The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.
You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml
August 10, 2022
Apigee IntegrationOn August 10, 2022 we released an updated version of the Apigee Integration software.
Support for VPC Service Controls (Preview)
VPC Service Controls lets you define a security perimeter around the Apigee Integration Google Cloud service. For more information, see Set up VPC Service Controls for Apigee Integration.
You can now set default configurations at a project or organization level. This feature is now generally available (GA).
Cloud Spanner federated queries are now generally available (GA).
You can now create uptime checks for Cloud Run public endpoints by using the Monitoring API and specifying the Cloud Run Revision monitored-resource type.
Removed ability to create stateless firewall rules for new projects and projects that have not yet created stateless rules. Projects containing existing stateless rules can continue to modify those rules. Customers can continue to create a firewall rule set in NSX-T Gateway or NSX-T Distributed Firewall rules.
In March 2023, we plan to remove any remaining stateless rules that have not been transitioned to NSX-T Gateway or NSX-T Distributed Firewall rules. If there are any questions about how to make this transition, contact Cloud Customer Care.
Removed ability to create point-to-site (P2S) VPN gateways for new projects and projects that have not yet created P2S VPN gateways. Projects containing existing gateways can continue to modify those gateways. Customers can continue to use an alternative VPN solution. For details, see Connecting using VPN.
In March 2023, we plan to remove any remaining VPN gateways that have not been transitioned to an alternative VPN solution. If there are any questions about how to make this transition, contact Cloud Customer Care.
Storage Transfer Service now supports transfers from AWS S3 using self-hosted transfer agents. This feature provides a way to configure the data transfer path between AWS and Google Cloud and offers more control over performance.
See the documentation for details.
General availability for the following integration:
August 09, 2022
BigQuery Cloud DomainsImporting a domain from Google Domains to Cloud Domains is available in Preview.
The organization of the SLO monitoring Services Overview page has been improved. The new layout provides a better experience when you don't yet have any services. When you have services, the new Supported Services list indicates how many of each type you have. You can also use the list to filter the services table to include all services of a selected type. For more information, see Services Overview dashboard.
August 08, 2022
Anthos clusters on AWS (previous generation)Anthos clusters on AWS (previous generation) aws-1.12.1-gke.0 is now available.
You can now launch clusters with the following Kubernetes versions:
- 1.23.8-gke.2000
- 1.22.12-gke.300
- 1.21.14-gke.2100
This release fixes the following vulnerabilities:
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for bigquery/storage/apiv1beta1
1.37.0 (2022-08-04)
Features
- bigquery/connection: Add service_account_id output field to CloudSQL properties (1d6fbcc)
- bigquery/storage/managedwriter: refactor AppendResponse (#6402) (c07bca2)
- bigquery: support JSON as a data type (#5986) (835fe4f)
Bug Fixes
Documentation
- bigquery/storage: clarify size limitations for AppendRowsRequest chore: add preferred_min_stream_count to CreateReadSessionRequest chore: add write_stream to AppendRowsResponse (1d6fbcc)
The following changes are available in the Unified Data Model:
- The File.ashash field was deprecated and replaced with the File.authentihash field.
- The day_max field was added to the Prevalence type.
Descriptions of the File.FileType Enum values are now available in the Unified Data Model field list document.
For a list of all fields in the Unified Data Model, and their descriptions, see the Unified Data Model field list.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.10.1 (2022-08-01)
Bug Fixes
Dependencies
Python
Changes for google-cloud-bigtable
2.11.0 (2022-08-04)
Features
- Add audience parameter (a7a7699)
- Add
satisfies_pzs
output-only field (#614) (7dc1469) - Add
storage_utilization_gib_per_node
to Autoscaling target (a7a7699) - Cloud Bigtable Undelete Table service and message proto files (a7a7699)
Bug Fixes
Performance Improvements
External TCP/UDP network load balancers can now be configured to handle IPv6 traffic from clients. To enable this, you must configure your subnet, backend VMs, and the forwarding rules to handle IPv6 traffic.
This feature is only available for backend service-based network load balancers.
For details, see:
This feature is available in General Availability.
Generally Available: Internal and external IPv6 addresses for Google Compute Engine instances are available in all regions.
For more information, see Configuring IPv6 for instances and Creating instances with multiple network interfaces.
Newly created GKE Clusters on version 1.24 or later using Services without .spec.ports
field defined will cause a crash-loop of the ingress-gce controller (l7lbcontroller
pod). This will result in not being able to provide L7 Ingress, L4 Internal LoadBalancer Service with Subsetting turned on, and L4 Network LoadBalancer based on Regional Backend Services in the cluster.
To recover from this situation, delete the Service without a port specified or recreate the cluster without any Service with .spec.ports
undefined.
Connectivity Tests now includes a feature that performs live data plane analysis by testing connectivity between a VM and a Google network edge location. This feature is available for the following traffic flows:
- Between VM and non-Google Cloud network
- Between VM and Cloud SQL instances
In the Google Cloud console, you can see the results of this analysis in the column labeled Last live data plane analysis result. In the gcloud command-line and API responses, you can see the results in the probingDetails
object.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.120.9 (2022-08-03)
Dependencies
- update dependency com.google.cloud:google-cloud-core to v2.8.7 (#1227) (e967b2c)
- update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.1 (#1226) (8fab566)
1.120.8 (2022-08-02)
Dependencies
1.120.7 (2022-08-01)
Bug Fixes
1.120.6 (2022-08-01)
Dependencies
- update dependency com.google.cloud:google-cloud-bigquery to v2.14.1 (#1215) (5667492)
- update dependency com.google.cloud:google-cloud-core to v2.8.5 (#1213) (5db0c2c)
- update dependency com.google.protobuf:protobuf-java-util to v3.21.4 (#1214) (bfc53d9)
- update dependency org.apache.avro:avro to v1.11.1 (#1210) (fafcded)
1.120.11 (2022-08-06)
Bug Fixes
Dependencies
- update dependency com.google.cloud:google-cloud-bigquery to v2.14.2 (#1235) (e2af6c3)
- update dependency com.google.cloud:google-cloud-bigquery to v2.14.3 (#1236) (399e8d7)
1.120.10 (2022-08-04)
Dependencies
Event Threat Detection, a built-in service of Security Command Center, launched the following rules to Preview.
Discovery: Can get sensitive Kubernetes object check
Privilege Escalation: Changes to sensitive Kubernetes RBAC objects
Privilege Escalation: Create Kubernetes CSR for master cert
Privilege Escalation: Creation of sensitive Kubernetes bindings
Privilege Escalation: Get Kubernetes CSR with compromised bootstrap credentials
Privilege Escalation: Launch of privileged Kubernetes container
These rules detect scenarios where a malicious actor attempted to query for or escalate privileges in Google Kubernetes Engine. For more information, see Event Threat Detection rules.
Beta stage support for the following integration:
Internal and external IPv6 addresses are available in all regions in General Availability:
Subnets: Dual-stack subnets that have both IPv4 and IPv6 subnet ranges.
Routes: Subnet routes for IPv6 subnet ranges.
Instances: Dual-stack instances with both IPv4 and IPv6 addresses, including instances with multiple network interfaces.
August 05, 2022
Cloud SQL for PostgreSQLThe new Cloud SQL System insights dashboard helps you detect and analyze system performance problems.
Generally available: You can now use the os-config troubleshoot command
to help verify the setup of VM Manager. For more information, see Verifying VM Manager setup.
You can now schedule a custom cycle to refresh shadowed rule insights in Firewall Insights. For more information, see Schedule a custom refresh cycle.
Firewall Insights now identifies firewall misconfigurations for firewall rules which contain IPv6 IP address ranges. For more information, see Firewall Insights overview.
Text-to-Speech now offers these new voices. See the supported voices page for a complete list of voices and audio samples.
- cloud-pt-BR-Standard-C
- cloud-pt-BR-Wavenet-C
Beta stage support for the following integration:
Network firewall policies and regional firewall policies are now available in General Availability.
Added skip_polling
so that connectors can execute asynchronously without waiting for the operation to complete.
August 04, 2022
Anthos clusters on AWSThis release fixes the following vulnerabilities:
- CVE-2016-10228.
- CVE-2018-16301.
- CVE-2018-25032.
- CVE-2019-18276.
- CVE-2019-20838.
- CVE-2020-1712.
- CVE-2019-25013.
- CVE-2020-14155.
- CVE-2020-27618.
- CVE-2020-27820.
- CVE-2020-29562.
- CVE-2020-6096.
- CVE-2020-8037.
- CVE-2021-20193.
- CVE-2021-26401.
- CVE-2021-27645.
- CVE-2021-28711.
- CVE-2021-28712.
- CVE-2021-28713.
- CVE-2021-28714.
- CVE-2021-28715.
- CVE-2021-3326.
- CVE-2021-35942.
- CVE-2021-36084.
- CVE-2021-36085.
- CVE-2021-36086.
- CVE-2021-36087.
- CVE-2021-36690.
- CVE-2021-3711.
- CVE-2021-3712.
- CVE-2021-3772.
- CVE-2021-39685.
- CVE-2021-39686.
- CVE-2021-39698.
- CVE-2021-3995.
- CVE-2021-3996.
- CVE-2021-3999.
- CVE-2021-4083.
- CVE-2021-4135.
- CVE-2021-4155.
- CVE-2021-4160.
- CVE-2021-4197.
- CVE-2021-4202.
- CVE-2021-43566.
- CVE-2021-43618.
- CVE-2021-43975.
- CVE-2021-43976.
- CVE-2021-44733.
- CVE-2021-45095.
- CVE-2021-45469.
- CVE-2021-45480.
- CVE-2022-0330.
- CVE-2022-0435.
- CVE-2022-0516.
- CVE-2022-0617.
- CVE-2022-0778.
- CVE-2022-1011.
- CVE-2022-1016.
- CVE-2022-1158.
- CVE-2022-1198.
- CVE-2022-1271.
- CVE-2022-1292.
- CVE-2022-1304.
- CVE-2022-1353.
- CVE-2022-1516.
- CVE-2022-1664.
- CVE-2022-1966.
- CVE-2022-20008.
- CVE-2022-20009.
- CVE-2022-2068.
- CVE-2022-2097.
- CVE-2022-2327.
- CVE-2022-21123.
- CVE-2022-21125.
- CVE-2022-21166.
- CVE-2022-21499.
- CVE-2022-22576.
- CVE-2022-22942.
- CVE-2022-23036.
- CVE-2022-23037.
- CVE-2022-23038.
- CVE-2022-23039.
- CVE-2022-23040.
- CVE-2022-23041.
- CVE-2022-23042.
- CVE-2022-23218.
- CVE-2022-23219.
- CVE-2022-24407.
- CVE-2022-24448.
- CVE-2022-24958.
- CVE-2022-24959.
- CVE-2022-25258.
- CVE-2022-25375.
- CVE-2022-25636.
- CVE-2022-26490.
- CVE-2022-26966.
- CVE-2022-27223.
- CVE-2022-27666.
- CVE-2022-27774.
- CVE-2022-27775.
- CVE-2022-27776.
- CVE-2022-27781.
- CVE-2022-27782.
- CVE-2022-28356.
- CVE-2022-28388.
- CVE-2022-28389.
- CVE-2022-28390.
- CVE-2022-29155.
- CVE-2022-30594.
- CVE-2022-32206.
- CVE-2022-32208.
This list has been updated to include CVE-2022-2327.
This release fixes the following vulnerabilities:
- CVE-2016-10228.
- CVE-2018-16301.
- CVE-2018-25032.
- CVE-2019-18276.
- CVE-2019-20838.
- CVE-2019-25013.
- CVE-2020-14155.
- CVE-2020-27618.
- CVE-2020-27820.
- CVE-2020-29562.
- CVE-2020-6096.
- CVE-2020-8037.
- CVE-2021-20193.
- CVE-2021-26401.
- CVE-2021-27645.
- CVE-2021-28711.
- CVE-2021-28712.
- CVE-2021-28713.
- CVE-2021-28714.
- CVE-2021-28715.
- CVE-2021-3326.
- CVE-2021-35942.
- CVE-2021-36084.
- CVE-2021-36085.
- CVE-2021-36086.
- CVE-2021-36087.
- CVE-2021-36690.
- CVE-2021-3711.
- CVE-2021-3712.
- CVE-2021-3772.
- CVE-2021-39685.
- CVE-2021-39686.
- CVE-2021-39698.
- CVE-2021-3995.
- CVE-2021-3996.
- CVE-2021-3999.
- CVE-2021-4083.
- CVE-2021-4135.
- CVE-2021-4155.
- CVE-2021-4160.
- CVE-2021-4197.
- CVE-2021-4202.
- CVE-2021-43566.
- CVE-2021-43618.
- CVE-2021-43975.
- CVE-2021-43976.
- CVE-2021-44733.
- CVE-2021-45095.
- CVE-2021-45469.
- CVE-2021-45480.
- CVE-2022-0330.
- CVE-2022-0435.
- CVE-2022-0516.
- CVE-2022-0617.
- CVE-2022-0778.
- CVE-2022-1011.
- CVE-2022-1016.
- CVE-2022-1158.
- CVE-2022-1198.
- CVE-2022-1271.
- CVE-2022-1292.
- CVE-2022-1304.
- CVE-2022-1353.
- CVE-2022-1516.
- CVE-2022-1664.
- CVE-2022-1966.
- CVE-2022-20008.
- CVE-2022-20009.
- CVE-2022-2068.
- CVE-2022-2097.
- CVE-2022-2327.
- CVE-2022-21123.
- CVE-2022-21125.
- CVE-2022-21166.
- CVE-2022-21499.
- CVE-2022-22576.
- CVE-2022-22942.
- CVE-2022-23036.
- CVE-2022-23037.
- CVE-2022-23038.
- CVE-2022-23039.
- CVE-2022-23040.
- CVE-2022-23041.
- CVE-2022-23042.
- CVE-2022-23218.
- CVE-2022-23219.
- CVE-2022-24407.
- CVE-2022-24448.
- CVE-2022-24958.
- CVE-2022-24959.
- CVE-2022-25258.
- CVE-2022-25375.
- CVE-2022-25636.
- CVE-2022-26490.
- CVE-2022-26966.
- CVE-2022-27223.
- CVE-2022-27774.
- CVE-2022-27775.
- CVE-2022-27776.
- CVE-2022-27781.
- CVE-2022-27782.
- CVE-2022-28356.
- CVE-2022-28388.
- CVE-2022-28389.
- CVE-2022-28390.
- CVE-2022-29155.
- CVE-2022-30594.
- CVE-2022-32206.
- CVE-2022-32208.
This list has been updated to include CVE-2022-2327.
Release 1.11.4
Anthos clusters on bare metal 1.11.4 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.4 runs on Kubernetes 1.23.
Fixes:
- Fixed issue in which cluster restores failed when
/var/lib/etcd
is a mount point. - Fixed issue in which attempts to skip minor versions when upgrading weren't blocked. For details about the upgrade policy, see Minor version upgrades.
The following container image security vulnerabilities have been fixed:
Known issues:
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
The Logs Explorer query results now show an icon for log entries that are part of error groups. You can click the icon to view details about the error group, exclude or show only log entries from the error group in the query results, or view related documentation. For more information, see Find log entries with error groups.
Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:
- Ashburn, Virginia, North America:
us-east4-a
For more information about using GPUs on Compute Engine, see GPU platforms.
Config Connector version 1.91.0 is now available.
Fixed issue where if ContainerCluster
had the remove-default-node-pool
directive set to true
and there was a ContainerNodePool
associated with it, after deleting the successfully reconciled ContainerNodePool
, ContainerCluster
would get stuck on the UpdateFailed
state.
Fixed issue where SQLInstance
could not reference KMSCryptoKey
.
Added support for the IAMWorkforcePool
resource.
Added spec.configmanagement.policyController.monitoring
and spec.configmanagement.policyController.mutationEnabled
fields to GKEHubFeatureMembership
.
Added support for state-into-spec
to StorageBucket
.
Fixed all reference docs so that code samples now work when they're copy/pasted.
(2022-R19) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
The following control plane and node versions are now available:
The following control plane versions are no longer available:
- 1.21.12-gke.1500
- 1.24.2-gke.300
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.
Stable channel
The following versions are now available in the Stable channel:
Version 1.21.12-gke.2200 is now the default version in the Stable channel.
The following versions are no longer available in the Stable channel:
- 1.21.12-gke.1700
- 1.22.8-gke.201
- 1.22.8-gke.202
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
Regular channel
The following versions are now available in the Regular channel:
The following versions are no longer available in the Regular channel:
- 1.20.15-gke.9900
- 1.21.12-gke.2200
- 1.22.8-gke.202
- 1.23.5-gke.1503
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.
Rapid channel
The following versions are now available in the Rapid channel:
Version 1.23.8-gke.1900 is now the default version in the Rapid channel.
The following versions are no longer available in the Rapid channel:
- 1.21.14-gke.700
- 1.22.10-gke.600
- 1.22.11-gke.400
- 1.23.6-gke.2200
- 1.23.7-gke.1400
- 1.23.8-gke.400
- 1.24.2-gke.300
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.13400 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.2100 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.300 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.8-gke.1900 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.
(2022-R19) Version updates
The following control plane and node versions are now available:
The following control plane versions are no longer available:
- 1.21.12-gke.1500
- 1.24.2-gke.300
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.
Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.
(2022-R19) Version updates
The following versions are now available in the Stable channel:
Version 1.21.12-gke.2200 is now the default version in the Stable channel.
The following versions are no longer available in the Stable channel:
- 1.21.12-gke.1700
- 1.22.8-gke.201
- 1.22.8-gke.202
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
(2022-R19) Version updates
The following versions are now available in the Regular channel:
The following versions are no longer available in the Regular channel:
- 1.20.15-gke.9900
- 1.21.12-gke.2200
- 1.22.8-gke.202
- 1.23.5-gke.1503
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.
Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.
(2022-R19) Version updates
The following versions are now available in the Rapid channel:
Version 1.23.8-gke.1900 is now the default version in the Rapid channel.
The following versions are no longer available in the Rapid channel:
- 1.21.14-gke.700
- 1.22.10-gke.600
- 1.22.11-gke.400
- 1.23.6-gke.2200
- 1.23.7-gke.1400
- 1.23.8-gke.400
- 1.24.2-gke.300
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.13400 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.2100 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.300 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.8-gke.1900 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.
August 03, 2022
Access ApprovalAccess Approval supports Secret Manager in Preview stage.
You can now launch clusters with the following Kubernetes versions:
- 1.23.8-gke.1700
- 1.22.12-gke.200
- 1.21.14-gke.2100
You can now launch clusters with the following Kubernetes versions:
- 1.23.8-gke.1700
- 1.22.12-gke.200
- 1.21.14-gke.2100
Release 1.12.1
Anthos clusters on bare metal 1.12.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.1 runs on Kubernetes 1.23.
Functionality changes:
Increased default memory limits for
coredns
,metallb-controller
,metallb-speaker
,metrics-server
,anthos-cluster-operator
, andcap-controller-manager
.Modified the dashboards
Anthos cluster pod status
andAnthos cluster node status
. Specifically, the following changes were made:- Replaced
cadvisor
resource metrics with summary API resource metrics. - Added
cpu
,memory
, andvolume
utilization metrics.
If you have already installed these dashboards in a project, you need to download the JSON files
Anthos-cluster-pod-status.json
andAnthos-cluster-node-status.json
from the Dashboards for Anthos GitHub repository. You then need to import these JSON files into Cloud Monitoring. For details, see Install sample dashboards.- Replaced
Fixes:
- Fixed issue in which nodes drained or cordoned by
kubectl
were mistakenly marked as schedulable. - Fixed issue in which cluster controller and autoscaler conflicted with each other in the scaling of
istiod
,coredns
, andistio-ingress
Pods. - Fixed issue in which the wrong data type was used in health check log messages, resulting in panic messages.
- Fixed issue in which cluster restores failed when
/var/lib/etcd
is a mount point. - Fixed issue in which attempts to skip minor versions when upgrading weren't blocked. For details about the upgrade policy, see Minor version upgrades.
- Fixed issue in which an external VIP Service of type LoadBalancer would not respond when flat IP mode was enabled.
The following container image security vulnerabilities have been fixed:
Known issues:
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
Release 1.12.1 ships with containerd
version 1.5.13, which requires libseccomp
version 2.5 or higher. If your system doesn't have libseccomp
version 2.5 or higher installed, update it in advance of upgrading existing clusters to version 1.12.1. Otherwise, you may see errors in cplb-update
Pods for load balancer nodes such as:
runc did not terminate successfully: runc: symbol lookup error: runc:
undefined symbol: seccomp_notify_respond
To install the latest version of libseccomp
in Ubuntu, run the following command:
sudo apt-get install libseccomp-dev
To install the latest version of libseccomp
in CentOS or RHEL, run the following command:
sudo dnf -y install libseccomp-devel
On August 3, 2022 Apigee hub released a new version of the software.
Bug ID | Description |
---|---|
241241073 | Changed API hub UI route prefix from apigee/api-registry to apigee/hub . The previous apigee/api-registry path will still continue to work, but will redirect to apigee/hub automatically. |
The max_staleness
materialized view option helps you achieve consistently high performance with controlled costs when processing large, frequently changing datasets. This feature is now in preview.
The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.
- AWS Cloudtrail (AWS_CLOUDTRAIL)
- AWS Route 53 DNS (AWS_ROUTE_53)
- AWS S3 Server Access (AWS_S3_SERVER_ACCESS)
- AWS WAF (AWS_WAF)
- Box (BOX)
- Cisco Switch (CISCO_SWITCH)
- Citrix Storefront (CITRIX_STOREFRONT)
- CrowdStrike Falcon (CS_EDR)
- Dell OpenManage (DELL_OPENMANAGE)
- F5 VPN (F5_VPN)
- Falco IDS (FALCO_IDS)
- GCP Cloud SQL (GCP_CLOUDSQL)
- GCP VPC Flow (GCP_VPC_FLOW)
- Imperva SecureSphere Management (IMPERVA_SECURESPHERE)
- Linux Auditing System AuditD (AUDITD)
- McAfee ePolicy Orchestrator (MCAFEE_EPO)
- Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
- Netskope (NETSKOPE_ALERT)
- NIMBLE OS (NIMBLE_OS)
- Office 365 (OFFICE_365)
- Oracle (ORACLE_DB)
- Ping Identity (PING)
- SentinelOne EDR (SENTINEL_EDR)
- Snare System Diagnostic Logs (SNARE_SOLUTIONS)
- Sophos AV (SOPHOS_AV)
- Suricata EVE (SURICATA_EVE)
- Symantec Endpoint Protection (SEP)
- TeamViewer (TEAMVIEWER)
- Vectra Stream (VECTRA_STREAM)
- VMware ESXi (VMWARE_ESX)
- Windows Defender ATP (WINDOWS_DEFENDER_ATP)
- Windows Event (WINEVTLOG)
- Workspace Activities (WORKSPACE_ACTIVITY)
For details about changes in each parser, see Supported default parsers.
Cloud Functions has released Cloud Functions (2nd gen), available at the General Availability release level. Cloud Functions (2nd gen) is Google Cloud's next-generation Functions-as-a-Service offering. This new version of Cloud Functions comes with an advanced feature set, giving you more powerful infrastructure, advanced control over performance and scalability, more control around the functions runtime, and triggers from over 90 event sources.
See Cloud Functions version comparison for details.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
Dedicated Interconnect support is available in the following colocation facilities:
- NXDATA-1 Bucharest Romania (BU1), Bucharest
- TIS Lammed, Tel Aviv
- Bitech SDS, Tel Aviv
For more information, see the Locations table.
Network Load Balancing logging and Internal TCP/UDP Load Balancing logging are now available in Preview.
GKE total size control is now available in GKE version 1.24 clusters. For autoscaled node pools you can now set the minimum and maximum number of the total number of nodes across all zones, rather than specify a per zone limit. To learn more, see Cluster autoscaler.
The maximum number of Pods that can run on each node has increased from 110 to 256 with GKE version 1.23.5-gke.1300 or later. To learn more, see Optimizing IP address allocation.
RDB Snapshots are now Generally Available on Memorystore for Redis.
Serving controls can now be imported from and exported to files. This allows you to move serving controls between projects and do bulk edits and additions of serving controls within a project. This feature is available in Preview.
See the new documentation:
Configuring an internal TCP/UDP load balancer and network load balancer in Service Directory is available in GA.
August 02, 2022
Anthos clusters on VMwareA new vulnerability CVE-2022-2327 has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.
For more information, see the GCP-2022-018 security bulletin.
Customer-managed encryption key (CMEK) organization policy constraints are now generally available (GA).
constraints/gcp.restrictNonCmekServices
allows you to control which resources require the use of CMEK.constraints/gcp.restrictCmekCryptoKeyProjects
allows you to control the projects from which a Cloud KMS key can be used to validate requests.- You can use both constraints together to enforce the use of CMEK from allowed projects.
New commands are now available gcloud alpha storage
.
- Commands include the ability to create buckets, view metadata for buckets and objects, and edit metadata for buckets and objects.
- Note that all Cloud Storage
gcloud
commands continue to be in Preview.
Several updates to Migrate to Virtual Machines:
- Migrate to Virtual Machines now available in regions
europe-west8
,europe-west9
, andeurope-southwest9
. - Supported operating systems have been updated.
- Migrate to Virtual Machines now generates adaptation reports during your replication cycles, clones, and cut-over cycles.
Two Organization Policy constraints have launched into general availability to help ensure CMEK usage across an organization. For more information, see CMEK organization policies.
Workflows is available in the following additional regions:
asia-northeast2
(Osaka, Japan)asia-south2
(Delhi, India)australia-southeast2
(Melbourne, Australia)europe-north1
(Hamina, Finland)europe-west2
(London, England)europe-west3
(Frankfurt, Germany)southamerica-east1
(Osasco, São Paulo, Brazil)us-east4
(Ashburn, Virginia, United States)us-west4
(Las Vegas, Nevada, United States)
The following functions have been added:
August 01, 2022
AnthosAnthos component releases for July, 2022
Anthos clusters on VMware:
- July 07, 2022: 1.12.0-gke.446 patch release
- July 19, 2022: 1.9.7-gke.8 patch release
- July 27, 2022: 1.11.2-gke.53 patch release
Anthos clusters on bare metal:
Anthos clusters on AWS:
Anthos clusters on Azure:
Anthos Config Management:
Anthos Service Mesh:
Connect:
- N/A
Cloud Run for Anthos:
- N/A
Migrate to Containers:
- N/A
Cloud Logging:
- July 14, 2022: release updates
- July 15, 2022: release updates
- July 18, 2022: release updates
- July 26, 2022: release updates
Cloud Monitoring:
The Mesh Config API (meshconfig.googleapis.com
) now enables the Connect Gateway API (connectgateway.googleapis.com
) and the GKE Hub API (gkehub.googleapis.com
). This change does not incur any additional cost.
A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.
For more information, see the GCP-2022-018 security bulletin.
A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.
For more information, see the GCP-2022-018 security bulletin.
A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.
For more information, see the GCP-2022-018 security bulletin.
Release 1.10.7
Anthos clusters on bare metal 1.10.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.7 runs on Kubernetes 1.21.
Fixed a
CrashLoopBackOff
error generated bygke-metrics-agent
when application metrics are enabled (that is, whenenableStackdriverForApplications=true
).The following container image security vulnerabilities have been fixed:
Known issues:
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-bigquery
3.3.0 (2022-07-25)
Features
Bug Fixes
Documentation
The trigonometric SQL function CBRT is now generally available (GA). With this function, you can compute the cube root of a value.
The LOAD DATA
statement
is now available for Preview in Google Standard SQL for BigQuery.
You can use the LOAD DATA
statement to load data from one or more files into a table.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.10.0 (2022-07-26)
Features
- Add response protos (#1246) (52d59ce)
- Add response_params proto to clients (#1303) (93edfe1)
- Add storage utilization gib per node for autoscaling (#1317) (5282589)
- Use PingAndWarm request for channel priming (#1179) (6629821)
Bug Fixes
- Enable integration test for google-cloud-bigtable-stats (#1311) (7c77879)
- Fix race condition in BuiltinMetricsTracer (#1320) (644454a)
- Ignore repackaged files to fix clirr (#1300) (99b67ba)
Dependencies
Cloud DLP can de-identify sensitive data stored in Cloud Storage. This feature is in generally available. For more information, see De-identification of sensitive data in storage.
Bucket tags are now available in Preview. You can apply tags to buckets for fine-grained access control.
New sub-minor versions of Dataproc images:
1.5.72-debian10
, 1.5.72-rocky8
, 1.5.72-ubuntu18
2.0.46-debian10
, 2.0.46-rocky8, 2.0.46-ubuntu18
Upgraded Hadoop to version 3.2.3 in 2.0 images.
Upgraded Hadoop to version 2.10.2 version 2.10.2 in 1.5 images.
Default MySQL instance root password changed to a random value in 1.5 and 2.0 images. New password is now stored in MySQL configuration file accessible only by the OS level root user.
Backported the patch for KNOX-1997 in 2.0 images.
Backported the patch for HIVE-19048 in 2.0 images.
Backported the patches for HIVE-19047 and HIVE-19048 in 1.5 images.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.120.5 (2022-07-30)
Dependencies
1.120.4 (2022-07-29)
Bug Fixes
1.120.3 (2022-07-27)
Dependencies
1.120.2 (2022-07-25)
Bug Fixes
- enable longpaths support for windows test (#1485) (#1191) (c4b8d90)
- PubSubMessage leak on MessageDispatcher (#1197) (1b8c440)
Dependencies
TensorFlow Profiler integration: Debug model training performance for your custom training jobs. For details, see Profile model training performance using Profiler.
July 29, 2022
Apigee hybridhybrid v1.7.3
On July 29, 2022 we released an updated version of the Apigee hybrid software, v1.7.3.
For information on upgrading, see Upgrading Apigee hybrid to version 1.7.
Bug ID | Description |
---|---|
219622478 | Fixed the CPS property token so that when set to true , it will allow the instance to shutdown and reboot when cassandra connection failures occur. |
232529030 | Replaced the Logging fluentbit container environment variable http_proxy with HTTP_FORWARD_PROXY to maintain compatibility with fluentbit 1.8. |
238370197 | Fixed an issue where the timeTaken variable's value could sometimes be calculated incorrectly. |
Bug ID | Description |
---|---|
N/A | Security fix for CVE-2022-22963. |
Enhancements to Bare Metal Solution resource management–Adds the following functionality:
API for long-running operations:
The API for long-running operations has changed from v1 to v2.
Detection Engine now includes the following new features:
You can define an
outcome
section in single event rules. Previously, theoutcome
section was supported in multi-event rules only. If you have multi-event rules that use only one event variable, you can refactor them by deleting the match section to make them more performant. For an example rule, see YARA-L 2.0 language overview. For more detailed information about rule syntax, see YARA-L 2.0 language syntax.In the existing
condition
section, you can now use variables defined in theoutcome
section. This enables you to filter on aggregates (variables in theoutcome
section can be defined using aggregate functions) and on the$risk_score
outcome variable. For more detailed information about thecondition
section, see YARA-L 2.0 language syntax.You can assign a placeholder variable to the result of a function call. You can then use the placeholder variable in other sections of the rule, such as the
match
section,outcome
section, orcondition
section. For information about the syntax for function to placeholder assignments and any restrictions, see the YARA-L 2.0 language syntax.
You can now add table widgets to custom dashboards that let you limit the number of table rows, display only those rows with the highest, or lowest values, and that display a visual indicator of the value as compared to the range of possible values. For more information, see Display data in tabular form on a dashboard.
For PostgreSQL versions 9.6 to 13, the [PostgreSQL version].R20220710.01_00
maintenance version caused a behavior change for configuration parameters: Session-level configuration parameters with dashes (-
) cannot be set.
After you check your current maintenance version, you can apply a fix by performing a self-service maintenance update to the latest release.
Please use this table to find the name of the maintenance version to apply, and use that version or the latest version available:
PostgreSQL version | Maintenance version |
---|---|
PostgreSQL 9.6 | POSTGRES_9_6_24.R20220710.01_02 |
PostgreSQL 10 | POSTGRES_10_21.R20220710.01_02 |
PostgreSQL 11 | POSTGRES_11_16.R20220710.01_02 |
PostgreSQL 12 | POSTGRES_12_11.R20220710.01_02 |
PostgreSQL 13 | POSTGRES_13_7.R20220710.01_02 |
After you have identified the name of the maintenance version, please upgrade to the target maintenance version, performing the corresponding update of your instances (to the latest maintenance version).
Note that newly created instances automatically use the latest version.
Generally available: When you autoscale a MIG, you can view the reasons for why the autoscaler adds or removes VMs in your MIG. For more information, see Viewing autoscaler logs.
The quota limits displayed in the Cloud console might be incorrect in the us-east5
region. For more information, see Known issues.
We now offer Preview support for Custom prediction routines (CPR). CPR lets you easily build custom containers for prediction with pre/post processing support.
July 28, 2022
BigQueryYou can now create BigQuery subscriptions in Pub/Sub to write messages directly to an existing BigQuery table.
The following changes are available in the Unified Data Model:
- Added the MUTEX value to the EntityMetadata.EntityType enumerated type.
- Added the id field to the Event.metadata type.
- Added the priority, root_cause, and reason fields to the Investigation type.
- Added the following new enumerated types:
- Added the rule_set and rule_set_display_name fields to the SecurityResult type.
- Added the ANALYST_UPDATE_PRIORITY, ANALYST_UPDATE_ROOT_CAUSE, and ANALYST_UPDATE_REASON values to the Metadata.EventType enumerated type.
- Added the DCERPC and KRB5 values to the Network.ApplicationProtocol enumerated type.
- Added the SOCIAL_ENGINEERING and PHISHING values to the SecurityResult.SecurityCategory enumerated type.
- Added the OPEN value to the Status enumerated type.
For a list of all fields in the Unified Data Model, and their descriptions, see the Unified Data Model field list.
(Available without upgrading) Fixed a problem where DAG import errors were not displayed on the Environment details page, if the error messages did not have a creation time set.
Cloud Composer 1.19.5 and 2.0.22 images are available:
- composer-1.19.5-airflow-1.10.15 (default)
- composer-1.19.5-airflow-2.1.4
- composer-1.19.5-airflow-2.2.5
- composer-2.0.22-airflow-2.1.4
- composer-2.0.22-airflow-2.2.5
Cloud Composer versions 1.16.11 and 1.17.0.preview.7 have reached their end of full support period.
You can now add user-defined labels to public and private Uptime checks. For more information, see Create public uptime checks.
You can now configure the acceptable response codes for public and private HTTP Uptime checks. For more information, see Create public uptime checks.
Configurable dual-region storage is generally available (GA).
Preview: You can now merge or split your existing hardware resource commitments to create new upsized or downsized commitments. For more information, see Merge and split commitments.
Generally available: Use the Cloud console, the gcloud tool, or the API to configure a VM to shut down when a Cloud KMS key is revoked. For more information, see Configure VM shutdown on Cloud KMS key revocation.
Generally available: When you create VMs in bulk, you can now use the following new values with the TARGET_SHAPE
flag:
ANY
: Use this value to place VMs in zones to maximize unused zonal reservations.BALANCED
: Use this value to place VMs uniformly across zones.
Config Controller now uses the following versions of its included products:
- Anthos Config Management v1.12.0, release notes
- Config Connector v1.89.0, release notes
July 27, 2022
Anthos clusters on VMwareAnthos clusters on VMware 1.11.2-gke.53 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.2-gke.53 runs on Kubernetes 1.22.8-gke.204.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.
- Fixed a known issue in which the cluster backup feature affected the inclusion of always-on secrets encryption keys in the backup.
- Fixed a known issue of high-resource usage when AIDE runs as a cron job, by disabling AIDE by default. This fix affects compliance with CIS L1 Server benchmark 1.4.2:
Ensure filesystem integrity is regularly checked
. Customers can opt in to re-enable the AIDE if needed. To re-enable the AIDE cron job, see Configure AIDE cron job. - Fixed a known issue where
gke-metrics-agent
DaemonSet has frequent CrashLoopBackOff errors by upgrading to gke-metrics-agent v1.1.0-anthos.14. Fixed the following vulnerabilities:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Container-optimized OS and Ubuntu vulnerabilities:
- CVE-2022-29581
- CVE-2022-29582
- CVE-2022-1116
- CVE-2022-1786 on COS. Ubuntu versions used on Anthos clusters on VMware are not affected by this CVE.
On July 27, 2022 Apigee hub released a new version of the software.
Bug ID | Description |
---|---|
230374510 | Mitigated issue where specs over 900KB (uncompressed) in size caused timeouts when trying to view their contents, and in turn caused instability with future requests for a short period of time. A warning message is now displayed when attempting to view specs that exceed 900KB. |
230374510 | Fixed issue where viewing spec files that had a file extension of .gz would allow only download of the file and would not display the contents of the file, if supported. |
Inverse trigonometric SQL functions are now generally available (GA). These functions include:
Config Connector version 1.90.0 is now available.
Fixed issue where spec.layer7DdosDefenseConfig
field in ComputeSecurityPolicy
was not being reflected onto underlying resource.
Added support for ServiceDirectoryEndpoint
resource.
Added support for the DLPStoredInfoType
resource.
Added support for state-into-spec: absent
to MonitoringAlertPolicy
.
Added spec.iap.oauth2ClientIdRef
field to ComputeBackendService
.
Added spec.egressPolicies.egressTo.externalResources
field to AccessContextManagerServicePerimeters
,
Added spec.externalDataConfiguration.connectionId
field to BigQueryTable
.
Added spec.includeBuildLogs
field to CloudBuildTrigger
.
Added spec.cacheKeyPolicy.cdnPolicy.includeNamedCookies
field to ComputeBackendService
.
Added spec.enableUlaInternalIpv6
and spec.internalIpv6Range
fields to ComputeNetwork
.
Added spec.maxPortsPerVm
field to ComputeRouterNats
.
Added spec.advancedOptionsConfig
field to ComputeSecurityPolicy
.
Added spec.sslPolicyRef
field to ComputeTargetHTTPSProxy
.
Added spec.monitoringConfig.managedPrometheus
field to ContainerCluster
.
Added spec.sqlServerUserDetails
field to SQLUser
.
Added spec.schemaSettings
field to PubSubTopic
.
Added status.pscConnectionId
and status.pscConnectionStatus
fields to ComputeForwardingRule
.
Added status.creationTime
and status.managedZoneId
fields to DNSManagedZones
.
Added support for "reconcile resource immediately once its dependency is ready" feature for ComputeTargetPool
, ComputeNetworkEndpointGroup
, NetworkServicesGRPCRoute
, NetworkServicesTLSRoute
.
New Release Candidate (RC) versions for PDAI Invoice and Expense processors - July 2022
We have launched new RC versions of Invoice parser and Expense parser on Jul 15, 2022. These can be accessed in the following way:
- Invoice parser:
pretrained-next-uptrainable
- Expense parser:
pretrained-next
Here are the details about the contents of the RC version updates:
Processor | New Languages | New Entities |
---|---|---|
Invoice: pretrained-next-uptrainable |
Italian, Portuguese, Romanian, Swedish | N/A |
Expense: pretrained-next
|
Japanese | Support for hotel and car rental folios Payment information entities: Last 4 digits of credit card, payment type |
You can now have Google Cloud Deploy generate a skaffold.yaml
configuration file for you when you create a release, based on a single Kubernetes manifest which you provide. This configuration file is suitable for learning and onboarding.
Resource creation of named objects now enforce naming requirements that match other Google Cloud products like Compute Engine. New resources must use names that are 1-63 characters long, comply with RFC 1035, and consist of lowercase letters, digits, and hyphens. For example, "privatecloud-123".
GKE node system configuration now supports setting the cgroup mode to use the cgroupv2 resource management subsystem.
July 26, 2022
Anthos Service MeshVersion 1.14 is now available for managed Anthos Service Mesh and is rolling out to the Rapid Release Channel.
The managed Anthos Service Mesh channels are now mapped to the following versions:
- Rapid Release Channel - Version 1.14
- Regular Release Channel - Version 1.13
- Stable Release Channel - Version 1.12
See Select a managed Anthos Service Mesh release channel for more information.
Previously, you could export DNS and Cloud Audit logs using the Chronicle panel within the GCP Cloud Console. You can now configure the default export filter to export additional log types. You can not only control the log types, but also the source projects producing these logs. Both inclusion and exclusion of logs are supported as well. In addition, semantic validation of the log filters can catch malformed log filters with invalid log types or identifiers. The filter language is defined by the Google logging query language that is shared with Cloud Logging.
For more information about the Export Log Filter Settings, see Exporting Google Cloud Logs to Chronicle.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
You can now collect Couchbase logs and metrics from the Ops Agent, starting with version 2.18.2. For more information, see Monitoring third-party applications: Couchbase.
You can now collect Aerospike metrics from the Ops Agent, starting with version 2.18.2. For more information, see Monitoring third-party applications: Aerospike.
You can now collect Couchbase logs and metrics from the Ops Agent, starting with version 2.18.2. For more information, see Monitoring third-party applications: Couchbase.
You can now collect Vault metrics from the Ops Agent, starting with version 2.18.2. For more information, see Monitoring third-party applications: Vault.
The UI for dataset entry detail pages now includes a section that lets you see what entries are included in that dataset. Look for the new Entry list section when browsing dataset entries in Data Catalog.
(2022-R18) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- Version 1.22.10-gke.600 is now the default version
- The following control plane versions are no longer available:
- 1.20.15-gke.8700
- 1.21.11-gke.1100
- 1.21.11-gke.1900
- 1.22.8-gke.200
- 1.23.5-gke.1501
- 1.24.1-gke.1800
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.2-gke.300 with this release.
Stable channel
- The following versions are now available in the Stable channel:
- Version 1.21.12-gke.1700 is now the default version in the Stable channel
- The following versions are no longer available in the Stable channel:
- 1.20.15-gke.8700
- 1.21.12-gke.1500
- 1.22.8-gke.200
- 1.23.6-gke.2200
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.
Regular channel
- The following versions are now available in the Regular channel:
- Version 1.22.10-gke.600 is now the default version in the Regular channel
- The following versions are no longer available in the Regular channel:
- 1.23.5-gke.1501
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- Version 1.23.8-gke.400 is now the default version in the Rapid channel
- The following versions are no longer available in the Rapid channel:
- 1.21.13-gke.900
- 1.22.9-gke.2000
- 1.23.6-gke.1700
- 1.24.1-gke.1800
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.8-gke.400 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.8-gke.400 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.2-gke.300 with this release.
(2022-R18) Version updates
- The following versions are now available in the Regular channel:
- Version 1.22.10-gke.600 is now the default version in the Regular channel
- The following versions are no longer available in the Regular channel:
- 1.23.5-gke.1501
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
(2022-R18) Version updates
- The following versions are now available in the Rapid channel:
- Version 1.23.8-gke.400 is now the default version in the Rapid channel
- The following versions are no longer available in the Rapid channel:
- 1.21.13-gke.900
- 1.22.9-gke.2000
- 1.23.6-gke.1700
- 1.24.1-gke.1800
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.8-gke.400 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.8-gke.400 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.2-gke.300 with this release.
(2022-R18) Version updates
- The following versions are now available in the Stable channel:
- Version 1.21.12-gke.1700 is now the default version in the Stable channel
- The following versions are no longer available in the Stable channel:
- 1.20.15-gke.8700
- 1.21.12-gke.1500
- 1.22.8-gke.200
- 1.23.6-gke.2200
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.
Cloud Storage Backint agent for SAP HANA version 1.0.21
Version 1.0.21 of the Cloud Storage Backint agent for SAP HANA is now available. This version includes enhancements for backup stability and performance.
For more information about the agent, see Cloud Storage Backint agent for SAP HANA overview.
General availability for the following integration:
July 25, 2022
Apigee XOn July 25, 2022, we released an updated version of Apigee X (1-8-0-apigee-23).
Bug ID | Description |
---|---|
N/A | Upgraded infrastructure and libraries |
BigLake is now generally available (GA). You can now create BigQuery ML models using data in Cloud Storage by using BigLake and publish BigLake tables as Analytics Hub listings.
The new Migrate section in the BigQuery documentation helps you migrate to BigQuery. This includes high-level guidance with a migration overview, an introduction to free-to-use tools that help you with each phase of migration, and platform-specific migration guides.
Cloud Load Balancing introduces the internal regional TCP proxy load balancer. This is an Envoy proxy-based regional layer 4 load balancer that enables you to run and scale your TCP service traffic behind an internal regional IP address that is accessible only to clients in the same VPC network or clients connected to your VPC network.
The internal regional TCP proxy load balancer distributes TCP traffic to backends hosted on Google Cloud, on-premises, or other cloud environments.
For details, see the following:
- Internal TCP Proxy Load Balancing overview
- Set up an internal TCP proxy load balancer:
The following PostgreSQL minor versions and extension versions are now available:
- 14.3 is upgraded to 14.4.
- 13.6 is upgraded to 13.7.
- 12.10 is upgraded to 12.11.
- 11.15 is upgraded to 11.16.
- 10.20 is upgraded to 10.21.
If you use maintenance windows, then you might not yet have these versions. In this case, you'll see the new versions after your maintenance update occurs. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.
Added information about checking the LC_COLLATE
value for your databases before performing a major version upgrade of the databases for your Cloud SQL for PostgreSQL instance. For more information, refer to the Cloud SQL documentation.
Query Optimizer version 5 is generally available. Version 4 remains the default optimizer version in production.
Eventarc is available in the following regions:
us-east5
(Columbus, Ohio, North America)us-south1
(Dallas, Texas, North America)
You can now view and compare Kubernetes and Skaffold confguration files for releases, using Google Cloud Console.
You can now create BigQuery subscriptions in Pub/Sub to write messages directly to an existing BigQuery table. The change is being rolled out in a phased manner over the rest of the week.
July 22, 2022
Cloud BillingSecure the link between a project and its billing account
In the Cloud Billing Console, you can now lock the link between a project and its Cloud Billing account, in order to prevent accidental changes to the billing state, such as disabling billing or moving the project to a different billing account. You can also unlock this protected state if you want to unlink a project from a Cloud Billing account.
Google Cloud projects contain all the resources required for a system to operate. To pay for the usage of the Cloud resources (such as Compute Engine or Storage), each project must be linked to an active Cloud Billing account. If you unlink the project from a billing account, you disable billing on that project. When billing is disabled on a project, all resources contained within the project will shut down, which can cause outages to your normal business operation.
To prevent unintentional outages due to billing issues, lock your valuable projects to their linked billing account. Locking creates a two-step process to change the billing state of a project, improving billing reliability and reducing accidental outages due to billing issues.
Learn how to secure the link between a project and a Cloud Billing account.
Histogram query for city and admin1_country can handle multiple location jobs
Support special characters in companyDisplayNames fuzzy match
Derive annualized compensation info for more employment types
GKE Gateway integration with Cloud Certificate Manager is now available as Public Preview in GKE versions 1.20 and later. Use the new TLS features and high scale offered by Cloud Certificate Manager with GKE Gateway. For more information, see Gateway Security.
July 21, 2022
Anthos Config ManagementThe constraint template library includes a new template: K8sRequireCosNodeImage
. For reference, see Constraint template library.
Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: c370036).
Fixed the resource name length validation issue caused by long RepoSync names or long namespace names. The new maximum length is 253 characters, instead of 63 characters.
On July 21, 2022 we released an updated version of Apigee X.
The Advanced API Security's target assessment, which evaluates the security of target servers in your API, is now available. See Security scores in the Apigee UI to learn more.
The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.
- Avanan Email Security (AVANAN_EMAIL)
- AWS Cloudtrail (AWS_CLOUDTRAIL)
- AWS GuardDuty (GUARDDUTY)
- AWS VPC Flow (AWS_VPC_FLOW)
- Barracuda Firewall (BARRACUDA_FIREWALL)
- BeyondTrust Secure Remote Access (BEYONDTRUST_REMOTE_ACCESS)
- Carbon Black (CB_EDR)
- Centrify (CENTRIFY_SSO)
- Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
- Cisco ISE (CISCO_ISE)
- CrowdStrike Falcon (CS_EDR)
- CrowdStrike Falcon Stream (CS_STREAM)
- Custom Security Data Analytics (CUSTOM_SECURITY_DATA_ANALYTICS)
- Dell EMC Data Domain (DELL_EMC_DATA_DOMAIN)
- Department of Homeland Security (DHS_IOC)
- Elastic Audit Beats (ELASTIC_AUDITBEAT)
- F5 VPN (F5_VPN)
- FortiGate (FORTINET_FIREWALL)
- Fortinet FortiNAC (FORTINET_FORTINAC)
- GCP Cloud Run (GCP_RUN)
- GitHub (GITHUB)
- Google Chrome Browser Cloud Management
- HCL BigFix (HCL_BIGFIX)
- HP Aruba(Clearpass) (CLEARPASS)
- IBM Guardium (GUARDIUM)
- Infoblox (INFOBLOX)
- Infoblox DNS (INFOBLOX_DNS)
- Kubernetes audit logs (KUBERNETES_AUDIT)
- Linux Sysmon (LINUX_SYSMON)
- McAfee ePolicy Orchestrator (MCAFEE_EPO)
- Medigate IoT (MEDIGATE_IOT)
- Microsoft AD FS (ADFS)
- Nasuni File Services Platform (NASUNI_FILE_SERVICES)
- Office 365 (OFFICE_365)
- Okta (OKTA)
- Ping Identity (PING)
- PostFix Mail (POSTFIX_MAIL)
- Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
- Proofpoint Tap Alerts (PROOFPOINT_MAIL)
- SailPoint IAM (SAILPOINT_IAM)
- SecureLink (SECURELINK)
- SentinelOne EDR (SENTINEL_EDR)
- ServiceNow CMDB (SERVICENOW_CMDB)
- Suricata EVE (SURICATA_EVE)
- Suricata IDS (SURICATA_IDS)
- Symantec Web Isolation (SYMANTEC_WEB_ISOLATION)
- Thales Luna Hardware Security Module (THALES_LUNA_HSM)
- Thales MFA (THALES_MFA)
- Uptycs EDR (UPTYCS_EDR)
- Windows DNS (WINDOWS_DNS)
- Windows Event (WINEVTLOG)
- Workspace Activities (WORKSPACE_ACTIVITY)
For details about changes in each parser, see Supported default parsers.
Generally available: Compute Engine committed use discounts are now Generally Available for SUSE Linux Enterprise Server (SLES) image licenses. Learn more about discounted SLES image pricing and how to purchase a license commitment.
If you start a credential rotation or an IP address rotation, ensure that you manually complete the rotation. If an operation causes a control plane re-creation while the rotation remains incomplete, your cluster might enter a broken state.
Kubernetes control plane metrics are now Generally Available. You can now configure GKE clusters with control plane version 1.23.6-gke.1500 or later to export to Cloud Monitoring certain metrics emitted by the Kubernetes API server, scheduler, and controller manager.
These metrics are stored in Cloud Monitoring in a Prometheus-compatible format. They can be queried by sending either a PromQL or MQL query to the Cloud Monitoring API. They can also be used anywhere within Cloud Monitoring, including in custom dashboards or alerting rules.
The container
and kubernetes
attributes were added to the Finding
object.
The container
attribute provides information about both Kubernetes and non-Kubernetes containers that are associated with a given finding. The kubernetes
attribute provides information about Kubernetes resources that are associated with a given finding.
For more information, see the Security Command Center API documentation for the Finding
object.
July 20, 2022
Anthos Service Mesh1.14.1-asm.3 is now available.
Anthos Service Mesh 1.14 includes the features of Istio 1.14 subject to the list of Anthos Service Mesh supported features.
Anthos Service Mesh allows you to configure the minimum TLS version for your Istio workloads. See Configure minimum TLS version for your workloads for more information.
Managed Anthos Service Mesh isn't rolling out to the rapid release channel at this time. You can periodically check this page for the announcement of the rollout of Managed Anthos Service Mesh to the rapid channel. See Select a managed Anthos Service Mesh release channel for more information.
Anthos Service Mesh 1.11 is no longer supported. For more information, see Supported versions.
1.12.8-asm.2 is now available.
Anthos Service Mesh 1.12 includes the features of Istio 1.12.8 subject to the list of Anthos Service Mesh Supported features.
1.13.5-asm.1 is now available.
Anthos Service Mesh 1.13 includes the features of Istio 1.13.5 subject to the list of Anthos Service Mesh Supported features.
Analytics Hub is now available in additional regions across the Americas, Asia Pacific, and Europe. For more information, see Analytics Hub supported regions.
Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:
- Montréal, Québec, North America :
northamerica-northeast1-c
For more information about using GPUs on Compute Engine, see GPU platforms.
Data Catalog is now a part of Dataplex to provide a complete data management and governance experience with built-in data intelligence and automation capabilities. See Dataplex product overview.
Dataflow Prime is now in General Availability.
Dataplex is now unified with Data Catalog to provide a complete data management and governance experience with built-in data intelligence and automation capabilities. See Dataplex product overview.
July 19, 2022
Anthos clusters on VMwareAnthos clusters on VMware 1.9.7-gke.8 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.7-gke.8 runs on Kubernetes 1.21.5-gke.1200.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.
- Fixed a known issue in which the cluster backup feature affected the inclusion of always-on secrets encryption keys in the backup.
- Fixed a known issue of high-resource usage when AIDE runs as a cron job, by disabling AIDE by default. This fix affects compliance with CIS L1 Server benchmark 1.4.2:
Ensure filesystem integrity is regularly checked
. Customers can opt in to re-enable the AIDE if needed. To re-enable the AIDE cron job, see Configure AIDE cron job. Fixed the following vulnerabilities:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Container-optimized OS and Ubuntu vulnerabilities:
On July 19, 2022 we released an updated version of the Apigee UI.
The Needs Attention Table in Advanced API Security Scores now use links instead of buttons. This fixes font and alignment issues inside the table rows.
Bug ID | Description | 238248377 | The Needs Attention Table in Advanced API Security Scores was not showing target components. This has been fixed. |
---|
A new detection model is available for the PERSON_NAME infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version
to latest
when including the PERSON_NAME infoType in your InspectConfig
.
You can still use the old model by setting InfoType.version
to stable
or leaving it unset when using the PERSON_NAME infoType. In 30 days, the new model will be promoted to stable
.
A new version of Managed Service for Prometheus is now available. Version 0.4.3-gke-0 of managed collection for Kubernetes has been released. Users who deploy managed collection using kubectl
should reapply the manifests. Users who deploy the service using gcloud
or the GKE UI will be upgraded on a rolling basis over the coming weeks. This release has no impact on users of self-deployed collection.
For details about the changes included, see the release page on GitHub.
Time-to-live (TTL) policies now available in Preview.
Time-to-live (TTL) policies now available in Preview.
(2022-R17) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- The following control plane versions are no longer available:
- 1.20.15-gke.8200
- 1.24.1-gke.1400
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.20.15-gke.8700 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.1-gke.1800 with this release.
Stable channel
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.20.15-gke.8200
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.6-gke.2200 with this release.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.20.15-gke.8700
- 1.21.12-gke.1700
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.21.12-gke.2200
- 1.22.9-gke.1500
- 1.23.6-gke.1501
- 1.24.1-gke.1400
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1800 with this release.
(2022-R17) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.20.15-gke.8700
- 1.21.12-gke.1700
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.
(2022-R17) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.21.12-gke.2200
- 1.22.9-gke.1500
- 1.23.6-gke.1501
- 1.24.1-gke.1400
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1800 with this release.
(2022-R17) Version updates
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.20.15-gke.8200
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.6-gke.2200 with this release.
You can now find legacy secret keys for all reCAPTCHA Enterprise keys in the Google Cloud console. These keys can be useful if you are using a third-party plug-in/implementation that does not yet call the reCAPTCHA Enterprise API. For more information, see FAQs.
July 18, 2022
App Engine standard environment Java- Updated the Java SDK to version 1.9.98.
- Updated Jetty web server to version
jetty-9.4.46.v20220331
.
The App Engine legacy bundled services for PHP 7+ are now available at the General Availability release level. These APIs can be accessed through language-idiomatic libraries. Calls to these API are billed according to the standard rates.
(Cloud Composer 2) Fixed a problem where an environment creation in the PSC configuration might fail with the "Composer backend timed out" message.
Cloud Composer 1.19.4 and 2.0.21 images are available:
- composer-1.19.4-airflow-1.10.15 (default)
- composer-1.19.4-airflow-2.1.4
- composer-1.19.4-airflow-2.2.5
- composer-2.0.21-airflow-2.1.4
- composer-2.0.21-airflow-2.2.5
Cloud Composer versions 1.16.10 and 1.17.0.preview.6 have reached their end of full support period.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.10.1 (2022-07-13)
Bug Fixes
Dependencies
Python
Changes for google-cloud-logging
3.2.1 (2022-07-13)
Bug Fixes
3.2.0 (2022-07-11)
Features
Bug Fixes
You can now search your correlated log entries in the Logs Explorer. For more information, see Correlate log entries.
Cloud Run now supports container images in the Open Container Initiative (OCI) image format.
Dataproc Metastore is available in the following regions: us-west2
(Los Angeles), us-west3
(Salt Lake City), europe-west4
(Netherlands), europe-west6
(Zürich), and asia-east1
(Taiwan). For more information, see Dataproc Metastore locations.
Note that these services are immediately available through the gcloud CLI and the REST API. Cloud console availability will vary by region over the next few weeks.
Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, is generally available (GA). VM Threat Detection detects cryptocurrency mining software, which is among the most common types of software installed in compromised cloud environments.
Detailed logging for objects copied between AWS S3, Azure Blob Storage, ADLS Gen 2, and Cloud Storage with Storage Transfer Service is now generally available (GA).
With detailed logs of individual objects available in Cloud Logging, you can verify what was transferred and perform additional data integrity checks. This launch simplifies monitoring, reporting, and troubleshooting. Read Cloud Logging for Storage Transfer Service for details.
NFS support for custom training is GA. For details, see Mount an NFS share for custom training.
July 16, 2022
Compute EngineGenerally available: Internal and external IPv6 addresses for Google Compute Engine instances are available in all regions.
For more information, see Configuring IPv6 for instances and instance templates and Creating instances with multiple network interfaces.
July 15, 2022
Cloud LoggingYou can now collect SAP HANA logs and metrics from the Ops Agent, starting with version 2.18.1. For more information, see Monitoring third-party applications: SAP HANA.
You can now collect Vault logs from the Ops Agent, starting with version 2.18.1. For more information, see Monitoring third-party applications: Vault.
You can now collect Flink metrics from the Ops Agent, starting with version 2.18.1. For more information, see Monitoring third-party applications: Flink.
You can now collect SAP HANA logs and metrics from the Ops Agent, starting with version 2.18.1. For more information, see Monitoring third-party applications: SAP HANA.
You can now download third-party peer VPN configuration templates for Cloud VPN from the Google Cloud console. Use these templates to configure HA VPN tunnels on your peer VPN device. Configuration templates are currently available for the following vendor platform and software versions:
- Cisco Firepower, running ASA 9.13(1)2 or later
- Fortinet FortiGate 200E, running FortiOS 6.2.3 or later
- Juniper vSRX, running JunOS 18.4R3-S2 or later
For more information, see Download a peer VPN configuration template.
Clusters that are using custom or manually created EndpointSlices (EPS) can cause Ingresses and NEGs to stop syncing if missing the service label kubernetes.io/service-name: <service-name>
. This issue affects clusters running GKE 1.21, 1.22, and 1.23. Users should add the service label to all custom-made EndpointSlices to ensure that their Ingresses and NEGs continue to be synced.
Cluster autoscaler Location Policy is now generally available in GKE version 1.24.1-gke.800. This change allows users to pick one of two different spreading policies. For more information see Location policy.
July 14, 2022
BigQueryPreviously, the Storage Write API had a maximum concurrent connection limit of 100 connections for non-multi-regions such as Montreal (northamerica-northeast1). This limit has now been increased to 1,000 connections across all non-multi-regions. For more information, see Storage Write API quotas and limits.
Log-based alerting is now generally available (GA). Log-based alerts match on the content of your logs. When triggered, a log-based alert notifies you that a match has appeared in your logs and opens an incident in Cloud Monitoring. The minimum autoclose duration for incidents is now 30 minutes. For more information, see Monitor your logs and Use log-based alerts.
Log-based alerting is now generally available (GA). Log-based alerts match on the content of your logs. When triggered, a log-based alert notifies you that a match has appeared in your logs and opens an incident in Cloud Monitoring. The minimum autoclose duration for incidents is now 30 minutes. For more information, see Monitor your logs and Use log-based alerts.
For enhanced security with built-in authentication, Cloud SQL now lets you set password policies at the instance and user levels.
You can now view aggregated Cloud Spanner statistics related to transactions, reads, queries, and lock contentions in GA in Cloud Monitoring.
Generally available: You can use the Cloud console to configure autoscaling based on unacknowledged messages in a Pub/Sub subscription. For more information, see Autoscale based on unacknowledged messages in Pub/Sub.
Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:
Ashburn, Virginia, North America : us-east4-c
For more information about using GPUs on Compute Engine, see GPU platforms.
Eventarc support for Customer-Managed Encryption Keys (CMEK) using the Cloud Console is available in Preview.
Manage your private offers, including approving an offer, by using the Private Offers page.
This is a minor release of Google Distributed Cloud Edge (version 1.1.0).
The following changes have been introduced in this release of of Distributed Cloud Edge:
- The Kubernetes control plane has been updated to version 1.22.
The following issues have been resolved in this release of Distributed Cloud Edge:
- The Kubernetes control plane no longer becomes intermittently unavailable during Distributed Cloud Edge software updates.
- VPN connectivity between non-Anthos gateway nodes and Google Cloud Platform now works reliably.
This release of Distributed Cloud Edge contains the following known issues:
- Garbage collection intermittently fails to clean up terminated Pods.
Google Cloud monitoring agent for SAP NetWeaver version 2.5
Version 2.5 of the Google Cloud monitoring agent for SAP NetWeaver is now available. This version includes bug fixes and supportability improvements.
For more information about the agent, see Monitoring SAP NetWeaver on Google Cloud.
The Pipeline Templates feature is available in Preview. For documentation, refer to Create, upload, and use a pipeline template.
The features supported by pipeline templates include the following:
- Create a template registry using Artifact Registry (AR).
- Compile and publish a pipeline template.
- Create a pipeline run using the template and filter the runs.
- Manage (create, update, or delete) the pipeline template resources.
Private Service Connect supports publishing a service that is hosted on the following load balancers:
- Internal TCP/UDP load balancer with global access enabled
- Internal protocol forwarding (target instances)
These features are available in General Availability.
July 13, 2022
Anthos clusters on AWSYou can now launch Kubernetes 1.23 clusters.
Kubernetes 1.23.7-gke.1300 includes the following changes:
- Disable profiling endpoint (
/debug/pprof
) by default in kube-scheduler and kube-controller-manager. - Update kube-apiserver and kubelet to only use Strong Cryptographic Ciphers.
- Add an instance metadata server (IMDS) emulator.
In a future release of 1.23 VolumeSnapshot v1beta1 APIs will no longer be served. Please update to VolumeSnapshot v1 APIs as soon as possible.
You can now launch clusters with the following Kubernetes versions:
- 1.23.7-gke.1300
- 1.22.10-gke.1500
- 1.21.11-gke.1900
In Kubernetes 1.23 and higher, cluster Cloud Audit Logs is now available and is enabled by default.
CIS benchmarks are now available for Kubernetes 1.23 clusters.
This release fixes the following vulnerabilities:
- Fixed CVE-2022-1786.
- Fixed CVE-2022-29582.
- Fixed CVE-2022-29581.
- Fixed CVE-2022-1116
Restrictions on IP ranges that can be used for a cluster's Pods and Services are now relaxed. Pod and Service IP ranges can now overlap with VPC's IP ranges, provided they do not intersect the control plane or node pool subnets.
You can now launch clusters with the following Kubernetes versions:
- 1.23.7-gke.1300
- 1.22.10-gke.1500
- 1.21.11-gke.1900
You can now launch Kubernetes 1.23 clusters.
Kubernetes 1.23.7-gke.1300 includes the following changes:
- Disable profiling endpoint (
/debug/pprof
) by default in kube-scheduler and kube-controller-manager. - Update kube-apiserver and kubelet to only use Strong Cryptographic Ciphers.
In a future release of 1.23 VolumeSnapshot v1beta1 APIs will no longer be served. Please update to VolumeSnapshot v1 APIs as soon as possible.
In Kubernetes 1.23 and higher, cluster Cloud Audit Logs is now available and is enabled by default.
CIS benchmarks are now available for Kubernetes 1.23 clusters.
This release fixes the following vulnerabilities:
- Fixed CVE-2022-1786.
- Fixed CVE-2022-29582.
- Fixed CVE-2022-29581.
- Fixed CVE-2022-1116
Added support for updating Azure control plane and node pool ssh config. For more information, see
gcloud container azure clusters update
and gcloud container azure node-pools update
Restrictions on IP ranges that can be used for a cluster's Pods and Services are now relaxed. Pod and Service IP ranges can now overlap with VPC's IP ranges, provided they do not intersect the control plane or node pool subnets.
You can no longer create clusters with the following versions:
- 1.21.11-gke.100
- 1.21.11-gke.1100
- 1.22.8-gke.200
- 1.22.8-gke.1300
These versions have a bug mentioned in a note from June 23, 2022.
Batch is now available in Preview! For more information about using Batch, see the documentation.
Generally Available: A version of Rocky Linux is now available that is optimized for running on Compute Engine.
This version of Rocky Linux is configured to use the latest version of the Google virtual network interface (gVNIC) which is specifically designed to support workloads that require higher network bandwidths. For more information, see the Rocky Linux section of the Operating systems details documentation.
Preview: Tau T2A, Google Cloud's first general purpose VM family to run on Arm architecture, is now available. Tau T2A VMs are available in three regions.
For more information, see Arm VMs on Compute Engine.
VMware Engine nodes are now available in the following additional region:
- Zurich, Switzerland, Europe (
europe-west6
)
You can now run Arm-based workloads in Preview in Standard clusters with GKE version 1.24 and later, and in Autopilot clusters with GKE version 1.24.1-gke.1400 and later.
You can now select compute classes to run GKE Autopilot workloads that have specialized hardware requirements, such as Arm architecture. The Scale-Out
compute class is available in Preview in Autopilot clusters running GKE version 1.24.1-gke.1400 and later.
Modernize VMs to run Anthos for VMs (A4VM)
Migrate to Containers has added a new modernization feature, which enables traditional VMs to run on Anthos for VMs. Anthos for VMs extends Anthos on bare metal (now known as Google Distributed Cloud Virtual) to let you run and manage containers and VMs on a unified, Google Cloud-connected platform in your data center or at the edge. For more information on this feature, see About Anthos for VMs.
Improved migration flow and task APIs
A new structured method for generalizing the Migrate to Containers containerization process is available. The new structure provides more flexibility and more granular control of the automated containerization process. The new structure enables users to customize the process and enables support for additional software framework modernization. The following containerization tasks elements are available:
- AppXGenerateArtifactsTask
- AppXGenerateArtifactsFlow
The following migration types are now deprecated and planned to be removed in version 1.13. The corresponding AppX objects and parameters can be used to perform migration for these workload types:
system
- Legacy linux migrationsiis
- Legacy windows IIS migrations
The following APIs (CRDs) have been deprecated since version 1.11 are planned to be removed in version 1.13:
July 12, 2022
Agent AssistAgent Assist now offers UI Modules as a public Preview feature. UI Modules are an out-of-the-box option for integrating Agent Assist features into your agent UI system. For more information, see the UI Modules documentation.
When creating a primary or read-pool instance, or scaling either one, you can choose a machine size as small as 2 vCPUs with 16 GB of RAM.
You can now select a job type when assigning a folder, organization, or project to a reservation in the Google Cloud console. This feature is now generally available (GA).
The gcr.io/cloud-builders/docker
builder has been upgraded to Docker client version 20.10.14. For instructions on using this builder with the Docker client versions, see Interacting with Docker Hub images.
Transfer Appliance is now available in an additional size. The TA7 appliance offers up to 7TB of storage in a smaller form factor than our other appliances. It offers both online and offline transfer modes.
Learn more about the TA7 on the Specifications page, or order an appliance from the Cloud console.
You can now use a pre-built container to perform custom training with TensorFlow 2.9
July 11, 2022
AnthosAnthos component releases for June, 2022
Anthos clusters on VMware:
- Jun 16, 2022: 1.10.5 patch release
- Jun 03, 2022: You can use the Cloud console to create, update, and delete Anthos on VMware user clusters.
Anthos clusters on bare metal:
- Jun 29, 2022: 1.12 quarterly minor release
- Jun 23, 2022: 1.11.3 patch release
- Jun 09, 2022: 1.9.8 patch release
- Jun 02, 2022: 1.10.5 patch release
Anthos clusters on AWS:
Anthos clusters on Azure:
Anthos Config Management:
Anthos Service Mesh:
- Jun 10, 2022: 1.11.x & 1.12.x & 1.13.x patch release
- Jun 09, 2022: 1.11.x & 1.12.x & 1.13.x patch release
Connect:
- N/A
Cloud Run for Anthos:
- N/A
Migrate to Containers:
Cloud Logging:
Cloud Monitoring:
The google.cloud.bigquery.reservation.v1beta1.api package is deprecated and will be removed on September 27, 2022. After that date, requests to that package will fail. Data created by using google.cloud.bigquery.reservation.v1beta1.api are accessible by using the google.cloud.bigquery.reservation.v1.api package.
Next steps:
- If you use the API directly, you should switch to google.cloud.bigquery.reservation.v1.api, the GA version of the API, to prevent any impact on your workflow.
- If you only use the cloud console to manage BigQuery reservations, no action is needed.
- If you use the bq command-line tool to manage BigQuery reservations, upgrade the tool to the latest version.
Cloud Bigtable is available in the us-south1
(Dallas) and europe-southwest1
(Madrid) regions. For more information, see Bigtable locations.
DAG UI is now generally available (GA).
(Cloud Composer 2) Improved the reliability of web server proxy connectivity. This change reduces the chance of 504 timeout errors when connecting to an environment's web server.
Set memory and CPU limits for the Composer Agent pod. This change increases this pod's priority and improves the reliability of operations that could fail because of resource starvation.
Environments no longer produce error log messages about the connection timeout when initializing the Airflow database during the environment creation. These messages were not associated with any error.
Source code for the apache-airflow-providers-google
package versions
2022.6.22+composer
and 2022.5.18+composer
is available on GitHub:
Cloud Composer 1.19.3 and 2.0.20 images are available:
- composer-1.19.3-airflow-1.10.15 (default)
- composer-1.19.3-airflow-2.1.4
- composer-1.19.3-airflow-2.2.5
- composer-2.0.20-airflow-2.1.4
- composer-2.0.20-airflow-2.2.5
Cloud Composer versions 1.16.8, 1.16.9, 1.17.0.preview.4, and 1.17.0.preview.5 have reached their end of full support period.
Cloud Composer 1.19.2 and 2.0.19 are versions with an extended upgrade timeline.
Cloud Run now writes Access Transparency logs, see Enabling Access Transparency.
You can enable high availability for read replicas. See Disaster recovery for additional information about the use of high-availability replicas in a disaster recovery configuration.
You can create external server replicas with HA enabled.
You can enable high availability for read replicas. See Disaster recovery for additional information about the use of high-availability replicas in a disaster recovery configuration.
You can create external server replicas with HA enabled.
The database major version upgrade feature of Cloud SQL for SQL Server is generally available. For more information, see Upgrade the database major version in-place.
You can use the Apache Beam SDK for Go to create batch and streaming Dataflow pipelines. This feature is now in General Availability.
You can now permanently abandon a release using Google Cloud Deploy.
You can now suspend a delivery pipeline using Google Cloud Deploy.
Activity logging can now be enabled on a a per-tenant basis. The feature is generally available.
Added support to deploy a workflow using a cross-project service account through the Google Cloud CLI.
July 09, 2022
Apigee IntegrationOn July 09, 2022 we released an updated version of the Apigee Integration software.
Data Mapping task enhancements
The Data Mapping task in Apigee Integrations now provides the following enhancements:
- Nested function support. You can pass one or more transformation functions as input parameters to another function.
New transformation functions. You can use the following new transform functions for array-type variables:
Subfield mapping support for JSON variables. You can view and search all the subfields of a JSON variable in the data mapping editor variable list.
For more information, see the Data Mapping task.
July 08, 2022
Apigee hybridhybrid v1.6.9
On July 8, 2022 we released an updated version of the Apigee hybrid software, v1.6.9.
For information on upgrading, see Upgrading Apigee hybrid to version 1.6.
Bug ID | Description |
---|---|
236129944 | Fixed the controller crashloopbackoff due to null pointer issue. |
234620567 | Fix logger issue in Anthos BareMetal with CentOS. |
231313050 | Fixed issue causing Apigee logger pod to remain in crashloopbackoff state. |
233094108 | Fixed Stacktrace truncation in runtime containers to support proxy diagnosis. |
The July maintenance changelog is now available. For more information, use the links at Maintenance changelog.
The July maintenance changelog is now available. For more information, use the links at Maintenance changelog.
Recommender now offers role recommendations for Cloud Storage buckets. Role recommendations help you reduce excess permissions by suggesting role changes based on actual permission usage. This feature is available in Preview.
July 07, 2022
Anthos clusters on AWS (previous generation)Anthos clusters on AWS (previous generation) aws-1.12.0-gke.0 is now available.
This release note has been updated to mark the actual date of release, July 7, 2022. Previously, the release date was mentioned as June 24th.
You can now launch clusters with the following Kubernetes versions:
- 1.23.7-gke.1500
- 1.22.10-gke.1500
- 1.21.13-gke.1600
You can now launch Kubernetes 1.23 clusters.
Kubernetes 1.20 clusters are no longer supported. This version no longer supports creation or maintenance of Kubernetes 1.19 clusters.
This release fixes the following vulnerabilities:
- CVE-2022-1292.
Note: this vulnerability is fixed in 1.23 clusters. It is still present in 1.21 and 1.22 clusters. - CVE-2022-29581
- CVE-2022-29582
- CVE-2022-1116
- CVE-2021-4160
- CVE-2022-0778
- CVE-2021-43618
Anthos clusters on VMware v1.12.0-gke.446 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware v1.12.0-gke.446 runs on Kubernetes v1.23.5-gke.1504.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.
Announcements
vSphere releases for versions lower than version 7.0 Update 2 are deprecated in Kubernetes 1.24. VMware's General Support for vSphere 6.7 will end on October 15, 2022. Customers are recommended to upgrade vSphere (both ESXi and vCenter) to version 7.0 Update 2 or above. vSphere versions less than version 7.0 Update 2 will no longer be supported in Anthos clusters on VMware in an upcoming version. You must upgrade vSphere to 7.0 Update 2 or above before you can upgrade to Anthos clusters on VMware 1.13.0.
Beta versions of VolumeSnapshot CRDs are deprecated in Kubernetes v1.20 and are unsupported in the Kubernetes v1.24 release.
The upcoming Anthos clusters on VMware version 1.13 release will no longer serve v1beta1 VolumeSnapshot CRDs. Make sure that you migrate manifests and API clients to use snapshot.storage.k8s.io/v1 API version, available since Kubernetes v1.20. All existing persisted objects remain accessible via the new snapshot.storage.k8s.io/v1 APIs.The dockershim component in Kubernetes enables cluster nodes to use the Docker Engine container runtime. However, Kubernetes 1.24 removed the dockershim component. Starting from Anthos clusters on VMware version 1.12.0, you cannot create new clusters that use the Docker Engine container runtime. All new clusters must use the default container runtime Containerd. A cluster update will also be blocked if you want to switch from containerd node pool to docker node pool, or if you add new docker node pools. For existing version 1.11.x clusters with docker node pools, you can continue upgrading it to version 1.12.0, but you must update the node pools to use containerd before you can upgrade to version 1.13.0 in the future.
Breaking changes:
In Kubernetes 1.23, the rbac.authorization.k8s.io/v1alpha1 API version is removed. Instead, use the rbac.authorization.k8s.io/v1 API. See the Kubernetes 1.23.5 release notes.
Platform enhancements:
- General Availability (GA): Separate vSphere data centers for the admin cluster and the user clusters are supported.
- GA: Anthos Identity service LDAP authentication is supported.
- GA: User cluster control-plane node and admin cluster add-on node auto sizing is supported.
Security enhancements:
Preview: Preparing credentials for user clusters as Kubernetes secrets before cluster creation.
- The credential preparation feature prepares the credentials before a user cluster is created. After credential preparation, user cluster credentials are saved as versioned Kubernetes secrets in the admin cluster, and the template which is used for credential preparation can be deleted from the admin workstation. When creating a user cluster, it only needs to configure the namespace and the versions of the prepared secrets in the user cluster config file. Using this feature can help protect user cluster credentials.
Preview: The
gkectl update credentials
command supports rotating the component access SA key for both the admin and the user clusters.The COS node image shipped in version 1.12.0 is qualified with the Center for Internet Security (CIS) L1 Server Benchmark.
The
gkectl update credentials
command supports register service account key rotation.
Cluster lifecycle Improvements:
- Preview: You can configure the time duration of Pod Disruption Budget (PDB) violation timeout during a node drain. The default behavior is to always block on a PDB violation and to not force-delete pods during node drain, to avoid unexpected data corruption, and this default is unchanged. In certain cases, when users want to unblock the PDB violation deadlock with the bound timeout during cluster upgrade, they can apply the special annotation
onprem.cluster.gke.io/pdb-violation-timeout: TIMEOUT
on the machine objects.
Simplify day-2 operations
Preview: Launched the enablement of Google Cloud Managed Service for Prometheus to track metrics in Anthos on vSphere clusters, and introduced two separate flags to enable logging and monitoring for user applications separately:
EnableCloudLoggingForApplications
andEnableGMPForApplications
. The legacy flagEnableStackdriverForApplications
is deprecated, and will be removed in a future release. Customers can monitor and alert on the applications using Prometheus with Google-managed Prometheus without managing and operating Prometheus. Customers can setenableGMPForApplications
in the Stackdriver spec to enable Google Managed Prometheus for application metrics without any other manual steps, and the Google Managed Prometheus components are then set up automatically. See Enable Managed Service for Prometheus for user applications for details.All sample dashboards to monitor cluster health are available in Cloud Monitoring sample dashboards. Customers can install the dashboards with one click. See Install sample dashboards.
Improvements to cluster diagnosis: The
gkectl diagnose cluster
command automatically runs whengkectl diagnose snapshot
is run, and the output is saved in a new folder in the snapshot called/diagnose-report
.The
gkectl diagnose cluster
command surfaces more detailed information for issues arising from virtual machine creation.A validation check for the existence of an OS image has been added to the
gkectl update admin
andgkectl diagnose cluster
commands.A blocking preflight check has been added. This check validates that the vCenter.datastore specified in the cluster configuration file doesn't belong to a DRS-enabled datastore cluster.
Functionality changes:
Metrics agent: Upgraded
gke-metrics-agent
from 1.1.0 to 1.8.3, which fixes some application metrics issues. The offline buffer in the metrics agent can now discard old data based on the age of metrics data, in addition to the total size of buffer. Metrics data is stored in an offline buffer for at most 22 hours in case of a network outage.New metrics: Added 7 resource utilization metrics.
- k8s_container:
container/cpu/request_utilization
container/cpu/limit_utilization
container/memory/request_utilization
container/memory/limit_utilization
- k8s_node:
node/cpu/allocatable_utilization
node/memory/allocatable_utilization
- k8s_pod:
pod/volume/utilization
- k8s_container:
Fixes
Fixed a known issue in which the cluster backup feature affected the inclusion of always-on secrets encryption keys in the backup.
Fixed a known issue of high-resource usage when AIDE runs as a cron job, by disabling AIDE by default. This fix affects compliance with CIS L1 Server benchmark 1.4.2:
Ensure filesystem integrity is regularly checked.
Customers can opt in to re-enable the AIDE if needed. To re-enable the AIDE cron job, see Configure AIDE cron job.The connect register service account uses
gkehub.editor
instead ofgkehub.admin
.Fixed the following vulnerabilities:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Container-optimized OS and Ubuntu vulnerabilities:
- CVE-2022-29581
- CVE-2022-29582
- CVE-2022-1116
- CVE-2022-1786 on COS. Ubuntu versions used by Anthos clusters on VMware are not affected by this vulnerability.
Known issues:
On the out-of-the-box monitoring dashboards, the GKE on-prem Windows pod status and GKE on-prem Windows node status also show data from Linux clusters.
The scheduler metrics, such as
scheduler_pod_scheduling_attempts
, are not collected in version 1.12.0 due to a configuration issue in the metric collector.
In version 1.12.0, cgroup v2 (unified) is enabled by default for Container Optimized OS (COS) nodes. This could potentially cause instability for your workloads in a COS cluster. We will switch back to cgroup v1 (hybrid) in version 1.12.1. If you are considering using version 1.12 with COS nodes, we suggest that you wait until the 1.12.1 release.
Release 1.10.6
Anthos clusters on bare metal 1.10.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.6 runs on Kubernetes 1.21.
Fixes:
The following container image security vulnerabilities have been fixed:
Known issues:
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
Azure workload identity federation is now available in preview for BigQuery Omni connections. This feature helps you secure data by allowing you to grant Google access to an application you manage in your Azure tenant so that neither you nor Google must manage application client secrets.
Carbon Footprint now reports carbon emissions broken down by scope 1, scope 2, and scope 3 categories, following the Greenhouse Gas (GHG) Protocol carbon reporting standards.
We've renamed the Carbon Footprint export table from carbon_footprint_export
to carbon_footprint
within the target BigQuery dataset indicated by your data transfer configuration. The renamed table contains an updated schema. Furthermore, the renamed table is now partitioned by month. Each month's data is exported on the 15th day of the following month. Data for previous months is not automatically exported,
but you can schedule manual data backfills to export data for previous months. Carbon Footprint will no longer update existing carbon_footprint_export
tables.
We've made the following updates to data sources and methodology for Scope 2 location-based emissions:
- Improved power data measurements.
- Changed from LCA grid carbon intensity values to scope-2-compliant direct grid emissions.
- Corrected data that led to changes in internal cost-based reallocation of shared infrastructure energy consumption.
- Removed
VPC Network Logs
SKU that caused inaccurate results.
Cloud SQL for MySQL now supports setting timezone names as values for the time_zone
parameter. Refer to the Cloud SQL documentation for a list of supported timezone names.
Dataproc support for the following images has been extended to the following dates:
- Dataproc image version 1.5: March 31, 2023
- Dataproc image version 2.0: June 30, 2023
Workforce identity federation lets you authenticate and authorize users from external identity providers to access supported Google Cloud products. This feature is available in Preview.
Cloud Storage Backint agent for SAP HANA version 1.0.20
Version 1.0.20 of the Cloud Storage Backint agent for SAP HANA is now available. This version includes backup stability and logging enhancements.
For more information about the agent, see Cloud Storage Backint agent for SAP HANA overview.
July 06, 2022
Apigee API hubOn July 6, 2022 Apigee hub released a new version of the software.
Bug ID | Description |
---|---|
229852942 | The error message displayed has been clarified for the case where the uploaded spec file type was not gzip, but the mime type selected was gzip. |
The APPENDS
change history TVF is now in preview. This table-valued function provides a history of table appends over a window of time.
The following supported default parsers have changed (listed by product name and ingestion label):
- Azure DevOps Audit (AZURE_DEVOPS)
- Bitdefender (BITDEFENDER)
- CA Access Control (CA_ACCESS_CONTROL)
- Carbon Black App Control (CB_APP_CONTROL)
- Check Point (CHECKPOINT_FIREWALL)
- Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
- Cisco Router (CISCO_ROUTER)
- Cloud Passage (CLOUD_PASSAGE)
- Digital Guardian (DIGITALGUARDIAN_EDR)
- ExtraHop RevealX (EXTRAHOP)
- Forcepoint NGFW (FORCEPOINT_FIREWALL)
- IBM DataPower Gateway (IBM_DATAPOWER)
- IBM Guardium (GUARDIUM)
- Imperva (IMPERVA_WAF)
- Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
- Microsoft SQL Server (MICROSOFT_SQL)
- Office 365 (OFFICE_365)
- pfSense (PFSENSE)
- Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
- Proofpoint Tap Alerts (PROOFPOINT_MAIL)
- SonicWall (SONIC_FIREWALL)
- Sophos UTM (SOPHOS_UTM)
- VMware AirWatch (AIRWATCH)
- VMware ESXi (VMWARE_ESX)
- Workspace Activities (WORKSPACE_ACTIVITY)
For details about changes in each parser, see Supported default parsers.
The following new fields are available in the Unified Data Model:
- The new fields prevalence, first_seen_time, and last_seen_time were added to the File object.
- A new field, bounce_address, was added to the Email object.
- A new field, artifact, was added to the Noun object. Artifact is a new object.
- A new field, rolling_max_sub_domains, was added to the Prevalence object.
- A new field, first_seen_time, was added to the User object.
- The following new fields were added to the Smtp object:
- helo
- mail_from
- rcpt_to
- server_response
- message_path
- is_webmail
- is_tls
For a list of all fields in the Unified Data Model, and their descriptions, see the Unified Data Model field list
InfoType categories were added to built-in infoTypes.
To get a list of built-in infoTypes, call the infoTypes.list
method.
Cloud Functions (1st gen) now supports Google-managed Artifact Registry at the General Availability release level.
Cloud Functions now supports the following runtimes at the General Availability release level:
M94 Release
- Added support for PyTorch 1.12.
- Added more system libraries to the R Deep Learning Containers image.
M94 Release
- Added support for PyTorch 1.12.
- Added more system libraries to the R Deep Learning VM image.
Dialogflow ES now provides a new client library for C++.
The blue-green upgrade mechanism is now available to upgrade your GKE node pools, and can be selected per node pool instead of the default surge upgrade mechanism.
Tabular Workflows is available in Preview. For documentation, refer to Tabular Workflows on Vertex AI.
End-to-End AutoML workflow is available in Public Preview. For documentation, refer to End-to-End AutoML.
July 05, 2022
Migrate to Virtual MachinesConnector renaming
Includes the following updates:
- Renamed CLI command from m4c to m2vm
- Renamed product to Migrate to Virtual Machines
- Bug fixes
July 04, 2022
Secret ManagerA weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-secretmanager
2.3.0 (2022-07-01)
Features
Documentation
Dependencies
- update dependency com.google.cloud:google-cloud-shared-dependencies to v2.13.0 (#789) (71aae1d)
- update dependency com.google.protobuf:protobuf-java-util to v3.21.0 (#779) (d38f1db)
- update dependency com.google.protobuf:protobuf-java-util to v3.21.1 (#780) (6c613da)
- update dependency com.google.protobuf:protobuf-java-util to v3.21.2 (#791) (d7d4ea9)
- update dependency org.graalvm.buildtools:junit-platform-native to v0.9.12 (#787) (a2e0e97)
- update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.12 (#788) (8662fe6)
July 02, 2022
Artifact RegistryArtifact Registry is now available in the us-south1
region (Dallas, United States).
July 01, 2022
Apigee UIOn July 1, 2022, we released an updated version of the Apigee UI.
This release contains a new version of the Debug tab in the Apigee Proxy Editor. Following previous releases of new versions of the Overview and Develop tabs, this completes the initial release of the new Proxy Editor.
To view the new Debug tab, see Using Debug.
The Java 17 runtime for App Engine standard environment is now generally available.
The PHP 8.1 runtime for App Engine standard environment is now generally available.
The Python 3.10 runtime for App Engine standard environment is now generally available.
An updated version of JDBC driver for BigQuery is now available. This version includes a fix for an issue with connector returning stack overflow in some cases when executing complex long queries.
Cloud Functions now supports PHP 8.1 at the General Availability release level.
New sub-minor versions of Dataproc images:
1.5.71-debian10
, 1.5.71-rocky8
, 1.5.71-ubuntu18
2.0.45-debian10
, 2.0.45-rocky8
, 2.0.45-ubuntu18
For 1.5 images and the 2.0.45-ubuntu18 image, backported the upstream fix for KNOX-1997.
Lateral movement insights, which identify roles that allow a service account in one project to impersonate a service account in another project, are now generally available.
To reduce naming conflicts and improve memory usage, local scoping now applies to any variable created inside an except
block.
If you are assigning a variable inside an except
block and want to access the variable outside of the block, assign the variable before the block to place it in the surrounding scope.
June 30, 2022
Anthos Config ManagementShell access is disabled by default in the Config Sync hydration-controller
container. This disables the ability to use Kustomize remote bases. To use Kustomize remote bases, enable shell access by setting the field spec.override.enableShellInRendering: true
in RootSync and RepoSync.
Policy Controller now supports Cloud Monitoring. It will automatically export runtime metrics for both Cloud Monitoring and Prometheus. Users can also configure which monitoring backends metrics are exported to. To learn more, see Monitor Policy Controller.
Anthos Config Management is now compatible with GKE Autopilot with some cluster requirements. Policy Controller mutations are not compatible with Autopilot. Config Sync resource requests and limits adjustments will be further adjusted by GKE Autopilot. To learn more, see Install Config Sync.
Config Sync supports syncing configurations stored as OCI images in Google Artifact Registry or Container Registry as a preview feature. To learn more, see Publish config images to Artifact Registry.
Added a field spec.override.reconcileTimeout
in RootSync and RepoSync,
for configuring the threshold for how long to wait for resources in an apply group to reconcile before giving up. An apply group consists of resources without direct or indirect dependencies on each others.
The constraint template library includes a new template: K8sRequiredResources
. For reference see Constraint template library.
The template library's K8sProhibitRoleWildcardAccess
template now supports regular expression matching of clusterRole
names by using the new regexMatch
field.
The template library's K8sNoExternalServices
template supports a new field: cloudPlatform
.
Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: 206bbe9).
This release includes several Config Sync performance improvements:
- Config Sync reconciler now watches resources for status updates instead of polling, leading to faster, more responsive, and more efficient detection of object failure and reconciliation. This change also significantly reduces memory allocations for unchanged objects.
- Disable client-side throttling when server-side throttling is enabled (enabled by default on Kubernetes v1.20 and later). This significantly reduced sync latency at scale.
Config Sync removed resource limits from reconciler-manager
, reconciler
, and git-importer
to make them burstable.
Config Sync increased resource limits of admission-webhook
(cpu: 1, memory: 2Gi) and otel-agent
(cpu: 1, memory: 1Gi).
Fixed the issue causing the Config Sync webhook deployment to report readiness prematurely by adding a readiness probe that waits for the TLS certificate to be generated and injected by the sidecar.
Fixed the issue causing git-importer to wipe out non-blocking validation errors before retrying.
Fixed the issue causing reconciler to throw an error when deleting an object that was already deleted.
Fixed two issues when resources are marked unmanaged using the configmanagement.gke.io/managed: disabled
annotation:
- If a repo contains unmanaged resources on the initial sync, the sync fails.
- If a resource was deleted in the same commit where another resource is marked unmanaged, the deleted resource is not properly pruned.
On June 30, 2022 we released an updated version of Apigee X.
This release contains the Public Preview of Advanced API Security, which protects your APIs from unwanted requests, including attacks by malicious clients such as bots, and evaluates the security level of your API configurations.
Advanced API Security lets you:
- Create security reports to detect bots and other threats to your APIs.
- View security scores, which rate the security of your APIs and provide recommendations for improving security.
You are now able to configure the storage utilization target for a cluster when you use autoscaling for Cloud Bigtable. This feature is generally available (GA).
Preview: View your Google Kubernetes Engine (GKE) costs in Cloud Billing reports and cost data export to BigQuery
You can view your GKE costs by cluster, namespace, and pod labels in the Detailed cost export, and the built-in reports in the Google Cloud console.
Cloud Billing export to BigQuery
In the Detailed cost export to BigQuery, you can use the labels.key
column to filter the data by these label keys:
goog-k8s-cluster-name
: Filter your GKE resources by cluster.k8s-namespace
: Filter your GKE resources by namespace.k8s-label
: View all your GKE resources.
Cloud Billing reports
In the Cloud Billing report, Cost breakdown report, and Cost Table report, you can use the Label selector to filter and group your data by cluster or namespace, using one of these label keys:
goog-k8s-cluster-name
: Filter or group your GKE resources by cluster.k8s-namespace
: Filter or group your GKE resources by namespace.
To start viewing and analyzing your GKE cost data, see these pages:
Cloud Functions now supports Python 3.10 at the General Availability release level.
Managed Service for Prometheus: You can now query Cloud Monitoring metrics by using PromQL. For more information, see Mapping Monitoring metric names to PromQL.
The ANALYZE
DDL command allows administrators to manually update the query statistics package that the optimizer uses to build query execution plans. This complements the existing automatic updates to provide faster feedback cycles when data, queries, or indexes change frequently.
Generally available: You can now create shared reservations of Compute Engine zonal resources using the Google Cloud Console. Learn about shared reservations and creating a shared reservation.
Metadata federation is generally available (GA).
Metadata federation lets you access metadata that is stored in multiple Dataproc Metastore instances.
To set up a federation, you create a federation service and then configure multiple Dataproc Metastore instances as your backend metastores. The federation service then exposes a single gRPC endpoint, which you can use to access metadata across all of your metastore instances.
Private Service Connect for Dataproc Metastore is generally available (GA).
VPC Service Control support
Document AI VPC Service Controls provide additional security for your resources and services. To learn more about VPC Service Controls, see the VPC Service Controls overview.
To learn about the limitations when using Document AI with VPC Service Controls, see the supported products and limitations.
Eventarc support for Customer-Managed Encryption Keys (CMEK) using the Google Cloud CLI is available in Preview.
Filestore High Scale SSD tier is generally available (GA).
Google Cloud Armor now supports TCP Proxy load balancers and SSL proxy load balancers in General Availability For more information, see the security policy overview.
Advanced network DDoS protection is now available for network load balancers, protocol forwarding, and VMs with public IP addresses in public preview. For more information, see Configure advanced DDoS protection.
(2022-R16) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Control plane and node version 1.24.1-gke.1800 is now available.
- The following control plane versions are no longer available:
- 1.19.16-gke.9400
- 1.19.16-gke.11000
- 1.19.16-gke.11800
- 1.19.16-gke.13800
- 1.19.16-gke.14000
- 1.19.16-gke.14500
- 1.19.16-gke.15700
- 1.20.15-gke.6000
- 1.20.15-gke.8000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.
Stable channel
- Version 1.21.12-gke.1500 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.19.16-gke.11800
- 1.19.16-gke.13800
- 1.20.15-gke.8000
- 1.21.11-gke.1900
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.20.15-gke.8200
- 1.21.12-gke.1500
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.
Rapid channel
- Version 1.23.7-gke.1400 is now the default version in the Rapid channel.
- Version 1.24.1-gke.1800 is now available in the Rapid channel.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.15-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.7-gke.1400 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.
A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. Only clusters that run Container-Optimized OS are affected. GKE Ubuntu versions use either version 5.4 or 5.15 of the kernel and are not affected. For more information, refer to the GCP-2022-017 security bulletin.
GKE Cost Allocation has been released for public preview. With GKE Cost Allocation public preview, you will be able to see cost breakdowns in clusters for namespaces, and pod labels for utilized CPU and MEM. For complete details, refer to View detailed breakdown of cluster costs.
(2022-R16) Version updates
- Version 1.23.7-gke.1400 is now the default version in the Rapid channel.
- Version 1.24.1-gke.1800 is now available in the Rapid channel.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.15-gke.9900 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.7-gke.1400 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.
(2022-R16) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.20.15-gke.8200
- 1.21.12-gke.1500
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.
(2022-R16) Version updates
- Version 1.21.12-gke.1500 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.19.16-gke.11800
- 1.19.16-gke.13800
- 1.20.15-gke.8000
- 1.21.11-gke.1900
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.
(2022-R16) Version updates
- Control plane and node version 1.24.1-gke.1800 is now available.
- The following control plane versions are no longer available:
- 1.19.16-gke.9400
- 1.19.16-gke.11000
- 1.19.16-gke.11800
- 1.19.16-gke.13800
- 1.19.16-gke.14000
- 1.19.16-gke.14500
- 1.19.16-gke.15700
- 1.20.15-gke.6000
- 1.20.15-gke.8000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.
In June 2022, IAM had an issue that resulted in excess usage metrics for service accounts and service account keys when any of the following actions were performed:
- Listing service account keys
- Getting a service account key
- Disabling a service account key
- Enabling a service account key
Each time you took any of these actions, Cloud Monitoring recorded an authentication usage metric for the parent service account, and for each of its service account keys, regardless of whether you used the service account or its keys to authenticate. These excess metrics were visible in Cloud Monitoring, and in the metrics for individual service accounts and keys, from June 7, 2022, through June 17, 2022.
In addition, these excess metrics were visible in other systems that use data from Cloud Monitoring, including Activity Analyzer, which shows when service accounts and keys were used to authenticate, and service account insights, which provide findings about unused service accounts. Excess metrics were visible in these systems from June 7, 2022, through June 22, 2022.
This issue has been corrected, and Cloud Monitoring is no longer recording these excess metrics. However, the last authentication time for each service account and key will continue to reflect the excess metrics indefinitely, until you authenticate with the service account or key again.
The contacts
and indicator.signatures
attributes were added to the Finding
object.
- The
contacts
attribute is a map containing the contacts for the given finding. The key represents the type of contact, and the value contains a list of all contacts of that type. - The
indicator.signatures[]
attribute lists matched signatures that indicate that a given process is present in the environment.
For more information, see the API documentation for the Finding
object.
Support to add individual VPC networks to a perimeter is now available in Preview.
Previously, the entire VPC host project was added to a perimeter. VPC Service Controls now supports the following enhancements (Preview release):
- You can now add individual VPC networks as members of a perimeter.
- You can create an ingress rule to authorize individual VPC networks to access a perimeter.
Feature: Vertex AI Experiments is generally available (GA). Vertex AI Experiments helps users track and compare multiple experiment runs and analyze key model metrics.
Features supported by Experiments include:
- Vary and track parameters and metrics.
- Compare parameters, metrics, and artifacts between pipeline runs.
- Track steps and artifacts to capture the lineage of experiments.
- Compare vertex pipelines against Notebook experiments.
June 29, 2022
Anthos clusters on bare metalRelease 1.12.0
Anthos clusters on bare metal 1.12.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.0 runs on Kubernetes 1.23.
The dockershim component in Kubernetes enables cluster nodes to use the Docker Engine container runtime. However, Kubernetes 1.24 removed the dockershim component. Starting from Anthos clusters on bare metal 1.12.0, you will not be able to create new clusters that use the Docker Engine container runtime. All new clusters should use the default container runtime containerd
.
Improved cluster lifecycle functionalities:
Upgraded Anthos clusters on bare metal to use Kubernetes version 1.23.
Upgraded container runtime to
containerd
1.5.Updated preflight check to forward default SSH key if no key is provided.
Added support for new
GCPAccounts
field in the cluster configuration file. This field enables the assignment of acluster-admin
role to end-users.Added labels to control plane, control plane load balancer, and load balancer node pools, so that these different node pools can be distinguished from each other.
Added nodepool reference label to nodes so that worker nodes can be listed in the UI.
Observability:
GA: Added Summary API metrics. These metrics are scraped from the Kubernetes Summary API and provide CPU, memory, and storage metrics for Pods, containers, and Nodes.
Added separate flags to enable logging and monitoring for user applications separately:
EnableCloudLoggingForApplications
andEnableGMPForApplications
. The legacy flagEnableStackdriverForApplications
will be deprecated and removed in future releases.Preview: Added Google Cloud Managed Service for Prometheus to collect application metrics and monitor cluster health.
Upgraded GKE Metrics Agent (gke-metrics-agent) from version 1.1.0 to 1.8.3. This tool scrapes metrics from each cluster node and publishes them in Cloud Monitoring.
Added the following resource utilization metrics. For more information about these and other metrics, see View Anthos clusters on bare metal metrics:
container/cpu/request_utilization
container/cpu/limit_utilization
container/memory/request_utilization
container/memory/limit_utilization
node/cpu/allocatable_utilization
node/memory/allocatable_utilization
pod/volume/utilization
Added sample dashboards for monitoring cluster health to Cloud Monitoring sample dashboards. Customers can install these dashboards with one click.
Scoped down the RBAC permissions of
stackdriver-operator
, a component that performs logging and monitoring.
Security:
AIS CA deprecation. AIS certs are now signed by cluster CA.
Changed
ca-rotation
container image so that it uses a distroless rather than a Debian-based image.RBAC permissions of the
cluster-operator
component have been eliminated or reduced to address elevated permissions.GA: Anthos Identity Service LDAP authentication support.
Networking:
Preview: Enabled creation of IPv6 and Dual Stack LoadBalancer services. Border Gateway Protocol (BGP) is used for Dualstack clusters. Advertising IPv4 and IPv6 routes over IPv4 sessions is supported.
Preview: Added Network Connectivity Gateway feature support to provide HA VPN between Google Cloud and an on-premises Anthos cluster.
Known issues:
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
The BeyondCorp Enterprise client connector is now generally available. The client connector extends identity and context-aware access to non-web applications by creating a secure connection from endpoint devices to apps running in both Google Cloud and non-Google Cloud environments.
For more information, see Securing client-server applications.
You can now set the view
field in the tables.get()
API method to indicate which table information is returned. Setting the value to BASIC
reduces latency by omitting some storage statistics.
Previously, all BigQuery BI Engine projects had a maximum reservation size per project per location limit of 100 GB. This limit is now 250 GB. For more information, see BI Engine quotas and limits.
Chronicle Forwarder configuration on Linux has been updated to include two separate configuration files. The <x>.conf
file stores the configuration related to log ingestion. The <x>_auth.conf
file stores the authentication credentials.
For more information, see Installing and configuring the forwarder on Linux.
The Per-folder Roles Registration feature is rolled out to all regions.
Cloud Composer 1.19.2 and 2.0.19 images are available:
- composer-1.19.2-airflow-1.10.15 (default)
- composer-1.19.2-airflow-2.1.4
- composer-1.19.2-airflow-2.2.5
- composer-2.0.19-airflow-2.1.4
- composer-2.0.19-airflow-2.2.5
Customers enrolled in Key Access Justifications will now see justifications listed in Cloud Audit Logs for Cloud KMS.
You can now collect Apache Flink logs from the Ops Agent, starting with version 2.17.0. For more information, see Monitoring third-party applications: Flink.
Cloud Code Extension updated to 1.18.3
Update includes a new and improved Kubernetes development experience with the Development Sessions Explorer, support for private clusters, a refreshed welcome page, and more! Review the Cloud Code release notes for a complete list of features, updates, and fixes.
Cloud Shell Editor is built with Theia 1.25.0
Review the Theia release notes for a complete list of features/updates/bug fixes.
Cloud Shell now defaults to Python 3
Python 2 is still included as a development tool in Cloud Shell and may be invoked using python2
.
Query insights is now generally available. Query Insights helps you visually detect and identify query performance issues for Cloud Spanner databases. You can also dig deeper and analyse the query details to know the root cause of these issues.
To learn more, see Detect query performance issues with Query Insights.
Not-equal (!=), IN, and NOT_IN query filters now available in all client libraries:
- Java
- Python
- PHP
- Node.js
- C#
- Go
- Ruby
Google Cloud Deploy is now available in the following regions:
asia-east2
(Hong Kong)europe-west2
(London)europe-west3
(Frankfurt)us-east4
(N. Virginia)us-west2
(Los Angeles)
You can now give multiple containers time-shared access to the full compute resources of a single NVIDIA GPU accelerator. Time-sharing GPUs is generally available in GKE version 1.23.7-gke.1400 and later. For more information, refer to Time-sharing GPUs on GKE.
Identity Platform Web v9 modular SDK is now available at the GA stage. For details, see Upgrade to the modular Web SDK (v9) .
Expanded overwrite options are new generally available (GA). The overwriteWhen field can be used to specify whether data that already exists in the destination should be overwritten always, never, or only when ETags and checksum values indicate that the file has changed.
Metadata preservation options are now generally available (GA). This includes the option of preserving POSIX attributes and symlinks when transferring to, from, and between POSIX filesystems; as well as object ACLs, CMEK, temporary holds, and object creation time when transferring between Cloud Storage buckets.
See Metadata preservation for details.
Transfer Appliance now supports monitoring of the amount of data stored on your appliance, and whether online transfer is enabled, through Cloud Monitoring. See Monitor Transfer Appliance for details.
June 28, 2022
AlloyDB for PostgreSQLAlloyDB's Frequently asked questions page addresses common questions received by the AlloyDB support team during the product's public preview.
This is the General Availability release of Certificate Manager.
Cloud Bigtable now gives you the option to undelete a table for up to seven days from the time of deletion using the gcloud CLI
. This feature is generally available (GA).
We've added new features to view your billing information and cost estimates in the Google Cloud Console mobile app. You can view your cost trends and forecasts, the costs for your top project, and how much you're spending on your top Google Cloud services.
To see your billing data in the app, select the Billing tab in the navigation bar, then select Overview.
Attribution for your committed use discounts (CUDs) now appears at the same time as eligible usage.
Previously, the subscription fees and credits associated with your CUDs would appear in billing reports and BigQuery usage cost exports after the corresponding eligible resource usage. This could result in apparent spikes in cost if you viewed your billing data before the attribution process completed.
With this release, subscription fees and credits appear at the same time as eligible usage, meaning that your net costs are always accurate whenever you view your billing data.
Learn about how your CUD fees and credits are attributed across your resources.
The Cloud Healthcare API offers single-region support in the asia-southeast2 (Jakarta, Indonesia) region.
The new experience for creating metric-based alerting policies by using the Google Cloud console is now Generally Available. For more information, see Create metric-based alert policy.
A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.
A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.
The fix to the silent data corruption when using the CREATE INDEX CONCURRENTLY or REINDEX CONCURRENTLY SQL commands in PostgreSQL 14 (BUG #17485) is now available in the self-service maintenance release POSTGRES_14_2.R20220331.02_012 for PostgreSQL 14.2.
After applying the self service maintenance, you can fix any silent data corruption if it already happens using REINDEX CONCURRENTLY SQL command on the specific indexes, or reindexdb client command for your entire instance.
A second June maintenance changelog is now available. For more information, use the links at Maintenance changelog.
Cloud VPN no longer checks a peer's IKE identity.
This change simplifies the configuration of your VPN peers, because you no longer need to explicitly set a peer's IKE identity to a specific value.
Note: Some Cloud VPN tunnels that were previously unestablished due to unmatched IKE identity might now become established.
If you don't want the affected tunnels to become established, delete them as needed on the Cloud VPN side, on the on-premises side, or on both sides.
If you want the affected tunnels to become established, no action is required on your part.
Previously, Cloud VPN required peers to use an IKE identity of type ID_IPV4_ADDR
, which is equal to the peer's public IP address.
Removing this restriction enables easier interoperation with peers that don't support changing their IKE identity, especially when such peers are located behind NAT (Network Address Translation).
If you have any questions or require assistance, contact Google Cloud Support.
Eventarc is available in this region: europe-southwest1
(Madrid, Spain).
The ability to deploy to Anthos user clusters is now generally available.
The issuer switch, which is part of the Payment Gateway, is now Generally Available.
Newly published documentation about the issuer switch features and API is available here: Issuer switch documentation
Vertex AI Forecasting is available in GA. The following features are available:
You can now enable platform logging for reCAPTCHA Enterprise API calls. For more information, see Working with platform logs.
June 27, 2022
Apigee API hubOn June 27, 2022 Apigee hub released a new version of the software.
Bug ID | Description |
---|---|
227334287 | An improved error dialog is displayed when an error occurs on API delete. |
229852889 | Reference lists now filter out their parent API to prevent self-references. |
232250641 | Resource IDs generated from names are now automatically truncated or padded to conform to length requirements. |
236744313 | Fixed an issue where the spinning progress indicator would not go away. |
Regional support for default pools and build triggers is now generally available. To learn more, see Cloud Build locations.
Cloud Composer supports Per-folder Roles Registration.
Cloud Functions now supports Java 17 at the General Availability release level.
Improved performance when searching for large FHIR resources in the FHIR viewer.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.10.0 (2022-06-25)
Features
Documentation
Dependencies
The Cloud Logging agent version 1-18 for Windows is now available. This version updates the location of the position files so they are retained across upgrades. For installation information, see Installing the Cloud Logging agent.
Cloud SQL for MySQL supports in-place major version upgrades in Preview. You can upgrade your instance's major version to a more recent version. For more information, see Upgrade the database major version in-place.
Object Lifecycle Management now supports new conditions and a new action.
The
MatchesPrefix
andMatchesSuffix
conditions allow you to restrict lifecycle actions to objects with specific prefixes and suffixes.The
AbortIncompleteMultipartUpload
action allows you to remove abandoned XML API multipart uploads.
The XML API now supports setting a default Cloud KMS key on a bucket when creating the bucket.
GA: You can now use the SSH troubleshooting tool from the Cloud console to help you determine the cause of failed SSH connections. For more information, see SSH troubleshooting tool.
Support for Firebase Realtime Database is in Preview.
Support for schema extensions in Managed Microsoft AD is available for Preview. Learn how to extend the schema.
The maximum amount of active VMs has been increased from 100 to 200 VMs.
In the Cloud console, Policy Troubleshooter for IAM allow policies now reports if there are deny policies that could affect a principal's access.
Cloud Text-to-Speech now supports Neural2 voices in addition to Standard and WaveNet voice generation models. Neural2 uses Custom Voice technology without the need to train a unique voice. Neural2 voices are in Preview and are currently available in a single region for a limited number of languages.
June 24, 2022
Anthos clusters on VMwareThree new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.
hybrid v1.7.2
On June 24, 2022 we released an updated version of the Apigee hybrid software, v1.7.2.
For information on upgrading, see Upgrading Apigee hybrid to version 1.7.
Bug ID | Description |
---|---|
233094108 | Fixed Stacktrace truncation in runtime containers to support proxy diagnosis. |
236129944 | Fixed the controller crashloopbackoff resulting from null pointer. |
231313050 | Fixed issue causing Apigee logger pod to remain in crashloopbackoff state. |
236399482 | Added support for ASM v1.13. |
Cloud Bigtable is available in the us-east5
(Columbus) region. For more information, see Bigtable locations.
Database Migration Service now supports the migration of tables without primary keys in PostgreSQL. For tables that don't have primary keys, Database Migration Service supports the migration of the initial snapshot and INSERT
statements during the change data capture (CDC) phase. You should migrate UPDATE
and DELETE
statements manually. Click here to access the documentation.
You can now collect Jetty metrics from the Ops Agent, starting with version 2.17.0. For more information, see Monitoring third-party applications: Jetty.
You can now view the configuration of charts on a dashboard while the dashboard is in read-only mode. For more information, see Show the chart configuration.
Cloud TPU now supports TensorFlow 2.6.5 and TensorFlow 2.7.3.
For more information see TensorFlow 2.6.5 and TensorFlow 2.7.3 release notes.
Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. All Linux clusters (Container-Optimized OS and Ubuntu) are affected. For more information, refer to the GCP-2022-016 security bulletin.
You can now create dual-stack clusters in Alpha Compute Engine API-enabled projects with GKE versions 1.24.1-gke.1000 and later. With dual-stack networking, GKE assigns an IPv4 and an IPv6 address to the cluster nodes and Pods. You can create dual-stack Services of type ClusterIP or NodePort. This feature is now available in Preview. For more information, see the Dual-stack networking.
General Availability for the following integration:
June 23, 2022
Anthos clusters on AWSThree new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.
Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.
Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.
There is a bug in the Azure OS kernels used by some of the previous Anthos clusters on Azure versions. This bug will randomly cause disks to not mount in the OS when they are attached to the Azure VM. When this happens, clusters won't start up completely.
The following versions are affected:
- 1.21.11-gke.100
- 1.21.11-gke.1100
- 1.22.8-gke.200
- 1.22.8-gke.1300
Please always use the latest patch versions when creating a new cluster to avoid this issue.
For more information, see the Linux kernel bug.
Release 1.11.3
Anthos clusters on bare metal 1.11.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.3 runs on Kubernetes 1.22.
Fixes:
The following container image security vulnerabilities have been fixed:
Known issues:
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
On June 23, 2022 we released an updated version of the Apigee Integrations software.
Apigee Integration trials
Starting with this release, Apigee Integrations is available in an Apigee Eval org which lets you try out the integrations feature without getting billed for the usage. For information, see Enable integrations in an eval org.
Updates to SetIntegrationRequest policy
The SetIntegrationRequest policy has the following updates:
Support for ref attribute in the <Parameter>, <ParameterArray>, and <Value> elements. By using this attribute, you can assign flow variable values to the parameters.
Empty <Parameter> and <ParameterArray> elements are supported. However, if these elements are empty, Apigee treats the element value as null.
Empty <Value> element is not supported. If the element is empty, Apigee reports an error.
The BI Engine preferred tables feature lets you limit BI Engine acceleration to a specified set of tables. This feature is now in preview.
The earlier issue with DAG and task failures in Public IP environments in Cloud Composer 1 is now resolved for all impacted environments.
The apache-airflow-providers-google
package upgraded to 2022.6.22+composer
. Changes compared to version 2022.5.18+composer
:
- Fixed a regression in
BigQueryToGCPOpertor
after changes to links were introduced in #24416. - Fixed errors related to the usage of the
service_account
attribute byBeamRunJavaPipelineOperator
.
Cloud Composer uses a custom version of the apache-airflow-providers-google
package. This custom version is based on the public version 6.8.0
. For information about other changes compared to version 6.8.0
, see release notes for the previous versions of this package.
(Cloud Composer 2) Incremental task logs are now correctly refreshed and displayed in Airflow UI.
Cloud Composer 1.19.1 and 2.0.18 images are available:
- composer-1.19.1-airflow-1.10.15 (default)
- composer-1.19.1-airflow-2.1.4
- composer-1.19.1-airflow-2.2.5
- composer-2.0.18-airflow-2.1.4
- composer-2.0.18-airflow-2.2.5
Cloud Composer 1.18.12 is a version with an extended upgrade timeline.
Cloud Composer versions 1.16.7 and 1.17.0.preview.3 have reached their end of full support period.
CloudSQL for PostgreSQL now supports replication from an external server.
The PostgreSQL interface is now generally available, making the capabilities of Cloud Spanner accessible from the PostgreSQL ecosystem. It includes a core subset of the PostgreSQL SQL dialect, support for the psql command-line tool, native language clients, and integration into existing Google tools. For more information, see PostgreSQL interface.
(2022-R15) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.
Stable channel
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.19.16-gke.11000
- 1.20.15-gke.6000
- 1.21.11-gke.1100
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.20.15-gke.8000
- 1.21.11-gke.1900
- 1.22.8-gke.201
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.21.12-gke.1700
- 1.22.9-gke.1300
- 1.23.6-gke.1500
- 1.24.0-gke.1801
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11800 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.
(2022-R15) Version updates
- The following control plane and node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.
(2022-R15) Version updates
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.19.16-gke.11000
- 1.20.15-gke.6000
- 1.21.11-gke.1100
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.
(2022-R15) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.20.15-gke.8000
- 1.21.11-gke.1900
- 1.22.8-gke.201
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.
(2022-R15) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.21.12-gke.1700
- 1.22.9-gke.1300
- 1.23.6-gke.1500
- 1.24.0-gke.1801
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11800 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.
The Recommendations AI documentation set at https://cloud.google.com/retail/recommendations-ai/docs will be removed on July 5, 2022. This documentation set describes how to use the Recommendations console to manage and monitor Recommendations AI. We no longer recommend this console. After July 5, 2022, links to this documentation will redirect to the equivalent page in the Retail documentation at https://cloud.google.com/retail/docs.
We recommend that you use the Retail console to manage Recommendations AI. Find the documentation for the Retail console at https://cloud.google.com/retail/docs.
If you have not yet switched from the Recommendations console to the Retail console, see Switch to the Retail console.
June 22, 2022
ChronicleThe following supported default parsers have changed (listed by product name and ingestion label):
- Akamai WAF (AKAMAI_WAF)
- Aruba IPS (ARUBA_IPS)
- Azure AD Directory Audit (AZURE_AD_AUDIT)
- Carbon Black App Control (CB_APP_CONTROL)
- Check Point (CHECKPOINT_FIREWALL)
- Cisco ACS (CISCO_ACS)
- Cisco Email Security (CISCO_EMAIL_SECURITY)
- Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
- Cisco ISE (CISCO_ISE)
- Cisco Meraki (CISCO_MERAKI)
- Citrix Netscaler (CITRIX_NETSCALER)
- CloudM (CLOUDM)
- CrowdStrike Falcon (CS_EDR)
- EPIC Systems (EPIC)
- Forescout NAC (FORESCOUT_NAC)
- FortiGate (FORTINET_FIREWALL)
- GCP Compute (GCP_COMPUTE)
- IBM DataPower Gateway (IBM_DATAPOWER)
- Imperva (IMPERVA_WAF)
- JAMF Protect (JAMF_PROTECT)
- Linux Auditing System (AuditD) (AUDITD)
- Microsoft Exchange (EXCHANGE_MAIL)
- Netskope (NETSKOPE_ALERT)
- Office 365 (OFFICE_365)
- Okta (OKTA)
- Preempt Alert (PREEMPT)
- RSA (RSA_AUTH_MANAGER)
- SentinelOne EDR (SENTINEL_EDR)
- ServiceNow CMDB (SERVICENOW_CMDB)
- Sourcefire (SOURCEFIRE_IDS)
- Suricata IDS (SURICATA_IDS)
- Symantec Web Isolation (SYMANTEC_WEB_ISOLATION)
- Tripwire (TRIPWIRE_FIM)
- Unix system (NIX_SYSTEM)
- VMware AirWatch (AIRWATCH)
- VMware ESXi (VMWARE_ESX)
- VMware NSX (VMWARE_NSX)
- WatchGuard (WATCHGUARD)
- Workspace Alerts (WORKSPACE_ALERTS)
- Zscaler (ZSCALER_WEBPROXY)
For details about changes in each parser, see Supported default parsers.
Preview: You can now get cost insights in the Recommender API, and use them to detect anomalies in your costs. For example, you see a cost insight in the API if your costs for a day are significantly higher or lower than your typical daily costs.
The CPU utilization observability metric is incorrect for VMs that use one thread per core. For more information, see Known issues.
To deliver a better default price-performance for applications, all GKE clusters created with control plane version 1.24 and later have the Balanced Persistent Disk (PD) by default for attached volumes. Additionally, the node boot disk default has also been changed to Balanced Persistent Disk (PD).
The new default for attached volumes is applied to all clusters running control plane version 1.24 and later. The new default node boot disk is applied to all new node pools of any node pool version created in a cluster with control plane version 1.24 and later. Existing preferences will not be changed.
For more information on boot disks, see Configuring a custom boot disk.
For more information on attached volumes see Persistent volumes and dynamic provisioning.
Private Service Connect supports publishing a service that is hosted on an internal regional TCP proxy load balancer in a service producer VPC network. The backends can be located in Google Cloud, in other clouds, in an on-premises environment, or any combination of these locations.
This feature is available in Preview.
June 21, 2022
Apigee Integrated PortalOn June 21, we released an updated version of Apigee integrated portal.
Added the ability to sort by Name and Created fields in the Apps and Teams tables. Click the column heading to sort.
On June 21, 2022 we released an updated version of the Apigee UI,
The Data Collectors UI is now generally available.
A search bar has been added to the new Proxy Editor Develop view. This lets you search for items within a proxy or sharedflow bundle.
On June 21, 2022, we released an updated version of Apigee X (1-8-0-apigee-18).
Bug ID | Description |
---|---|
234355351 | Fixed issue with message processor pods restarting frequently. Added backoff polling task for Cloud KMS key listener. The listener is paused only when the flush policy is met. |
N/A | Upgraded infrastructure and libraries. |
Query queues are now available in preview for on-demand and flat-rate customers. When query queues are enabled, BigQuery automatically determines the query concurrency rather than setting a fixed limit. Flat-rate customers can override this setting with a custom concurrency target. Additional queries beyond the concurrency target are queued until processing resources become available.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
You can enable an instance to publish to a subscriber that is external (or internal) to Cloud SQL. In this scenario, Cloud SQL for SQL Server can act as a publisher to an external subscriber. This functionality, which is generally available, uses transactional replication.
For more information, see Configure external replicas.
In Cloud SQL, you can use SQL Server Audit capabilities to track and log server-level and database-level events. This functionality is generally available.
For more information, see SQL Server database auditing.
Config Connector version 1.89.0 is now available.
Added support for PubSubSchema
resource.
Added spec.cdnPolicy.cacheKeyPolicy
field to ComputeBackendBucket
.
Fixed bulk-export for MonitoringAlertPolicy
.
New sub-minor versions of Dataproc images:
1.5.70-debian10
, 1.5.70-rocky8
, 1.5.70-ubuntu18
2.0.44-debian10
, 2.0.44-rocky8
, 2.0.44-ubuntu18
Dataproc Metastore: For 1.5 images, added a spark.hadoop.hive.eager.fetch.functions.enabled
Spark Hive client property to control whether the client fetches all functions from Hive Metastore during initialization. The default setting is true
, which preserves the existing behavior of fetching all functions. If set to false
, the client will not fetch all functions during initialization, which can help reduce high latency during initialization, particularly when there are many functions and the Metastore is not located in the client's region.
For 1.5 and 2.0 images, backported YARN-9608 to fix the issue in graceful decommissioning.
The Dialogflow CX search feature is now GA (generally available).
Inventory retrieval for Local VMWare, Google Compute Engine, and Migrate for Compute Engine v5 source providers
A VM inventory is now available for local VMWare, Google Computer Engine, and Migrate 4 Computer Engine v5 source providers and is accessible through both Cloud Console and migctl
. Using this feature, the list of candidate VMs for migration can be viewed for a given source, including the VM ID required to start a new migration.
To access the inventory through Cloud Console: go to your sources page, and select a source from the dropdown.
To access the inventory through migctl run the
migctl source list-vms <my-source>
command.
Tomcat health probes
Tomcat deployments will use Kubernetes readiness and liveness probes by default. Users can disable or modify those probes while editing the migration plan. Use health probes to provide better pod management and reduce down time during scaling and rolling updates. To learn more about the available probes, see Set Tomcat health probes.
Linux Service Manager health probes
Linux Service Manager deployments will use Kubernetes readiness and liveness probes by default. Users can select which services are probed while editing the migration plan. Use health probes to provide better pod management and reduce down time during scaling and rolling updates. To learn more about the available probes, see Set Linux v2kServiceManager health probes.
Migration fit assessment
Migrate to Containers offers a fit assessment tool that runs on a VM workload to determine the workload's fit for migration to a container. To learn more about the tool see, Using the fit assessment tool.
Windows features
The following functions were added to the Windows IIS migration flow:
- MSVC Runtime support - The migration flow will discover Microsoft Visual C++ runtime libraries installed on the source VM and will allow installing these runtimes on the migrated container.
- PATH environment variable extraction - The migration flow will discover additional PATH variable entries and will add them to the PATH variable in the migrated container.
Wrong default value was set for serverautostart in Windows IIS migration. sites were not started in some cases.
migctl
fails to get artifacts getting EOF from storage provider.
Prevent concurrent migrations on the same migrating VM. In rare cases, when doing two m4ce migrations on the same source VM, both migrations could fail due to interfering with each other's operations.
In some cases where strict network policies were applied, GKE failed to apply AppArmor profiles which are needed for M2C and failed to upgrade, causing the cluster to be in an usable state.
Workflows can invoke private on‑premises, Compute Engine, Google Kubernetes Engine (GKE), or other Google Cloud endpoints that are Identity-Aware Proxy (IAP)-enabled.
June 20, 2022
Cloud ComposerIn July 2022, Cloud Composer 2 environments created in Cloud console will use Private Service Connect configuration by default.
In July 2022, Cloud Composer 1 environments created in Cloud console will use the latest available version of Airflow 2 by default.
Cloud Load Balancing introduces a new version of the external HTTP(S) load balancer. The new global external HTTP(S) load balancer with advanced traffic management capabilities contains many of the features of our existing classic HTTP(S) load balancer, but with an ever-growing list of traffic management capabilities such as weighted traffic splitting, request mirroring, outlier detection, fault injection, and so on.
For details on the new load balancer, see:
- External HTTPS(S) Load Balancing overview
- Load balancer features (External HTTP(S) > Global )
- Setting up a global external HTTP(S) load balancer
- Traffic management for global external HTTP(S) load balancers
This load balancer is available in General Availability.
Support for VPC Service Controls is generally available (GA).
June 17, 2022
Anthos Service MeshThe Fleet Feature API (mesh.googleapis.com
) now enables the Connect Gateway API (connectgateway.googleapis.com
). This change does not incur any additional cost.
Config Controller now uses version 1.87.0 for Config Connector (release notes)
Datastore now supports the not-equal (!=
), IN
and NOT_IN
query filters.
The filters are now available in the Google Cloud console and the following client libraries:
- Java
- Python
- PHP
- Node.js
A feature for protecting tag values from being deleted has launched into general availability. If a tag value has a tag hold, it cannot be deleted by users unless the tag hold is first deleted. For more information about tag holds, see Protecting tag values with tag holds.
Support for IAM resource-level policies for Vertex AI featurestore and entityType resources is available in Preview.
June 16, 2022
Anthos clusters on VMwareAnthos clusters on VMware 1.10.5-gke.26 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.5-gke.26 runs on Kubernetes 1.21.5-gke.1200.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.
Fixed for version 1.10.5
Fixed the issue where admin cluster backup did not back up always-on secrets encryption keys. This caused repairing an admin cluster using
gkectl repair master --restore-from-backup
to fail when always-on secrets encryption was enabled.Fixed the issue of high resource usage when AIDE runs as a cron job by disabling AIDE by default. This fix will affect compliance with CIS L1 Server benchmark 1.4.2:
Ensure filesystem integrity is regularly checked.
To re-enable the AIDE cron job, see Configure AIDE cron job.
Fixed the following vulnerabilities
High-severity container vulnerabilities:
Critical container vulnerabilities:
Container-optimized OS and Ubuntu vulnerabilities:
- CVE-2022-29581
- CVE-2022-29582
- CVE-2022-1116
- CVE-2022-1786 on COS. Ubuntu versions used by Anthos clusters on VMware are not affected by this vulnerability.
Preview: Windows VMs now support SSH connections from the gcloud CLI. For more information, see Connect to Windows VMs using SSH.
Support for 3rd generation AMD EPYC Milan processors on general purpose N2D machine types is now generally available, featuring:
- AMD Secure Encrypted Virtualization (SEV) which can encrypt the memory of the VM to protect data in-use
Support for compute-optimized C2D machine types is now generally available, featuring:
- 3rd generation AMD EPYC Milan processors
- AMD Secure Encrypted Virtualization (SEV) which can encrypt the memory of the VM to protect data in-use
- Large VM sizes
- Optimized for high-performance computing (HPC)
Datastream now supports the use of tags on its resources, which include private connectivity configurations, connection profiles, and streams. Tags are key-value pairs that you can apply to your Datastream resources for fine-grained access control. To learn more, see Access control with tags. To use tags, see Manage tags.
You can now order Transfer Appliance from the Cloud console, as well as view, track, and manage your orders and appliances. For more info, see the Order Transfer Appliance page.
June 15, 2022
Assured WorkloadsThe ability to restrict resource creation of global security configuration to comply with data residency requirements is now GA.
Advanced networking capabilities for Bare Metal Solution–Enables you to use the following features:
- Add multiple VLANs on the same bonded server interface.
- Configure multiple VLAN attachments over a Partner Interconnect connection to your Bare Metal Solution environment.
- Connect the Bare Metal Solution environment to more than one Virtual Private Cloud (VPC) in your Google Cloud project.
- Use network templates to enable a flexible