Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

August 12, 2022

Anthos Service Mesh

1.14.3-asm.1 is now available.

This patch release contains a fix for the known issue with the signatures of the revisions released August 11, 2022.

Anthos Service Mesh 1.14.3-asm.1 includes the features of Istio 1.14.3 subject to the list of Anthos Service Mesh supported features.

Anthos clusters on VMware

Anthos clusters on VMware 1.10.6-gke.36 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.6-gke.36 runs on Kubernetes 1.21.14-gke.2100.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

  • Fixed the issue where mounting emptyDir volume with exec option on Container-Optimized OS (COS) nodes fails with permission error.
  • Fixed the issue where enabling and disabling cluster autoscaler sometimes prevents nodepool replicas from being updated.
  • Fixed the following vulnerabilities:

Cloud Bigtable

Cloud Bigtable-BigQuery federation is now generally available (GA). You can use BigQuery to query data from Cloud Bigtable and blend it with data from other federated data sources. For more information, see Querying Cloud Bigtable data.

Deep Learning VM Images

M95 Release

  • Tensorflow has been updated to 2.9.1, 2.8.1, and 2.6.5 to include upstream changes.
  • Updated to the latest NVIDIA driver version: 510.47.03.
  • The latest NVIDIA driver version does not support K80 GPUs. To use K80 GPUs, you must use an M94 or earlier environment.
  • Fixed bug in which the user is prompted with the warning JupyterLab build is suggested on startup for TensorFlow Deep Learning VMs.
  • Regular package refreshment and bug fixes.

n1-standard-1 Compute instances that use the tensorflow-gpu family fail to boot if they were created with a single disk and no accelerator.

Please use the tf-latest-cpu image family for instances without accelerators, or increase the machine type to at least n1-standard-2.

Transfer Appliance

You can now place your Transfer Appliance into suspend mode before moving it to a new location. Suspend mode removes access to data on the device and suspends any transfers.

Learn more from the Suspend section of the documentation.

August 11, 2022

Anthos Service Mesh

1.14.3-asm.0 is now available.

Anthos Service Mesh 1.14.3-asm.0 includes the features of Istio 1.14.3 subject to the list of Anthos Service Mesh supported features.

1.12.9-asm.0 is now available.

Anthos Service Mesh 1.12.9-asm.0 includes the features of Istio 1.12.9 subject to the list of Anthos Service Mesh supported features.

Cloud Bigtable

New tooling is available to help you migrate to Cloud Bigtable from HBase clusters that are hosted on another Google Cloud service. For more information, see Migrate from HBase on Google Cloud.

Cloud Monitoring

You can now prevent Cloud Monitoring from sending notifications or creating incidents during specific time periods. For general information, see Snooze notifications and alerts. For information about how to create, view, and modify a snooze, see Create and manage snoozes.

You can now update older versions of the Ops Agent from the Cloud Monitoring VM Instances page and from the Details panel for a selected Compute Engine instance. The "Install" option for a new agent now also supports "update" for upgrading an older agent.

The Cloud Monitoring Integrations page now provides information about integrations with other Google Cloud services, enhanced filtering, and additional information about available third-party integrations. For more information, see Manage integrations.

August 10, 2022

Apigee Integration

On August 10, 2022 we released an updated version of the Apigee Integration software.

Support for VPC Service Controls (Preview)

VPC Service Controls lets you define a security perimeter around the Apigee Integration Google Cloud service. For more information, see Set up VPC Service Controls for Apigee Integration.

BigQuery

You can now set default configurations at a project or organization level. This feature is now generally available (GA).

Cloud Composer

Cloud Composer 1.19.6 and 2.0.23 release started on August 10, 2022. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

Starting with Cloud Composer 1.19.6, it is no longer possible to use any operators that call Python 2. In particular, PythonVirtualenvOperator can no longer create virtual environments with Python 2.

Logs that are generated when processing individual DAG files are no longer written to the Airflow scheduler's disk. This change improves the scheduler's disk usage.

Improved DAG UI reliability in Private IP environments.

(Cloud Composer 2) When creating environments with Private Service Connect, Cloud Composer no longer checks for networking range conflicts that are not relevant for this type of connectivity.

Cloud Composer 1.19.6 and 2.0.23 images are available:

  • composer-1.19.6-airflow-1.10.15 (default)
  • composer-1.19.6-airflow-2.1.4
  • composer-1.19.6-airflow-2.2.5
  • composer-2.0.23-airflow-2.1.4
  • composer-2.0.23-airflow-2.2.5

Cloud Composer versions 1.16.12, 1.16.13, 1.17.0.preview.8, and 1.17.0.preview.9 have reached their end of full support period.

Cloud Monitoring

You can now create uptime checks for Cloud Run public endpoints by using the Monitoring API and specifying the Cloud Run Revision monitored-resource type.

Google Cloud VMware Engine

Removed ability to create stateless firewall rules for new projects and projects that have not yet created stateless rules. Projects containing existing stateless rules can continue to modify those rules. Customers can continue to create a firewall rule set in NSX-T Gateway or NSX-T Distributed Firewall rules.

In March 2023, we plan to remove any remaining stateless rules that have not been transitioned to NSX-T Gateway or NSX-T Distributed Firewall rules. If there are any questions about how to make this transition, contact Cloud Customer Care.

Removed ability to create point-to-site (P2S) VPN gateways for new projects and projects that have not yet created P2S VPN gateways. Projects containing existing gateways can continue to modify those gateways. Customers can continue to use an alternative VPN solution. For details, see Connecting using VPN.

In March 2023, we plan to remove any remaining VPN gateways that have not been transitioned to an alternative VPN solution. If there are any questions about how to make this transition, contact Cloud Customer Care.

Storage Transfer Service

Storage Transfer Service now supports transfers from AWS S3 using self-hosted transfer agents. This feature provides a way to configure the data transfer path between AWS and Google Cloud and offers more control over performance.

See the documentation for details.

VPC Service Controls

General availability for the following integration:

August 09, 2022

BigQuery Cloud Domains Cloud Monitoring

The organization of the SLO monitoring Services Overview page has been improved. The new layout provides a better experience when you don't yet have any services. When you have services, the new Supported Services list indicates how many of each type you have. You can also use the list to filter the services table to include all services of a selected type. For more information, see Services Overview dashboard.

August 08, 2022

Anthos clusters on AWS (previous generation)

Anthos clusters on AWS (previous generation) aws-1.12.1-gke.0 is now available.

You can now launch clusters with the following Kubernetes versions:

  • 1.23.8-gke.2000
  • 1.22.12-gke.300
  • 1.21.14-gke.2100
BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.37.0 (2022-08-04)

Features
  • bigquery/connection: Add service_account_id output field to CloudSQL properties (1d6fbcc)
  • bigquery/storage/managedwriter: refactor AppendResponse (#6402) (c07bca2)
  • bigquery: support JSON as a data type (#5986) (835fe4f)
Bug Fixes
  • bigquery: include user_email field when requesting job information (#6256) (da42b4e)
Documentation
  • bigquery/storage: clarify size limitations for AppendRowsRequest chore: add preferred_min_stream_count to CreateReadSessionRequest chore: add write_stream to AppendRowsResponse (1d6fbcc)
Chronicle

The following changes are available in the Unified Data Model:

  • The File.ashash field was deprecated and replaced with the File.authentihash field.
  • The day_max field was added to the Prevalence type.

Descriptions of the File.FileType Enum values are now available in the Unified Data Model field list document.

For a list of all fields in the Unified Data Model, and their descriptions, see the Unified Data Model field list.

Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.10.1 (2022-08-01)

Bug Fixes
Dependencies
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.9.0 (#1323) (7655747)

Python

Changes for google-cloud-bigtable

2.11.0 (2022-08-04)

Features
  • Add audience parameter (a7a7699)
  • Add satisfies_pzs output-only field (#614) (7dc1469)
  • Add storage_utilization_gib_per_node to Autoscaling target (a7a7699)
  • Cloud Bigtable Undelete Table service and message proto files (a7a7699)
Bug Fixes
  • Deps: require google-api-core >=1.32.0 and >=2.8.0 (a7a7699)
  • Require Python 3.7+ (#610) (10d00f5)
Performance Improvements
Cloud Load Balancing

External TCP/UDP network load balancers can now be configured to handle IPv6 traffic from clients. To enable this, you must configure your subnet, backend VMs, and the forwarding rules to handle IPv6 traffic.

This feature is only available for backend service-based network load balancers.

For details, see:

This feature is available in General Availability.

Compute Engine

Generally Available: Internal and external IPv6 addresses for Google Compute Engine instances are available in all regions.

For more information, see Configuring IPv6 for instances and Creating instances with multiple network interfaces.

Google Kubernetes Engine

Newly created GKE Clusters on version 1.24 or later using Services without .spec.ports field defined will cause a crash-loop of the ingress-gce controller (l7lbcontroller pod). This will result in not being able to provide L7 Ingress, L4 Internal LoadBalancer Service with Subsetting turned on, and L4 Network LoadBalancer based on Regional Backend Services in the cluster.

To recover from this situation, delete the Service without a port specified or recreate the cluster without any Service with .spec.ports undefined.

Network Intelligence Center

Connectivity Tests now includes a feature that performs live data plane analysis by testing connectivity between a VM and a Google network edge location. This feature is available for the following traffic flows:

  • Between VM and non-Google Cloud network
  • Between VM and Cloud SQL instances

In the Google Cloud console, you can see the results of this analysis in the column labeled Last live data plane analysis result. In the gcloud command-line and API responses, you can see the results in the probingDetails object.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.120.9 (2022-08-03)

Dependencies
  • update dependency com.google.cloud:google-cloud-core to v2.8.7 (#1227) (e967b2c)
  • update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.1 (#1226) (8fab566)

1.120.8 (2022-08-02)

Dependencies
  • update dependency com.google.cloud:google-cloud-core to v2.8.6 (#1222) (55eebf5)

1.120.7 (2022-08-01)

Bug Fixes
  • Updated log level from WARNING -> INFO for EOD failures (#1218) (8782533)

1.120.6 (2022-08-01)

Dependencies
  • update dependency com.google.cloud:google-cloud-bigquery to v2.14.1 (#1215) (5667492)
  • update dependency com.google.cloud:google-cloud-core to v2.8.5 (#1213) (5db0c2c)
  • update dependency com.google.protobuf:protobuf-java-util to v3.21.4 (#1214) (bfc53d9)
  • update dependency org.apache.avro:avro to v1.11.1 (#1210) (fafcded)

1.120.11 (2022-08-06)

Bug Fixes
  • fix dependency declaration to properly include runtime scope (#1238) (e9a4ce5)
Dependencies
  • update dependency com.google.cloud:google-cloud-bigquery to v2.14.2 (#1235) (e2af6c3)
  • update dependency com.google.cloud:google-cloud-bigquery to v2.14.3 (#1236) (399e8d7)

1.120.10 (2022-08-04)

Dependencies
  • update dependency com.google.cloud:google-cloud-core to v2.8.8 (#1231) (9d13dd8)
Security Command Center

Event Threat Detection, a built-in service of Security Command Center, launched the following rules to Preview.

  • Discovery: Can get sensitive Kubernetes object check
  • Privilege Escalation: Changes to sensitive Kubernetes RBAC objects
  • Privilege Escalation: Create Kubernetes CSR for master cert
  • Privilege Escalation: Creation of sensitive Kubernetes bindings
  • Privilege Escalation: Get Kubernetes CSR with compromised bootstrap credentials
  • Privilege Escalation: Launch of privileged Kubernetes container

These rules detect scenarios where a malicious actor attempted to query for or escalate privileges in Google Kubernetes Engine. For more information, see Event Threat Detection rules.

VPC Service Controls

Beta stage support for the following integration:

Virtual Private Cloud

Internal and external IPv6 addresses are available in all regions in General Availability:

August 05, 2022

Cloud SQL for PostgreSQL

The new Cloud SQL System insights dashboard helps you detect and analyze system performance problems.

Compute Engine

Generally available: You can now use the os-config troubleshoot command to help verify the setup of VM Manager. For more information, see Verifying VM Manager setup.

Network Intelligence Center

You can now schedule a custom cycle to refresh shadowed rule insights in Firewall Insights. For more information, see Schedule a custom refresh cycle.

Firewall Insights now identifies firewall misconfigurations for firewall rules which contain IPv6 IP address ranges. For more information, see Firewall Insights overview.

Text-to-Speech

Text-to-Speech now offers these new voices. See the supported voices page for a complete list of voices and audio samples.

  1. cloud-pt-BR-Standard-C
  2. cloud-pt-BR-Wavenet-C
VPC Service Controls

Beta stage support for the following integration:

Virtual Private Cloud

Network firewall policies and regional firewall policies are now available in General Availability.

Workflows

Added skip_polling so that connectors can execute asynchronously without waiting for the operation to complete.

August 04, 2022

Anthos clusters on AWS

This release fixes the following vulnerabilities:

This list has been updated to include CVE-2022-2327.

Anthos clusters on Azure

This release fixes the following vulnerabilities:

This list has been updated to include CVE-2022-2327.

Anthos clusters on bare metal

Release 1.11.4

Anthos clusters on bare metal 1.11.4 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.4 runs on Kubernetes 1.22.

Fixes:

  • Fixed issue in which cluster restores failed when /var/lib/etcd is a mount point.
  • Fixed issue in which attempts to skip minor versions when upgrading weren't blocked. For details about the upgrade policy, see Minor version upgrades.

The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Cloud Logging

The Logs Explorer query results now show an icon for log entries that are part of error groups. You can click the icon to view details about the error group, exclude or show only log entries from the error group in the query results, or view related documentation. For more information, see Find log entries with error groups.

Compute Engine

Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:

  • Ashburn, Virginia, North America: us-east4-a

For more information about using GPUs on Compute Engine, see GPU platforms.

Config Connector

Config Connector version 1.91.0 is now available.

Fixed issue where if ContainerCluster had the remove-default-node-pool directive set to true and there was a ContainerNodePool associated with it, after deleting the successfully reconciled ContainerNodePool, ContainerCluster would get stuck on the UpdateFailed state.

Fixed issue where SQLInstance could not reference KMSCryptoKey.

Added support for the IAMWorkforcePool resource.

Added spec.configmanagement.policyController.monitoring and spec.configmanagement.policyController.mutationEnabled fields to GKEHubFeatureMembership.

Added support for state-into-spec to StorageBucket.

Fixed all reference docs so that code samples now work when they're copy/pasted.

Google Kubernetes Engine

(2022-R19) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.12-gke.1500
    • 1.24.2-gke.300
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.

Stable channel

  • The following versions are now available in the Stable channel:

  • Version 1.21.12-gke.2200 is now the default version in the Stable channel.

  • The following versions are no longer available in the Stable channel:

    • 1.21.12-gke.1700
    • 1.22.8-gke.201
    • 1.22.8-gke.202
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.

Regular channel

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.9900
    • 1.21.12-gke.2200
    • 1.22.8-gke.202
    • 1.23.5-gke.1503
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:

  • Version 1.23.8-gke.1900 is now the default version in the Rapid channel.

  • The following versions are no longer available in the Rapid channel:

    • 1.21.14-gke.700
    • 1.22.10-gke.600
    • 1.22.11-gke.400
    • 1.23.6-gke.2200
    • 1.23.7-gke.1400
    • 1.23.8-gke.400
    • 1.24.2-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.13400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.8-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.

(2022-R19) Version updates

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.12-gke.1500
    • 1.24.2-gke.300
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.

(2022-R19) Version updates

  • The following versions are now available in the Stable channel:

  • Version 1.21.12-gke.2200 is now the default version in the Stable channel.

  • The following versions are no longer available in the Stable channel:

    • 1.21.12-gke.1700
    • 1.22.8-gke.201
    • 1.22.8-gke.202
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.

(2022-R19) Version updates

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.9900
    • 1.21.12-gke.2200
    • 1.22.8-gke.202
    • 1.23.5-gke.1503
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

(2022-R19) Version updates

  • The following versions are now available in the Rapid channel:

  • Version 1.23.8-gke.1900 is now the default version in the Rapid channel.

  • The following versions are no longer available in the Rapid channel:

    • 1.21.14-gke.700
    • 1.22.10-gke.600
    • 1.22.11-gke.400
    • 1.23.6-gke.2200
    • 1.23.7-gke.1400
    • 1.23.8-gke.400
    • 1.24.2-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.13400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.8-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.

August 03, 2022

Access Approval

Access Approval supports Secret Manager in Preview stage.

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions:

  • 1.23.8-gke.1700
  • 1.22.12-gke.200
  • 1.21.14-gke.2100
Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions:

  • 1.23.8-gke.1700
  • 1.22.12-gke.200
  • 1.21.14-gke.2100
Anthos clusters on bare metal

Release 1.12.1

Anthos clusters on bare metal 1.12.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.1 runs on Kubernetes 1.23.

Functionality changes:

  • Increased default memory limits for coredns, metallb-controller, metallb-speaker, metrics-server, anthos-cluster-operator, and cap-controller-manager.

  • Modified the dashboards Anthos cluster pod status and Anthos cluster node status. Specifically, the following changes were made:

    • Replaced cadvisor resource metrics with summary API resource metrics.
    • Added cpu, memory, and volume utilization metrics.

    If you have already installed these dashboards in a project, you need to download the JSON files Anthos-cluster-pod-status.json and Anthos-cluster-node-status.json from the Dashboards for Anthos GitHub repository. You then need to import these JSON files into Cloud Monitoring. For details, see Install sample dashboards.

Fixes:

  • Fixed issue in which nodes drained or cordoned by kubectl were mistakenly marked as schedulable.
  • Fixed issue in which cluster controller and autoscaler conflicted with each other in the scaling of istiod, coredns, and istio-ingress Pods.
  • Fixed issue in which the wrong data type was used in health check log messages, resulting in panic messages.
  • Fixed issue in which cluster restores failed when /var/lib/etcd is a mount point.
  • Fixed issue in which attempts to skip minor versions when upgrading weren't blocked. For details about the upgrade policy, see Minor version upgrades.
  • Fixed issue in which an external VIP Service of type LoadBalancer would not respond when flat IP mode was enabled.

The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Release 1.12.1 ships with containerd version 1.5.13, which requires libseccomp version 2.5 or higher. If your system doesn't have libseccomp version 2.5 or higher installed, update it in advance of upgrading existing clusters to version 1.12.1. Otherwise, you may see errors in cplb-update Pods for load balancer nodes such as:

runc did not terminate successfully: runc: symbol lookup error: runc:
undefined symbol: seccomp_notify_respond

To install the latest version of libseccomp in Ubuntu, run the following command:

sudo apt-get install  libseccomp-dev

To install the latest version of libseccomp in CentOS or RHEL, run the following command:

sudo dnf -y install libseccomp-devel
Apigee API hub

On August 3, 2022 Apigee hub released a new version of the software.

Bug ID Description
241241073 Changed API hub UI route prefix from apigee/api-registry to apigee/hub. The previous apigee/api-registry path will still continue to work, but will redirect to apigee/hub automatically.
BigQuery

The max_staleness materialized view option helps you achieve consistently high performance with controlled costs when processing large, frequently changing datasets. This feature is now in preview.

Chronicle

The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS Route 53 DNS (AWS_ROUTE_53)
  • AWS S3 Server Access (AWS_S3_SERVER_ACCESS)
  • AWS WAF (AWS_WAF)
  • Box (BOX)
  • Cisco Switch (CISCO_SWITCH)
  • Citrix Storefront (CITRIX_STOREFRONT)
  • CrowdStrike Falcon (CS_EDR)
  • Dell OpenManage (DELL_OPENMANAGE)
  • F5 VPN (F5_VPN)
  • Falco IDS (FALCO_IDS)
  • GCP Cloud SQL (GCP_CLOUDSQL)
  • GCP VPC Flow (GCP_VPC_FLOW)
  • Imperva SecureSphere Management (IMPERVA_SECURESPHERE)
  • Linux Auditing System AuditD (AUDITD)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
  • Netskope (NETSKOPE_ALERT)
  • NIMBLE OS (NIMBLE_OS)
  • Office 365 (OFFICE_365)
  • Oracle (ORACLE_DB)
  • Ping Identity (PING)
  • SentinelOne EDR (SENTINEL_EDR)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Sophos AV (SOPHOS_AV)
  • Suricata EVE (SURICATA_EVE)
  • Symantec Endpoint Protection (SEP)
  • TeamViewer (TEAMVIEWER)
  • Vectra Stream (VECTRA_STREAM)
  • VMware ESXi (VMWARE_ESX)
  • Windows Defender ATP (WINDOWS_DEFENDER_ATP)
  • Windows Event (WINEVTLOG)
  • Workspace Activities (WORKSPACE_ACTIVITY)

For details about changes in each parser, see Supported default parsers.

Cloud Functions

Cloud Functions has released Cloud Functions (2nd gen), available at the General Availability release level. Cloud Functions (2nd gen) is Google Cloud's next-generation Functions-as-a-Service offering. This new version of Cloud Functions comes with an advanced feature set, giving you more powerful infrastructure, advanced control over performance and scalability, more control around the functions runtime, and triggers from over 90 event sources.

See Cloud Functions version comparison for details.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Interconnect

Dedicated Interconnect support is available in the following colocation facilities:

  • NXDATA-1 Bucharest Romania (BU1), Bucharest
  • TIS Lammed, Tel Aviv
  • Bitech SDS, Tel Aviv

For more information, see the Locations table.

Cloud Load Balancing Google Kubernetes Engine

GKE total size control is now available in GKE version 1.24 clusters. For autoscaled node pools you can now set the minimum and maximum number of the total number of nodes across all zones, rather than specify a per zone limit. To learn more, see Cluster autoscaler.

The maximum number of Pods that can run on each node has increased from 110 to 256 with GKE version 1.23.5-gke.1300 or later. To learn more, see Optimizing IP address allocation.

Memorystore for Redis

RDB Snapshots are now Generally Available on Memorystore for Redis.

Retail API

Serving controls can now be imported from and exported to files. This allows you to move serving controls between projects and do bulk edits and additions of serving controls within a project. This feature is available in Preview.

See the new documentation:

Service Directory

Configuring an internal TCP/UDP load balancer and network load balancer in Service Directory is available in GA.

August 02, 2022

Anthos clusters on VMware

A new vulnerability CVE-2022-2327 has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.

For more information, see the GCP-2022-018 security bulletin.

Cloud Storage

Customer-managed encryption key (CMEK) organization policy constraints are now generally available (GA).

New commands are now available gcloud alpha storage.

  • Commands include the ability to create buckets, view metadata for buckets and objects, and edit metadata for buckets and objects.
  • Note that all Cloud Storage gcloud commands continue to be in Preview.
Migrate to Virtual Machines

Several updates to Migrate to Virtual Machines:

Resource Manager

Two Organization Policy constraints have launched into general availability to help ensure CMEK usage across an organization. For more information, see CMEK organization policies.

Workflows

Workflows is available in the following additional regions:

  • asia-northeast2 (Osaka, Japan)
  • asia-south2 (Delhi, India)
  • australia-southeast2 (Melbourne, Australia)
  • europe-north1 (Hamina, Finland)
  • europe-west2 (London, England)
  • europe-west3 (Frankfurt, Germany)
  • southamerica-east1 (Osasco, São Paulo, Brazil)
  • us-east4 (Ashburn, Virginia, United States)
  • us-west4 (Las Vegas, Nevada, United States)

August 01, 2022

Anthos Anthos Service Mesh

The Mesh Config API (meshconfig.googleapis.com) now enables the Connect Gateway API (connectgateway.googleapis.com) and the GKE Hub API (gkehub.googleapis.com). This change does not incur any additional cost.

Anthos clusters on AWS

A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.
For more information, see the GCP-2022-018 security bulletin.

Anthos clusters on AWS (previous generation)

A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.
For more information, see the GCP-2022-018 security bulletin.

Anthos clusters on Azure

A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.
For more information, see the GCP-2022-018 security bulletin.

Anthos clusters on bare metal

Release 1.10.7

Anthos clusters on bare metal 1.10.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.7 runs on Kubernetes 1.21.

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.3.0 (2022-07-25)

Features
  • add destination_expiration_time property to copy job (#1277) (728b07c)
Bug Fixes
Documentation
  • samples: add table snapshot sample (#1274) (e760d1b)
  • samples: explicitly add bq to samples reqs, upgrade grpc to fix bug on m1 (#1290) (9b7e3e4)

The trigonometric SQL function CBRT is now generally available (GA). With this function, you can compute the cube root of a value.

The LOAD DATA statement is now available for Preview in Google Standard SQL for BigQuery. You can use the LOAD DATA statement to load data from one or more files into a table.

Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.10.0 (2022-07-26)

Features
Bug Fixes
  • Enable integration test for google-cloud-bigtable-stats (#1311) (7c77879)
  • Fix race condition in BuiltinMetricsTracer (#1320) (644454a)
  • Ignore repackaged files to fix clirr (#1300) (99b67ba)
Dependencies
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.13 (#1306) (ddae354)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.13 (#1307) (c0740fe)
Cloud Data Loss Prevention

Cloud DLP can de-identify sensitive data stored in Cloud Storage. This feature is in generally available. For more information, see De-identification of sensitive data in storage.

Cloud Storage

Bucket tags are now available in Preview. You can apply tags to buckets for fine-grained access control.

Dataproc

New sub-minor versions of Dataproc images:

1.5.72-debian10, 1.5.72-rocky8, 1.5.72-ubuntu18

2.0.46-debian10, 2.0.46-rocky8, 2.0.46-ubuntu18

Upgraded Hadoop to version 3.2.3 in 2.0 images.

Upgraded Hadoop to version 2.10.2 version 2.10.2 in 1.5 images.

Default MySQL instance root password changed to a random value in 1.5 and 2.0 images. New password is now stored in MySQL configuration file accessible only by the OS level root user.

Backported the patch for KNOX-1997 in 2.0 images.

Backported the patch for HIVE-19048 in 2.0 images.

Backported the patches for HIVE-19047 and HIVE-19048 in 1.5 images.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.120.5 (2022-07-30)

Dependencies
  • update dependency com.google.cloud:google-cloud-shared-dependencies to v3 (#1207) (d355509)

1.120.4 (2022-07-29)

Bug Fixes
  • updating return types of ack/nack futures to be consistent with publish (#1204) (6e73ab9)

1.120.3 (2022-07-27)

Dependencies
  • update dependency org.junit.vintage:junit-vintage-engine to v5.9.0 (#1201) (f18e562)

1.120.2 (2022-07-25)

Bug Fixes
Dependencies
  • update dependency org.graalvm.buildtools:junit-platform-native to v0.9.13 (#1189) (0d96f8e)
  • update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.13 (#1190) (c604080)
Vertex AI

TensorFlow Profiler integration: Debug model training performance for your custom training jobs. For details, see Profile model training performance using Profiler.

July 29, 2022

Apigee hybrid

hybrid v1.7.3

On July 29, 2022 we released an updated version of the Apigee hybrid software, v1.7.3.

For information on upgrading, see Upgrading Apigee hybrid to version 1.7.

Bug ID Description
219622478 Fixed the CPS property token so that when set to true, it will allow the instance to shutdown and reboot when cassandra connection failures occur.
232529030 Replaced the Logging fluentbit container environment variable http_proxy with HTTP_FORWARD_PROXY to maintain compatibility with fluentbit 1.8.
238370197 Fixed an issue where the timeTaken variable's value could sometimes be calculated incorrectly.
Bug ID Description
N/A Security fix for CVE-2022-22963.
Bare Metal Solution

API for long-running operations:

The API for long-running operations has changed from v1 to v2.

Chronicle

Detection Engine now includes the following new features:

  • You can define an outcome section in single event rules. Previously, the outcome section was supported in multi-event rules only. If you have multi-event rules that use only one event variable, you can refactor them by deleting the match section to make them more performant. For an example rule, see YARA-L 2.0 language overview. For more detailed information about rule syntax, see YARA-L 2.0 language syntax.

  • In the existing condition section, you can now use variables defined in the outcome section. This enables you to filter on aggregates (variables in the outcome section can be defined using aggregate functions) and on the $risk_score outcome variable. For more detailed information about the condition section, see YARA-L 2.0 language syntax.

  • You can assign a placeholder variable to the result of a function call. You can then use the placeholder variable in other sections of the rule, such as the match section, outcome section, or condition section. For information about the syntax for function to placeholder assignments and any restrictions, see the YARA-L 2.0 language syntax.

Cloud Monitoring

You can now add table widgets to custom dashboards that let you limit the number of table rows, display only those rows with the highest, or lowest values, and that display a visual indicator of the value as compared to the range of possible values. For more information, see Display data in tabular form on a dashboard.

Cloud SQL for PostgreSQL

For PostgreSQL versions 9.6 to 13, the [PostgreSQL version].R20220710.01_00 maintenance version caused a behavior change for configuration parameters: Session-level configuration parameters with dashes (-) cannot be set.

After you check your current maintenance version, you can apply a fix by performing a self-service maintenance update to the latest release.

Please use this table to find the name of the maintenance version to apply, and use that version or the latest version available:

PostgreSQL version Maintenance version
PostgreSQL 9.6 POSTGRES_9_6_24.R20220710.01_02
PostgreSQL 10 POSTGRES_10_21.R20220710.01_02
PostgreSQL 11 POSTGRES_11_16.R20220710.01_02
PostgreSQL 12 POSTGRES_12_11.R20220710.01_02
PostgreSQL 13 POSTGRES_13_7.R20220710.01_02

After you have identified the name of the maintenance version, please upgrade to the target maintenance version, performing the corresponding update of your instances (to the latest maintenance version).

Note that newly created instances automatically use the latest version.

Compute Engine

Generally available: When you autoscale a MIG, you can view the reasons for why the autoscaler adds or removes VMs in your MIG. For more information, see Viewing autoscaler logs.

The quota limits displayed in the Cloud console might be incorrect in the us-east5 region. For more information, see Known issues.

Vertex AI

We now offer Preview support for Custom prediction routines (CPR). CPR lets you easily build custom containers for prediction with pre/post processing support.

July 28, 2022

BigQuery

You can now create BigQuery subscriptions in Pub/Sub to write messages directly to an existing BigQuery table.

Chronicle

The following changes are available in the Unified Data Model:

For a list of all fields in the Unified Data Model, and their descriptions, see the Unified Data Model field list.

Cloud Composer

(Available without upgrading) Fixed a problem where DAG import errors were not displayed on the Environment details page, if the error messages did not have a creation time set.

Cloud Composer 1.19.5 and 2.0.22 images are available:

  • composer-1.19.5-airflow-1.10.15 (default)
  • composer-1.19.5-airflow-2.1.4
  • composer-1.19.5-airflow-2.2.5
  • composer-2.0.22-airflow-2.1.4
  • composer-2.0.22-airflow-2.2.5

Cloud Composer versions 1.16.11 and 1.17.0.preview.7 have reached their end of full support period.

Cloud Monitoring

You can now add user-defined labels to public and private Uptime checks. For more information, see Create public uptime checks.

You can now configure the acceptable response codes for public and private HTTP Uptime checks. For more information, see Create public uptime checks.

Cloud Storage

Configurable dual-region storage is generally available (GA).

Compute Engine

Preview: You can now merge or split your existing hardware resource commitments to create new upsized or downsized commitments. For more information, see Merge and split commitments.

Generally available: Use the Cloud console, the gcloud tool, or the API to configure a VM to shut down when a Cloud KMS key is revoked. For more information, see Configure VM shutdown on Cloud KMS key revocation.

Generally available: When you create VMs in bulk, you can now use the following new values with the TARGET_SHAPE flag:

  • ANY: Use this value to place VMs in zones to maximize unused zonal reservations.
  • BALANCED: Use this value to place VMs uniformly across zones.
Config Controller

Config Controller now uses the following versions of its included products:

July 27, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.11.2-gke.53 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.2-gke.53 runs on Kubernetes 1.22.8-gke.204.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

  • Fixed a known issue in which the cluster backup feature affected the inclusion of always-on secrets encryption keys in the backup.
  • Fixed a known issue of high-resource usage when AIDE runs as a cron job, by disabling AIDE by default. This fix affects compliance with CIS L1 Server benchmark 1.4.2: Ensure filesystem integrity is regularly checked. Customers can opt in to re-enable the AIDE if needed. To re-enable the AIDE cron job, see Configure AIDE cron job.
  • Fixed a known issue where gke-metrics-agent DaemonSet has frequent CrashLoopBackOff errors by upgrading to gke-metrics-agent v1.1.0-anthos.14.
  • Fixed the following vulnerabilities:

Apigee API hub

On July 27, 2022 Apigee hub released a new version of the software.

Bug ID Description
230374510 Mitigated issue where specs over 900KB (uncompressed) in size caused timeouts when trying to view their contents, and in turn caused instability with future requests for a short period of time. A warning message is now displayed when attempting to view specs that exceed 900KB.
230374510 Fixed issue where viewing spec files that had a file extension of .gz would allow only download of the file and would not display the contents of the file, if supported.
BigQuery

Inverse trigonometric SQL functions are now generally available (GA). These functions include:

  • COT: Compute the cotangent for an angle.
  • COTH: Compute the hyperbolic cotangent for an angle.
  • CSC: Compute the cosecant for an angle.
  • CSCH: Compute the hyperbolic cosecant for an angle.
  • SEC: Compute the secant for an angle.
  • SECH: Compute the hyperbolic secant for an angle.
Config Connector

Config Connector version 1.90.0 is now available.

Fixed issue where spec.layer7DdosDefenseConfig field in ComputeSecurityPolicy was not being reflected onto underlying resource.

Added support for ServiceDirectoryEndpoint resource.

Added support for the DLPStoredInfoType resource.

Added support for state-into-spec: absent to MonitoringAlertPolicy.

Added spec.iap.oauth2ClientIdRef field to ComputeBackendService.

Added spec.egressPolicies.egressTo.externalResources field to AccessContextManagerServicePerimeters,

Added spec.externalDataConfiguration.connectionId field to BigQueryTable.

Added spec.includeBuildLogs field to CloudBuildTrigger.

Added spec.cacheKeyPolicy.cdnPolicy.includeNamedCookies field to ComputeBackendService.

Added spec.enableUlaInternalIpv6 and spec.internalIpv6Range fields to ComputeNetwork.

Added spec.maxPortsPerVm field to ComputeRouterNats.

Added spec.advancedOptionsConfig field to ComputeSecurityPolicy.

Added spec.sslPolicyRef field to ComputeTargetHTTPSProxy.

Added spec.monitoringConfig.managedPrometheus field to ContainerCluster.

Added spec.sqlServerUserDetails field to SQLUser.

Added spec.schemaSettings field to PubSubTopic.

Added status.pscConnectionId and status.pscConnectionStatus fields to ComputeForwardingRule.

Added status.creationTime and status.managedZoneId fields to DNSManagedZones.

Added support for "reconcile resource immediately once its dependency is ready" feature for ComputeTargetPool, ComputeNetworkEndpointGroup, NetworkServicesGRPCRoute, NetworkServicesTLSRoute.

Document AI

New Release Candidate (RC) versions for PDAI Invoice and Expense processors - July 2022

We have launched new RC versions of Invoice parser and Expense parser on Jul 15, 2022. These can be accessed in the following way:

  • Invoice parser: pretrained-next-uptrainable
  • Expense parser: pretrained-next

Here are the details about the contents of the RC version updates:

Processor New Languages New Entities
Invoice: pretrained-next-uptrainable Italian, Portuguese, Romanian, Swedish N/A
Expense: pretrained-next Japanese Support for hotel and car rental folios

Payment information entities: Last 4 digits of credit card, payment type
Google Cloud Deploy

You can now have Google Cloud Deploy generate a skaffold.yaml configuration file for you when you create a release, based on a single Kubernetes manifest which you provide. This configuration file is suitable for learning and onboarding.

Google Cloud VMware Engine

Resource creation of named objects now enforce naming requirements that match other Google Cloud products like Compute Engine. New resources must use names that are 1-63 characters long, comply with RFC 1035, and consist of lowercase letters, digits, and hyphens. For example, "privatecloud-123".

Google Kubernetes Engine

GKE node system configuration now supports setting the cgroup mode to use the cgroupv2 resource management subsystem.

July 26, 2022

Anthos Service Mesh

Version 1.14 is now available for managed Anthos Service Mesh and is rolling out to the Rapid Release Channel.

The managed Anthos Service Mesh channels are now mapped to the following versions:

  • Rapid Release Channel - Version 1.14
  • Regular Release Channel - Version 1.13
  • Stable Release Channel - Version 1.12

See Select a managed Anthos Service Mesh release channel for more information.

Chronicle

Export filter for GCP logs

Previously, you could export DNS and Cloud Audit logs using the Chronicle panel within the GCP Cloud Console. You can now configure the default export filter to export additional log types. You can not only control the log types, but also the source projects producing these logs. Both inclusion and exclusion of logs are supported as well. In addition, semantic validation of the log filters can catch malformed log filters with invalid log types or identifiers. The filter language is defined by the Google logging query language that is shared with Cloud Logging.

For more information about the Export Log Filter Settings, see Exporting Google Cloud Logs to Chronicle.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Logging

You can now collect Couchbase logs and metrics from the Ops Agent, starting with version 2.18.2. For more information, see Monitoring third-party applications: Couchbase.

Cloud Monitoring

You can now collect Aerospike metrics from the Ops Agent, starting with version 2.18.2. For more information, see Monitoring third-party applications: Aerospike.

You can now collect Couchbase logs and metrics from the Ops Agent, starting with version 2.18.2. For more information, see Monitoring third-party applications: Couchbase.

You can now collect Vault metrics from the Ops Agent, starting with version 2.18.2. For more information, see Monitoring third-party applications: Vault.

Data Catalog

The UI for dataset entry detail pages now includes a section that lets you see what entries are included in that dataset. Look for the new Entry list section when browsing dataset entries in Data Catalog.

Google Kubernetes Engine

(2022-R18) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • Version 1.22.10-gke.600 is now the default version
  • The following control plane versions are no longer available:
    • 1.20.15-gke.8700
    • 1.21.11-gke.1100
    • 1.21.11-gke.1900
    • 1.22.8-gke.200
    • 1.23.5-gke.1501
    • 1.24.1-gke.1800
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.2-gke.300 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • Version 1.21.12-gke.1700 is now the default version in the Stable channel
  • The following versions are no longer available in the Stable channel:
    • 1.20.15-gke.8700
    • 1.21.12-gke.1500
    • 1.22.8-gke.200
    • 1.23.6-gke.2200
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • Version 1.22.10-gke.600 is now the default version in the Regular channel
  • The following versions are no longer available in the Regular channel:
    • 1.23.5-gke.1501
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • Version 1.23.8-gke.400 is now the default version in the Rapid channel
  • The following versions are no longer available in the Rapid channel:
    • 1.21.13-gke.900
    • 1.22.9-gke.2000
    • 1.23.6-gke.1700
    • 1.24.1-gke.1800
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.8-gke.400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.8-gke.400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.2-gke.300 with this release.

(2022-R18) Version updates

  • The following versions are now available in the Regular channel:
  • Version 1.22.10-gke.600 is now the default version in the Regular channel
  • The following versions are no longer available in the Regular channel:
    • 1.23.5-gke.1501
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.

(2022-R18) Version updates

  • The following versions are now available in the Rapid channel:
  • Version 1.23.8-gke.400 is now the default version in the Rapid channel
  • The following versions are no longer available in the Rapid channel:
    • 1.21.13-gke.900
    • 1.22.9-gke.2000
    • 1.23.6-gke.1700
    • 1.24.1-gke.1800
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.8-gke.400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.8-gke.400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.2-gke.300 with this release.

(2022-R18) Version updates

  • The following versions are now available in the Stable channel:
  • Version 1.21.12-gke.1700 is now the default version in the Stable channel
  • The following versions are no longer available in the Stable channel:
    • 1.20.15-gke.8700
    • 1.21.12-gke.1500
    • 1.22.8-gke.200
    • 1.23.6-gke.2200
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.
SAP on Google Cloud

Cloud Storage Backint agent for SAP HANA version 1.0.21

Version 1.0.21 of the Cloud Storage Backint agent for SAP HANA is now available. This version includes enhancements for backup stability and performance.

For more information about the agent, see Cloud Storage Backint agent for SAP HANA overview.

VPC Service Controls

General availability for the following integration:

July 25, 2022

Apigee X

On July 25, 2022, we released an updated version of Apigee X (1-8-0-apigee-23).

Bug ID Description
N/A Upgraded infrastructure and libraries
BigQuery

BigLake is now generally available (GA). You can now create BigQuery ML models using data in Cloud Storage by using BigLake and publish BigLake tables as Analytics Hub listings.

The new Migrate section in the BigQuery documentation helps you migrate to BigQuery. This includes high-level guidance with a migration overview, an introduction to free-to-use tools that help you with each phase of migration, and platform-specific migration guides.

Cloud Load Balancing

Cloud Load Balancing introduces the internal regional TCP proxy load balancer. This is an Envoy proxy-based regional layer 4 load balancer that enables you to run and scale your TCP service traffic behind an internal regional IP address that is accessible only to clients in the same VPC network or clients connected to your VPC network.

The internal regional TCP proxy load balancer distributes TCP traffic to backends hosted on Google Cloud, on-premises, or other cloud environments.

For details, see the following:

Cloud SQL for PostgreSQL

The following PostgreSQL minor versions and extension versions are now available:

  • 14.3 is upgraded to 14.4.
  • 13.6 is upgraded to 13.7.
  • 12.10 is upgraded to 12.11.
  • 11.15 is upgraded to 11.16.
  • 10.20 is upgraded to 10.21.

If you use maintenance windows, then you might not yet have these versions. In this case, you'll see the new versions after your maintenance update occurs. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Added information about checking the LC_COLLATE value for your databases before performing a major version upgrade of the databases for your Cloud SQL for PostgreSQL instance. For more information, refer to the Cloud SQL documentation.

Cloud Spanner

Query Optimizer version 5 is generally available. Version 4 remains the default optimizer version in production.

Eventarc

Eventarc is available in the following regions:

  • us-east5 (Columbus, Ohio, North America)
  • us-south1 (Dallas, Texas, North America)
Google Cloud Deploy

You can now view and compare Kubernetes and Skaffold confguration files for releases, using Google Cloud Console.

Pub/Sub

You can now create BigQuery subscriptions in Pub/Sub to write messages directly to an existing BigQuery table. The change is being rolled out in a phased manner over the rest of the week.

July 22, 2022

Cloud Billing

Secure the link between a project and its billing account

In the Cloud Billing Console, you can now lock the link between a project and its Cloud Billing account, in order to prevent accidental changes to the billing state, such as disabling billing or moving the project to a different billing account. You can also unlock this protected state if you want to unlink a project from a Cloud Billing account.

Google Cloud projects contain all the resources required for a system to operate. To pay for the usage of the Cloud resources (such as Compute Engine or Storage), each project must be linked to an active Cloud Billing account. If you unlink the project from a billing account, you disable billing on that project. When billing is disabled on a project, all resources contained within the project will shut down, which can cause outages to your normal business operation.

To prevent unintentional outages due to billing issues, lock your valuable projects to their linked billing account. Locking creates a two-step process to change the billing state of a project, improving billing reliability and reducing accidental outages due to billing issues.

Learn how to secure the link between a project and a Cloud Billing account.

Cloud Talent Solution Job Search

Histogram query for city and admin1_country can handle multiple location jobs

Support special characters in companyDisplayNames fuzzy match

Derive annualized compensation info for more employment types

Google Kubernetes Engine

GKE Gateway integration with Cloud Certificate Manager is now available as Public Preview in GKE versions 1.20 and later. Use the new TLS features and high scale offered by Cloud Certificate Manager with GKE Gateway. For more information, see Gateway Security.

July 21, 2022

Anthos Config Management

The constraint template library includes a new template: K8sRequireCosNodeImage. For reference, see Constraint template library.

Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: c370036).

Fixed the resource name length validation issue caused by long RepoSync names or long namespace names. The new maximum length is 253 characters, instead of 63 characters.

Apigee X

On July 21, 2022 we released an updated version of Apigee X.

The Advanced API Security's target assessment, which evaluates the security of target servers in your API, is now available. See Security scores in the Apigee UI to learn more.

Chronicle

The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • Avanan Email Security (AVANAN_EMAIL)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS GuardDuty (GUARDDUTY)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • BeyondTrust Secure Remote Access (BEYONDTRUST_REMOTE_ACCESS)
  • Carbon Black (CB_EDR)
  • Centrify (CENTRIFY_SSO)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco ISE (CISCO_ISE)
  • CrowdStrike Falcon (CS_EDR)
  • CrowdStrike Falcon Stream (CS_STREAM)
  • Custom Security Data Analytics (CUSTOM_SECURITY_DATA_ANALYTICS)
  • Dell EMC Data Domain (DELL_EMC_DATA_DOMAIN)
  • Department of Homeland Security (DHS_IOC)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • F5 VPN (F5_VPN)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiNAC (FORTINET_FORTINAC)
  • GCP Cloud Run (GCP_RUN)
  • GitHub (GITHUB)
  • Google Chrome Browser Cloud Management
  • HCL BigFix (HCL_BIGFIX)
  • HP Aruba(Clearpass) (CLEARPASS)
  • IBM Guardium (GUARDIUM)
  • Infoblox (INFOBLOX)
  • Infoblox DNS (INFOBLOX_DNS)
  • Kubernetes audit logs (KUBERNETES_AUDIT)
  • Linux Sysmon (LINUX_SYSMON)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Medigate IoT (MEDIGATE_IOT)
  • Microsoft AD FS (ADFS)
  • Nasuni File Services Platform (NASUNI_FILE_SERVICES)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Ping Identity (PING)
  • PostFix Mail (POSTFIX_MAIL)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • SailPoint IAM (SAILPOINT_IAM)
  • SecureLink (SECURELINK)
  • SentinelOne EDR (SENTINEL_EDR)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • Suricata EVE (SURICATA_EVE)
  • Suricata IDS (SURICATA_IDS)
  • Symantec Web Isolation (SYMANTEC_WEB_ISOLATION)
  • Thales Luna Hardware Security Module (THALES_LUNA_HSM)
  • Thales MFA (THALES_MFA)
  • Uptycs EDR (UPTYCS_EDR)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Workspace Activities (WORKSPACE_ACTIVITY)

For details about changes in each parser, see Supported default parsers.

Compute Engine

Generally available: Compute Engine committed use discounts are now Generally Available for SUSE Linux Enterprise Server (SLES) image licenses. Learn more about discounted SLES image pricing and how to purchase a license commitment.

Google Kubernetes Engine

If you start a credential rotation or an IP address rotation, ensure that you manually complete the rotation. If an operation causes a control plane re-creation while the rotation remains incomplete, your cluster might enter a broken state.

Kubernetes control plane metrics are now Generally Available. You can now configure GKE clusters with control plane version 1.23.6-gke.1500 or later to export to Cloud Monitoring certain metrics emitted by the Kubernetes API server, scheduler, and controller manager.

These metrics are stored in Cloud Monitoring in a Prometheus-compatible format. They can be queried by sending either a PromQL or MQL query to the Cloud Monitoring API. They can also be used anywhere within Cloud Monitoring, including in custom dashboards or alerting rules.

Security Command Center

The container and kubernetes attributes were added to the Finding object.

The container attribute provides information about both Kubernetes and non-Kubernetes containers that are associated with a given finding. The kubernetes attribute provides information about Kubernetes resources that are associated with a given finding.

For more information, see the Security Command Center API documentation for the Finding object.

July 20, 2022

Anthos Service Mesh

1.14.1-asm.3 is now available.

Anthos Service Mesh 1.14 includes the features of Istio 1.14 subject to the list of Anthos Service Mesh supported features.

Anthos Service Mesh allows you to configure the minimum TLS version for your Istio workloads. See Configure minimum TLS version for your workloads for more information.

Managed Anthos Service Mesh isn't rolling out to the rapid release channel at this time. You can periodically check this page for the announcement of the rollout of Managed Anthos Service Mesh to the rapid channel. See Select a managed Anthos Service Mesh release channel for more information.

Anthos Service Mesh 1.11 is no longer supported. For more information, see Supported versions.

1.12.8-asm.2 is now available.

Anthos Service Mesh 1.12 includes the features of Istio 1.12.8 subject to the list of Anthos Service Mesh Supported features.

1.13.5-asm.1 is now available.

Anthos Service Mesh 1.13 includes the features of Istio 1.13.5 subject to the list of Anthos Service Mesh Supported features.

BigQuery

Analytics Hub is now available in additional regions across the Americas, Asia Pacific, and Europe. For more information, see Analytics Hub supported regions.

Compute Engine

Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:

  • Montréal, Québec, North America : northamerica-northeast1-c

For more information about using GPUs on Compute Engine, see GPU platforms.

Data Catalog

Data Catalog is now a part of Dataplex to provide a complete data management and governance experience with built-in data intelligence and automation capabilities. See Dataplex product overview.

Dataflow

Dataflow Prime is now in General Availability.

Dataplex

Dataplex is now unified with Data Catalog to provide a complete data management and governance experience with built-in data intelligence and automation capabilities. See Dataplex product overview.

July 19, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.9.7-gke.8 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.7-gke.8 runs on Kubernetes 1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

  • Fixed a known issue in which the cluster backup feature affected the inclusion of always-on secrets encryption keys in the backup.
  • Fixed a known issue of high-resource usage when AIDE runs as a cron job, by disabling AIDE by default. This fix affects compliance with CIS L1 Server benchmark 1.4.2: Ensure filesystem integrity is regularly checked. Customers can opt in to re-enable the AIDE if needed. To re-enable the AIDE cron job, see Configure AIDE cron job.
  • Fixed the following vulnerabilities:

Apigee UI

On July 19, 2022 we released an updated version of the Apigee UI.

The Needs Attention Table in Advanced API Security Scores now use links instead of buttons. This fixes font and alignment issues inside the table rows.

Bug ID Description
238248377 The Needs Attention Table in Advanced API Security Scores was not showing target components. This has been fixed.
Cloud Data Loss Prevention

A new detection model is available for the PERSON_NAME infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version to latest when including the PERSON_NAME infoType in your InspectConfig.

You can still use the old model by setting InfoType.version to stable or leaving it unset when using the PERSON_NAME infoType. In 30 days, the new model will be promoted to stable.

Cloud Monitoring

A new version of Managed Service for Prometheus is now available. Version 0.4.3-gke-0 of managed collection for Kubernetes has been released. Users who deploy managed collection using kubectl should reapply the manifests. Users who deploy the service using gcloud or the GKE UI will be upgraded on a rolling basis over the coming weeks. This release has no impact on users of self-deployed collection.

For details about the changes included, see the release page on GitHub.

Firestore Firestore in Datastore mode Google Kubernetes Engine

(2022-R17) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.20.15-gke.8200
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.6-gke.2200 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8700
    • 1.21.12-gke.1700
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.2200
    • 1.22.9-gke.1500
    • 1.23.6-gke.1501
    • 1.24.1-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1800 with this release.

(2022-R17) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8700
    • 1.21.12-gke.1700
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.

(2022-R17) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.2200
    • 1.22.9-gke.1500
    • 1.23.6-gke.1501
    • 1.24.1-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1800 with this release.

(2022-R17) Version updates

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.20.15-gke.8200
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.6-gke.2200 with this release.
reCAPTCHA Enterprise

You can now find legacy secret keys for all reCAPTCHA Enterprise keys in the Google Cloud console. These keys can be useful if you are using a third-party plug-in/implementation that does not yet call the reCAPTCHA Enterprise API. For more information, see FAQs.

July 18, 2022

App Engine standard environment Java
  • Updated the Java SDK to version 1.9.98.
  • Updated Jetty web server to version jetty-9.4.46.v20220331.
App Engine standard environment PHP

The App Engine legacy bundled services for PHP 7+ are now available at the General Availability release level. These APIs can be accessed through language-idiomatic libraries. Calls to these API are billed according to the standard rates.

Cloud Composer

(Cloud Composer 2) Fixed a problem where an environment creation in the PSC configuration might fail with the "Composer backend timed out" message.

Cloud Composer 1.19.4 and 2.0.21 images are available:

  • composer-1.19.4-airflow-1.10.15 (default)
  • composer-1.19.4-airflow-2.1.4
  • composer-1.19.4-airflow-2.2.5
  • composer-2.0.21-airflow-2.1.4
  • composer-2.0.21-airflow-2.2.5

Cloud Composer versions 1.16.10 and 1.17.0.preview.6 have reached their end of full support period.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.10.1 (2022-07-13)

Bug Fixes
  • enable longpaths support for windows test (#1485 )(#995) (b2f68cb)
Dependencies
  • update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.12 (#977) (71dc1ee)

Python

Changes for google-cloud-logging

3.2.1 (2022-07-13)

Bug Fixes
  • deps: require google-api-core>=1.32.0,>=2.8.0 (#585) (de35eab)

3.2.0 (2022-07-11)

Features
  • add audience parameter (a2eed8c)
  • Add support for library instrumentation (#551) (8ba0023)
Bug Fixes
  • deps: require google-api-core >= 2.8.0 (#575) (a2eed8c)
  • deps: require google-cloud-core >= 2.0.0 (a2eed8c)
  • require python 3.7+ (#580) (0b3eb52)

You can now search your correlated log entries in the Logs Explorer. For more information, see Correlate log entries.

Cloud Run

Cloud Run now supports container images in the Open Container Initiative (OCI) image format.

Dataproc Metastore

Dataproc Metastore is available in the following regions: us-west2 (Los Angeles), us-west3 (Salt Lake City), europe-west4 (Netherlands), europe-west6 (Zürich), and asia-east1 (Taiwan). For more information, see Dataproc Metastore locations.

Note that these services are immediately available through the gcloud CLI and the REST API. Cloud console availability will vary by region over the next few weeks.

Security Command Center

Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, is generally available (GA). VM Threat Detection detects cryptocurrency mining software, which is among the most common types of software installed in compromised cloud environments.

Storage Transfer Service

Detailed logging for objects copied between AWS S3, Azure Blob Storage, ADLS Gen 2, and Cloud Storage with Storage Transfer Service is now generally available (GA).

With detailed logs of individual objects available in Cloud Logging, you can verify what was transferred and perform additional data integrity checks. This launch simplifies monitoring, reporting, and troubleshooting. Read Cloud Logging for Storage Transfer Service for details.

Vertex AI

NFS support for custom training is GA. For details, see Mount an NFS share for custom training.

July 16, 2022

Compute Engine

Generally available: Internal and external IPv6 addresses for Google Compute Engine instances are available in all regions.

For more information, see Configuring IPv6 for instances and instance templates and Creating instances with multiple network interfaces.

July 15, 2022

Cloud Logging

You can now collect SAP HANA logs and metrics from the Ops Agent, starting with version 2.18.1. For more information, see Monitoring third-party applications: SAP HANA.

You can now collect Vault logs from the Ops Agent, starting with version 2.18.1. For more information, see Monitoring third-party applications: Vault.

Cloud Monitoring

You can now collect Flink metrics from the Ops Agent, starting with version 2.18.1. For more information, see Monitoring third-party applications: Flink.

You can now collect SAP HANA logs and metrics from the Ops Agent, starting with version 2.18.1. For more information, see Monitoring third-party applications: SAP HANA.

Cloud VPN

You can now download third-party peer VPN configuration templates for Cloud VPN from the Google Cloud console. Use these templates to configure HA VPN tunnels on your peer VPN device. Configuration templates are currently available for the following vendor platform and software versions:

  • Cisco Firepower, running ASA 9.13(1)2 or later
  • Fortinet FortiGate 200E, running FortiOS 6.2.3 or later
  • Juniper vSRX, running JunOS 18.4R3-S2 or later

For more information, see Download a peer VPN configuration template.

Google Kubernetes Engine

Clusters that are using custom or manually created EndpointSlices (EPS) can cause Ingresses and NEGs to stop syncing if missing the service label kubernetes.io/service-name: <service-name>. This issue affects clusters running GKE 1.21, 1.22, and 1.23. Users should add the service label to all custom-made EndpointSlices to ensure that their Ingresses and NEGs continue to be synced.

Cluster autoscaler Location Policy is now generally available in GKE version 1.24.1-gke.800. This change allows users to pick one of two different spreading policies. For more information see Location policy.

July 14, 2022

BigQuery

Previously, the Storage Write API had a maximum concurrent connection limit of 100 connections for non-multi-regions such as Montreal (northamerica-northeast1). This limit has now been increased to 1,000 connections across all non-multi-regions. For more information, see Storage Write API quotas and limits.

Cloud Logging

Log-based alerting is now generally available (GA). Log-based alerts match on the content of your logs. When triggered, a log-based alert notifies you that a match has appeared in your logs and opens an incident in Cloud Monitoring. The minimum autoclose duration for incidents is now 30 minutes. For more information, see Monitor your logs and Use log-based alerts.

Cloud Monitoring

Log-based alerting is now generally available (GA). Log-based alerts match on the content of your logs. When triggered, a log-based alert notifies you that a match has appeared in your logs and opens an incident in Cloud Monitoring. The minimum autoclose duration for incidents is now 30 minutes. For more information, see Monitor your logs and Use log-based alerts.

Cloud SQL for MySQL

For enhanced security with built-in authentication, Cloud SQL now lets you set password policies at the instance and user levels.

Cloud Spanner

You can now view aggregated Cloud Spanner statistics related to transactions, reads, queries, and lock contentions in GA in Cloud Monitoring.

Compute Engine

Generally available: You can use the Cloud console to configure autoscaling based on unacknowledged messages in a Pub/Sub subscription. For more information, see Autoscale based on unacknowledged messages in Pub/Sub.

Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:

Ashburn, Virginia, North America : us-east4-c

For more information about using GPUs on Compute Engine, see GPU platforms.

Eventarc

Eventarc support for Customer-Managed Encryption Keys (CMEK) using the Cloud Console is available in Preview.

Google Cloud Marketplace Partners

Manage your private offers, including approving an offer, by using the Private Offers page.

Google Distributed Cloud Edge

This is a minor release of Google Distributed Cloud Edge (version 1.1.0).

The following changes have been introduced in this release of of Distributed Cloud Edge:

  • The Kubernetes control plane has been updated to version 1.22.

The following issues have been resolved in this release of Distributed Cloud Edge:

  • The Kubernetes control plane no longer becomes intermittently unavailable during Distributed Cloud Edge software updates.
  • VPN connectivity between non-Anthos gateway nodes and Google Cloud Platform now works reliably.

This release of Distributed Cloud Edge contains the following known issues:

  • Garbage collection intermittently fails to clean up terminated Pods.
SAP on Google Cloud

Google Cloud monitoring agent for SAP NetWeaver version 2.5

Version 2.5 of the Google Cloud monitoring agent for SAP NetWeaver is now available. This version includes bug fixes and supportability improvements.

For more information about the agent, see Monitoring SAP NetWeaver on Google Cloud.

Vertex AI

The Pipeline Templates feature is available in Preview. For documentation, refer to Create, upload, and use a pipeline template.

The features supported by pipeline templates include the following:

  • Create a template registry using Artifact Registry (AR).
  • Compile and publish a pipeline template.
  • Create a pipeline run using the template and filter the runs.
  • Manage (create, update, or delete) the pipeline template resources.
Virtual Private Cloud

Private Service Connect supports publishing a service that is hosted on the following load balancers:

These features are available in General Availability.

July 13, 2022

Anthos clusters on AWS

You can now launch Kubernetes 1.23 clusters.

Kubernetes 1.23.7-gke.1300 includes the following changes:

  • Disable profiling endpoint (/debug/pprof) by default in kube-scheduler and kube-controller-manager.
  • Update kube-apiserver and kubelet to only use Strong Cryptographic Ciphers.
  • Add an instance metadata server (IMDS) emulator.

In a future release of 1.23 VolumeSnapshot v1beta1 APIs will no longer be served. Please update to VolumeSnapshot v1 APIs as soon as possible.

You can now launch clusters with the following Kubernetes versions:

  • 1.23.7-gke.1300
  • 1.22.10-gke.1500
  • 1.21.11-gke.1900

In Kubernetes 1.23 and higher, cluster Cloud Audit Logs is now available and is enabled by default.

CIS benchmarks are now available for Kubernetes 1.23 clusters.

This release fixes the following vulnerabilities:

Restrictions on IP ranges that can be used for a cluster's Pods and Services are now relaxed. Pod and Service IP ranges can now overlap with VPC's IP ranges, provided they do not intersect the control plane or node pool subnets.

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions:

  • 1.23.7-gke.1300
  • 1.22.10-gke.1500
  • 1.21.11-gke.1900

You can now launch Kubernetes 1.23 clusters.

Kubernetes 1.23.7-gke.1300 includes the following changes:

  • Disable profiling endpoint (/debug/pprof) by default in kube-scheduler and kube-controller-manager.
  • Update kube-apiserver and kubelet to only use Strong Cryptographic Ciphers.

In a future release of 1.23 VolumeSnapshot v1beta1 APIs will no longer be served. Please update to VolumeSnapshot v1 APIs as soon as possible.

In Kubernetes 1.23 and higher, cluster Cloud Audit Logs is now available and is enabled by default.

CIS benchmarks are now available for Kubernetes 1.23 clusters.

This release fixes the following vulnerabilities:

Added support for updating Azure control plane and node pool ssh config. For more information, see gcloud container azure clusters update and gcloud container azure node-pools update

Restrictions on IP ranges that can be used for a cluster's Pods and Services are now relaxed. Pod and Service IP ranges can now overlap with VPC's IP ranges, provided they do not intersect the control plane or node pool subnets.

You can no longer create clusters with the following versions:

  • 1.21.11-gke.100
  • 1.21.11-gke.1100
  • 1.22.8-gke.200
  • 1.22.8-gke.1300

These versions have a bug mentioned in a note from June 23, 2022.

Batch

Batch is now available in Preview! For more information about using Batch, see the documentation.

Compute Engine

Generally Available: A version of Rocky Linux is now available that is optimized for running on Compute Engine.

This version of Rocky Linux is configured to use the latest version of the Google virtual network interface (gVNIC) which is specifically designed to support workloads that require higher network bandwidths. For more information, see the Rocky Linux section of the Operating systems details documentation.

Preview: Tau T2A, Google Cloud's first general purpose VM family to run on Arm architecture, is now available. Tau T2A VMs are available in three regions.

For more information, see Arm VMs on Compute Engine.

Google Cloud VMware Engine

VMware Engine nodes are now available in the following additional region:

  • Zurich, Switzerland, Europe (europe-west6)
Google Kubernetes Engine

You can now run Arm-based workloads in Preview in Standard clusters with GKE version 1.24 and later, and in Autopilot clusters with GKE version 1.24.1-gke.1400 and later.

You can now select compute classes to run GKE Autopilot workloads that have specialized hardware requirements, such as Arm architecture. The Scale-Out compute class is available in Preview in Autopilot clusters running GKE version 1.24.1-gke.1400 and later.

Migrate to Containers

Modernize VMs to run Anthos for VMs (A4VM)

Migrate to Containers has added a new modernization feature, which enables traditional VMs to run on Anthos for VMs. Anthos for VMs extends Anthos on bare metal (now known as Google Distributed Cloud Virtual) to let you run and manage containers and VMs on a unified, Google Cloud-connected platform in your data center or at the edge. For more information on this feature, see About Anthos for VMs.

Support for local-ovf sources

Migrate to Containers has added support for creating Anthos VM runtimes from local OVF files. This enables users to modernize VMs to the Anthos VM Runtime by importing their OVF file into their local Anthos bare metal cluster using Migrate to Containers.

List the source inventory for Google Compute Engine, local-vmware, and Migrate for Compute Engine 5.x sources

Migrate to Containers has added support for the inventory listings of VMs in connected sources. Users can list an inventory of the VMs in connected Migrate to Containers sources. The new inventory listings are available for Google Compute Engine, local-vmware, and Migrate for Compute Engine v5.0 sources.

Improved migration flow and task APIs

A new structured method for generalizing the Migrate to Containers containerization process is available. The new structure provides more flexibility and more granular control of the automated containerization process. The new structure enables users to customize the process and enables support for additional software framework modernization. The following containerization tasks elements are available:

  • AppXGenerateArtifactsTask
  • AppXGenerateArtifactsFlow

The following migration types are now deprecated and planned to be removed in version 1.13. The corresponding AppX objects and parameters can be used to perform migration for these workload types:

  • system - Legacy linux migrations
  • iis - Legacy windows IIS migrations

The following APIs (CRDs) have been deprecated since version 1.11 and are planned to be removed in version 1.13:

July 12, 2022

Agent Assist

Agent Assist now offers UI Modules as a public Preview feature. UI Modules are an out-of-the-box option for integrating Agent Assist features into your agent UI system. For more information, see the UI Modules documentation.

AlloyDB for PostgreSQL

When creating a primary or read-pool instance, or scaling either one, you can choose a machine size as small as 2 vCPUs with 16 GB of RAM.

BigQuery

You can now select a job type when assigning a folder, organization, or project to a reservation in the Google Cloud console. This feature is now generally available (GA).

Cloud Build

The gcr.io/cloud-builders/docker builder has been upgraded to Docker client version 20.10.14. For instructions on using this builder with the Docker client versions, see Interacting with Docker Hub images.

Transfer Appliance

Transfer Appliance is now available in an additional size. The TA7 appliance offers up to 7TB of storage in a smaller form factor than our other appliances. It offers both online and offline transfer modes.

Learn more about the TA7 on the Specifications page, or order an appliance from the Cloud console.

Vertex AI

You can now use a pre-built container to perform custom training with TensorFlow 2.9

July 11, 2022

Anthos BigQuery

The google.cloud.bigquery.reservation.v1beta1.api package is deprecated and will be removed on September 27, 2022. After that date, requests to that package will fail. Data created by using google.cloud.bigquery.reservation.v1beta1.api are accessible by using the google.cloud.bigquery.reservation.v1.api package.

Next steps:

Cloud Bigtable

Cloud Bigtable is available in the us-south1 (Dallas) and europe-southwest1 (Madrid) regions. For more information, see Bigtable locations.

Cloud Composer

DAG UI is now generally available (GA).

(Cloud Composer 2) Improved the reliability of web server proxy connectivity. This change reduces the chance of 504 timeout errors when connecting to an environment's web server.

Set memory and CPU limits for the Composer Agent pod. This change increases this pod's priority and improves the reliability of operations that could fail because of resource starvation.

Environments no longer produce error log messages about the connection timeout when initializing the Airflow database during the environment creation. These messages were not associated with any error.

Source code for the apache-airflow-providers-google package versions 2022.6.22+composer and 2022.5.18+composer is available on GitHub:

Cloud Composer 1.19.3 and 2.0.20 images are available:

  • composer-1.19.3-airflow-1.10.15 (default)
  • composer-1.19.3-airflow-2.1.4
  • composer-1.19.3-airflow-2.2.5
  • composer-2.0.20-airflow-2.1.4
  • composer-2.0.20-airflow-2.2.5

Cloud Composer versions 1.16.8, 1.16.9, 1.17.0.preview.4, and 1.17.0.preview.5 have reached their end of full support period.

Cloud Composer 1.19.2 and 2.0.19 are versions with an extended upgrade timeline.

Cloud Run Cloud SQL for MySQL

You can enable high availability for read replicas. See Disaster recovery for additional information about the use of high-availability replicas in a disaster recovery configuration.

You can create external server replicas with HA enabled.

Cloud SQL for PostgreSQL

You can enable high availability for read replicas. See Disaster recovery for additional information about the use of high-availability replicas in a disaster recovery configuration.

You can create external server replicas with HA enabled.

Cloud SQL for SQL Server

The database major version upgrade feature of Cloud SQL for SQL Server is generally available. For more information, see Upgrade the database major version in-place.

Dataflow

You can use the Apache Beam SDK for Go to create batch and streaming Dataflow pipelines. This feature is now in General Availability.

Google Cloud Deploy

You can now permanently abandon a release using Google Cloud Deploy.

You can now suspend a delivery pipeline using Google Cloud Deploy.

Identity Platform

Activity logging can now be enabled on a a per-tenant basis. The feature is generally available.

Workflows

Added support to deploy a workflow using a cross-project service account through the Google Cloud CLI.

July 09, 2022

Apigee Integration

On July 09, 2022 we released an updated version of the Apigee Integration software.

Data Mapping task enhancements

The Data Mapping task in Apigee Integrations now provides the following enhancements:

  • Nested function support. You can pass one or more transformation functions as input parameters to another function.
  • New transformation functions. You can use the following new transform functions for array-type variables:

    • FILTER - Filters the array elements that satisfy a given condition.
    • FOR_EACH - Applies one or more transformation functions for each element in an array.
  • Subfield mapping support for JSON variables. You can view and search all the subfields of a JSON variable in the data mapping editor variable list.

For more information, see the Data Mapping task.

July 08, 2022

Apigee hybrid

hybrid v1.6.9

On July 8, 2022 we released an updated version of the Apigee hybrid software, v1.6.9.

For information on upgrading, see Upgrading Apigee hybrid to version 1.6.

Bug ID Description
236129944 Fixed the controller crashloopbackoff due to null pointer issue.
234620567 Fix logger issue in Anthos BareMetal with CentOS.
231313050 Fixed issue causing Apigee logger pod to remain in crashloopbackoff state.
233094108 Fixed Stacktrace truncation in runtime containers to support proxy diagnosis.
Cloud SQL for PostgreSQL

The July maintenance changelog is now available. For more information, use the links at Maintenance changelog.

Cloud SQL for SQL Server

The July maintenance changelog is now available. For more information, use the links at Maintenance changelog.

Policy Intelligence

Recommender now offers role recommendations for Cloud Storage buckets. Role recommendations help you reduce excess permissions by suggesting role changes based on actual permission usage. This feature is available in Preview.

July 07, 2022

Anthos clusters on AWS (previous generation)

Anthos clusters on AWS (previous generation) aws-1.12.0-gke.0 is now available.

This release note has been updated to mark the actual date of release, July 7, 2022. Previously, the release date was mentioned as June 24th.

You can now launch clusters with the following Kubernetes versions:

  • 1.23.7-gke.1500
  • 1.22.10-gke.1500
  • 1.21.13-gke.1600

You can now launch Kubernetes 1.23 clusters.

Kubernetes 1.20 clusters are no longer supported. This version no longer supports creation or maintenance of Kubernetes 1.19 clusters.

This release fixes the following vulnerabilities:

Anthos clusters on VMware

Anthos clusters on VMware v1.12.0-gke.446 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware v1.12.0-gke.446 runs on Kubernetes v1.23.5-gke.1504.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

Announcements

  • vSphere releases for versions lower than version 7.0 Update 2 are deprecated in Kubernetes 1.24. VMware's General Support for vSphere 6.7 will end on October 15, 2022. Customers are recommended to upgrade vSphere (both ESXi and vCenter) to version 7.0 Update 2 or above. vSphere versions less than version 7.0 Update 2 will no longer be supported in Anthos clusters on VMware in an upcoming version. You must upgrade vSphere to 7.0 Update 2 or above before you can upgrade to Anthos clusters on VMware 1.13.0.

  • Beta versions of VolumeSnapshot CRDs are deprecated in Kubernetes v1.20 and are unsupported in the Kubernetes v1.24 release.
    The upcoming Anthos clusters on VMware version 1.13 release will no longer serve v1beta1 VolumeSnapshot CRDs. Make sure that you migrate manifests and API clients to use snapshot.storage.k8s.io/v1 API version, available since Kubernetes v1.20. All existing persisted objects remain accessible via the new snapshot.storage.k8s.io/v1 APIs.

  • The dockershim component in Kubernetes enables cluster nodes to use the Docker Engine container runtime. However, Kubernetes 1.24 removed the dockershim component. Starting from Anthos clusters on VMware version 1.12.0, you cannot create new clusters that use the Docker Engine container runtime. All new clusters must use the default container runtime Containerd. A cluster update will also be blocked if you want to switch from containerd node pool to docker node pool, or if you add new docker node pools. For existing version 1.11.x clusters with docker node pools, you can continue upgrading it to version 1.12.0, but you must update the node pools to use containerd before you can upgrade to version 1.13.0 in the future.

Breaking changes:

In Kubernetes 1.23, the rbac.authorization.k8s.io/v1alpha1 API version is removed. Instead, use the rbac.authorization.k8s.io/v1 API. See the Kubernetes 1.23.5 release notes.

Platform enhancements:

  • General Availability (GA): Separate vSphere data centers for the admin cluster and the user clusters are supported.
  • GA: Anthos Identity service LDAP authentication is supported.
  • GA: User cluster control-plane node and admin cluster add-on node auto sizing is supported.

Security enhancements:

  • Preview: Preparing credentials for user clusters as Kubernetes secrets before cluster creation.

    • The credential preparation feature prepares the credentials before a user cluster is created. After credential preparation, user cluster credentials are saved as versioned Kubernetes secrets in the admin cluster, and the template which is used for credential preparation can be deleted from the admin workstation. When creating a user cluster, it only needs to configure the namespace and the versions of the prepared secrets in the user cluster config file. Using this feature can help protect user cluster credentials.
  • Preview: The gkectl update credentials command supports rotating the component access SA key for both the admin and the user clusters.

  • The COS node image shipped in version 1.12.0 is qualified with the Center for Internet Security (CIS) L1 Server Benchmark.

  • The gkectl update credentials command supports register service account key rotation.

Cluster lifecycle Improvements:

  • Preview: You can configure the time duration of Pod Disruption Budget (PDB) violation timeout during a node drain. The default behavior is to always block on a PDB violation and to not force-delete pods during node drain, to avoid unexpected data corruption, and this default is unchanged. In certain cases, when users want to unblock the PDB violation deadlock with the bound timeout during cluster upgrade, they can apply the special annotation onprem.cluster.gke.io/pdb-violation-timeout: TIMEOUT on the machine objects.

Simplify day-2 operations

  • Preview: Launched the enablement of Google Cloud Managed Service for Prometheus to track metrics in Anthos on vSphere clusters, and introduced two separate flags to enable logging and monitoring for user applications separately: EnableCloudLoggingForApplications and EnableGMPForApplications. The legacy flag EnableStackdriverForApplications is deprecated, and will be removed in a future release. Customers can monitor and alert on the applications using Prometheus with Google-managed Prometheus without managing and operating Prometheus. Customers can set enableGMPForApplications in the Stackdriver spec to enable Google Managed Prometheus for application metrics without any other manual steps, and the Google Managed Prometheus components are then set up automatically. See Enable Managed Service for Prometheus for user applications for details.

  • All sample dashboards to monitor cluster health are available in Cloud Monitoring sample dashboards. Customers can install the dashboards with one click. See Install sample dashboards.

  • Improvements to cluster diagnosis: The gkectl diagnose cluster command automatically runs when gkectl diagnose snapshot is run, and the output is saved in a new folder in the snapshot called /diagnose-report.

  • The gkectl diagnose cluster command surfaces more detailed information for issues arising from virtual machine creation.

  • A validation check for the existence of an OS image has been added to the gkectl update admin and gkectl diagnose cluster commands.

  • A blocking preflight check has been added. This check validates that the vCenter.datastore specified in the cluster configuration file doesn't belong to a DRS-enabled datastore cluster.

Functionality changes:

  • Upgraded COS from m93 to m97, and containerd to 1.6 on COS.

  • Metrics agent: Upgraded gke-metrics-agent from 1.1.0 to 1.8.3, which fixes some application metrics issues. The offline buffer in the metrics agent can now discard old data based on the age of metrics data, in addition to the total size of buffer. Metrics data is stored in an offline buffer for at most 22 hours in case of a network outage.

  • New metrics: Added 7 resource utilization metrics.

    • k8s_container:
      • container/cpu/request_utilization
      • container/cpu/limit_utilization
      • container/memory/request_utilization
      • container/memory/limit_utilization
    • k8s_node:
      • node/cpu/allocatable_utilization
      • node/memory/allocatable_utilization
    • k8s_pod:
      • pod/volume/utilization

Fixes

Known issues:

  • On the out-of-the-box monitoring dashboards, the GKE on-prem Windows pod status and GKE on-prem Windows node status also show data from Linux clusters.

  • The scheduler metrics, such as scheduler_pod_scheduling_attempts, are not collected in version 1.12.0 due to a configuration issue in the metric collector.

In version 1.12.0, cgroup v2 (unified) is enabled by default for Container Optimized OS (COS) nodes. This could potentially cause instability for your workloads in a COS cluster. We will switch back to cgroup v1 (hybrid) in version 1.12.1. If you are considering using version 1.12 with COS nodes, we suggest that you wait until the 1.12.1 release.

Anthos clusters on bare metal

Release 1.10.6

Anthos clusters on bare metal 1.10.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.6 runs on Kubernetes 1.21.

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

BigQuery

Azure workload identity federation is now available in preview for BigQuery Omni connections. This feature helps you secure data by allowing you to grant Google access to an application you manage in your Azure tenant so that neither you nor Google must manage application client secrets.

Carbon Footprint

Carbon Footprint now reports carbon emissions broken down by scope 1, scope 2, and scope 3 categories, following the Greenhouse Gas (GHG) Protocol carbon reporting standards.

We've renamed the Carbon Footprint export table from carbon_footprint_export to carbon_footprint within the target BigQuery dataset indicated by your data transfer configuration. The renamed table contains an updated schema. Furthermore, the renamed table is now partitioned by month. Each month's data is exported on the 15th day of the following month. Data for previous months is not automatically exported, but you can schedule manual data backfills to export data for previous months. Carbon Footprint will no longer update existing carbon_footprint_export tables.

We've made the following updates to data sources and methodology for Scope 2 location-based emissions:

  • Improved power data measurements.
  • Changed from LCA grid carbon intensity values to scope-2-compliant direct grid emissions.
  • Corrected data that led to changes in internal cost-based reallocation of shared infrastructure energy consumption.
  • Removed VPC Network Logs SKU that caused inaccurate results.
Cloud SQL for MySQL

Cloud SQL for MySQL now supports setting timezone names as values for the time_zone parameter. Refer to the Cloud SQL documentation for a list of supported timezone names.

Dataproc

Dataproc support for the following images has been extended to the following dates:

Identity and Access Management

Workforce identity federation lets you authenticate and authorize users from external identity providers to access supported Google Cloud products. This feature is available in Preview.

SAP on Google Cloud

Cloud Storage Backint agent for SAP HANA version 1.0.20

Version 1.0.20 of the Cloud Storage Backint agent for SAP HANA is now available. This version includes backup stability and logging enhancements.

For more information about the agent, see Cloud Storage Backint agent for SAP HANA overview.

July 06, 2022

Apigee API hub

On July 6, 2022 Apigee hub released a new version of the software.

Bug ID Description
229852942 The error message displayed has been clarified for the case where the uploaded spec file type was not gzip, but the mime type selected was gzip.
BigQuery

The APPENDS change history TVF is now in preview. This table-valued function provides a history of table appends over a window of time.

Chronicle

The following supported default parsers have changed (listed by product name and ingestion label):

  • Azure DevOps Audit (AZURE_DEVOPS)
  • Bitdefender (BITDEFENDER)
  • CA Access Control (CA_ACCESS_CONTROL)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Check Point (CHECKPOINT_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Router (CISCO_ROUTER)
  • Cloud Passage (CLOUD_PASSAGE)
  • Digital Guardian (DIGITALGUARDIAN_EDR)
  • ExtraHop RevealX (EXTRAHOP)
  • Forcepoint NGFW (FORCEPOINT_FIREWALL)
  • IBM DataPower Gateway (IBM_DATAPOWER)
  • IBM Guardium (GUARDIUM)
  • Imperva (IMPERVA_WAF)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Office 365 (OFFICE_365)
  • pfSense (PFSENSE)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • SonicWall (SONIC_FIREWALL)
  • Sophos UTM (SOPHOS_UTM)
  • VMware AirWatch (AIRWATCH)
  • VMware ESXi (VMWARE_ESX)
  • Workspace Activities (WORKSPACE_ACTIVITY)

For details about changes in each parser, see Supported default parsers.

The following new fields are available in the Unified Data Model:

  • The new fields prevalence, first_seen_time, and last_seen_time were added to the File object.
  • A new field, bounce_address, was added to the Email object.
  • A new field, artifact, was added to the Noun object. Artifact is a new object.
  • A new field, rolling_max_sub_domains, was added to the Prevalence object.
  • A new field, first_seen_time, was added to the User object.
  • The following new fields were added to the Smtp object:
    • helo
    • mail_from
    • rcpt_to
    • server_response
    • message_path
    • is_webmail
    • is_tls

For a list of all fields in the Unified Data Model, and their descriptions, see the Unified Data Model field list

Cloud Data Loss Prevention

InfoType categories were added to built-in infoTypes.

To get a list of built-in infoTypes, call the infoTypes.list method.

Cloud Functions

Cloud Functions (1st gen) now supports Google-managed Artifact Registry at the General Availability release level.

Cloud Functions now supports the following runtimes at the General Availability release level:

Deep Learning Containers

M94 Release

  • Added support for PyTorch 1.12.
  • Added more system libraries to the R Deep Learning Containers image.
Deep Learning VM Images

M94 Release

  • Added support for PyTorch 1.12.
  • Added more system libraries to the R Deep Learning VM image.
Dialogflow

Dialogflow CX now provides new client libraries for C++, C#, and Go.

Dialogflow ES now provides a new client library for C++.

Google Kubernetes Engine

The blue-green upgrade mechanism is now available to upgrade your GKE node pools, and can be selected per node pool instead of the default surge upgrade mechanism.

Vertex AI

Tabular Workflows is available in Preview. For documentation, refer to Tabular Workflows on Vertex AI.

End-to-End AutoML workflow is available in Public Preview. For documentation, refer to End-to-End AutoML.

July 05, 2022

Migrate to Virtual Machines

Connector renaming

Includes the following updates:

  • Renamed CLI command from m4c to m2vm
  • Renamed product to Migrate to Virtual Machines
  • Bug fixes

July 04, 2022

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-secretmanager

2.3.0 (2022-07-01)

Features
  • Enable REST transport for most of Java and Go clients (#790) (d51c8fa)
Documentation
  • sample: clean up README for native image sample (#785) (67260d7)
Dependencies
  • update dependency com.google.cloud:google-cloud-shared-dependencies to v2.13.0 (#789) (71aae1d)
  • update dependency com.google.protobuf:protobuf-java-util to v3.21.0 (#779) (d38f1db)
  • update dependency com.google.protobuf:protobuf-java-util to v3.21.1 (#780) (6c613da)
  • update dependency com.google.protobuf:protobuf-java-util to v3.21.2 (#791) (d7d4ea9)
  • update dependency org.graalvm.buildtools:junit-platform-native to v0.9.12 (#787) (a2e0e97)
  • update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.12 (#788) (8662fe6)

July 02, 2022

Artifact Registry

Artifact Registry is now available in the us-south1 region (Dallas, United States).

July 01, 2022

Apigee UI

On July 1, 2022, we released an updated version of the Apigee UI.

This release contains a new version of the Debug tab in the Apigee Proxy Editor. Following previous releases of new versions of the Overview and Develop tabs, this completes the initial release of the new Proxy Editor.

To view the new Debug tab, see Using Debug.

App Engine standard environment Java App Engine standard environment PHP App Engine standard environment Python BigQuery

An updated version of JDBC driver for BigQuery is now available. This version includes a fix for an issue with connector returning stack overflow in some cases when executing complex long queries.

Cloud Functions

Cloud Functions now supports PHP 8.1 at the General Availability release level.

Dataproc

New sub-minor versions of Dataproc images:

1.5.71-debian10, 1.5.71-rocky8, 1.5.71-ubuntu18

2.0.45-debian10, 2.0.45-rocky8, 2.0.45-ubuntu18

For 1.5 images and the 2.0.45-ubuntu18 image, backported the upstream fix for KNOX-1997.

Policy Intelligence

Lateral movement insights, which identify roles that allow a service account in one project to impersonate a service account in another project, are now generally available.

Workflows

To reduce naming conflicts and improve memory usage, local scoping now applies to any variable created inside an except block.

If you are assigning a variable inside an except block and want to access the variable outside of the block, assign the variable before the block to place it in the surrounding scope.

June 30, 2022

Anthos Config Management

Shell access is disabled by default in the Config Sync hydration-controller container. This disables the ability to use Kustomize remote bases. To use Kustomize remote bases, enable shell access by setting the field spec.override.enableShellInRendering: true in RootSync and RepoSync.

Policy Controller now supports Cloud Monitoring. It will automatically export runtime metrics for both Cloud Monitoring and Prometheus. Users can also configure which monitoring backends metrics are exported to. To learn more, see Monitor Policy Controller.

Anthos Config Management is now compatible with GKE Autopilot with some cluster requirements. Policy Controller mutations are not compatible with Autopilot. Config Sync resource requests and limits adjustments will be further adjusted by GKE Autopilot. To learn more, see Install Config Sync.

Config Sync supports syncing configurations stored as OCI images in Google Artifact Registry or Container Registry as a preview feature. To learn more, see Publish config images to Artifact Registry.

Added a field spec.override.reconcileTimeout in RootSync and RepoSync, for configuring the threshold for how long to wait for resources in an apply group to reconcile before giving up. An apply group consists of resources without direct or indirect dependencies on each others.

The constraint template library includes a new template: K8sRequiredResources. For reference see Constraint template library.

The template library's K8sProhibitRoleWildcardAccess template now supports regular expression matching of clusterRole names by using the new regexMatch field.

The template library's K8sNoExternalServices template supports a new field: cloudPlatform.

Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: 206bbe9).

This release includes several Config Sync performance improvements:

  • Config Sync reconciler now watches resources for status updates instead of polling, leading to faster, more responsive, and more efficient detection of object failure and reconciliation. This change also significantly reduces memory allocations for unchanged objects.
  • Disable client-side throttling when server-side throttling is enabled (enabled by default on Kubernetes v1.20 and later). This significantly reduced sync latency at scale.

Config Sync removed resource limits from reconciler-manager, reconciler, and git-importer to make them burstable.

Config Sync increased resource limits of admission-webhook (cpu: 1, memory: 2Gi) and otel-agent (cpu: 1, memory: 1Gi).

Fixed the issue causing the Config Sync webhook deployment to report readiness prematurely by adding a readiness probe that waits for the TLS certificate to be generated and injected by the sidecar.

Fixed the issue causing git-importer to wipe out non-blocking validation errors before retrying.

Fixed the issue causing reconciler to throw an error when deleting an object that was already deleted.

Fixed two issues when resources are marked unmanaged using the configmanagement.gke.io/managed: disabled annotation:

  • If a repo contains unmanaged resources on the initial sync, the sync fails.
  • If a resource was deleted in the same commit where another resource is marked unmanaged, the deleted resource is not properly pruned.
Apigee X

On June 30, 2022 we released an updated version of Apigee X.

This release contains the Public Preview of Advanced API Security, which protects your APIs from unwanted requests, including attacks by malicious clients such as bots, and evaluates the security level of your API configurations.

Advanced API Security lets you:

  • Create security reports to detect bots and other threats to your APIs.
  • View security scores, which rate the security of your APIs and provide recommendations for improving security.
Cloud Bigtable

You are now able to configure the storage utilization target for a cluster when you use autoscaling for Cloud Bigtable. This feature is generally available (GA).

Cloud Billing

Preview: View your Google Kubernetes Engine (GKE) costs in Cloud Billing reports and cost data export to BigQuery

You can view your GKE costs by cluster, namespace, and pod labels in the Detailed cost export, and the built-in reports in the Google Cloud console.

Cloud Billing export to BigQuery

In the Detailed cost export to BigQuery, you can use the labels.key column to filter the data by these label keys:

  • goog-k8s-cluster-name: Filter your GKE resources by cluster.
  • k8s-namespace: Filter your GKE resources by namespace.
  • k8s-label: View all your GKE resources.

Cloud Billing reports

In the Cloud Billing report, Cost breakdown report, and Cost Table report, you can use the Label selector to filter and group your data by cluster or namespace, using one of these label keys:

  • goog-k8s-cluster-name: Filter or group your GKE resources by cluster.
  • k8s-namespace: Filter or group your GKE resources by namespace.

To start viewing and analyzing your GKE cost data, see these pages:

Cloud Functions

Cloud Functions now supports Python 3.10 at the General Availability release level.

Cloud Monitoring

Managed Service for Prometheus: You can now query Cloud Monitoring metrics by using PromQL. For more information, see Mapping Monitoring metric names to PromQL.

Cloud Spanner

The ANALYZE DDL command allows administrators to manually update the query statistics package that the optimizer uses to build query execution plans. This complements the existing automatic updates to provide faster feedback cycles when data, queries, or indexes change frequently.

Compute Engine

Generally available: You can now create shared reservations of Compute Engine zonal resources using the Google Cloud Console. Learn about shared reservations and creating a shared reservation.

Dataproc Metastore

Metadata federation is generally available (GA).

Metadata federation lets you access metadata that is stored in multiple Dataproc Metastore instances.

To set up a federation, you create a federation service and then configure multiple Dataproc Metastore instances as your backend metastores. The federation service then exposes a single gRPC endpoint, which you can use to access metadata across all of your metastore instances.

Document AI

VPC Service Control support

Document AI VPC Service Controls provide additional security for your resources and services. To learn more about VPC Service Controls, see the VPC Service Controls overview.

To learn about the limitations when using Document AI with VPC Service Controls, see the supported products and limitations.

Eventarc

Eventarc support for Customer-Managed Encryption Keys (CMEK) using the Google Cloud CLI is available in Preview.

Filestore

Filestore High Scale SSD tier is generally available (GA).

Google Cloud Armor

Google Cloud Armor now supports TCP Proxy load balancers and SSL proxy load balancers in General Availability For more information, see the security policy overview.

Advanced network DDoS protection is now available for network load balancers, protocol forwarding, and VMs with public IP addresses in public preview. For more information, see Configure advanced DDoS protection.

Google Kubernetes Engine

(2022-R16) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Control plane and node version 1.24.1-gke.1800 is now available.
  • The following control plane versions are no longer available:
    • 1.19.16-gke.9400
    • 1.19.16-gke.11000
    • 1.19.16-gke.11800
    • 1.19.16-gke.13800
    • 1.19.16-gke.14000
    • 1.19.16-gke.14500
    • 1.19.16-gke.15700
    • 1.20.15-gke.6000
    • 1.20.15-gke.8000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.

Stable channel

  • Version 1.21.12-gke.1500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.16-gke.11800
    • 1.19.16-gke.13800
    • 1.20.15-gke.8000
    • 1.21.11-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8200
    • 1.21.12-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.

Rapid channel

  • Version 1.23.7-gke.1400 is now the default version in the Rapid channel.
  • Version 1.24.1-gke.1800 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.7-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. Only clusters that run Container-Optimized OS are affected. GKE Ubuntu versions use either version 5.4 or 5.15 of the kernel and are not affected. For more information, refer to the GCP-2022-017 security bulletin.

GKE Cost Allocation has been released for public preview. With GKE Cost Allocation public preview, you will be able to see cost breakdowns in clusters for namespaces, and pod labels for utilized CPU and MEM. For complete details, refer to View detailed breakdown of cluster costs.

(2022-R16) Version updates

  • Version 1.23.7-gke.1400 is now the default version in the Rapid channel.
  • Version 1.24.1-gke.1800 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.7-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

(2022-R16) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8200
    • 1.21.12-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.

(2022-R16) Version updates

  • Version 1.21.12-gke.1500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.16-gke.11800
    • 1.19.16-gke.13800
    • 1.20.15-gke.8000
    • 1.21.11-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.

(2022-R16) Version updates

  • Control plane and node version 1.24.1-gke.1800 is now available.
  • The following control plane versions are no longer available:
    • 1.19.16-gke.9400
    • 1.19.16-gke.11000
    • 1.19.16-gke.11800
    • 1.19.16-gke.13800
    • 1.19.16-gke.14000
    • 1.19.16-gke.14500
    • 1.19.16-gke.15700
    • 1.20.15-gke.6000
    • 1.20.15-gke.8000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.
Identity and Access Management

In June 2022, IAM had an issue that resulted in excess usage metrics for service accounts and service account keys when any of the following actions were performed:

Each time you took any of these actions, Cloud Monitoring recorded an authentication usage metric for the parent service account, and for each of its service account keys, regardless of whether you used the service account or its keys to authenticate. These excess metrics were visible in Cloud Monitoring, and in the metrics for individual service accounts and keys, from June 7, 2022, through June 17, 2022.

In addition, these excess metrics were visible in other systems that use data from Cloud Monitoring, including Activity Analyzer, which shows when service accounts and keys were used to authenticate, and service account insights, which provide findings about unused service accounts. Excess metrics were visible in these systems from June 7, 2022, through June 22, 2022.

This issue has been corrected, and Cloud Monitoring is no longer recording these excess metrics. However, the last authentication time for each service account and key will continue to reflect the excess metrics indefinitely, until you authenticate with the service account or key again.

Security Command Center

The contacts and indicator.signatures attributes were added to the Finding object.

  • The contacts attribute is a map containing the contacts for the given finding. The key represents the type of contact, and the value contains a list of all contacts of that type.
  • The indicator.signatures[] attribute lists matched signatures that indicate that a given process is present in the environment.

For more information, see the API documentation for the Finding object.

VPC Service Controls

Support to add individual VPC networks to a perimeter is now available in Preview.

Previously, the entire VPC host project was added to a perimeter. VPC Service Controls now supports the following enhancements (Preview release):

  • You can now add individual VPC networks as members of a perimeter.
  • You can create an ingress rule to authorize individual VPC networks to access a perimeter.
Vertex AI

Feature: Vertex AI Experiments is generally available (GA). Vertex AI Experiments helps users track and compare multiple experiment runs and analyze key model metrics.

Features supported by Experiments include:

  • Vary and track parameters and metrics.
  • Compare parameters, metrics, and artifacts between pipeline runs.
  • Track steps and artifacts to capture the lineage of experiments.
  • Compare vertex pipelines against Notebook experiments.

June 29, 2022

Anthos clusters on bare metal

Release 1.12.0

Anthos clusters on bare metal 1.12.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.0 runs on Kubernetes 1.23.

The dockershim component in Kubernetes enables cluster nodes to use the Docker Engine container runtime. However, Kubernetes 1.24 removed the dockershim component. Starting from Anthos clusters on bare metal 1.12.0, you will not be able to create new clusters that use the Docker Engine container runtime. All new clusters should use the default container runtime containerd.

Improved cluster lifecycle functionalities:

  • Upgraded Anthos clusters on bare metal to use Kubernetes version 1.23. 

  • Upgraded container runtime to containerd 1.5.

  • Updated preflight check to forward default SSH key if no key is provided.

  • Added support for new GCPAccounts field in the cluster configuration file. This field enables the assignment of a cluster-admin role to end-users.

  • Added labels to control plane, control plane load balancer, and load balancer node pools, so that these different node pools can be distinguished from each other.

  • Added nodepool reference label to nodes so that worker nodes can be listed in the UI.

Observability:

  • GA: Added Summary API metrics. These metrics are scraped from the Kubernetes Summary API and provide CPU, memory, and storage metrics for Pods, containers, and Nodes.

  • Added separate flags to enable logging and monitoring for user applications separately: EnableCloudLoggingForApplications and EnableGMPForApplications. The legacy flag EnableStackdriverForApplications will be deprecated and removed in future releases.

  • Preview: Added Google Cloud Managed Service for Prometheus to collect application metrics and monitor cluster health.

  • Upgraded GKE Metrics Agent (gke-metrics-agent) from version 1.1.0 to 1.8.3. This tool scrapes metrics from each cluster node and publishes them in Cloud Monitoring.

  • Added the following resource utilization metrics. For more information about these and other metrics, see View Anthos clusters on bare metal metrics:

    • container/cpu/request_utilization
    • container/cpu/limit_utilization
    • container/memory/request_utilization
    • container/memory/limit_utilization
    • node/cpu/allocatable_utilization
    • node/memory/allocatable_utilization
    • pod/volume/utilization
  • Added sample dashboards for monitoring cluster health to Cloud Monitoring sample dashboards. Customers can install these dashboards with one click.



  • Scoped down the RBAC permissions of stackdriver-operator, a component that performs logging and monitoring.

Security:

  • AIS CA deprecation. AIS certs are now signed by cluster CA.

  • Changed ca-rotation container image so that it uses a distroless rather than a Debian-based image.

  • RBAC permissions of the cluster-operator component have been eliminated or reduced to address elevated permissions.

  • GA: Anthos Identity Service LDAP authentication support.

Networking:

  • Preview: Enabled creation of IPv6 and Dual Stack LoadBalancer services. Border Gateway Protocol (BGP) is used for Dualstack clusters. Advertising IPv4 and IPv6 routes over IPv4 sessions is supported.

  • Preview: Added Network Connectivity Gateway feature support to provide HA VPN between Google Cloud and an on-premises Anthos cluster.

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

BeyondCorp Enterprise

The BeyondCorp Enterprise client connector is now generally available. The client connector extends identity and context-aware access to non-web applications by creating a secure connection from endpoint devices to apps running in both Google Cloud and non-Google Cloud environments.

For more information, see Securing client-server applications.

BigQuery

You can now set the view field in the tables.get() API method to indicate which table information is returned. Setting the value to BASIC reduces latency by omitting some storage statistics.

Previously, all BigQuery BI Engine projects had a maximum reservation size per project per location limit of 100 GB. This limit is now 250 GB. For more information, see BI Engine quotas and limits.

Chronicle

Chronicle Forwarder configuration on Linux has been updated to include two separate configuration files. The <x>.conf file stores the configuration related to log ingestion. The <x>_auth.conf file stores the authentication credentials.

For more information, see Installing and configuring the forwarder on Linux.

Cloud Composer

The Per-folder Roles Registration feature is rolled out to all regions.

Cloud Composer 1.19.2 and 2.0.19 images are available:

  • composer-1.19.2-airflow-1.10.15 (default)
  • composer-1.19.2-airflow-2.1.4
  • composer-1.19.2-airflow-2.2.5
  • composer-2.0.19-airflow-2.1.4
  • composer-2.0.19-airflow-2.2.5
Cloud Key Management Service

Customers enrolled in Key Access Justifications will now see justifications listed in Cloud Audit Logs for Cloud KMS.

Cloud Logging

You can now collect Apache Flink logs from the Ops Agent, starting with version 2.17.0. For more information, see Monitoring third-party applications: Flink.

Cloud Shell

Cloud Code Extension updated to 1.18.3

Update includes a new and improved Kubernetes development experience with the Development Sessions Explorer, support for private clusters, a refreshed welcome page, and more! Review the Cloud Code release notes for a complete list of features, updates, and fixes.

Cloud Shell Editor is built with Theia 1.25.0

Review the Theia release notes for a complete list of features/updates/bug fixes.

Cloud Shell now defaults to Python 3

Python 2 is still included as a development tool in Cloud Shell and may be invoked using python2.

Cloud Spanner

Query insights is now generally available. Query Insights helps you visually detect and identify query performance issues for Cloud Spanner databases. You can also dig deeper and analyse the query details to know the root cause of these issues.

To learn more, see Detect query performance issues with Query Insights.

Firestore in Datastore mode

Not-equal (!=), IN, and NOT_IN query filters now available in all client libraries:

  • Java
  • Python
  • PHP
  • Node.js
  • C#
  • Go
  • Ruby
Google Cloud Deploy

Google Cloud Deploy is now available in the following regions:

  • asia-east2 (Hong Kong)
  • europe-west2 (London)
  • europe-west3 (Frankfurt)
  • us-east4 (N. Virginia)
  • us-west2 (Los Angeles)
Google Kubernetes Engine

You can now give multiple containers time-shared access to the full compute resources of a single NVIDIA GPU accelerator. Time-sharing GPUs is generally available in GKE version 1.23.7-gke.1400 and later. For more information, refer to Time-sharing GPUs on GKE.

Identity Platform

Identity Platform Web v9 modular SDK is now available at the GA stage. For details, see Upgrade to the modular Web SDK (v9) .

Storage Transfer Service

Expanded overwrite options are new generally available (GA). The overwriteWhen field can be used to specify whether data that already exists in the destination should be overwritten always, never, or only when ETags and checksum values indicate that the file has changed.

Metadata preservation options are now generally available (GA). This includes the option of preserving POSIX attributes and symlinks when transferring to, from, and between POSIX filesystems; as well as object ACLs, CMEK, temporary holds, and object creation time when transferring between Cloud Storage buckets.

See Metadata preservation for details.

Transfer Appliance

Transfer Appliance now supports monitoring of the amount of data stored on your appliance, and whether online transfer is enabled, through Cloud Monitoring. See Monitor Transfer Appliance for details.

June 28, 2022

AlloyDB for PostgreSQL

AlloyDB's Frequently asked questions page addresses common questions received by the AlloyDB support team during the product's public preview.

Certificate Manager

This is the General Availability release of Certificate Manager.

Cloud Bigtable

Cloud Bigtable now gives you the option to undelete a table for up to seven days from the time of deletion using the gcloud CLI. This feature is generally available (GA).

Cloud Billing

We've added new features to view your billing information and cost estimates in the Google Cloud Console mobile app. You can view your cost trends and forecasts, the costs for your top project, and how much you're spending on your top Google Cloud services.

To see your billing data in the app, select the Billing tab in the navigation bar, then select Overview.

Get the Google Cloud Console app for iOS or Android.

Attribution for your committed use discounts (CUDs) now appears at the same time as eligible usage.

Previously, the subscription fees and credits associated with your CUDs would appear in billing reports and BigQuery usage cost exports after the corresponding eligible resource usage. This could result in apparent spikes in cost if you viewed your billing data before the attribution process completed.

With this release, subscription fees and credits appear at the same time as eligible usage, meaning that your net costs are always accurate whenever you view your billing data.

Learn about how your CUD fees and credits are attributed across your resources.

Cloud Healthcare API

The Cloud Healthcare API offers single-region support in the asia-southeast2 (Jakarta, Indonesia) region.

Cloud Monitoring

The new experience for creating metric-based alerting policies by using the Google Cloud console is now Generally Available. For more information, see Create metric-based alert policy.

Cloud SQL for MySQL

A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

Cloud SQL for PostgreSQL

A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

The fix to the silent data corruption when using the CREATE INDEX CONCURRENTLY or REINDEX CONCURRENTLY SQL commands in PostgreSQL 14 (BUG #17485) is now available in the self-service maintenance release POSTGRES_14_2.R20220331.02_012 for PostgreSQL 14.2.

After applying the self service maintenance, you can fix any silent data corruption if it already happens using REINDEX CONCURRENTLY SQL command on the specific indexes, or reindexdb client command for your entire instance.

Cloud SQL for SQL Server

A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.

Cloud VPN

Cloud VPN no longer checks a peer's IKE identity.

This change simplifies the configuration of your VPN peers, because you no longer need to explicitly set a peer's IKE identity to a specific value.

Note: Some Cloud VPN tunnels that were previously unestablished due to unmatched IKE identity might now become established.

  • If you don't want the affected tunnels to become established, delete them as needed on the Cloud VPN side, on the on-premises side, or on both sides.

  • If you want the affected tunnels to become established, no action is required on your part.

Previously, Cloud VPN required peers to use an IKE identity of type ID_IPV4_ADDR, which is equal to the peer's public IP address. Removing this restriction enables easier interoperation with peers that don't support changing their IKE identity, especially when such peers are located behind NAT (Network Address Translation).

If you have any questions or require assistance, contact Google Cloud Support.

Eventarc

Eventarc is available in this region: europe-southwest1 (Madrid, Spain).

Google Cloud Deploy Issuer switch

The issuer switch, which is part of the Payment Gateway, is now Generally Available.

Newly published documentation about the issuer switch features and API is available here: Issuer switch documentation

Vertex AI reCAPTCHA Enterprise

You can now enable platform logging for reCAPTCHA Enterprise API calls. For more information, see Working with platform logs.

June 27, 2022

Apigee API hub

On June 27, 2022 Apigee hub released a new version of the software.

Bug ID Description
227334287 An improved error dialog is displayed when an error occurs on API delete.
229852889 Reference lists now filter out their parent API to prevent self-references.
232250641 Resource IDs generated from names are now automatically truncated or padded to conform to length requirements.
236744313 Fixed an issue where the spinning progress indicator would not go away.
Cloud Build

Regional support for default pools and build triggers is now generally available. To learn more, see Cloud Build locations.

Cloud Composer

Cloud Composer supports Per-folder Roles Registration.

Cloud Functions

Cloud Functions now supports Java 17 at the General Availability release level.

Cloud Healthcare API

Improved performance when searching for large FHIR resources in the FHIR viewer.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.10.0 (2022-06-25)

Features
  • Add support for library instrumentation (#979) (2749974)
Documentation
  • sample: update README for native image sample (#974) (1512487)
Dependencies
  • update dependency com.google.cloud:google-cloud-shared-dependencies to v2.13.0 (#980) (18acf1f)
  • update dependency org.graalvm.buildtools:junit-platform-native to v0.9.12 (#976) (01d3213)

The Cloud Logging agent version 1-18 for Windows is now available. This version updates the location of the position files so they are retained across upgrades. For installation information, see Installing the Cloud Logging agent.

Cloud SQL for MySQL

Cloud SQL for MySQL supports in-place major version upgrades in Preview. You can upgrade your instance's major version to a more recent version. For more information, see Upgrade the database major version in-place.

Cloud Storage

Object Lifecycle Management now supports new conditions and a new action.

The XML API now supports setting a default Cloud KMS key on a bucket when creating the bucket.

Compute Engine

GA: You can now use the SSH troubleshooting tool from the Cloud console to help you determine the cause of failed SSH connections. For more information, see SSH troubleshooting tool.

Eventarc

Support for Firebase Realtime Database is in Preview.

Managed Service for Microsoft Active Directory

Support for schema extensions in Managed Microsoft AD is available for Preview. Learn how to extend the schema.

Migrate to Virtual Machines

The maximum amount of active VMs has been increased from 100 to 200 VMs.

Policy Intelligence

In the Cloud console, Policy Troubleshooter for IAM allow policies now reports if there are deny policies that could affect a principal's access.

Text-to-Speech

Cloud Text-to-Speech now supports Neural2 voices in addition to Standard and WaveNet voice generation models. Neural2 uses Custom Voice technology without the need to train a unique voice. Neural2 voices are in Preview and are currently available in a single region for a limited number of languages.

June 24, 2022

Anthos clusters on VMware

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.

Apigee hybrid

hybrid v1.7.2

On June 24, 2022 we released an updated version of the Apigee hybrid software, v1.7.2.

For information on upgrading, see Upgrading Apigee hybrid to version 1.7.

Bug ID Description
233094108 Fixed Stacktrace truncation in runtime containers to support proxy diagnosis.
236129944 Fixed the controller crashloopbackoff resulting from null pointer.
231313050 Fixed issue causing Apigee logger pod to remain in crashloopbackoff state.
236399482 Added support for ASM v1.13.
Cloud Bigtable

Cloud Bigtable is available in the us-east5 (Columbus) region. For more information, see Bigtable locations.

Cloud Database Migration Service

Database Migration Service now supports the migration of tables without primary keys in PostgreSQL. For tables that don't have primary keys, Database Migration Service supports the migration of the initial snapshot and INSERT statements during the change data capture (CDC) phase. You should migrate UPDATE and DELETE statements manually. Click here to access the documentation.

Cloud Monitoring

You can now collect Jetty metrics from the Ops Agent, starting with version 2.17.0. For more information, see Monitoring third-party applications: Jetty.

You can now view the configuration of charts on a dashboard while the dashboard is in read-only mode. For more information, see Show the chart configuration.

Cloud TPU

Cloud TPU now supports TensorFlow 2.6.5 and TensorFlow 2.7.3.

For more information see TensorFlow 2.6.5 and TensorFlow 2.7.3 release notes.

Google Kubernetes Engine

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. All Linux clusters (Container-Optimized OS and Ubuntu) are affected. For more information, refer to the GCP-2022-016 security bulletin.

You can now create dual-stack clusters in Alpha Compute Engine API-enabled projects with GKE versions 1.24.1-gke.1000 and later. With dual-stack networking, GKE assigns an IPv4 and an IPv6 address to the cluster nodes and Pods. You can create dual-stack Services of type ClusterIP or NodePort. This feature is now available in Preview. For more information, see the Dual-stack networking.

VPC Service Controls

General Availability for the following integration:

Security Token Service

June 23, 2022

Anthos clusters on AWS

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.

Anthos clusters on AWS (previous generation)

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.

Anthos clusters on Azure

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.

There is a bug in the Azure OS kernels used by some of the previous Anthos clusters on Azure versions. This bug will randomly cause disks to not mount in the OS when they are attached to the Azure VM. When this happens, clusters won't start up completely.

The following versions are affected:

  • 1.21.11-gke.100
  • 1.21.11-gke.1100
  • 1.22.8-gke.200
  • 1.22.8-gke.1300

Please always use the latest patch versions when creating a new cluster to avoid this issue.

For more information, see the Linux kernel bug.

Anthos clusters on bare metal

Release 1.11.3

Anthos clusters on bare metal 1.11.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.3 runs on Kubernetes 1.22.

Fixes:

The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee Integration

On June 23, 2022 we released an updated version of the Apigee Integrations software.

Apigee Integration trials

Starting with this release, Apigee Integrations is available in an Apigee Eval org which lets you try out the integrations feature without getting billed for the usage. For information, see Enable integrations in an eval org.

Updates to SetIntegrationRequest policy

The SetIntegrationRequest policy has the following updates:

  • Support for ref attribute in the <Parameter>, <ParameterArray>, and <Value> elements. By using this attribute, you can assign flow variable values to the parameters.

  • Empty  <Parameter> and <ParameterArray> elements are supported. However, if these elements are empty, Apigee treats the element value as null.

  • Empty <Value> element is not supported. If the element is empty, Apigee reports an error.

BigQuery

The BI Engine preferred tables feature lets you limit BI Engine acceleration to a specified set of tables. This feature is now in preview.

Cloud Composer

The earlier issue with DAG and task failures in Public IP environments in Cloud Composer 1 is now resolved for all impacted environments.

The apache-airflow-providers-google package upgraded to 2022.6.22+composer. Changes compared to version 2022.5.18+composer:

  • Fixed a regression in BigQueryToGCPOpertor after changes to links were introduced in #24416.
  • Fixed errors related to the usage of the service_account attribute by BeamRunJavaPipelineOperator.

Cloud Composer uses a custom version of the apache-airflow-providers-google package. This custom version is based on the public version 6.8.0. For information about other changes compared to version 6.8.0, see release notes for the previous versions of this package.

(Cloud Composer 2) Incremental task logs are now correctly refreshed and displayed in Airflow UI.

Cloud Composer 1.19.1 and 2.0.18 images are available:

  • composer-1.19.1-airflow-1.10.15 (default)
  • composer-1.19.1-airflow-2.1.4
  • composer-1.19.1-airflow-2.2.5
  • composer-2.0.18-airflow-2.1.4
  • composer-2.0.18-airflow-2.2.5

Cloud Composer 1.18.12 is a version with an extended upgrade timeline.

Cloud Composer versions 1.16.7 and 1.17.0.preview.3 have reached their end of full support period.

Cloud SQL for PostgreSQL

CloudSQL for PostgreSQL now supports replication from an external server.

Cloud Spanner

The PostgreSQL interface is now generally available, making the capabilities of Cloud Spanner accessible from the PostgreSQL ecosystem. It includes a core subset of the PostgreSQL SQL dialect, support for the psql command-line tool, native language clients, and integration into existing Google tools. For more information, see PostgreSQL interface.

Google Kubernetes Engine

(2022-R15) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.16-gke.11000
    • 1.20.15-gke.6000
    • 1.21.11-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8000
    • 1.21.11-gke.1900
    • 1.22.8-gke.201
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.1700
    • 1.22.9-gke.1300
    • 1.23.6-gke.1500
    • 1.24.0-gke.1801
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.

(2022-R15) Version updates

(2022-R15) Version updates

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.16-gke.11000
    • 1.20.15-gke.6000
    • 1.21.11-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.

(2022-R15) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8000
    • 1.21.11-gke.1900
    • 1.22.8-gke.201
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.

(2022-R15) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.1700
    • 1.22.9-gke.1300
    • 1.23.6-gke.1500
    • 1.24.0-gke.1801
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.
Recommendations AI

The Recommendations AI documentation set at https://cloud.google.com/retail/recommendations-ai/docs will be removed on July 5, 2022. This documentation set describes how to use the Recommendations console to manage and monitor Recommendations AI. We no longer recommend this console. After July 5, 2022, links to this documentation will redirect to the equivalent page in the Retail documentation at https://cloud.google.com/retail/docs.

We recommend that you use the Retail console to manage Recommendations AI. Find the documentation for the Retail console at https://cloud.google.com/retail/docs.

If you have not yet switched from the Recommendations console to the Retail console, see Switch to the Retail console.

June 22, 2022

Chronicle

The following supported default parsers have changed (listed by product name and ingestion label):

  • Akamai WAF (AKAMAI_WAF)
  • Aruba IPS (ARUBA_IPS)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Check Point (CHECKPOINT_FIREWALL)
  • Cisco ACS (CISCO_ACS)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • CloudM (CLOUDM)
  • CrowdStrike Falcon (CS_EDR)
  • EPIC Systems (EPIC)
  • Forescout NAC (FORESCOUT_NAC)
  • FortiGate (FORTINET_FIREWALL)
  • GCP Compute (GCP_COMPUTE)
  • IBM DataPower Gateway (IBM_DATAPOWER)
  • Imperva (IMPERVA_WAF)
  • JAMF Protect (JAMF_PROTECT)
  • Linux Auditing System (AuditD) (AUDITD)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Netskope (NETSKOPE_ALERT)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Preempt Alert (PREEMPT)
  • RSA (RSA_AUTH_MANAGER)
  • SentinelOne EDR (SENTINEL_EDR)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • Sourcefire (SOURCEFIRE_IDS)
  • Suricata IDS (SURICATA_IDS)
  • Symantec Web Isolation (SYMANTEC_WEB_ISOLATION)
  • Tripwire (TRIPWIRE_FIM)
  • Unix system (NIX_SYSTEM)
  • VMware AirWatch (AIRWATCH)
  • VMware ESXi (VMWARE_ESX)
  • VMware NSX (VMWARE_NSX)
  • WatchGuard (WATCHGUARD)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • Zscaler (ZSCALER_WEBPROXY)

For details about changes in each parser, see Supported default parsers.

Cloud Billing

Preview: You can now get cost insights in the Recommender API, and use them to detect anomalies in your costs. For example, you see a cost insight in the API if your costs for a day are significantly higher or lower than your typical daily costs.

Compute Engine

The CPU utilization observability metric is incorrect for VMs that use one thread per core. For more information, see Known issues.

Google Kubernetes Engine

To deliver a better default price-performance for applications, all GKE clusters created with control plane version 1.24 and later have the Balanced Persistent Disk (PD) by default for attached volumes. Additionally, the node boot disk default has also been changed to Balanced Persistent Disk (PD).

The new default for attached volumes is applied to all clusters running control plane version 1.24 and later. The new default node boot disk is applied to all new node pools of any node pool version created in a cluster with control plane version 1.24 and later. Existing preferences will not be changed.

For more information on boot disks, see Configuring a custom boot disk.

For more information on attached volumes see Persistent volumes and dynamic provisioning.

Virtual Private Cloud

Private Service Connect supports publishing a service that is hosted on an internal regional TCP proxy load balancer in a service producer VPC network. The backends can be located in Google Cloud, in other clouds, in an on-premises environment, or any combination of these locations.

This feature is available in Preview.

June 21, 2022

Apigee Integrated Portal

On June 21, we released an updated version of Apigee integrated portal.

Added the ability to sort by Name and Created fields in the Apps and Teams tables. Click the column heading to sort.

Apigee UI

On June 21, 2022 we released an updated version of the Apigee UI,

The Data Collectors UI is now generally available.

A search bar has been added to the new Proxy Editor Develop view. This lets you search for items within a proxy or sharedflow bundle.

Apigee X

On June 21, 2022, we released an updated version of Apigee X (1-8-0-apigee-18).

Bug ID Description
234355351 Fixed issue with message processor pods restarting frequently. Added backoff polling task for Cloud KMS key listener. The listener is paused only when the flush policy is met.
N/A Upgraded infrastructure and libraries.
BigQuery

Query queues are now available in preview for on-demand and flat-rate customers. When query queues are enabled, BigQuery automatically determines the query concurrency rather than setting a fixed limit. Flat-rate customers can override this setting with a custom concurrency target. Additional queries beyond the concurrency target are queued until processing resources become available.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for SQL Server

You can enable an instance to publish to a subscriber that is external (or internal) to Cloud SQL. In this scenario, Cloud SQL for SQL Server can act as a publisher to an external subscriber. This functionality, which is generally available, uses transactional replication.

For more information, see Configure external replicas.

In Cloud SQL, you can use SQL Server Audit capabilities to track and log server-level and database-level events. This functionality is generally available.

For more information, see SQL Server database auditing.

Config Connector

Config Connector version 1.89.0 is now available.

Added support for PubSubSchema resource.

Added spec.cdnPolicy.cacheKeyPolicy field to ComputeBackendBucket.

Fixed bulk-export for MonitoringAlertPolicy.

Dataproc

New sub-minor versions of Dataproc images:

1.5.70-debian10, 1.5.70-rocky8, 1.5.70-ubuntu18

2.0.44-debian10, 2.0.44-rocky8, 2.0.44-ubuntu18

Dataproc Metastore: For 1.5 images, added a spark.hadoop.hive.eager.fetch.functions.enabled Spark Hive client property to control whether the client fetches all functions from Hive Metastore during initialization. The default setting is true, which preserves the existing behavior of fetching all functions. If set to false, the client will not fetch all functions during initialization, which can help reduce high latency during initialization, particularly when there are many functions and the Metastore is not located in the client's region.

For 1.5 and 2.0 images, backported YARN-9608 to fix the issue in graceful decommissioning.

Dialogflow

The Dialogflow CX search feature is now GA (generally available).

Migrate to Containers

Inventory retrieval for Local VMWare, Google Compute Engine, and Migrate for Compute Engine v5 source providers

A VM inventory is now available for local VMWare, Google Computer Engine, and Migrate 4 Computer Engine v5 source providers and is accessible through both Cloud Console and migctl. Using this feature, the list of candidate VMs for migration can be viewed for a given source, including the VM ID required to start a new migration.

  • To access the inventory through Cloud Console: go to your sources page, and select a source from the dropdown.

  • To access the inventory through migctl run the migctl source list-vms <my-source> command.

Tomcat health probes

Tomcat deployments will use Kubernetes readiness and liveness probes by default. Users can disable or modify those probes while editing the migration plan. Use health probes to provide better pod management and reduce down time during scaling and rolling updates. To learn more about the available probes, see Set Tomcat health probes.

Linux S