore in Datastore mode

Datastore now supports the not-equal (!=), IN and NOT_IN query filters. The filters are now available in the Google Cloud console and the following client libraries:

  • Java
  • Python
  • PHP
  • Node.js
Resource Manager

A feature for protecting tag values from being deleted has launched into general availability. If a tag value has a tag hold, it cannot be deleted by users unless the tag hold is first deleted. For more information about tag holds, see Protecting tag values with tag holds.

Vertex AI

Support for IAM resource-level policies for Vertex AI featurestore and entityType resources is available in Preview.

June 16, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.10.5-gke.26 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.5-gke.26 runs on Kubernetes 1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.

Fixed for version 1.10.5

  • Fixed the issue where admin cluster backup did not back up always-on secrets encryption keys. This caused repairing an admin cluster using gkectl repair master --restore-from-backup to fail when always-on secrets encryption was enabled.

  • Fixed the issue of high resource usage when AIDE runs as a cron job by disabling AIDE by default. This fix will affect compliance with CIS L1 Server benchmark 1.4.2: Ensure filesystem integrity is regularly checked.

    To re-enable the AIDE cron job, see Configure AIDE cron job.

Fixed the following vulnerabilities

Compute Engine

Preview: Windows VMs now support SSH connections from the gcloud CLI. For more information, see Connect to Windows VMs using SSH.

Datastream

Datastream now supports the use of tags on its resources, which include private connectivity configurations, connection profiles, and streams. Tags are key-value pairs that you can apply to your Datastream resources for fine-grained access control. To learn more, see Access control with tags. To use tags, see Manage tags.

Transfer Appliance

You can now order Transfer Appliance from the Cloud console, as well as view, track, and manage your orders and appliances. For more info, see the Order Transfer Appliance page.

June 15, 2022

Bare Metal Solution

Advanced networking capabilities for Bare Metal Solution -- Enables you to use the following features:

  • Add multiple VLANs on the same bonded server interface.
  • Configure multiple VLAN attachments over a Partner Interconnect connection to your Bare Metal Solution environment.
  • Connect the Bare Metal Solution environment to more than one Virtual Private Cloud (VPC) in your Google Cloud project.
  • Use network templates to enable a flexible network design of your choice, such as active/active and active/backup, to meet your needs for high availability, redundancy, and load balancing.
BigQuery

Deterministic encryption SQL functions are now generally available (GA). New AEAD encryption functions include DETERMINISTIC_ENCRYPT, DETERMINISTIC_DECRYPT_BYTES, and DETERMINISTIC_DECRYPT_STRING. These functions allow column-level encryption and decryption of data while supporting aggregation and table joins.

Cloud Composer

Starting from July 2022, Cloud Composer service will start enforcing the "Act As" organization policy in all projects. It's a follow-up from the announcements sent out earlier. Please, grant the iam.serviceAccounts.actAs permission to users and service accounts that create, update, and delete Cloud Composer environments. For more information, see Securing Cloud Composer.

The earlier issue with autoscaling in some Cloud Composer 2 environments is now resolved for all impacted environments.

(Airflow 1) New versions of Cloud Composer no longer support Python 2:

  • Starting from version 1.19.0, it is not possible to create new environments with Python 2, or upgrade existing environments with Python 2 to 1.19.0 and later versions of Cloud Composer.
  • Existing environments with Python 2 are not impacted by this change. It is possible to upgrade such environments to Cloud Composer version 1.18.12 and earlier through gcloud CLI, API, and Terraform.

(Cloud Composer 1) Fixed the problem that caused increased DAG and task failures in Public IP environments because of Airflow database connectivity issues. This change improves the reliability of connections to the Airflow Database in Public IP environments.

  • You can upgrade your Composer 1 environments where you experience this issue to Cloud Composer 1.19.0 version to fix the problem immediately.

  • The fix will be applied to all existing Cloud Composer 1 Public IP environments within the next couple of days. We will announce when the issue is resolved. If you have any questions or concerns, please contact Cloud Customer Care.

Logs in Cloud Logging now have Airflow DAG and task annotations for multilined output.

(Airflow 2) Enabled User Stats Chart view in Airflow UI for users with the Admin role.

(Airflow 2) Fix processor cleanup on DagFileProcessorManager #22685

Cloud Composer 1.19.0 and 2.0.17 images are available:

  • composer-1.19.0-airflow-1.10.15 (default)
  • composer-1.19.0-airflow-2.1.4
  • composer-1.19.0-airflow-2.2.5
  • composer-2.0.17-airflow-2.1.4
  • composer-2.0.17-airflow-2.2.5

Cloud Composer versions 1.16.6 and 1.17.0.preview.2 have reached their end of full support period.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Added the complexDataTypeReferenceParsing field to the FHIR store resource, which lets you parse references within complex FHIR data types, such as FHIR extensions.

Compute Engine

Cloud console SSH-in-browser connections might fail if you use custom firewall rules. For workarounds, see Known issues.

Google Kubernetes Engine

Confidential GKE Nodes is now generally available in GKE version 1.22 and later for stateful workloads using persistent disks, and in all GKE versions for stateless workloads. Use Confidential GKE Nodes to encrypt your workload data in-use through Compute Engine Confidential VMs.

SAP on Google Cloud

Google Cloud monitoring agent for SAP NetWeaver version 2.4

Version 2.4 of the Google Cloud monitoring agent for SAP NetWeaver is now available. This version includes bug fixes and supportability improvements.

For more information about the agent, see Monitoring SAP NetWeaver on Google Cloud.

Video Stitcher API

The Video Stitcher API is generally available (GA).

June 14, 2022

Apigee Integrated Portal

On June 14, we released an updated version of Apigee integrated portal.

Use a GraphQL schema to publish your APIs to an integrated portal.

For details, see:

App Engine standard environment Python

The Python 3.10 runtime (preview) now uses Ubuntu 22.

BigQuery

You can now use the Cloud console to set up VPC service control perimeters to restrict access from BigQuery Omni to external clouds. You can also specify whether you want to grant read or write permission on your external resource. This feature is now generally available (GA).

You can now explore data in Data Studio by using links from your BigQuery query results in the Google Cloud Console. This feature is now generally available (GA).

Chronicle

Enhancements to YARA-L 2.0 syntax in Detection Engine rules

We have enhanced the outcome section that can be used in Detection Engine rules.

  • We now support up to 10 outcome variables.
  • We now support integer and string data type outcome variables.
  • We have added new aggregate functions: count(), count_distinct(), array(), array_distinct()

For more details about the outcome section, see Outcome section syntax.

Cloud Composer

Authorized networks support is now generally available (GA).

Cloud Functions

The Python 3.10 runtime (preview) now uses Ubuntu 22.

Cloud SQL for PostgreSQL

For enhanced security with built-in authentication, Cloud SQL now lets you set password policies at the instance level.

Compute Engine

Generally Available: The image import tool now supports importing Windows Server 2022 images to Google Cloud.

Generally available: Optimize the distribution of VMs in sole-tenant node groups. For more information, see About manual live migration.

Dataproc

Announcing the General Availability (GA) release of Dataproc Custom OSS Metrics GA, which collects then integrates Dataproc cluster OSS component metrics into Cloud Monitoring.

New sub-minor versions of Dataproc images:

1.5.69-debian10, 1.5.69-rocky8, 1.5.69-ubuntu18

2.0.43-debian10, 2.0.43-rocky8, 2.0.43-ubuntu18

Backported the patch for HBASE-23287 to HBase 1.5.0 in 1.5 image

Resource Manager

The following organization policy constraints to restrict resource creation of global security configuration have launched into general availability:

  • Disable Creation of Cloud Armor Security Policies
  • Disable Creation of global self-managed SSL Certificates
  • Disable Global Load Balancing
  • Disable Enabling Identity-Aware Proxy (IAP) on global resources
  • Disable Enabling Identity-Aware Proxy (IAP) on regional resources

June 13, 2022

BigQuery

A new system variable, @@dataset_project_id, is now generally available. @@dataset_project_id allows you to set a default project where one is not specified for a dataset in your query. This variable is also available as a Connection Property.

Cloud DNS

Cloud DNS per resource IAM permissions are available in Preview.

You can now set up specific read, write, or administrator permissions for different managed zones under the same project.

Cloud SQL for PostgreSQL

The following extensions in Cloud SQL for PostgreSQL are generally available:

  • pg_bigm. Enables full text search and allows a two-gram (bigram) index for faster full text search.
  • refint. Enables the checking of foreign key restraints, the referencing table, and the referenced table.
  • decoderbufs. A logical decoder that delivers output data as Protocol Buffers, adapted for Debezium.
  • pg_wait_sample. Collects sampling statistics of wait events, providing wait event data for processes on servers.

Additionally, users with the cloudsqlsuperuser role have full access to the pg_largeobject system catalog.

Cloud SQL enables you to access to the pg_shadow view. You can use the pg_shadow view to work with the properties of roles that are marked as rolcanlogin in the pg_authid catalog.

For more information, see Access to the pg_shadow view.

Compute Engine

Generally Available: Compute Engine can now use a maximum network packet size of 8896 when communicating between VMs on the same subnet. For details, see the maximum transmission unit overview.

Dataproc

Announcing the General Availability (GA) release of Ranger Cloud Storage plugin. This plugin activates an authorization service on each Dataproc cluster VM, which evaluates requests from the Cloud Storage connector against Ranger policies and, if the request is allowed, returns an access token for the cluster VM service account

Dataproc is now available in the us-south1 region (Dallas, Texas).

Dialogflow

The Dialogflow ES Google Assistant integration will be removed on June 13, 2023. This is due to the Google Assistant Conversational Actions planned sunsetting.

Document AI

Document AI is now generally available (GA) in the following new locations:

  • asia-south1 (Mumbai)
  • australia-southeast1 (Sydney)

You must request access to use the new locations. For more information, see Regional and multi-regional support.

New Identity Processor (Preview)

The France Passport Parser is now available in limited preview.

Google Kubernetes Engine

(2022-R14) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.21.11-gke.1900 is now the default version in the Stable channel.
  • Version 1.22.8-gke.202 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.11-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.

Regular channel

  • Version 1.22.8-gke.202 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.6000
    • 1.21.11-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.8-gke.202 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.5-gke.1503 with this release.

Rapid channel

  • Version 1.23.6-gke.1501 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.1500
    • 1.22.8-gke.2200
    • 1.23.5-gke.2400
    • 1.24.0-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.9-gke.1300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.6-gke.1501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.6-gke.1501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.0-gke.1801 with this release.

CVE-2022-25235 has been patched in the PD CSI driver in 1.22 and 1.23 clusters. If your cluster is not configured for auto-upgrade, please manually upgrade to eliminate this vulnerability.

GKE Node System Configuration now supports setting pod pid limits.

(2022-R14) Version updates

  • Version 1.22.8-gke.202 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.6000
    • 1.21.11-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.8-gke.202 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.5-gke.1503 with this release.

(2022-R14) Version updates

  • Version 1.23.6-gke.1501 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.1500
    • 1.22.8-gke.2200
    • 1.23.5-gke.2400
    • 1.24.0-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.9-gke.1300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.6-gke.1501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.6-gke.1501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.0-gke.1801 with this release.

(2022-R14) Version updates

  • Version 1.21.11-gke.1900 is now the default version in the Stable channel.
  • Version 1.22.8-gke.202 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.11-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.

(2022-R14) Version updates

Live Stream API

Live Stream API is now in GA.

Pricing is now regional. See Locations for available regions.

Virtual Private Cloud

VPC networks now support jumbo frame MTUs within the same subnet. MTU can be set from 1300 to 8896. For details, see the maximum transmission unit overview.

Workflows

Parallel steps are available in Preview.

June 10, 2022

Anthos Service Mesh

There is a known issues with the signatures of the revisions released June 9, 2022. To avoid this issue, upgrade to one of the following versions instead:

  • 1.13.4-asm.4
  • 1.12.7-asm.2
  • 1.11.8-asm.4

1.13.4-asm.4 is now available.

This patch release contains a fix for the known issue with the signatures of the revisions released June 9, 2022 as well as the fixes for the security vulnerabilities listed in GCP-2022-015. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

1.12.7-asm.2 is now available.

This patch release contains a fix for the known issue with the signatures of the revisions released June 9, 2022 as well as the fixes for the security vulnerabilities listed in GCP-2022-015. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

1.11.8-asm.4 is now available.

This patch release contains a fix for the known issue with the signatures of the revisions released June 9, 2022 as well as the fixes for the security vulnerabilities listed in GCP-2022-015. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

BigQuery

Quotas for multi-statement queries have changed. The cumulative time limit for a multi-statement query has increased from 6 hours to 24 hours.

Cloud SQL for MySQL

Cloud SQL now supports faster machine type changes, with connectivity dropping to less than 60 seconds. For more information, see Impact of changing instance settings.

Cloud SQL for PostgreSQL

Cloud SQL now supports faster machine type changes, with connectivity dropping to less than 60 seconds. For more information, see Impact of changing instance settings.

Cloud SQL for SQL Server

Cloud SQL now supports faster machine type changes, with connectivity dropping to less than 60 seconds. For more information, see Impact of changing instance settings.

Cloud Spanner

Commit timestamps enable a Cloud Spanner optimization that can reduce query I/O when retrieving data written after a particular time.

Document AI

The Contract Parser is now more accurate, can extract more fields and supports higher page limits.

Google Kubernetes Engine

You can now easily identify clusters that use deprecated Kubernetes APIs removed in version 1.22. Kubernetes deprecation insights are now available in Preview.

Memorystore for Redis

Added support for customer-managed encryption keys (Preview) for Memorystore for Redis. For more details, see Customer-managed encryption keys.

June 09, 2022

Anthos Service Mesh

The Istio and Envoy projects recently disclosed a series of CVEs that can expose Anthos Service Mesh to remotely exploitable vulnerabilities. For more information, see the security bulletin.

1.13.4-asm.3 is now available.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-015. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

1.12.7-asm.1 is now available.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-015. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

1.11.8-asm.3 is now available.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-015. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

Anthos clusters on bare metal

Release 1.9.8

Anthos clusters on bare metal 1.9.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.9.8 runs on Kubernetes 1.21.

Fixes:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Artifact Registry

Audit logs for Maven, npm, and Python repositories are now available in Cloud Logging.

Cloud Data Fusion

Cloud Data Fusion version 6.7.0 is in Preview. This release is in parallel with the CDAP 6.7.0 release.

Features in 6.7.0:

  • Connection Management is generally available (GA).
  • DNS Resolution is available in Preview. Cloud Data Fusion supports using domain or hostnames for sources instead of IP addresses for pipeline design-time activities, such as getting schema, wrangling, and previewing pipelines.
  • Transformation Pushdown is generally available (GA) for JOIN operations. Several new transformations are available in Preview, including Group By and deduplicate aggregations. Added support for the BigQuery Storage Read API to improve performance when extracting data from BigQuery. For more information, see the Transformation Pushdown overview.
  • Dataplex Source and Sink plugins are available in Preview as system plugins in Cloud Data Fusion. You no longer need to install the plugins.

Changes in 6.7.0:

  • Increased pipeline launch and run scalability in Enterprise instances.
  • In Transformation Pushdown, added the ability to use existing connections.
  • Added the ability to parse files before loading data into a Wrangler workspace.
  • Added the ability to import the schema in JSON and some Avro formats, where schema inference isn't possible before loading data into the Wrangler workspace.
  • In Connection Management:
    • Added the ability to edit connections.
    • Added support for connections for several plugins and sinks.
    • Added the ability to browse partial hierarchies, such as BigQuery datasets and Dataplex zones.
  • In the Cloud Storage Done File Marker Post-Action plugin, added support for the Location property, which lets you have buckets and customer-managed encryption keys in locations that are not US locations.
  • In the BigQuery Execution Action plugin and the BigQuery Argument Setter action plugin, added support for the Dataset Project ID property, the Project ID of the dataset that stores the query results. It's required if the dataset is in a different project than the BigQuery job.
  • In BigQuery sinks, added support for the BigNumeric data type.
  • In the BigQuery Table Batch Source, added the ability to query any temporary table in any project when you set the Enable querying views property to Yes. Previously, you could only query views.
  • In Cloud Data Loss Prevention plugins, added support for templates from other projects.
  • Added a new pipeline state for when you manually stop a pipeline run: Stopping.
  • In the BigQuery Execute plugin, added the ability to look up the drive scope for the service account to read from external tables created from the drive.
  • Improved the generic Database source plugin to correctly read decimal data.
  • Improved the Google Cloud Platform plugins to validate the Encryption Key Name property.
  • In the replication configurations, added the ability to enable soft deletes from a BigQuery target.
  • In Wrangler, added support for nested arrays, such as the BigQuery STRUCT data type.
  • In the Cloud Storage File Reader Batch Source plugin, added the Allow Empty Input property.
  • In the Cloud Storage File Reader Batch Source and Amazon S3 Batch Source plugins, added the Enable Quoted Values property, which lets you treat content between quotes as a value.
  • In the Joiner transformation, added the Input with Larger Data Skew property.
  • Behavior change: In the Pipeline Studio, if you click Stop on a running pipeline and the pipeline doesn't stop after 6 hours, the pipeline is forcefully terminated.
  • Behavior change: In the Deduplicate Analytics plugin, limited the Filter Operation property to one record. If this property isn't set, a random record is chosen from the group of duplicate records.
  • Behavior change: The BigQuery sink supports Nullable Arrays. A NULL array is converted to an empty array at insertion time.

Fixed in 6.7.0:

  • Fixed an issue in the Group By transformation where Longest String and Shortest String aggregators returned an empty string, even when all records contained null values in the specified field. The Group By transformation returns null for empty input.
  • Fixed an issue in the Group By transformation that caused the Concat and Concat Distinct aggregate functions to produce incorrect results in some cases.
  • Fixed an issue in the Group By transformation that caused the Variance, Variance If, and Standard Deviation aggregate functions to produce incorrect results in some cases.
  • In the Oracle and MySQL Batch Source plugins, fixed an issue to treat all timestamps, specifically the ones older than the Gregorian cutover date (October 15, 1582), from the database in Gregorian calendar format.
  • Improved the generic Database source plugin to correctly read data when the data type is NUMBER, scale is set, and the data contains integer values.
  • Fixed an issue in sources (such as File and Cloud Storage) that resulted in an error if you clicked Get Schema when the source file contained delimiters used in regular expressions, such as "|" or ".". You no longer need to escape delimiters for sources.
  • Fixed an issue where Datastore sources read a maximum of 300 records. Datastore sources read all records.
  • Fixed an issue in BigQuery sinks where the output table was not partitioned correctly in the following cases:
    • The output table didn't exist.
    • Partitioning type was set to Time.
    • Operation was set to Upsert.
  • Fixed an issue that caused pipelines with BigQuery sinks that have input schemas with nested array fields to fail.
  • Fixed issues that caused failures when reading maps and named enums from Avro files.

Cloud Data Fusion version 6.7.0 does not support Dataproc version 1.3. For more information, see the compatible versions of Dataproc.

Cloud SQL for MySQL

The June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

Cloud SQL for PostgreSQL

The June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

Cloud SQL for SQL Server

The June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

Cloud Scheduler

Cloud Scheduler jobs that are paused can now be edited. See Create and configure cron jobs.

Config Connector

Config Connector version 1.88.0 is now available.

Added support for ServiceDirectoryNamespace and ServiceDirectoryService resources.

Added fields spec.maintenancePolicy and spec.maintenanceSchedule to MemcacheInstance resource.

June 08, 2022

BigQuery

Batch and interactive translation services are now generally available (GA), and include support for most major SQL dialects. This release also includes preview availability of SQL object name mapping and metadata extraction tools that you can use to increase the accuracy of your batch translation jobs.

Chronicle

The following supported default parsers have changed (listed by product name and ingestion label):

  • Amazon Guardduty (GUARDDUTY)
  • Atlassian Jira (ATLASSIAN_JIRA)
  • AWS CloudFront (AWS_CLOUDFRONT)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS CloudWatch (AWS_CLOUDWATCH)
  • AWS Config (AWS_CONFIG)
  • AWS Elastic Load Balancer (AWS_ELB)
  • AWS Key Management Service (AWS_KMS)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • Check Point (CHECKPOINT_FIREWALL)
  • Cisco ACS (CISCO_ACS)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • CrowdStrike Falcon (CS_EDR)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • ESET Threat Intelligence (ESET_IOC)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • Fastly WAF (FASTLY_WAF)
  • GCP Cloud IOT (GCP_CLOUDIOT)
  • HCL BigFix (HCL_BIGFIX)
  • IBM z/OS (IBM_ZOS)
  • Imperva (IMPERVA_WAF)
  • Infoblox DNS (INFOBLOX_DNS)
  • Juniper IPS (JUNIPER_IPS)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Okta (OKTA)
  • Tanium Stream (TANIUM_TH)
  • Trend Micro AV (TRENDMICRO_AV)
  • Unix system (NIX_SYSTEM)
  • Windows Event (WINEVTLOG)
  • Zscaler (ZSCALER_WEBPROXY)

For details about changes in each parser, see Supported default parsers.

Cloud Data Loss Prevention

The LOCATION_COORDINATES infoType detector is available in all regions.

Cloud Run

Session affinity is now available for Cloud Run service revisions.

Cloud SQL for MySQL

An addendum to the May maintenance changelog shows additional security patches. For more information, use the links at Maintenance changelog.

Cloud SQL for PostgreSQL

New maintenance versions are now available through self-service maintenance. See the maintenance changelog to learn more about these new maintenance versions.

An addendum to the May maintenance changelog shows additional security patches. For more information, use the links at Maintenance changelog.

Cloud SQL for SQL Server

An addendum to the May maintenance changelog shows additional security patches. For more information, use the links at Maintenance changelog.

Config Controller

Config Controller is now supported in region europe-west1, europe-west3 and australia-southeast2

VPC Service Controls

Beta stage support for the following integration:

June 07, 2022

Cloud Composer

This version fixes a problem with autoscaling not working properly in Cloud Composer 2 environments when GKE version 1.22 is used for the environment's cluster:

  • The issue could impact your Cloud Composer 2 environment if you created it between June 2, 2022 and June 7, 2022.
  • If you were impacted by this issue, you can recreate such an environment. As another option, Google will apply a fix to all impacted environments in a few days.
  • We will announce when the issue is resolved. If you have any questions or concerns, please contact Cloud Customer Care.

(Airflow 1.10.15) Upgraded apache-beam and google provider packages to version 2022.6.1:

  • Support impersonation_chain parameter for Dataflow runner in Apache Beam operators
  • Added missing project_id parameter for wait_for_job method in the Dataflow operators
  • Added key_secret_project_id parameter which specifies a project with KeyFile

Cloud Composer 1.18.12 and 2.0.16 images are available:

  • composer-1.18.12-airflow-1.10.15 (default)
  • composer-1.18.12-airflow-2.1.4
  • composer-1.18.12-airflow-2.2.5
  • composer-2.0.16-airflow-2.1.4
  • composer-2.0.16-airflow-2.2.5
Cloud Key Management Service

Cloud KMS is available in the following region:

us-south1

For more information, see Cloud KMS locations.

Cloud Run

The following new region is now available: us-south1.

Cloud SQL for MySQL

Support for us-south1 (Dallas).

Cloud SQL for PostgreSQL

Support for us-south1 (Dallas).

Cloud SQL for SQL Server

Support for us-south1 (Dallas).

Cloud Spanner

You can create Cloud Spanner regional instances in Dallas (us-south1).

Cloud VPN

Cloud VPN is available in region us-south1 (Dallas, US).

Pricing is available on the Cloud VPN pricing page.

Compute Engine

Generally available: Dallas, Texas us-south1-a,b,c has launched with E2 and N2 VMs available in all three zones.

See VM instance pricing for details.

Dataflow

Dataflow is now available in Dallas, Texas (us-south1).

Google Cloud Armor

Google Cloud Armor Threat Intelligence (Threat Intel) is available in public preview. Threat Intel lets you secure your traffic by allowing or blocking traffic to your HTTP(S) load balancers based on threat intelligence data. For more information, see Configuring Threat Intelligence.

Google Cloud Deploy

The Google Cloud Terraform provider now supports creating Google Cloud Deploy delivery pipelines and targets.

Google Kubernetes Engine

The us-south1 region in Dallas, Texas is now available.

Pub/Sub

Pub/Sub is now available in us-south1 (Dallas, Texas).

The following Pub/Sub metrics are deprecated and will be discontinued in 12 months.

  • subscription/streaming_pull_message_operation_count
  • subscription/streaming_pull_ack_message_operation_count
  • subscription/streaming_pull_mod_ack_deadline_message_operation_count
  • subscription/pull_message_operation_count
  • subscription/pull_ack_message_operation_count
  • subscription/mod_ack_deadline_message_operation_count
  • topic/send_message_operation_count
VPC Service Controls

General availability for the following integration:

Virtual Private Cloud

For auto mode VPC networks, added a new subnet 10.206.0.0/20 for the Dallas us-south1 region. For more information, see Auto mode IP ranges.

June 06, 2022

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions:

  • 1.21.11-gke.1800
  • 1.22.8-gke.2100

Windows nodes on 1.22.8-gke.2100 now use pigz to improve image layer extraction performance.

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions:

  • 1.21.11-gke.1800
  • 1.22.8-gke.2100

Windows nodes on 1.22.8-gke.2100 now use pigz to improve image layer extraction performance.

Apigee API hub

On June 6, 2022 Apigee hub released a new version of the software

Bug ID Description
234772624 Fixed an issue where an API could not be deleted if it had deployments.
App Engine standard environment Java

The Java 17 runtime (preview) now uses Ubuntu 22.

BigQuery

You can now attach Resource Manager tags to datasets. This feature is supported in Preview. Tags let you conditionally apply Identity and Access Management (IAM) policies to resources.

The following Storage Read API quotas and limits have changed:

  • There is now a limit of 2,000 concurrent ReadRows calls per project in the US and EU multi-regions and 400 concurrent ReadRows calls in other regions.
  • The number of data plane requests per user per project per minute has increased from 5,000 to 25,000.

For more information, see Storage Read API quotas and limits.

Cloud Functions

The Java 17 runtime (preview) now uses Ubuntu 22.

Cloud Load Balancing

External TCP/UDP Network Load Balancing now supports load-balancing GRE traffic. To handle GRE protocol traffic, you set the load balancer's forwarding rule protocol to L3_DEFAULT and set the backend service protocol to UNSPECIFIED.

For details, see:

This feature is available in General Availability.

Cloud Run

You can now create and edit Cloud Run jobs using the Cloud console.

Cloud Storage

Cloud Storage is now available in Dallas, Texas (us-south1 region).

Compute Engine

Generally available: NVIDIA A100 GPUs are now available in the following additional regions and zones:

Las Vegas, Nevada, North America : us-west4-b

For more information about using GPUs on Compute Engine, see GPU platforms.

Preview: When you create VMs in bulk, you can now use the following new values with the TARGET_SHAPE flag:

  • ANY: Use this value to place VMs in zones to maximize unused zonal reservations.
  • BALANCED: Use this value to place VMs uniformly across zones.
Config Controller

Config Controller now uses the following versions of its included products:

Dataproc

Announcing the General Availability (GA) release of Dataproc Persistent History Server, which provides web interfaces to view job history for jobs run on active or deleted Dataproc clusters.

Dataproc Serverless for Spark now uses runtime version 1.0.13.

New sub-minor versions of Dataproc images:

1.5.68-debian10, 1.5.68-rocky8, 1.5.68-ubuntu18

2.0.42-debian10, 2.0.42-rocky8, 2.0.42-ubuntu18

Dataproc Serverless for Spark runtime versions 1.0.2, 1.0.3 and 1.0.4 are unavailable for new batch submissions.

Dataproc on GKE Spark 3.1 images upgraded to Spark version 3.1.3.

Upgrade Cloud Storage connector version 2.1.8 for 1.5 images only.

Fixed a bug where HDFS directories initialization could fail when user names in a project contain special characters.

Fix a Dataproc on GKE bug that caused upload of driver logs to Cloud Storage to fail.

Dataproc Metastore

Updated Dataproc Metastore auxiliary versions to support the Spanner database type.

Google Cloud Marketplace Partners SAP on Google Cloud

BigQuery Connector for SAP version 2.1

Version 2.1 of BigQuery Connector for SAP is now available. For more information, see What's new with BigQuery Connector for SAP.

Storage Transfer Service

Storage Transfer Service now offers a merged, unified console experience for cloud and file system transfers. All transfer jobs irrespective of source can be tracked though a single interface. This launch simplifies job creation, monitoring, and troubleshooting.

June 03, 2022

Anthos clusters on VMware

Cluster lifecycle improvements

GA: You can use the Cloud console to create, update, and delete Anthos on VMware user clusters. For more information, see Create a user cluster in the Cloud console.

BigQuery

BigQuery Omni now supports Reservation and Access Control DCL. This feature is in Preview.

Cloud Monitoring

You can now add, edit, and remove alerting policy user labels by using the Cloud console when you use the preview alerting interface. To configure policy labels, edit the policy and go to the Notifications and name step. For more information, see Create an alerting policy.

Google Cloud Deploy

Google Cloud Deploy is now available in the following region: australia-southeast1 (Syndey)

Translation Hub

The basic tier for Translation Hub (a self-serve document translation service) is generally available (GA).

June 02, 2022

Anthos clusters on bare metal

Release 1.10.5

Anthos clusters on bare metal 1.10.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.5 runs on Kubernetes 1.21.

Fixes:

The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee X

On June 2, 2022, we released an updated version of Apigee X.

Apigee X APIs for managing key value entries in a key value map scoped to an organization, environment, or API proxy are now available. For more information, see the Apigee API reference documentation.

Apigee hybrid

On June 2, 2022 we released an updated version of the Apigee hybrid software, v1.7.1.

For information on upgrading, see Upgrading Apigee hybrid to version 1.7.

Bug ID Description
233349518 Fixed "Invalid Resource" error generated for job/apigee-resources-install.
232977937 Fixed an issue where deployment would become stuck on "Applying routing changes on" for multiple ingress gateways.
216018530 Fixed an issue where the apigee-logger-apigee-telemetry DaemonSet could still be left running after turning off logger.
226964206 MART, runtime and synchronizer would write to the pod file system.
211716827 Fixed an issue where a non-default gateway could cause routing errors in certain circumstances.
225198475 Fixed an issue where resource reference changes could not be detected.
225939342 Fixed an error where deployment status would show as "Applying routing changes on {env}".
229824389 Fixed an issue in hybrid 1.7.0 where the output apigeectl init could be generated in the wrong order.
229639530 Fixed an error harmonizing the container process ID to use Apigee ID for Hybrid on OpenShift
229804717 Fixed upgrade envoy to use distroless v1.22.0.
227538469 Fixed an issue where configuration actions would write logs to the pod file system.
205616792 Fixed core dump on running user schema setup.
225081332 Fixed allow privileged pods issue.
Cloud Bigtable

Cloud Bigtable now provides increased observability by letting you identify and monitor hot tablets in a cluster. This feature is generally available (GA). To learn more, see Hot tablets.

Cloud Storage

Turbo replication is generally available (GA).

June 01, 2022

Anthos clusters on AWS (previous generation)

Anthos Clusters on AWS aws-1.11.1-gke.7 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:

  • 1.22.9-gke.800
  • 1.21.12-gke.1000
  • 1.20.15-gke.7500
Cloud Composer

Web server restarting is available in Preview in Cloud Composer 2.

IP Masquerade agent support is now generally available (GA) in Cloud Composer 1 and Cloud Composer 2.

(Cloud Composer 2) Environment's size can now be updated for environments with Private Service Connect.

(Cloud Composer 2) The amount of memory available to Redis queue now scales with the environment's size.

Fixed a problem where an upgrade operation could fail when deleting the previous Cloud Composer namespace.

Airflow 2.2.3 is no longer included in Cloud Composer images.

Cloud Composer 1.18.11 and 2.0.15 images are available:

  • composer-1.18.11-airflow-1.10.15 (default)
  • composer-1.18.11-airflow-2.1.4
  • composer-1.18.11-airflow-2.2.5
  • composer-2.0.15-airflow-2.1.4
  • composer-2.0.15-airflow-2.2.5
Cloud Healthcare API

De-identification operations are now billed progressively as the work completes. An operation that does not complete might still incur billing for the work that was completed successfully.

When a FHIR resource is modified, the full contents of the FHIR resource can be sent in a Pub/Sub notification. For more information, see FHIR notifications containing FHIR data.

Cloud Load Balancing

Forwarding rules for external TCP/UDP network load balancers can now be configured to direct traffic coming from a specific range of source IP addresses to a specific backend service (or target instance). This is called traffic steering.

For details, see:

Config Connector

Config Connector version 1.87.0 is now available.

Added spec.pscTargetService field to ComputeRegionNetworkEndpointGroup.

Added spec.enableDynamicPortAllocation field to ComputeRouterNAT.

Added spec.maintenancePolicy.maintenanceExclusion[].exclusionOptions field to ContainerCluster.

Added spec.settings.activeDirectoryConfig field to SQLInstance.

Added spec.gateways field to NetworkServicesTCPRoute.

Dataproc

Dataproc is now available in the us-east5 region (Columbus, Ohio).

Document AI

Identity DocAI General availability (GA) release

The following Identity DocAI processors are now Generally Available (GA).

For more information, see Document AI for Identity.

Firestore

Support for VPC Service Controls is now available in General Availability.

Firestore in Datastore mode

Support for VPC Service Controls is now available in General Availability.

Google Cloud Deploy

Google Cloud Deploy support for Skaffold version 1.37.1 has been updated to version 1.37.2, which is now the default Skaffold version.

SAP on Google Cloud

Google Cloud storage manager for SAP HANA standby nodes version 2.5

Version 2.5 of the Google Cloud storage manager for SAP HANA standby nodes is now available. This version includes bug fixes and supportability improvements.

For more information about the storage manager, see Storage Manager for SAP HANA.

VPC Service Controls

General availability for the following integrations:

Workflows

Workflows is now available in the europe-west8 (Milan, Italy) region.

May 31, 2022

AlloyDB for PostgreSQL

VPC Service Controls, a Cloud-wide feature that helps mitigate the risk of data exfiltration, is available with AlloyDB.

Apigee UI

On May 31, 2022 we released an updated version of the Apigee UI.

API Monitoring Timeline charts were not displayed correctly in the Timeline view.

Previously, you needed to navigate to another API Monitoring view (such as Investigate) and then return to the Timeline view to see charts. This has been fixed: now you can go directly to the Timeline view to see charts.

Apigee hybrid

hybrid v1.6.8

On May 31, 2022 we released an updated version of the Apigee hybrid software, v1.6.8.

For information on upgrading, see Upgrading Apigee hybrid to version 1.6.

Bug ID Description
233349518 Fixed "Invalid Resource" error generated for job/apigee-resources-install.
225939342 Fixed an error where deployment status would show as "Applying routing changes on {env}".
225198475 Fixed an issue where resource reference changes could not be detected.
232977937 Fixed an issue where deployment would become stuck on "Applying routing changes on" for multiple ingress gateways.
229804717 Fixed upgrade envoy to use distroless v1.22.0.
BigQuery

Column-level data masking is now available in preview. You can use data masking to selectively obscure column data for groups of users, while still allowing access to the column. When you use data masking in combination with column-level access control, you can configure a range of access to column data, from full access to no access, based on the requirements of different groups of users.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Spanner

Granular instance sizing is now generally available. You can now create production instances of fewer than 1000 processing units. To learn more, see Compute capacity, nodes and processing units.

Compute Engine

Generally available: NVIDIA A100 GPUs are now available in the following additional regions and zones:

Seoul, South Korea, APAC : asia-northeast3-a,b

For more information about using GPUs on Compute Engine, see GPU platforms.

Dataproc

Dataproc is now available in the europe-southwest1 region (Madrid, Spain).

Dataproc is now available in the europe-west9 region (Paris, France).

Google Cloud VMware Engine

Private cloud creation now uses the HCX Enterprise license level by default, enabling the following premium HCX features:

  • HCX Replication Assisted vMotion (bulk, no-downtime migration)
  • Migrations from KVM and Hyper-V to vSphere
  • Traffic engineering
  • Mobility groups
  • Mobility-optimized networking
Pub/Sub

The Pub/Sub Java client library now supports gRPC compression to save networking costs before your publisher client sends out the publish request.

VPC Service Controls

General availability for the following integration:

May 30, 2022

Cloud Logging

The Logs Explorer has now replaced the Legacy Log Viewer.

The Logs Explorer is the updated version of the Logging interface, and lets you quickly and efficiently retrieve, view, and analyze logs from your queries. For a detailed tour of the Logs Explorer's features, see Using the Logs Explorer.

Dataproc

New sub-minor versions of Dataproc images:

1.5.67-debian10, 1.5.67-ubuntu18, 1.5.67-rocky8

2.0.41-debian10, 2.0.41-ubuntu18, 2.0.41-rocky8

Dataproc on GKE error messages now provide additional information.

Backported fixes for HIVE-22098, HIVE-23809, HIVE-20462, HIVE-21675 to Hive 3.1 in Dataproc 2.0 images.

Fix a bug where properties related to Kerberos cross realm trust were not properly set.

Fixed a bug where older-image (for example, 1.3.95) cluster create operations failed with the error message : "does not support specifying local SSD interface other than 'SCSI'".

Eventarc

A dedicated user interface is generally available (GA).

Managed Service for Microsoft Active Directory SAP on Google Cloud

Google Cloud Connector for SAP Landscape Management version 2.3.2

Version 2.3.2 of the Google Cloud Connector for SAP Landscape Management is now available. This version includes bug fixes and supportability improvements.

For more information about the connector, see Connector for SAP Landscape Management planning guide.

Cloud Storage Backint agent for SAP HANA version 1.0.18

Version 1.0.18 of the Cloud Storage Backint agent for SAP HANA is now available. This version includes supportability improvements and backup stability enhancements.

For more information about the agent, see Cloud Storage Backint agent for SAP HANA overview.

May 27, 2022

Cloud Logging

Support has been removed for two previously deprecated system metrics: logging.googleapis.com/excluded_log_entry_count and logging.googleapis.com/excluded_byte_count.

Cloud Spanner

Cloud Spanner change streams capture and stream out inserts, updates, and deletes in near real-time—useful for analytics, archiving, and triggering downstream application workflows.

Cloud TPU

Cloud TPU now supports Tensorflow 2.8.2 and 2.9.1. For more information see TensorFlow 2.8.2 release notes and TensorFlow 2.9.1 release notes.

Cloud Talent Solution Job Search

Add a new operator on companyDisplayNames filter to further support fuzzy match by treating input value as a multi word token

Add a new option TELECOMMUTE_JOBS_EXCLUDED under enum TelecommutePreference to completely filter out the telecommute jobs in response

Deprecate option TELECOMMUTE_EXCLUDED under enum TelecommutePreference

Compute Engine

Preview: You can now use the SSH troubleshooting tool from the Cloud console to help you determine the cause of failed SSH connections.

Config Controller

Config Controller is now supported in region northamerica-northeast2 and asia-northeast2

Data Catalog

Data Catalog is now available in Santiago (southamerica-west1). For more information on region and feature availability, see regions.

Deep Learning Containers

M93 Release

Deep Learning VM Images

M93 Release

  • Fixed a bug that prevented kernels from shutting down properly in Vertex AI Workbench managed notebooks.
Security Command Center

The compliances, exfiltration, and processes attributes were added to the Finding object.

  • The compliances attribute provides details about security standards that are unmet.
  • The exfiltration attribute provides details about the sources and targets of an exfiltration attempt.
  • The processes attribute provides details about operating system processes relevant to a finding.

For more information, see the API documentation for the Finding object.

Vertex AI Workbench

M93 Release

The M93 release of Vertex AI Workbench managed notebooks includes the following:

  • Fixed a bug that prevented kernels from shutting down properly in Vertex AI Workbench managed notebooks.

Learn more about managed notebooks versions.

May 26, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.11.1-gke.53 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.1-gke.53 runs on Kubernetes 1.22.8-gke.200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.

Fixed for v1.11.1

  • Fixed the known issue where v1.11.0 user clusters cannot be created with a v1.10.x admin cluster.

  • Fixed the issue where the gkectl logs might be truncated when admin cluster creation has failed.

  • Fixed the issue that Anthos Identity Service with LDAP failed to authenticate against some older Active Directory servers when the user id contains a comma.

Fixed the following vulnerabilities

High-severity CVEs

Medium-severity CVEs

Anthos clusters on VMware 1.10.4-gke.32 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.4-gke.32 runs on Kubernetes 1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.

Fixed for v1.10.4

Fixed the following vulnerabilities

High-severity CVEs

RBAC fixes

  • anetd

    • Changed to use kubelet kubeconfig to only allow the anetd to update its own node resource, and the pod resources that are running on the node.
  • antrea-controller / anetd-win

    • Instead of reusing the RBAC config for anetd, created a dedicated RBAC config for antrea and reduced the unnecessary permissions.
  • clusterdns-controller

    • Scoped down clusterdns permissions to default resource name.
    • Scoped down configmap permissions to coredns resource name.
    • Removed create/delete permissions for configmaps. The coredns configmap is now created by the bundle, with create-only annotation to ensure we don't overwrite existing config on upgrade.
  • dns-autoscaler

    • Removed unneeded permissions, and scoped down needed permissions to a particular resource using resourceNames.
    • Restricted get configmap for dns autoscaler.
  • gke-usage-metering

    • Restricted the permission to the kube-system namespace where possible
  • seesaw-load-balancer

    • Restricted the permission by setting resource names.
Anthos clusters on bare metal

Release 1.11.2

Anthos clusters on bare metal 1.11.2 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.2 runs on Kubernetes 1.22.

Starting with Anthos clusters on bare metal release 1.11.2, you can enable or disable Anthos VM Runtime by updating the VMRuntime custom resource only. The legacy spec.kubevirt settings in the cluster configuration are no longer supported. The VMRuntime custom resource is installed by default on version 1.10 and later hybrid, standalone, and user clusters. The VMRuntime custom resource can't be applied to admin clusters.

If you have Anthos VM Runtime enabled for your Anthos clusters on bare metal, you must disable it before upgrading clusters to version 1.11.2 or higher. If this step is not completed, your cluster upgrade will fail. You can re-enable Anthos VM Runtime after the upgrade is complete.

Starting with Anthos clusters on bare metal release 1.11.2, the Anthos VM Runtime API version has changed from v1alpha1 to v1. This version change doesn't affect the VMRuntime custom resource, but most other resources are affected.

Functionality changes:

  • The containerd runtime has been upgraded to 1.5.11-gke.0 to address CVE-2022-24769

  • Added a preflight check that disallows Ubuntu 18.04 distributions with 4.15.x Linux kernels.

Fixes:

  • Fixed cluster custom resource status reporting for pending reconciliations.

  • Fixed a bmctl check cluster command issue that caused the user cluster kubeconfig Secret to be overwritten.

  • Fixed an issue with manifest installation when last-applied-config is broken that caused upgrades to fail.

  • Fixed an issue to ensure that the 20-minute timeout for node draining is enforced during cluster upgrades. This timeout provides ample time for nodes to drain, but ensures that upgrades can always proceed.

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

App Engine standard environment Java
  • Updated the Java SDK to version 1.9.97.
  • Added missing classes in the appegine-jsr107cache.jar file.
Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) , Feed API, and Search APIs (SearchAllResources and SearchAllIamPolicies):

  • Cloud Run
    • run.googleapis.com/Execution
    • run.googleapis.com/Job
  • API Keys
    • apikeys.googleapis.com/Key

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

  • Certificate Authority Service
    • privateca.googleapis.com/Certificate
Cloud Composer

(Airflow 2) If your DAGs use the google-ads package version 14.0.0 or earlier, please upgrade your environment to Cloud Composer version 2.0.14 so that your environment uses Google Ads API v10. Google Ads API v8 and v9 are deprecated and will not be available in the near future.

Added new database metrics: a metric that shows the total limit of database connections, and a metric for the number of active database connections.

(Airflow 1) The google-cloud-bigquery package is upgraded from 1.28.0 to 2.13.0.

(Airflow 2) Updates for the apache-airflow-providers-google package:

Breaking changes:

  • Upgrade to support Google Ads v10 (#22965)

Features:

  • [FEATURE] google provider - BigQueryInsertJobOperator log query (#23648)
  • [FEATURE] google provider - split GkeStartPodOperator execute (#23518)
  • Add exportContext.offload flag to CLOUD_SQL_EXPORT_VALIDATION. (#23614)
  • Create links for BiqTable operators (#23164)
  • implements #22859 - Add .sql as templatable extension (#22920)
  • GCSFileTransformOperator: New templated fields 'source_object', 'destination_object' (#23328)

Bug Fixes

  • Fix PostgresToGCSOperator does not allow nested JSON (#23063)
  • Fix GCSToGCSOperator ignores replace parameter when there is no wildcard (#23340)
  • update processor to fix broken download URLs (#23299)
  • LookerStartPdtBuildOperator, LookerCheckPdtBuildSensor : fix empty materialization id handling (#23025)
  • Change ComputeSSH to throw provider import error instead paramiko (#23035)
  • Fix cancel_on_kill after execution timeout for DataprocSubmitJobOperator (#22955)
  • Fix select * query xcom push for BigQueryGetDataOperator (#22936)
  • MSSQLToGCSOperator fails: datetime is not JSON Serializable (#22882)
  • Update credentials when using ADC in Compute Engine #23773

Misc changes

  • Add Stackdriver assets and migrate system tests to AIP-47 (#23320)
  • CloudTasks assets & system tests migration (AIP-47) (#23282)
  • TextToSpeech assets & system tests migration (AIP-47) (#23247)
  • Fix code-snippets in google provider (#23438)
  • BigQuery assets (#23165)
  • Remove redundant docstring in BigQueryUpdateTableSchemaOperator (#23349)
  • Migrate gcs to new system tests design (#22778)
  • add missing docstring in 'BigQueryHook.create_empty_table' (#23270)
  • Cleanup Google provider CHANGELOG.rst (#23390)
  • migrate system test gcs_to_bigquery into new design (#22753)
  • Add example DAG for demonstrating usage of GCS sensors (#22808)

(Cloud Composer 2) Several false error log messages are no longer generated after an environment is created.

(Cloud Composer 2) Fixed a problem where the Airflow web server becomes unavailable after all PyPI packages are uninstalled from an environment.

Fixed a problem where Cloud Composer always reported an error when checking for connectivity to the PyPI repository during PyPI package installation in Private IP environments.

Cloud Composer 1.18.10 and 2.0.14 images are available:

  • composer-1.18.10-airflow-1.10.15 (default)
  • composer-1.18.10-airflow-2.1.4
  • composer-1.18.10-airflow-2.2.3
  • composer-1.18.10-airflow-2.2.5
  • composer-2.0.14-airflow-2.1.4
  • composer-2.0.14-airflow-2.2.3
  • composer-2.0.14-airflow-2.2.5

Cloud Composer versions 1.16.5 and 1.17.0.preview.1 have reached their end of full support period.

Cloud Load Balancing

Regional external and regional internal HTTP(S) load balancers now support regional SSL policies. SSL policies give you the ability to control the features of SSL that your Google Cloud load balancers negotiate with clients.

For details, see:

This feature is in Preview.

Cloud Logging

You can now collect IIS logs and additional metrics from the Ops Agent, starting with versions 2.14.0 (logs) and 2.15.0 (additional metrics). For more information, see Monitoring third-party applications: IIS.

You can now collect Varnish logs and metrics from the Ops Agent, starting with versions 2.16.0 (logs) and 2.15.0 (metrics). For more information, see Monitoring third-party applications: Varnish.

You can now collect Active Directory Domain Services logs and metrics from the Ops Agent, starting with version 2.15.0. For more information, see Monitoring third-party applications: Active Directory Domain Services.

You can now collect Jetty logs from the Ops Agent, starting with version 2.16.0. For more information, see Monitoring third-party applications: Jetty.

Cloud Monitoring

You can now configure an uptime check to validate a specific JSONpath. For more information, see Validate response data.

A new version of Managed Service for Prometheus is now available. Version 0.4.1 of managed collection has been released, along with v2.35.0-gmp.2 of the managed-service binary that v0.4.1 depends on (container image: gke.gcr.io/prometheus-engine/prometheus:v2.35.0-gmp.2-gke.0). For details about the changes included, see the release page on GitHub.

You can now collect IIS logs and additional metrics from the Ops Agent, starting with versions 2.14.0 (logs) and 2.15.0 (additional metrics). For more information, see Monitoring third-party applications: IIS.

You can now collect Varnish logs and metrics from the Ops Agent, starting with versions 2.16.0 (logs) and 2.15.0 (metrics). For more information, see Monitoring third-party applications: Varnish.

You can now collect Active Directory Domain Services logs and metrics from the Ops Agent, starting with version 2.15.0. For more information, see Monitoring third-party applications: Active Directory Domain Services.

Cloud SQL for MySQL

Cloud SQL for MySQL now supports minor version 8.0.29. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Google Kubernetes Engine

1.24 is now available in the Rapid channel

Kubernetes 1.24 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.24 Release Notes, especially the action required and deprecation sections.

New API versions

  • storage.k8s.io/v1 CSIStorageCapacity

Notable changes

  • GKE does not support node images that use Docker as the runtime in GKE version 1.24 and later. For more information, see migrating from Docker to containerd.
  • Secret API objects containing service account tokens are not automatically created in 1.24.
    • This change improves security by reducing readable, permanent, Secret-based tokens to ones that have been explicitly requested, and improves performance by reducing the amount of persisted Secret data and avoiding unnecessary utilization of application-layer secrets encryption.
    • Existing Secret-based tokens from previous versions remain valid on upgrade.
    • Secret-based tokens are not used by nodes or pods on version 1.21 and later.
    • Only node versions 1.22 and later are supported running against 1.24 clusters.
    • Clients retrieving tokens directly from the API can still obtain a token using these methods supported in all available GKE versions:
    • Examples of incorrect ways to obtain Secret-based tokens from the API include:
      • Scanning the secrets[*].name field of a ServiceAccount object; this field lists secrets usable by pods running as that service account, not for other purposes, and secrets in that list have never been guaranteed to be service account token secrets.
      • Looking for existing Secret objects of type kubernetes.io/service-account-token created by other clients; a Secret created by another client is owned by that client, and cannot be assumed to be stable for use by other clients.
  • Kubernetes 1.24 deprecates support for insecure serving certificates signed with a SHA-1 hash. Aggregated API servers, admission webhooks, and custom resource conversion webhooks using TLS certificates that are signed by SHA-1 should replace the serving certificates as soon as possible.

    • At cluster version 1.24.0 and later, GKE provides a Cloud Audit log to check if your cluster contains an affected service. You can use the following filter to search for the logs of a 1.24+ cluster:

      logName: "projects/$PROJECT/logs/cloudaudit.googleapis.com%2Factivity"
      resource.type = "k8s_cluster"
      operation.producer = "k8s.io"
      "invalid-cert.kubernetes.io"
      ```
      
    • If you are not affected you won't see any logs. If you do see such an audit log, it will include the name of the service (whether webhook or aggregated API).

Deprecated API versions

These APIs are still served in version 1.24 but are in a deprecation period:

  • PodSecurityPolicy

    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 with removal targeted for version 1.25.
    • 1.24 is the last version supporting the beta PodSecurityPolicy feature. Use of this feature must be discontinued before clusters will upgrade to 1.25. For more information, see PodSecurityPolicy deprecation.
  • The following Beta versions of graduated APIs will be removed in 1.25 in favor of their newer versions:

    • discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
    • policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
    • batch/v1beta1 CronJob, deprecated since 1.21
    • node.k8s.io/v1beta1 RuntimeClass
    • autoscaling/v2beta1 HorizontalPodAutoscaler
  • The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:

    • flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.23
      • use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
    • autoscaling/v2beta2 HorizontalPodAutoscaler
      • deprecated since 1.23
      • use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)
  • The following Beta versions of graduated APIs will be removed in 1.27 in favor of new versions:

    • storage.k8s.io/v1beta1 CSIStorageCapacity, deprecated since 1.24

Nodes on version 1.24.0-gke.1000 with more than 80GB of memory will fail to start successfully due to a known bug, which will be resolved in future 1.24 versions.

(2022-R13) Version updates

  • Version 1.22.8-gke.201 is now the default version.
  • The following control plane and node version are now available:

  • The following control plane versions are no longer available:

    • 1.19.16-gke.10800
    • 1.20.15-gke.3400
    • 1.20.15-gke.3600
    • 1.20.15-gke.4100
    • 1.20.15-gke.5000
    • 1.20.15-gke.5200
    • 1.21.10-gke.400
    • 1.21.10-gke.1300
    • 1.21.10-gke.1500
    • 1.21.10-gke.2000
    • 1.22.6-gke.300
    • 1.22.6-gke.1000
    • 1.22.7-gke.300
    • 1.22.7-gke.900
    • 1.22.7-gke.1300
    • 1.22.7-gke.1500
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.8-gke.201 with this release.

(2022-R13) Version updates

  • Version 1.21.11-gke.1100 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.10800
    • 1.20.15-gke.5200
    • 1.21.11-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.8-gke.201 with this release.

(2022-R13) Version updates

  • Version 1.22.8-gke.201 is now the default version in the Regular channel.
  • Version 1.22.8-gke.200 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.22.8-gke.201 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.8-gke.201 with this release.

(2022-R13) Version updates

  • Version 1.23.5-gke.2400 is now the default version in the Rapid channel.

  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.11-gke.1900
    • 1.22.8-gke.201
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.12-gke.1500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.12-gke.1500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.5-gke.2400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.24.0-gke.1000 with this release.

(2022-R13) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.8-gke.201 is now the default version.
  • The following control plane and node version are now available:

  • The following control plane versions are no longer available:

    • 1.19.16-gke.10800
    • 1.20.15-gke.3400
    • 1.20.15-gke.3600
    • 1.20.15-gke.4100
    • 1.20.15-gke.5000
    • 1.20.15-gke.5200
    • 1.21.10-gke.400
    • 1.21.10-gke.1300
    • 1.21.10-gke.1500
    • 1.21.10-gke.2000
    • 1.22.6-gke.300
    • 1.22.6-gke.1000
    • 1.22.7-gke.300
    • 1.22.7-gke.900
    • 1.22.7-gke.1300
    • 1.22.7-gke.1500
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.8-gke.201 with this release.

Stable channel

  • Version 1.21.11-gke.1100 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.10800
    • 1.20.15-gke.5200
    • 1.21.11-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.8-gke.201 with this release.

Regular channel

  • Version 1.22.8-gke.201 is now the default version in the Regular channel.
  • Version 1.22.8-gke.200 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.22.8-gke.201 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.8-gke.201 with this release.

Rapid channel

  • Version 1.23.5-gke.2400 is now the default version in the Rapid channel.

  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.11-gke.1900
    • 1.22.8-gke.201
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.12-gke.1500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.12-gke.1500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.5-gke.2400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.24.0-gke.1000 with this release.

reCAPTCHA Enterprise

reCAPTCHA Enterprise for WAF and Google Cloud Armor integration is now generally available (GA). For more information, see the Overview of reCAPTCHA Enterprise for WAF and Google Cloud Armor integration and Cloud Armor bot management overview.

May 25, 2022

Access Approval

Access Approval lets you know if the notification emails for access requests don't get delivered to you because you provided an incorrect email address while setting up the notification configurations.

Apigee Connectors

Preview release of new Connectors for Apigee

On May 20, 2022, we released the preview version of the Connectors for Apigee.

The Zendesk connector is available for Apigee. For more information, see Zendesk connection.

Apigee UI

You can now create and manage Private Service Connect (PSC) endpoint attachments in the Apigee UI. For details, see Creating an endpoint attachment.

Artifact Registry

Apt and Yum repositories are now generally available.

Chronicle

The following supported default parsers have changed, listed by product name and ingestion label:

  • Apache Hadoop (HADOOP)
  • Suricata IDS (SURICATA_IDS)
  • GCP Compute (GCP_COMPUTE)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Cloudflare (CLOUDFLARE)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • FortiGate (FORTINET_FIREWALL)
  • CSV Custom IOC (CSV_CUSTOM_IOC)
  • CrowdStrike Falcon (CS_EDR)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • CIS Albert Alerts (CIS_ALBERT_ALERT)
  • SonicWall (SONIC_FIREWALL)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • Check Point (CHECKPOINT_FIREWALL)
  • Barracuda Email (BARRACUDA_EMAIL)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Carbon Black App Control (CB_APP_CONTROL)
  • OpenSSH (OPENSSH)
  • OneLogin (ONELOGIN_SSO)
  • Office 365 (OFFICE_365)
  • FireEye NX (FIREEYE_NX)
  • ExtraHop RevealX (EXTRAHOP)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Kaspersky AV (KASPERSKY_AV)
  • IBM Guardium (GUARDIUM)
  • F5 ASM (F5_ASM)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Forcepoint Proxy (FORCEPOINT_WEBPROXY)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Tanium Stream (TANIUM_TH)
  • Apache (APACHE)

For details about the changes in each parser, see Supported default parsers.

Cloud Asset Inventory

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

  • Cloud KMS
    • cloudkms.googleapis.com/EkmConnection
  • Cloud Run
    • run.googleapis.com/Job
    • run.googleapis.com/Execution
Cloud Composer

Private Service Connect support in Cloud Composer 2 is now generally available (GA).

Privately used public IP addresses are now generally available (GA).

Cloud Functions

We have updated the documentation to clarify that to get the updates and security patches for runtimes and their dependencies, you need to deploy a function. Security patches are not applied otherwise.

Google Cloud Armor

Google Cloud Armor integration with reCAPTCHA Enterprise is now in General Availability. See the Cloud Armor bot management overview and the Overview of reCAPTCHA Enterprise for WAF and Google Cloud Armor integration.

Google Cloud Marketplace Partners

When creating software as a service (SaaS) products, the roles granted to cloud-commerce-procurement@system.gserviceaccount.com have changed.

The Service Management Service Consumer and Service Management Service Controller roles replace the Service Management Admin and Service Usage Admin roles. The previous roles are still valid, but new projects require that you grant the Service Management Service Consumer and Service Management Service Controller roles to cloud-commerce-procurement@system.gserviceaccount.com.

Google Distributed Cloud Edge

This is a patch release of Google Distributed Cloud Edge (version 1.0.2).

The following changes have been introduced in this release of of Distributed Cloud Edge:

  • Configuring a maintenance window now controls the scheduling of software updates for the Kubernetes control plane and Kubernetes nodes.

  • You can now deploy KubeVirt virtual machines on Distributed Cloud Edge in unmanaged namespaces with support for the Containerized Data Importer (CDI) plug-in.

The following issues have been resolved in this release of Distributed Cloud Edge:

  • Intermittent VPN connection persistence after deletion has been resolved. You no longer need to manually check whether the VPN connection and its associated resources have been successfully deleted.

  • The localpv-shared Persistent Volume has been eliminated. You will no longer see this Persistent Volume on the filesystem of your Distributed Cloud Edge nodes.

This release of Distributed Cloud Edge contains the following known issues:

  • The NodePort Service is not supported. This release of Distributed Cloud Edge only supports the LoadBalancer and ClusterIP Kubernetes Services.

  • The Kubernetes control planes associated with Distributed Cloud Clusters can briefly go down during Distributed Cloud Cluster software updates.

  • A large number of webhook calls might cause the Konnectivity proxy to temporarily fail.

  • The metrics agents running on Distributed Cloud Edge nodes can accumulate a backlog of events and stall, preventing the capture of further metrics.

Google Kubernetes Engine

You can now easily assess the running cost implications at cluster creation time. The GKE cluster cost widget lets you get an estimated cost range when you are creating a cluster.

This information can help you get a better understanding of the upper and lower monthly cost to expect based on your cluster autoscaling setup. This feature is now available in Preview.

For more information, see Introducing GKE cost estimator, built right into the Google Cloud console.

GKE clusters that run control plane versions 1.21 or later and node versions 1.16 or earlier might experience:

  • Readiness check failures.
  • Network endpoint groups (NEGs) and load balancers (LBs) not created or synced.

This occurs because the Ingress controllers running in GKE cluster control plane versions 1.21 or later are not compatible with node versions 1.16 and earlier. To resolve this issue, upgrade your node pools.

For more information, see Node version not compatible with control plane version.

Pub/Sub Lite

The Kafka Shim Java client library for Pub/Sub Lite is now GA.

May 24, 2022

Artifact Registry

Artifact Registry is now available in the us-east5 region (Columbus, United States).

BigQuery

You can now load data into BigQuery using Informatica Data Loader. This feature is generally available. Informatica provides connectors that can ingest data into BigQuery.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Key Management Service

Cloud KMS is available in the following region:

  • us-east5

For more information, see Cloud KMS locations.

Cloud Run

The following new region is now available: us-east5.

Cloud SQL for MySQL

Support for us-east5 (Columbus).

Cloud SQL for PostgreSQL

Support for us-east5 (Columbus).

Cloud SQL for SQL Server

Support for us-east5 (Columbus).

Cloud Storage

Cloud Storage is now available in Columbus, Ohio (us-east5 region).

Cloud VPN

Cloud VPN is available in region us-east5 (Columbus, US).

Pricing is available on the Cloud VPN pricing page.

Compute Engine

Generally available: Columbus, Ohio, USA us-east5-a,b,c has launched with E2, N2, and N2D VMs in all three zones. Additionally, you can create C2 VMs in zones a and b.

See VM instance pricing for details.

Config Connector

Config Connector version 1.86.0 is now available.

Added support for ComputeRegionNetworkEndpointGroup resource.

Added spec.serviceDirectoryRegistrations field to ComputeForwardingRule.

Fixed issue where webhooks were unintentionally returning 500 errors when rejecting immutable field changes.

Dataflow

Dataflow is now available in Columbus (us-east5).

Google Kubernetes Engine

The us-east5 region in Columbus, Ohio is now available.

Memorystore for Memcached

Added new Memorystore for Memcached region: Columbus (us-east5).

Memorystore for Redis

Added new Memorystore for Redis region: Milan (europe-west8).

Pub/Sub

Pub/Sub is now available in us-east5 (Columbus, Ohio).

SAP on Google Cloud

Google Cloud monitoring agent for SAP NetWeaver version 2.3

Version 2.3 of the Google Cloud monitoring agent for SAP NetWeaver is now available. This version includes bug fixes and supportability improvements.

For more information about the agent, see Monitoring SAP NetWeaver on Google Cloud.

Monitoring agent for SAP HANA version 2.4

Version 2.4 of the monitoring agent for SAP HANA is now available. This version includes bug fixes and supportability improvements.

For more information about the agent, see Monitoring agent for SAP HANA.

Virtual Private Cloud

For auto mode VPC networks, added a new subnet 10.202.0.0/20 for the Columbus us-east5 region. For more information, see Auto mode IP ranges.

May 23, 2022

Apigee X

On May 23, 2022, we released an updated version of Apigee X (1-8-0-apigee-9).

Bug ID Description
N/A Upgraded infrastructure and libraries
App Engine flexible environment .NET

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

App Engine flexible environment Go

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

App Engine flexible environment Java

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

App Engine flexible environment Node.js

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

App Engine flexible environment PHP

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

App Engine flexible environment Python

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

App Engine flexible environment Ruby

You can now disable external ephemeral IP addresses for App Engine Flex services. Read our documentation to learn how. This feature is at the Preview launch stage.

BigQuery

Metrics for query/statement_scanned_bytes and query/statement_scanned_bytes_billed are no longer delayed for 6 hours in order to smooth reporting over the duration of the job. Values are now reported every 180 seconds without smoothing. For more information about metrics, see Google Cloud metrics.

Cloud Build

Users can now receive build status notifications in Google Chat via a Google Chat notifier. The Google Chat notifier is available as an experimental release. To learn more, see Configuring Google Chat notifications.

Cloud Data Fusion

Google Cloud Platform Plugins version 0.19.1 is generally available (GA). This version includes Dataplex Source and Sink plugins in Preview. For more information, see the CDAP Hub release log.

Cloud Storage

JSON copy requests and XML copy requests now return a permanent error on timeouts for objects larger than 2.5 GiB and a retryable error on timeouts for objects smaller than 2.5 GiB.

Dataplex

The Dataplex Source and Sink plugins are available in Public Preview for ingesting and processing data in Cloud Data Fusion versions 6.6.0 and later.

Dataproc

New sub-minor versions of Dataproc images:

1.5.66-debian10, 1.5.66-ubuntu18, 1.5.66-rocky8

2.0.40-debian10, 2.0.40-ubuntu18, 2.0.40-rocky8

Upgraded Spark to 3.1.3 in Dataproc image version 2.0.

Fixed a bug where job was not being marked as terminated after master node reboot.

Fixed a bug where Flink was not able to run on HA clusters.

Backported the fix for HIVE-20514 to Hive 2.3 in Dataproc image version 1.5.

Fixed a bug with HDFS directories initialization when core:fs.defaultFS is set to an external HDFS.

Dialogflow

Dialogflow CX now supports version-specific webhooks.

Dialogflow CX now supports fine-grained webhook errors for built-in events.

May 20, 2022

Anthos Service Mesh

Enabling endpoint discovery multi-cluster installations with declarative API is now available as a preview feature in all release channels. For more information, see Enable endpoint discovery between public clusters with declarative API.

Cloud Logging

You can now see more log entries in the Logs Explorer as a result of several style changes.

Cloud Vision

OCR model migration

The TEXT_DETECTION and DOCUMENT_TEXT_DETECTION models have been upgraded to newer versions. The API interface and client library will be the same as the previous version. The API follows the same Service Level Agreement.

The legacy models can still be accessed until August 20 2022. Specify "builtin/legacy" in the model field of a Feature object to get the old model results. After August 20, 2022 the legacy models will no longer be offered.

Confidential VM

Support for 3rd generation AMD EPYC Milan processors on general purpose N2D machine types is now available in Preview, featuring:

Support for compute-optimized C2D machine types is now available in Preview, featuring:

  • 3rd generation AMD EPYC Milan processors
  • AMD Secure Encrypted Virtualization (SEV) which can encrypt the memory of the VM to protect data in-use
  • Large VM sizes
  • Optimized for high-performance computing (HPC)
Config Controller

Config Controller now uses version 1.84.0 for Config Connector (release notes)

Contact Center AI Insights API

CCAI Insights now offers GA support for Access Transparency integration. See the Access Transparency documentation for details.

Google Cloud VMware Engine

Beginning on May 30 2022, the VMware Engine operations team will continue performing essential maintenance of the network infrastructure to improve equipment robustness and apply security patches. Users affected by this upgrade will receive an email with planned maintenance dates and times.

For details about the upgrade and steps to prepare, see Service announcements.

Google Kubernetes Engine

You can now quickly identify which of your workloads are underutilized in the Cost Optimization tab. You can also quickly apply suggested values for resource requests and limits (or your own preferred values).

This feature is now available in Preview. For more information, see GKE workload rightsizing.

May 19, 2022

Anthos Config Management

Fixed metrics to use correct reconciler Pod name for multiple RootSync and RepoSync objects. The metrics are documented at Config Sync metrics

Anthos clusters on VMware

Anthos clusters on VMware 1.9.6-gke.1 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.6-gke.1 runs on Kubernetes 1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.

Secret encryption key rotation does not fail when the cluster has more than 1000 secrets.

Fixed the following vulnerabilities

Changed scope of certain RBAC permissions

We have scoped down the over-privileged RBAC permissions for the following components in this release:

  • clusterdns-controller:

    • Scope down clusterdns permissions to 'default' resource name.
    • Scope down configmap permissions to 'coredns' resource name.
    • Remove create/delete permissions for configmaps.
  • seesaw-load-balancer:

    • Restrict the permission to access secrets by specifying certain secret names instead of allowing the access for all secrets.
  • coredns-autoscaler:

    • Reduce the get configmap permission to a specific configmap resource name.
  • anetd / anet-operator:

    • Changed to use kubelet kubeconfig to restrict the anetd to only update its own node resource, and the pod resources that are running on the node.
  • gke-usage-metering:

    • Restrict the permission to only kube-system namespace.
  • ANG (Anthos Network Gateway)

    • Remove/modify RBAC roles and lower the use of kube-rbac proxy in ANG.
Cloud Composer

Airflow 2.2.5 is available in Cloud Composer images.

(Cloud Composer 2) You can now assign permissions for an environment's service account on the service account level instead of the project level. To use this feature, create environments using gcloud, API, or Terraform. Cloud Console support for this feature will be released at a later date.

(Cloud Composer 2) Increased the memory limit for the Redis queue and made it scale with the environment's size.

New Airflow metrics for pools, smart sensor, and SLA email notifications are available for Cloud Composer environments.

If it is not possible to create an environment because of CMEK-related organization policies constraints/gcp.restrictCmekCryptoKeyProjects and constraints/gcp.restrictNonCmekServices, then such attempts fail with an error immediately.

It is now possible to use upper-case symbols in the versions of PyPI packages.

If it is not possible to create an environment because of constraints/compute.vmCanIpForward and compute.vmExternalIpAccessorganization policies, then such attempts fail with an error immediately.

(Airflow 1) If your DAGs use the google-ads package version 14.0.0 or earlier, please upgrade your environment to Cloud Composer version 1.18.9 so that your environment uses Google Ads API v10. Google Ads API v8 and v9 are deprecated and will not be available in the near future. This change is available only for Airflow 1. We will provide a similar change for Airflow 2 in a future release.

Cloud Composer 1.18.9 and 2.0.13 images are available:

  • composer-1.18.9-airflow-1.10.15 (default)
  • composer-1.18.9-airflow-2.1.4
  • composer-1.18.9-airflow-2.2.3
  • composer-1.18.9-airflow-2.2.5
  • composer-2.0.13-airflow-2.1.4
  • composer-2.0.13-airflow-2.2.3
  • composer-2.0.13-airflow-2.2.5
Config Connector

Config Connector version 1.85.0 is now available.

Fixed spec.topics in SecretManagerSecret (Issue #655).

Added support for PrivateCACertificate resource.

Fixed the reference configs for AccessContextManagerServicePerimeter.

Added spec.subsetting field to ComputeBackendService.

Added spec.secondaryIpRange field to RedisInstance.

Changed spec.readReplicasMode in RedisInstance from immutable to optional.

Google Kubernetes Engine

(2022-R12) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.21.11-gke.900 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.9900
    • 1.20.15-gke.3400
    • 1.20.15-gke.3600
    • 1.20.15-gke.4100
    • 1.21.10-gke.2000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.10800 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.

Regular channel

  • Version 1.21.11-gke.1100 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.5200
    • 1.21.9-gke.1002
    • 1.21.10-gke.400
    • 1.21.10-gke.2000
    • 1.21.11-gke.900
    • 1.22.6-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.11-gke.1100
    • 1.22.7-gke.1500
    • 1.22.8-gke.200
    • 1.23.5-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.11-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.11-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.5-gke.2400 with this release.

(2022-R12) Version updates

(2022-R12) Version updates

  • Version 1.21.11-gke.900 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.9900
    • 1.20.15-gke.3400
    • 1.20.15-gke.3600
    • 1.20.15-gke.4100
    • 1.21.10-gke.2000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.10800 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.

(2022-R12) Version updates

  • Version 1.21.11-gke.1100 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.5200
    • 1.21.9-gke.1002
    • 1.21.10-gke.400
    • 1.21.10-gke.2000
    • 1.21.11-gke.900
    • 1.22.6-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.

(2022-R12) Version updates

  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.11-gke.1100
    • 1.22.7-gke.1500
    • 1.22.8-gke.200
    • 1.23.5-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.11-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.11-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.5-gke.2400 with this release.

May 18, 2022

Apigee Monetization

On May 18, 2022 we released an updated version of the Apigee Monetization software.

Apigee X now supports export of additional fee-based values for organizations using monetization. For more information, see Generating monetization reports.

Apigee UI

On May 18, 2022, we released an updated version of the Apigee UI.

App Engine flexible environment .NET

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

App Engine flexible environment Go

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

App Engine flexible environment Java

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

App Engine flexible environment Node.js

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

App Engine flexible environment PHP

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

App Engine flexible environment Python

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

App Engine flexible environment Ruby

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

App Engine flexible environment custom runtimes

Specifying a user-managed service account for each App Engine version during deployment is now a generally available.

App Engine standard environment Go

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

App Engine standard environment Java

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

App Engine standard environment Node.js

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

App Engine standard environment PHP

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

App Engine standard environment Python

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

App Engine standard environment Ruby

Specifying a user-managed service account for each App Engine version during deployment is now generally available.

BigQuery

Updated versions of ODBC and JDBC drivers for BigQuery are now available that include enhancements.

Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the Feed API, and the Search APIs (SearchAllResources and SearchAllIamPolicies):

  • Cloud Firestore
    • firestore.googleapis.com/Database

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

  • Datastream
    • datastream.googleapis.com/Stream
    • datastream.googleapis.com/ConnectionProfile
    • datastream.googleapis.com/PrivateConnection
Compute Engine

N2D VMs are now available in Paris, France europe-west9-a,b,c.

See VM instance pricing for details.

Traffic Director

Traffic Director for GKE now supports using the Kubernetes Gateway APIs to create a service mesh.

Traffic Director control plane logging and monitoring now supports request count by zone, in addition to DS API Connected Streams and request count.

Vertex AI

The ability to configure Vertex AI private endpoints is now general available (GA). Vertex AI private endpoints provide a low-latency, secure connection to the Vertex AI online prediction service. You can configure Vertex AI private endpoints by using VPC Network Peering. For more information, see Use private endpoints for online prediction.

May 17, 2022

Cloud Build

Users can view build logs directly in GitHub or GitHub Enterprise without logging into Cloud Build. For more information, see Building repositories from GitHub and Building repositories from GitHub Enterprise. This feature is generally available.

Compute Engine

Generally available: You can access Google APIs and services from Compute Engine instances using either internal IPv6 addresses with Private Google access or external IPv6 addresses.

Google Cloud Deploy

Google Cloud Deploy support for VPC Service Controls is now generally available (GA).

Migrate to Containers

V1 API

Migrate for Anthos and GKE API has graduated to v1 in 1.11.1 release. The v1beta2 Migration API is deprecated and will be supported until May 2023.

Building and deploying Windows containers with Skaffold

Skaffold yamls generated as part of the migration artifacts for Windows flow now help operators to accelerate container image build and deploy to GKE and Anthos clusters.

Artifact Repository Health Checks

  • When creating a new artifacts repository, or updating an existing one, migctl will wait for health information and produce a warning in case the provided service account does not have permissions to upload artifacts to the specified bucket. To skip the synchronous health checks, –async can be passed to the migctl command.

  • When creating a new migration, migctl will query the migration's specified artifact repository (or the default if it was not specified), and produce a warning in case the provided service account does not have permissions to upload artifacts to the specified bucket.

  • When generating artifacts for the migration, migctl will query the migration's specified artifact repository (or the default one if it was not specified), and produce a warning in case the provided service account does not have permissions to upload artifacts to the specified bucket.

Tomcat improvements

  • On the migration plan fromImage field, in case the tool did not automatically discover the Tomcat version used on original VM, a placeholder text (example: tomcat:<TomcatVersion>-jre11-openjdk) was added that would need to be populated by the user. If the information is not populated a blocking warning will be surfaced on Artifacts generation step, requiring the user to provide the Tomcat version details.

  • Renaming catalinaHome.tar.gz artifact to tomcatServer.tar.gz.

  • bin and lib directories are filtered from the tomcatServer.tar.gz file.

  • Users can now choose to upload certificates into the repository by setting on the migration plan the includeSensitiveData parameter to true.

227137961: Prevent concurrent migration on the same migrating VM when using M4CE5.X source.

224485583: null value of serverautostart for some Windows migration plans.

224545749: Linux system container extraction step getting stuck in some scenarios.

225638684: OpenLiberty containers may fail to run web applications deployed as WAR archives.

220853359: ABM can be installed without specifying all of –gcp-project, –gcp-region and –json-sa. In this case the default repositories are simply not created.

Uninstall might be stuck when a sourcesnapshot CRD cannot be deleted. To workaround please run kubectl edit sourcesnapshot -n v2k-system and remove all finalizers

204879458: If image repository permissions are invalid, migration will get stuck in ExtractImage instead of UploadImage step

218855996: Windows global path variables and short folders names are not migrated

223553376: Secrets created by migctl (for example when creating a source provider) may not always be cleaned up when the objects that depend on them are deleted (for example when issuing migctl source delete …).

216537540: migctl cannot be used to upgrade the m2c installation newer than the migctl version. For example, if migctl is 1.9.0, it cannot upgrade a cluster to have 1.11.0.

208361449: Artifact repository Health checks are not implemented for S3 repositories. Migctl commands that query the health state of the repository will warn that health checks cannot be performed.

VPC Service Controls

General availability for the following integration:

Virtual Private Cloud

Accessing Google APIs and services from Compute Engine instances using either internal IPv6 addresses with Private Google Access or external IPv6 addresses is available in General Availability.

May 16, 2022

Apigee API hub

On May 16, 2022 Apigee hub released a new version of the software.

Bug ID Description
232129385 Users without artifact write permission encountered errors when loading various pages if the default API hub artifacts were not yet initialized by the system.
Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the Feed API, and the Search APIs (SearchAllResources and SearchAllIamPolicies):

  • Cloud KMS
    • cloudkms.googleapis.com/EkmConnection
Cloud Debugger

Cloud Debugger is deprecated and is scheduled for shutdown on May 31 2023. For an alternative, use the open source CLI tool, Snapshot Debugger.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Monitoring

The pricing for Google Cloud Managed Service for Prometheus has been reduced by 25-50%, depending on volume and usage. Existing pricing tiers have been reduced by 25%, and a new high-volume tier has been added at 50% of the current cost. For pricing details, see Cloud Monitoring pricing summary, and for a set of examples, see Pricing examples based on samples ingested.

Cloud Run

You can now tag services using Resource Manager tags for fine-grained access control.

Config Controller

Config Controller now uses version 1.11.1 for Anthos Config Management (release note)

Deep Learning Containers

M92 Release

  • TensorFlow Enterprise 2.9 is now available. Note that this TensorFlow Enterprise version does not include Long Term Version Support.
  • Starting with PyTorch 1.11, PyTorch environments now support XLA by default.
  • TensorFlow Enterprise patch releases: 2.6.4 and 2.8.1.
  • Deep Learning Containers are now available on Artifact Registry.
Deep Learning VM Images

M92 Release

  • TensorFlow Enterprise 2.9 is now available. Note that this TensorFlow Enterprise version does not include Long Term Version Support.
  • Starting with PyTorch 1.11, PyTorch environments now support XLA by default.
  • TensorFlow Enterprise patch releases: 2.6.4 and 2.8.1.
  • Fixed an issue in the Cloud Storage backup and restore feature. This fix helps prevent the deletion of local files after a reboot when the VM loses connectivity to the configured Cloud Storage backup bucket.
Eventarc

Eventarc is available in the following regions:

  • europe-west8 (Milan, Italy)
  • europe-west9 (Paris, France)
Google Cloud Armor

The rule source for Cloud Armor preconfigured rules now includes ModSecurity Core Rule Set (CRS) 3.3 in public preview. For more information, see Tuning Google Cloud Armor WAF rules.

Security Command Center

Updates were made to the applications that let you send Security Command Center data to to the following SIEM and SOAR platforms:

In addition, Security Command Center can automatically send findings, assets, audit logs, and security sources to Splunk. For more information, see Sending Security Command Center data to Splunk.

Tensorflow Enterprise

TensorFlow Enterprise 2.9 is now available. Note that this TensorFlow Enterprise version does not include Long Term Version Support.

TensorFlow Enterprise 2.6 has been updated to 2.6.4.

TensorFlow Enterprise 2.8 has been updated to 2.8.1.

Workflows

Workflows using callbacks that were deployed on or before January 11, 2022 must be redeployed to continue executing workflows without failures.

May 13, 2022

Cloud Composer

Cloud Composer 1.18.8 and 2.0.12 release started on May 13, 2022. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

Cloud Composer performs several retries when checking pip connectivity.

(Cloud Composer 2) Workers and schedulers generate a warning log message when storage usage is close to the limit.

(Airflow 2) The default value for the [webserver]worker_refresh_interval Airflow configuration option is changed to 600 seconds.

(Cloud Composer 1) Increased the memory limit for GCSfuse on machine types that have more than 4 GB of memory. This change improves the stability of the syncing process between the environment's bucket and worker pods.

(Available without upgrading) The domain prefix for Private Service Connect subnetwork (connection_subnetwork) is now omitted in environment details.

(Airflow 2.2.3) Web server log messages in Airflow UI now have a correct time zone.

Fixed a problem where DAG import errors were not displayed in Cloud Console for Private IP environments in certain versions of Cloud Composer.

(Airflow 1.10.15) Fixed the variables set command. Now it correctly sets values for specified variables.

Cloud Composer 1.18.8 and 2.0.12 images are available:

  • composer-1.18.8-airflow-1.10.15 (default)
  • composer-1.18.8-airflow-2.1.4
  • composer-1.18.8-airflow-2.2.3
  • composer-2.0.12-airflow-2.1.4
  • composer-2.0.12-airflow-2.2.3

Cloud Composer versions 1.16.3, 1.16.4, and 1.17.0.preview.0 have reached their end of full support period.

Cloud SQL for MySQL

New maintenance versions are now available through self-service maintenance. See the maintenance changelog to learn more about these new maintenance versions.

Cloud SQL for SQL Server

New maintenance versions are now available through self-service maintenance. See the maintenance changelog to learn more about these new maintenance versions.

Datastream

Datastream now supports backfilling Oracle database tables that have more than 100 million rows. Click here to access the documentation.

Firestore

Firebase App Check now supports Firestore at the General Availability release level. Use App Check in your mobile or web app to ensure that only your app can access your Firestore data.

Google Kubernetes Engine

Tags are now available. You can use tags to group or organize your clusters according to custom business dimensions. This is in addition to the hierarchical resource organization provided by GCP's resource manager. The integration of tags with policy engines (via conditional rules) such as IAM or Organization Policy, also allows you to apply centralized policies to custom security perimeters defined through tag bindings.

May 12, 2022

Anthos Service Mesh

1.11.8-asm.1 is now available.

This patch release includes the features of Istio 1.11.8 subject to the list of Anthos Service Mesh Supported features. Anthos Service Mesh version 1.11.8-asm.1 uses envoy v1.19.3.

1.12.6-asm.3 is now available.

This patch release contains the features of Istio 1.12.6 subject to the list of Anthos Service Mesh Supported features. Anthos Service Mesh version 1.12.6-asm.3 uses envoy v1.20.3.

1.13.2-asm.5 is now available.

This patch release contains the features of Istio 1.13.2 subject to the list of Anthos Service Mesh Supported features. Anthos Service Mesh version 1.13.2-asm.5 uses envoy v1.21.2.

Apigee Connectors

Preview release of new Connectors for Apigee

On May 12, 2022, we released the preview version of new Connectors for Apigee.

The following new connectors are available for Apigee:

Cloud Healthcare API

The Healthcare Natural Language API is now available in the europe-west2 location.

Eventarc VPC Service Controls

General availability for the following integration:

Vertex AI Workbench

M91 release

The M91 release of Vertex AI Workbench managed notebooks includes the following:

  • Log streaming to the consumer project via Logs Viewer is now supported.
  • Added the net-tools package.
  • Regular package refreshments and bug fixes.
  • Fixed an issue that caused Spark server networking errors when using Dataproc Serverless Spark and VPC Peering.

Learn more about managed notebooks versions.

Workflows

The following functions have been added:

A Status field that tracks the current steps and progress of an execution is available in Preview. See the Workflows Executions REST API Overview.

May 11, 2022

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL is available in Preview.

Apigee Integrated Portal

On May 11, 2022 we released an updated version of the Apigee Integrated Portal software.

Bug ID Description
228603948 Fixed an issue that prevented users from editing custom fields for account creation and signup.
228339667 Documentation now reflects support for the STARTTLS SMTP authorization type.
227511014 Fixed an issue that prevented V1 Portals from being upgraded to V2.
224991572 Improvements to the Get Started documentation bundled with a new portal. Create a new portal and then click Get Started to see the new content.
220980189 Fixed issue with publishing API Products on a Portal when the organization has over 1,000 API Products.
218320618 Page descriptions are now limited to 1,000 characters. Page content is now limited to 1 MB.
210651558 Fixed issue where adding a new API Product subscription to an App would remove all scopes on the Apps credentials.
Apigee hybrid

hybrid v1.6.7

On May 11, 2022 we released an updated version of the Apigee hybrid v1.6.7 software.

For information on upgrading, see Upgrading Apigee hybrid to version 1.6.

Bug ID Description
227600373 Fixed an installation issue with Cassandra.
227538469 Configuration actions would write logs to the pod file system.
226964206 MART, runtime and synchronizer would write to the pod file system.
226464960 Apigee hybrid fresh installations on OpenShift 4.6 and 4.8 would fail.
225081332 Allow privileged pods issue.
224620542 On some Kubernetes platforms, logging would fail without adding an empty directory for the logs.
223081301 Fixed organization-level UDCA incorrect http-proxy secret name.
222649295 Organization-level UDCA would hang.
221266789 Hybrid logging functionality has been reworked. This should resolve issues with excessive log volume generation, frequent logger restarts, and ensure correct logger functionality with both docker and containerd runtimes.
213261445 Fixed reliance on keystore generated by cert manager for metrics endpoint and removed the need for a custom generate_cert script.
205616792 Fixed core dump on running user schema setup.
Chronicle

The following supported default parsers have changed (listed by product name and ingestion label):

  • ExtraHop RevealX (EXTRAHOP)
  • Imperva (IMPERVA_WAF)
  • Windows Event (WINEVTLOG)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Sendmail (SENDMAIL)
  • VMware vCenter (VMWARE_VCENTER)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • Bluecat DDI (BLUECAT_DDI)
  • Cisco ACS (CISCO_ACS)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Forcepoint Proxy (FORCEPOINT_WEBPROXY)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Office 365 (OFFICE_365)
  • Apple MacOS (MACOS)
  • Archer Integrated Risk Management (ARCHER_IRM)
  • Cisco Meraki (CISCO_MERAKI)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • IBM DB2 (DB2_DB)
  • Cisco ISE (CISCO_ISE)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • Juniper Junos (JUNIPER_JUNOS)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • VMware ESXi (VMWARE_ESX)
  • Digital Shadows SearchLight (DIGITAL_SHADOWS_SEARCHLIGHT)
  • Azure Firewall (AZURE_FIREWALL)
  • ForgeRock OpenAM (OPENAM)
  • FortiGate (FORTINET_FIREWALL)
  • ZScaler NGFW (ZSCALER_FIREWALL)
  • OpenVPN (OPEN_VPN)

For details about the changes in each parser, see Supported default parsers.

Cloud Healthcare API

The following methods now look up references to resource versions and return them if they exist:

Cloud Monitoring

Private uptime checks are now generally available. Private uptime checks enable HTTP requests into a customer Virtual Private Cloud (VPC) network while enforcing Identity and Access Management (IAM) restrictions and VPC Service Controls perimeters. Private uptime checks can send requests over the private network to resources like a virtual machine (VM) or an L4 internal load balancer (ILB).

For more information, see Create private uptime checks.

Cloud Run

Cloud Run jobs are now available in Preview.

Google Kubernetes Engine

(2022-R11) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.21.11-gke.900 is now the default version.
  • The following control plane versions are no longer available:
    • 1.21.6-gke.1503
    • 1.21.9-gke.300
    • 1.21.9-gke.1001
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to 1.23.5-gke.1501 with this release.

Stable channel

  • The following versions are now available in the Stable channel:

  • Version 1.19.16-gke.9400 is no longer available in the Stable channel.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.

Regular channel

  • Version 1.21.11-gke.900 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.5000
    • 1.21.6-gke.1503
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.5200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.

Rapid channel

  • Version 1.22.8-gke.2200 is now the default version in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.8-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.8-gke.2200 with this release.

(2022-R11) Version updates

  • Version 1.21.11-gke.900 is now the default version.
  • The following control plane versions are no longer available:
    • 1.21.6-gke.1503
    • 1.21.9-gke.300
    • 1.21.9-gke.1001
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to 1.23.5-gke.1501 with this release.

(2022-R11) Version updates

  • The following versions are now available in the Stable channel:

  • Version 1.19.16-gke.9400 is no longer available in the Stable channel.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.

(2022-R11) Version updates

  • Version 1.21.11-gke.900 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.5000
    • 1.21.6-gke.1503
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.5200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.

(2022-R11) Version updates

  • Version 1.22.8-gke.2200 is now the default version in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.8-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.8-gke.2200 with this release.
Network Intelligence Center

Network Analyzer is now available in Preview.

May 10, 2022

Apigee hybrid
Issue ID Affects Status Description
231758700
231976420
Apigee hybrid 1.7.x
Apigee hybrid 1.6.x
Apigee hybrid 1.5.x
OPEN Apigee Hybrid Dockerhub customers unable to pull images with Docker Content Trust enabled. Users are encountering the following error when pulling images for Apigee Hybrid from Docker Hub: ERRO[0001] Metadata for targets expired. This applies to the following hybrid components:
- google/apigee-authn-authz
- google/apigee-mart-server
- google/apigee-runtime
- google/apigee-synchronizer

Workaround
If you encounter this error, you can use one of the two following workarounds:
- Switch to using gcr.io/apigee-release to pull hybrid images.
- Disable docker content trust by setting the DOCKER_CONTENT_TRUST environment variable to 0
Artifact Registry

Artifact Registry is now available in the europe-southwest1 region (Madrid, Spain).

Chronicle

The following new fields are available in the Unified Data Model:

For a list of fields in the Unified Data Model, and descriptions, see the Unified Data Model field list.

Cloud Build

You can now use Cloud Build attestors to secure your image deployments. To learn how to set up gated deployments, see Securing image deployments to Cloud Run and Google Kubernetes Engine. To learn how to view build integrity records, see Viewing build provenance. This feature is generally available.

Cloud Composer

The following deprecated operators are no longer actively maintained and will be removed in one of the future versions of operators for Airflow 2. Make sure to switch to alternative operators.

Deprecated operators: BigQueryExecuteQueryOperator, BigQueryPatchDatasetOperator, DataflowCreateJavaJobOperator, DataflowCreatePythonJobOperator, DataprocScaleClusterOperator, DataprocSubmitPigJobOperator, DataprocSubmitSparkSqlJobOperator, DataprocSubmitSparkJobOperator, DataprocSubmitHadoopJobOperator, DataprocSubmitPySparkJobOperator, MLEngineManageModelOperator, MLEngineManageVersionOperator, GCSObjectsWtihPrefixExistenceSensor.

Cloud Key Management Service

Cloud KMS is available in the following region:

  • europe-southwest1

For more information, see Cloud KMS locations.

Cloud Router

Cloud Router now supports MD5 authentication of BGP sessions. This feature is available in preview. For more information, see Use MD5 authentication.

Cloud Storage

Cloud Storage is now available in Madrid, Spain (europe-southwest1 region).

Cloud Talent Solution Job Search
  • Jobs within same state will rank higher in results when search jobs in a state level location with TELECOMMUTE_ALLOWED option
  • keywordSearchable will be returned correctly in Job instance responses
  • Fix compensation histogram query to return correct histogram result
Cloud VPN

Cloud VPN is now available in region europe-southwest1 (Madrid, Spain).

Pricing is available on the Cloud VPN pricing page.

Compute Engine

Generally available: Madrid, Spain europe-southwest1-a,b,c has launched with E2 and N2 VMs available in all three zones.

See VM instance pricing for details.

Config Connector

Config Connector version 1.84.0 is now available.

Added IAMPolicy and IAMPolicyMember support for AccessContextManagerAccessPolicy.

Added spec.approvalConfig field to CloudBuildTrigger.

Added spec.rule.redirectOptions field to ComputeSecurityPolicy.

Added spec.addonsConfig.gkeBackupAgentConfig field to ContainerCluster.

Added cnrm.cloud.google.com/skip-wait-on-job-termination directive to DataflowFlexTemplateJob and DataflowJob.

Added spec.rrdatasRefs field to DNSRecordSet.

Added spec.columnLayout.columns.widgets.logsPanel, spec.gridLayout.widgets.logsPanel, spec.mosaicLayout.tiles.widget.logsPanel, and spec.rowLayout.rows.widgets.logsPanel fields to MonitoringMonitorDashboard.

Added spec.enableExactlyOnceDelivery field to PubSubSubscription.

Reduced reconciliation frequency of ConfigConnector object.

Deprecated spec.rrdatas field in DNSRecordSet.

Renamed spec.template.volumes.cloudSqlInstance.connections to spec.template.volumes.cloudSqlInstance.instances in RunService (Alpha).

Removed spec.template.confidential field from RunService (Alpha).

Removed status.terminalCondition.domainMappingReason and status.terminalCondition.internalReason fields from RunService (Alpha).

Removed spec.gateways field from NetworkServicesTCPRoute (Alpha).

Dataflow

Dataflow is now available in Madrid (europe-southwest1).

Google Cloud Deploy

Google Cloud Deploy now lets you change the timeout for Cloud Build operations, from the default setting of 1 hour.

Google Kubernetes Engine

The europe-southwest1 region in Madrid is now available.

Managed Service for Microsoft Active Directory

Managed Microsoft AD is available in the following regions:

  • australia-southeast2 (Melbourne)
  • europe-central2 (Warsaw)
  • northamerica-northeast2 (Toronto)
  • us-west3 (Salt Lake City)
  • us-west4 (Las Vegas)

For more information, see Adding and removing regions.

Memorystore for Memcached

Added new Memorystore for Memcached region: Madrid (europe-southwest1).

Pub/Sub

Pub/Sub is now available in europe-southwest1 (Madrid) .

Virtual Private Cloud

For auto mode VPC networks, added a new subnet 10.204.0.0/20 for the Madrid europe-southwest1 region. For more information, see Auto mode IP ranges.

May 09, 2022

Anthos clusters on AWS

You can now launch clusters with Kubernetes versions 1.21.11-gke.1100 and 1.22.8-gke.1300

In 1.22.8-gke.1300, fixed an issue where add ons cannot be applied when Windows node pools are enabled.

In 1.22.8-gke.1300, fixed an issue where logging agent could fill up attached disk space.

These releases includes the following Role-based access control (RBAC) changes:

  • Scoped down anet-operator permissions for Lease update.
  • Scoped down anetd Daemonset permissions for Nodes and pods.
  • Scoped down fluentbit-gke permissions for service account tokens.
  • Scoped down gke-metrics-agent for service account tokens.
  • Scoped down coredns-autoscaler permissions for Nodes, ConfigMaps and Deployments.

These releases fix the following CVEs:

Anthos clusters on Azure

You can now launch clusters with Kubernetes versions 1.21.11-gke.1100 and 1.22.8-gke.1300

In 1.22.8-gke.1300, fixed an issue where logging agent could fill up attached disk space.

In 1.22.8-gke.1300, fixed an issue where add ons cannot be applied when Windows node pools are enabled.

These releases fix the following CVEs:

These releases includes the following Role-based access control (RBAC) changes:

  • Scoped down anet-operator permissions for Lease update.
  • Scoped down anetd Daemonset permissions for Nodes and pods.
  • Scoped down fluentbit-gke permissions for service account tokens.
  • Scoped down gke-metrics-agent for service account tokens.
  • Scoped down coredns-autoscaler permissions for Nodes, ConfigMaps and Deployments.
Apigee API hub

On May 9, 2022 Apigee hub released a new version of the software.

Bug ID Description
231715589 When viewing the API hub getting started page in the Google Cloud console, if you switched to another un-provisioned project, the browser encountered a redirect loop.
Apigee X

On May 9, 2022 we released an updated version of the Apigee X software (1-8-0-apigee-5).

The GoogleIDToken.Audience tag now includes the useTargetUrl attribute to simplify audience configuration of Google ID tokens for Apigee policies.

Bug ID Description
221292104 Fix to address failure to capture requests in Debug sessions involving PostClientFlow ServiceCallouts.
228855520 Upgraded ASM to the latest version.
Bug ID Description
217497793 A security issue was addressed.
Cloud Load Balancing

Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. This is configured using a serverless network endpoint group (NEG).

For details, see:

This feature is available in Preview.

Cloud Run

The following new region is now available: europe-southwest1.

Compute Engine

Generally available: Insights for idle VM and machine size recommendations help you assess the utilization of your Compute Engine resources. Insights are automatically generated based on system metrics or metrics gathered by the Cloud Monitoring service.

Learn more about VM insights and MIG insights.

Config Controller

Config Controller now uses version 1.83.0 for Config Connector (release notes)

Dataproc

New sub-minor versions of Dataproc images:

1.5.65-debian10, 1.5.65-ubuntu18, 1.5.65-rocky8

2.0.39-debian10, 2.0.39-ubuntu18, 2.0.39-rocky8

Dataproc Serverless for Spark now uses runtime version 1.0.12.

Fixed an issue where chronyd systemd service failed to start due to a race condition between systemd-timesyncd and chronyd.

Dataproc Serverless for Spark runtime version 1.0.1 is unavailable for new batch submissions.

Virtual Private Cloud

Reserving static regional external IPv6 addresses is available as a limited Preview feature. Contact your sales representative for access.

May 06, 2022

Cloud Monitoring

You can now configure Metrics Explorer and charts on dashboards to display a ratio of metrics by using the Cloud Console. For more information, see Ratios of metrics.

Cloud Storage

Us-east4 is now available for dual-region storage. This feature is now in Preview.

Google Cloud Deploy

Google Cloud Deploy now supports Skaffold version 1.37.1, as the default.

Resource Manager

The feature for listing the effectively evaluated tags on a resource has launched into public preview. For more information, see Listing effective tags on a resource.

SAP on Google Cloud

Extreme persistent disks are available for SAP HANA with improved functionality

Recent enhancements have further optimized extreme persistent disks, removing any potential limitations for using extreme persistent disks with SAP HANA.

For more information about extreme persistent disks and SAP HANA, see:

May 05, 2022

BigQuery

The new format element %J is generally available (GA) for DATE, TIME, DATETIME, and TIMESTAMP functions. This format element lets you use the ISO 8601 1-based day of the year.

PARSE_DATE, PARSE_TIME, PARSE_DATETIME, and PARSE_TIMESTAMP now support the following date and time format elements: %a, %A, %g, %G, %j, %u, %U, %V, %w, and %W.

Cloud Asset Inventory

Documentation for Policy Analyzer has moved to the Policy Intelligence documentation.

Cloud Bigtable

A Cloud Bigtable table overview page in the Cloud console is now generally available (GA). The table overview displays monitoring metrics and replication details for a selected table.

Cloud Build

Cloud Build now supports a script field, which allows users to specify shell scripts to execute in a build step. This feature is available as a preview release. To learn more, see Using the script field.

Cloud Load Balancing

Regional external HTTP(S) load balancers now support Shared VPC configurations where the load balancer's forwarding rule, target proxy, and URL map, can be created in a host or service project, while the backend services and backends can be distributed across multiple service projects in the Shared VPC environment. This is referred to as cross-project service referencing. Cross-project backend services can be referenced from a single URL map.

Cross-project service referencing gives service developers and admins autonomy over the exposure of their services through the centrally managed load balancer.

For details, see:

This feature is available in Preview.

Cloud Logging

You can now hide large amounts of similar log entries from your query results in the Logs Explorer. To learn more, see Hide similar logs.

Cloud Monitoring

SLO monitoring: Cloud Monitoring can now detect potential GKE- and Cloud Run-based services in your project. Monitoring provides a list of such candidate services, and you can now identify the candidates you want to monitor and create SLOs for them by using the Cloud Console. For more information, see Defining a microservice.

Cloud Run

You can now define service-level objectives (SLOs) for your Cloud Run services using SLO monitoring in Cloud Monitoring or the Cloud Run service page.

Cloud Vision

OCR model migration reverted

We have switched the "builtin/stable" model back to the original version temporarily while we fix a bug resulting from this migration. The week of May 16th, we will update the "builtin/stable" model used for OCR again with the model from "builtin/latest" and create a new release note.

You will be able to use the original model as "builtin/legacy" for 90 more days after we upgrade "builtin/stable".

Identity and Access Management

Documentation for Activity Analyzer, IAM insights, IAM Policy Troubleshooter, IAM role recommendations, and IAM Policy Simulator has moved to the Policy Intelligence documentation.

May 04, 2022

Anthos clusters on bare metal

Release 1.10.4

Anthos clusters on bare metal 1.10.4 is now available for download. To upgrade, see Upgrade Anthos on bare metal. Anthos clusters on bare metal 1.10.4 runs on Kubernetes 1.21.

Fixes:

  • The following container image security vulnerabilities have been fixed:

  • Role-based access control (RBAC) fixes:

    • Set AutomountServiceAccountToken field for Node Problem Detector jobs and etcd-defrag Daemonsets to false.

    • Set capi-kubeadm-bootstrap-controller-manager to use a dedicated service account.

    • Scoped down configmap/(get, list, watch) permissions to metallb-config resource name.

    • Scoped down configmap/get permission to core-dns-autoscaler resource name.

    • Removed services.update permission for the MetalLB kube-system:controller role.

    • anetd

      • Removed Cilium service account and replaced it with the account used by kubelet.

      • Removed pod and node access from Cilium cluster role.

      • Added Cilium cluster role to the kubelet service account.

      • Removed pods/(delete) role from cilium-operator cluster role.

      • Scoped down leases permissions in cilium-operator cluster role to cilium-operator-resource-lock resource name and kube-controller-manager resource name.

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee API hub

On May 4, 2022 Apigee API hub began the release of a new version of the software for Public Preview.

At Public Preview, products or features are ready for testing by customers. Preview offerings are often publicly announced, but are not necessarily feature-complete, and no SLAs or technical support commitments are provided for these. Unless stated otherwise by Google, Preview offerings are intended for use in test environments only.

Added the API Hub label in the Apigee community.

Added provisioning instructions.

Documentation: Provision API hub

Added instructions on how to get support.

Documentation: Get support

Action buttons in the UI are now disabled if you do not have appropriate permissions to perform the action.

Apigee Integrated Portal

On May 4, 2022 we released an updated version of the Apigee Integrated Portal software.

Error messages for rejected logins for an inactive user are now more informative to the user.

Emails from portal-sso will either be the email address of the sender that the user sets up in the custom smtp settings, or it will be no-reply@google.com, instead of the human-readable name orgname-portalname. This screenshot illustrates emails sent from portal-sso in e2e. It shows one email with custom smtp settings (tsnow-custom-smtp) and one email with the default settings (no-reply).

Bug ID Description
220993729 Portal SSO showed the Apigee domain when hovering over footer links in third-party web pages.
220188030 Reset password was not working for LDAP configurations.
214146121 An authentication issue with Apigee SSO has been fixed.
204952689 Fixed miscellaneous logback error.
194469693 Enabled SAML config error so that it is visible.
194053231 Added server-side validation for the password field. If the password is non-compliant, the response is 422:Unprocessable Entity.
190609332 Improved error output for failures while enabling SSO for Apigee
157131343 Added support for the parenthesis () and plus + characters for built-in IDP custom fields. Other special characters will continue to be blocked due to security reasons.
ID Description
200604177 Upgraded jQuery and Bootstrap
Apigee UI

On May 4, 2022 we released an updated version of the Apigee UI.

We have released a new version of the Develop tab in the Proxy Editor. See Introducing the new Proxy Editor.

App Engine standard environment Ruby

The Ruby 3.0 runtime for App Engine standard environment is now generally available.

Channel Services

Rebilling is now available in the Partner Sales Console and Cloud Channel API. This new billing data service helps you simplify your customer billing process by configuring discounts and exporting your billing data to a BigQuery dataset.

Cloud Functions

Cloud Functions now supports Ruby 3.0 at the General Availability release level.

Cloud SQL for MySQL

Support for europe-west9 (Paris).

Cloud SQL for PostgreSQL

Support for europe-west9 (Paris).

Cloud SQL for SQL Server

Support for europe-west9 (Paris).

Google Kubernetes Engine

Spot Pods for GKE Autopilot clusters is now generally available. Use Spot Pods to run your fault-tolerant workloads at reduced costs.

Spot VMs on GKE is now generally available. Spot VMs let you run fault-tolerant workloads at lower costs.

Resource Manager

The resource usage restriction Organization Policy constraint has launched into general availability.

May 03, 2022

Anthos Anthos Service Mesh

Version 1.13 is now available for managed Anthos Service Mesh and is rolling out into the Rapid Release Channel.

Version 1.12 is being promoted to the Regular Release Channel, and version 1.11 is being promoted to the Stable Release Channel.

See Select a managed Anthos Service Mesh release channel for more information.

In addition to the existing labels, you can now use the "istio-injection" label as an alias. For more information, see Injection labels.

Artifact Registry

Artifact Registry is now available in the europe-west9 region (Paris, France).

BigQuery ML

The following new features are now generally available (GA) for ARIMA_PLUS models:

To learn how to achieve one hundred times higher scalability with the ARIMA_PLUS model while using the new forecasting accuracy metrics, see the Accelerate ARIMA_PLUS to forecast 1 million time series within hours. You can also read ARIMA_PLUS best practices.

Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the Feed API, and the Search APIs (