Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list, see the individual product release note pages .

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

April 15, 2021

AI Platform (Unified)

The Python client library for AI Platform (Unified) is now called the AI Platform (Unified) SDK. With the release of version 0.7 (Preview), the AI Platform (Unified) SDK provides two levels of support. The high-level aiplatform library is designed to simplify common data science workflows by using wrapper classes and opinionated defaults. The lower-level aiplatform.gapic library remains available for those times when you need more flexibility or control. Learn more.

Compute Engine

You can now see additional metrics for your managed instance groups from the Instance Groups Monitoring tab. Metrics include: group size, CPU utilization, disk I/O, and more. Use the time range picker to select the time window for the charts and view the corresponding logs from the integrated logs viewer panel. Follow the links on each chart to create alerts or to analyze the details in the Cloud Operations Metrics Explorer.

Memorystore for Redis

Added new Memorystore for Redis region: Warsaw (europe-central2).

SAP on Google Cloud

SAP HANA high-availability configurations on Red Hat: If you configured a RHEL HA cluster for SAP HANA before April 15, 2021 by following the Google Cloud documentation, you need to modify the location constraints of your cluster fencing devices to avoid possible race conditions during failovers.

To see the updated documentation to correct the issue, see Set up fencing, step 1.b.

April 14, 2021

App Engine standard environment Go

Serverless VPC Access support for Shared VPC is now generally available.

Serverless VPC Access support for Shared VPC is now generally available.

App Engine standard environment Java

Serverless VPC Access support for Shared VPC is now generally available.

Serverless VPC Access support for Shared VPC is now generally available.

App Engine standard environment Node.js

Serverless VPC Access support for Shared VPC is now generally available.

App Engine standard environment PHP

Serverless VPC Access support for Shared VPC is now generally available.

App Engine standard environment Python

Serverless VPC Access support for Shared VPC is now generally available.

Serverless VPC Access support for Shared VPC is now generally available.

App Engine standard environment Ruby

Serverless VPC Access support for Shared VPC is now generally available.

Cloud Run

Cloud Run is now available in europe-central2 (Warsaw)

Dialogflow

The "Auto-preview changes" option was removed from the Dialogflow ES Google Assistant integration.

Google Cloud Armor

Subscribers of Managed Protection Plus are now eligible to receive reactive or proactive DDoS response support from Google's DDoS mitigation experts to help triage and mitigate ongoing attacks, as well as DDoS bill protection to provide credits for some bill spikes caused by increased GCP usage as a result being target by a DDoS attack.

For more information, see the public docs.

Managed Protection Plus subscribers are also eligible to receive reactive or proactive DDoS response support from Google's DDoS mitigation experts to help triage and mitigate ongoing attacks, as well as DDoS bill protection to provide credits for some bill spikes caused by increased GCP usage as a result being target by a DDoS attack.

For more information, see the public docs.

Subscribers of Managed Protection Plus are also eligible to receive reactive or proactive DDoS response support from Google's DDoS mitigation experts to help triage and mitigate ongoing attacks, as well as DDoS bill protection to provide credits for some bill spikes caused by increased GCP usage as a result being target by a DDoS attack.

For more information, see the public docs.

Google Kubernetes Engine

(2021-R12) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Version 1.17.17-gke.3000 is now the default version in the Stable channel.
  • Version 1.17.17-gke.3700 is now available in the Stable channel.
  • Version 1.17.17-gke.2800 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.16 to version 1.17.17-gke.3000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.17 to version 1.17.17-gke.3000 with this release.

Regular channel

  • Version 1.19.8-gke.1600 is now available in the Regular channel.
  • Version 1.18.16-gke.302 is no longer available in the Regular channel.

Rapid channel

  • Version 1.19.9-gke.100 is now the default version in the Rapid channel.
  • Version 1.19.9-gke.700 is now available in the Rapid channel.
  • Version 1.20.5-gke.800 is now available in the Rapid channel.
  • Version 1.19.8-gke.2000 is no longer available in the Rapid channel.
  • Version 1.20.5-gke.101 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.9-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.9-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.800 with this release.

1.19 GA

GKE version 1.19 is now generally available (GA).

Before upgrading to 1.19, read the Kubernetes 1.19 Release Notes especially the Urgent upgrade notes.

See below for notable changes and features in version 1.19.

The basic authentication method is no longer available starting with Kubernetes version 1.19. GKE clusters also no longer support basic authentication as they gradually upgrade to Kubernetes version 1.19. Basic authentication has been disabled by default for new GKE clusters since GKE version 1.12 and its usage has been discouraged in the Hardening your cluster's security guide. Migrate away from basic authentication before your cluster control planes are upgraded to Kubernetes version 1.19 to ensure your API clients can continue accessing the API server. To learn more about recommended authentication methods in GKE, see Authenticating to the Kubernetes API Server.

Admission webhooks and custom resource conversion webhooks must use serving certificates that contain the server name in a subjectAltName extension. Server names in the certificate CommonName will not be honored in future versions.

kube-proxy now uses EndpointSlices by default.

With the release of GKE node version 1.19, the Container-Optimized OS with Docker (cos) variant is deprecated. Please migrate to the Container-Optimized OS with Containerd (cos_containerd) variant, which is now the default GKE node image. For instructions, see Containerd images.

Seccomp General Availability (GA)

Seccomp (secure computing mode) support for Kubernetes has graduated to General Availability (GA). This feature can be used to increase the workload security by restricting the system calls for a Pod (applies to all containers) or individual containers.

A new seccompProfile field is added to Pod and Container securityContext objects, starting in Kubernetes version 1.19.

securityContext:
  seccompProfile:
    # "Unconfined", "RuntimeDefault", or "Localhost"
    type: Localhost
    # only necessary if type == Localhost
    localhostProfile: my-profiles/profile-allow.json

The alpha seccomp annotations seccomp.security.alpha.kubernetes.io/pod and container.seccomp.security.alpha.kubernetes.io/... are deprecated in favor of the GA API field. The alpha annotations will not be honored in Kubernetes versions 1.22 and later.

Prepare for transition

If you are currently using Seccomp annotations on Pods or Containers, you should identify and transition workloads using the annotations to set the API fields before version 1.21 is released on GKE (approximately in June 2021). No change on PodSecurityPolicy is required, as it supports both annotation and field seccomp profiles. You can perform the following recommended steps:

Locate Seccomp annotation usages

In your Kubernetes manifest files, search for "seccomp.security.alpha.kubernetes.io/pod" and "container.seccomp.security.alpha.kubernetes.io/".

Add or update securityContext fields

Based on your annotation usage, add or update (if securityContext already exists) the securityContext field in the Pod or Container spec. The annotations can be left in place, but must match the securityContext API field.

Current annotation usage Add or update securityContext
seccomp.security.alpha.kubernetes.io/pod In the Pod's securityContext, add the seccompProfile field.
container.seccomp.security.alpha.kubernetes.io/container-name In the container-name container's securityContext, add the seccompProfile field.

Set values for seccompProfile

The type field of seccompProfile corresponds to the annotation value, and localhostProfile field corresponds to the path following localhost annotation value.

Current annotation value seccompProfile value
unconfined
seccompProfile:
 type: Unconfined
runtime/default or docker/default
seccompProfile:
 type: RuntimeDefault
localhost/path/to/profile.json
seccompProfile:
 type: Localhost
 localhostProfile: path/to/profile.json

More resources

The widely used Ingress API has graduated to general availability in Kubernetes 1.19. The v1beta1 Ingress API is deprecated, and will no longer be served in versions 1.22 and later. Before version 1.21, identify and transition clients and manifests using the v1beta1 Ingress API to use networking.k8s.io/v1.

Clusters with Google Cloud's operations suite enabled can use the following query to identify clients that access the Ingress v1beta1 APIs:

resource.type="k8s_cluster"
resource.labels.cluster_name="$CLUSTER_NAME"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.request.apiVersion=("extensions/v1beta1" OR "networking.k8s.io/v1beta1")
protoPayload.request.kind="Ingress"
NOT ("kube-system")

Identify and transition clients and manifests using the v1beta1 Ingress APIs to use networking.k8s.io/v1 before version 1.21 is released on GKE (approximately in June 2021), then verify no clients are using the v1beta1 API during the version 1.21 timeframe. Workloads using the v1beta1 APIs need to be upgraded before your cluster is upgraded to GKE 1.22.

To migrate manifests to networking.k8s.io/v1, perform the following:

  1. Rename the spec.backend field (if specified) to spec.defaultBackend.
  2. Rename each backend.serviceName field to backend.service.name.
  3. Rename each numeric backend.servicePort field to backend.service.port.number.
  4. Rename each string backend.servicePort field to backend.service.port.name.
  5. Specify a pathType field for each defined path. Options are Prefix, Exact, and ImplementationSpecific. To match the undefined v1beta1 behavior, use ImplementationSpecific.

As an example, to migrate this v1beta1 manifest to v1:

Original v1beta1 manifest Equivalent networking.k8s.io/v1 manifest
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: example
spec:
  backend:
    serviceName: default-backend
    servicePort: 80
  rules:
  - http:
      paths:
      - path: /testpath
        backend:
          serviceName: test
          servicePort: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example
spec:
  defaultBackend:
    service:
      name: default-backend
      port:
        number: 80
  rules:
  - http:
      paths:
      - path: /testpath
        pathType: ImplementationSpecific
        backend:
          service:
            name: test
            port:
              number: 80

CertificateSigningRequest v1 API

The CertificateSigningRequest API has graduated to certificates.k8s.io/v1 in Kubernetes 1.19. The v1beta1 CertificateSigningRequest API is deprecated and will no longer be served in version 1.22 and later.

Clusters with Google Cloud's operations suite enabled can use the following query to identify clients that access the CertificateSigningRequest v1beta1 APIs:

resource.type="k8s_cluster"
resource.labels.cluster_name="$CLUSTER_NAME"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.request.apiVersion="certificates.k8s.io/v1beta1"
NOT ("kube-system")

Identify and transition clients and manifests using the v1beta1 CertificateSigningRequest API to use certificates.k8s.io/v1 before version 1.21 is released on GKE (approximately in June 2021), then verify no clients are using the v1beta1 API during the version 1.21 timeframe. Workloads using the v1beta1 API need to be upgraded before your cluster is upgraded to GKE version 1.22.

Differences between the v1beta1 and v1 API are as follows:

  • For API clients requesting certificates:
    • spec.signerName is now required, and requests for kubernetes.io/legacy-unknown are not allowed to be created via the certificates.k8s.io/v1 API.
    • spec.usages is now required, may not contain duplicate values, and must only contain known usages.
  • For API clients approving or signing certificates:
    • status.conditions may not contain duplicate types.
    • status.conditions[*].status is now required.
    • status.certificate must be PEM-encoded, and must contain only CERTIFICATE blocks.

Admission webhooks and custom resource conversion webhooks using invalid serving certificates that do not contain the server name in a subjectAltName extension cannot be contacted by the Kubernetes API server in 1.19 prior to version 1.19.9-gke.400. This will be resolved in version 1.19.9-gke.400, and automatic upgrades from 1.18 to 1.19 will not begin until this issue is resolved. However, affected webhooks should work to correct their serving certificates in order to work correctly with Kubernetes version 1.22 and later.

Service API objects with more than 100 ports do not work correctly with EndpointSlices (https://issue.k8s.io/99382). This will be resolved in version 1.19.9-gke.600, and automatic upgrades from 1.18 to 1.19 will not begin until this issue is resolved.

Virtual Private Cloud

Access to Google APIs and services using Private Service Connect is now available in General Availability.

Using non-RFC 1918 addresses for Private Service Connect endpoints results in unexpected costs due to a billing issue. To prevent this issue, avoid using non-RFC 1918 IP addresses and instead use RFC 1918 IP addresses for Private Service Connect endpoints. If you are affected by this issue, contact your account team for remediation.

April 13, 2021

Anthos Config Management

Anthos Config Management v1.7.0 included several Kubernetes library updates, one of these updates made checks for Resource types more strict. As a consequence, Config Sync users upgrading from an older version of Anthos Config Management may see errors in the form KNV9998: failed to encode declared fields: internal error: ....resources.limits.cpu: expected string, got &value.valueUnstructured{Value:2}. As a workaround, all resource declarations should be specified as strings.

App Engine flexible environment .NET

App Engine is now available in the europe-central2 region (Warsaw).

App Engine flexible environment Go

App Engine is now available in the europe-central2 region (Warsaw).

App Engine flexible environment Java

App Engine is now available in the europe-central2 region (Warsaw).

App Engine flexible environment Node.js

App Engine is now available in the europe-central2 region (Warsaw).

App Engine flexible environment PHP

App Engine is now available in the europe-central2 region (Warsaw).

App Engine flexible environment Python

App Engine is now available in the europe-central2 region (Warsaw).

App Engine flexible environment Ruby

App Engine is now available in the europe-central2 region (Warsaw).

App Engine flexible environment custom runtimes

App Engine is now available in the europe-central2 region (Warsaw).

App Engine standard environment Go

App Engine is now available in the europe-central2 region (Warsaw).

App Engine standard environment Java

App Engine is now available in the europe-central2 region (Warsaw).

App Engine is now available in the europe-central2 region (Warsaw).

App Engine standard environment Node.js

App Engine is now available in the europe-central2 region (Warsaw).

App Engine standard environment PHP

App Engine is now available in the europe-central2 region (Warsaw).

App Engine is now available in the europe-central2 region (Warsaw).

App Engine standard environment Python

App Engine is now available in the europe-central2 region (Warsaw).

App Engine is now available in the europe-central2 region (Warsaw).

App Engine standard environment Ruby

App Engine is now available in the europe-central2 region (Warsaw).

Cloud Spanner

Transaction statistics now includes information about commit retries to help users debug performance issues caused by transaction aborts.

Compute Engine

Generally available: VM Manager integration with VPC Service Control.

Generally available: You can now configure schedule-based autoscaling for your managed instance groups. Schedule-based autoscaling lets you improve the availability of your application by scheduling capacity ahead of anticipated load.

Datastore

Support for the europe-central2 (Warsaw) region.

Dialogflow

Preview launch of the Voximplant integration for Dialogflow CX.

Preview launch of the Facebook Messenger integration for Dialogflow CX.

Preview launch of the LINE integration for Dialogflow CX.

Firestore

Support for the europe-central2 (Warsaw) region.

Traffic Director

Traffic Director now supports the Client Status Discovery Service (CSDS) API, enabling you to see which clients are connected to Traffic Director and to inspect the configuration that Traffic Director generates for its clients. For more information, see Understanding Traffic Director client status.

April 12, 2021

BigQuery

The BigQuery Admin Resource Charts Preview is now available for Reservation users, enabling administrators to more easily monitor and troubleshoot their BigQuery environment. It provides visibility into key metrics such as slot consumption, job concurrency, and job execution time across the entire organization.

Cloud Functions

Cloud Functions is now available in the following region:

  • europe-central2 (Warsaw)

See Cloud Functions Locations for details.

Cloud Logging

Shared queries are now generally available (GA). To learn more, see Shared queries.

Cloud Monitoring

The dashboard save feature now displays the date and time of the last save operation. You can also disable and enable autosave. For more information, see Configuring dashboards.

Traffic Director

Traffic Director now supports TCP-based services in GA. This brings service discovery, global load balancing, failover and many other Traffic Director capabilities to your non-HTTP services. See the setup guide to get started and the target proxies documentation for helpful background information.

April 09, 2021

BigQuery

BigQuery now has better support for loading ENUM and LIST types in Parquet files.

  • ENUM logical types can be converted to STRING or BYTES.
  • Schema inference is supported for LIST logical types.

For more information, see Loading Parquet data from Cloud Storage.

Cloud Monitoring

Cloud Monitoring has changed the default behavior for when notifications are sent. For new alerts, the default behavior is to send a notification only when the incident is created. For all alerts, the alert's Policy detail page displays when notifications are sent. To change this behavior, edit the policy. For more information, see Managing Policies.

Document AI

Procurement DocAI General availability (GA) release

Procurement DocAI (PDAI) solution is now available in private General Availability (GA).

This includes the following processors:

Human in the Loop (HITL) support for Procurement DocAI processors

Procurement DocAI processors now support Human in the Loop (HITL) AI platform functionality supporting human revisions of predictions.

Invoice parser behavior update

The invoice parser behavior has been updated to include the following features:

  • Offers extended support for the following languages (in addition to English):
    • French
    • Dutch
    • German
    • Spanish
  • Improves supplier parsing accuracy with Knowledge Graph support.
  • Improves prediction quality (accuracy).
  • Extends the header and line item fields extracted by the parser.
  • Increased the number of pages for online processing (10 pages) and offline processing (200 pages).
  • Increased the number of documents per batch in offline processing (50 documents).

Expense parser (Receipt parser) behavior update

The expense parser behavior has been updated to include the following features:

  • Renamed Receipt parser to Expense parser.
  • Improved prediction quality.
  • Improved prediction quality for English, French, and Dutch for more expense types (for example hotel statements).

Human in the Loop (HITL) AI General Availability (GA) released

HITL AI is now available in Private General Availability (GA) for human review of Invoice, Expense, and Utility parser predictions.

Features:

  • HITL configuration enhanced to designate which fields need review and whether a field is mandatory, saving review time.
  • Labeler UI highlights the fields below a confidence score and supports single-click confirmation to improve review efficiency.
  • Labeling Manager shows analytics and metrics by task and by labeler to streamline HITL operations.
Google Cloud VMware Engine

Added global quota limits for VMware Engine nodes so users have more flexibility in distributing resources across regions.

For details, see Quotas and limits.

Updated the display name of VMware Engine quota entries to reflect the resource type and assignment level. Quotas available to assign for VMware Engine are as follows:

  • VMware Engine standard 72 vCPUs nodes across regions
  • VMware Engine standard 72 vCPUs nodes per region
Identity and Access Management

Workload identity federation is now generally available. You can use workload identity federation to grant access to Google Cloud resources from on-premises and multi-cloud workloads.

Text-to-Speech

Text-to-Speech now offers voices in the following new languages. See the supported voices page for a complete list of voices and audio samples.

  • es-US (Spanish, US)
  • af-ZA (Afrikaans, South Africa)
  • bg-BG (Bulgarian, Bulgaria)
  • ca-ES (Catalan, Spain)
  • is-IS (Icelandic, Iceland)
  • lv-LV (Latvian, Latvia)
  • sr-RS (Serbian, Cyrillic)

April 08, 2021

Cloud Bigtable

Cloud Bigtable support for customer-managed encryption keys (CMEK) is now generally available.

Cloud Composer

Airflow 1.10.15 is available in Cloud Composer images.

New versions of Cloud Composer images:

  • composer-1.16.0-airflow-1.10.15
  • composer-1.16.0-airflow-1.10.14 (default)
  • composer-1.16.0-airflow-1.10.12
  • composer-1.16.0-airflow-1.10.10

In Airflow 1.10.14, PythonVirtualenvOperator now uses the Python version of the environment when a Python version is not specified.

Environments with already deleted GKE clusters can now be deleted as usual. Deleting such environments no longer requires a workaround.

Cloud Operations Suite

The Google Cloud Ops Agent is now available in Preview. This agent combines logging and metrics into a single agent that is targeted toward specialized logging workloads that require higher throughput and improved resource efficiency. It supports both Linux and Windows Compute Engine VMs.

Cloud Operations now offers the ability to install the Google Cloud Ops Agent via Ansible on Linux and Windows Compute Engine VMs.

Cloud Operations now offers the ability to provision the Google Cloud Ops Agent via Terraform on Linux and Windows Compute Engine VMs.

Compute Engine

Generally available: Predictive autoscaling for managed instance groups lets you improve the availability of your workloads by using Machine Learning to predict future demand and create virtual machines ahead of forecasted load.

Config Connector

Config Connector version 1.45.0 is now available.

Added support for OSConfigGuestPolicy, IdentityPlatformTenant, IdentityPlatformOAuthIDPConfig and IdentityPlatformTenantOauthIDPConfig.

Added proxyBind field to ComputeTargetHTTPProxy, ComputeTargeHTTPSProxy, and ComputeTargetTCPProxy.

Added enableStreamingEngine field to DataflowJob.

Fixed issue where folderRef/organizationRef could not be defaulted from folder-id/organization-id annotations when creating Project/Folder resources with server-side apply. (More details can be found here).

Supported a viewer cluster role so that resources can be referenced cross namespaces in namespaced mode. (Issue #407)

Updated the structs' name of any field FooBar to be KindFooBar in Go Client resources. This ensures that the struct names are unique within a Go package.

Fixed the ListMeta type in Go Client (Issue #422).

April 07, 2021

BigQuery

Beginning in early Q3 2021, BigQuery Storage Read API will start charging for network egress. In addition, BigQuery Storage Read API will become available in all locations, with appropriate pricing. Another release note will be issued when these changes take effect.

Cloud CDN

Serve stale, bypassing cache, and negative caching are now Generally Available.

These features are available when configuring Cloud CDN enabled backend services and backend buckets in the Cloud Console, in addition to the gcloud SDK and REST API.

Cloud CDN now supports configuring negative caching for HTTP 302 (Found) and HTTP 307 (Temporary Redirect) status codes.

To learn how to enable negative caching for these status codes, visit the documentation.

Dialogflow

The following languages are now supported by Dialogflow CX:

  • Arabic
  • Bengali
  • Filipino
  • Finnish
  • Malay
  • Marathi
  • Romanian
  • Sinhala
  • Tamil
  • Telugu
  • Vietnamese
Identity and Access Management

You can now get recommendations for folder- and organization-level role bindings using the gcloud command-line tool and REST API. This feature is available in Preview.

Security Command Center

Security Command Center Legacy, previously known as Cloud Security Command Center, and Event Threat Detection Legacy are being permanently disabled for all customers on June 7, 2021.

If you onboarded to Security Command Center before May 2020, or Event Threat Detection before June 2020, and never upgraded to Security Command Center's Standard tier or Premium tier, you are using a legacy product.

To continue benefiting from Security Command Center and Event Threat Detection without an interruption in service, customers using legacy products must migrate their organizations to Security Command Center Standard or Premium. Event Threat Detection, a built-in service of Security Command Center, is available only in the Premium tier.

For details on upgrading legacy products, see Migrate from legacy Security Command Center products.

Text-to-Speech

Text-to-Speech now supports MULAW and ALAW audio encodings. See the AudioEncoding reference documentation for details.

April 06, 2021

Anthos GKE on AWS

Anthos clusters on AWS 1.7.0-gke.12 is now available.

Anthos clusters on AWS 1.7.0-gke.12 clusters run the following Kubernetes versions:

  • 1.16.15-gke.8100
  • 1.17.13-gke.2800
  • 1.18.12-gke.1800
  • 1.19.8-gke.1000

To upgrade your clusters, perform the following steps:

This release fixes an issue mentioned in the entry on April 2, 2021. We recommend all customers running 1.7.0-gke.11 upgrade to 1.7.0-gke.12.

BigQuery

The BigQuery Storage Write API is now in Preview. The Storage Write API is a stream-based API for ingesting data into BigQuery at low cost and high throughput. It provides exactly-once delivery semantics with real-time latency. For more information, see Using the BigQuery Storage Write API.

Cloud Bigtable

Data Access audit logging for Cloud Bigtable is now generally available.

If you previously enabled Data Access audit logs for all Google Cloud services in the Cloud Audit Logs default configuration, you might need to take additional steps to enable Data Access audit logging for Cloud Bigtable. Affected customers will see a notification at the top of the Cloud Bigtable page of the Cloud Console.

Cloud Life Sciences

Cloud Life Sciences has preview support for integrating with VPC Service Controls.

Cloud Logging

Cloud Logging now supports 22 regions in which you can create a log bucket so that you can meet compliance and audit requirements when storing your logs.

Cloud SQL for PostgreSQL

Cloud SQL for PostgreSQL now lets you use IAM database authentication with the Cloud SQL Auth proxy. The Cloud SQL Auth proxy is able to request and refresh OAuth 2.0 access tokens, ensuring that long-lived processes or applications that rely on connection pooling can have stable connections. To learn more, see Using IAM database authentication with the Cloud SQL Auth proxy.

Cloud SQL for SQL Server

Cloud SQL for SQL Server enables you to perform change data capture (CDC) operations for your Cloud SQL instances. General information about CDC in SQL Server is here.

CDC is available for the following Cloud SQL for SQL Server database versions:

  • SQL Server 2017 Standard
  • SQL Server 2017 Enterprise

After connecting to an instance, the sqlserver user can do many CDC operations. The functions include (and are not limited to) the following:

To turn on this feature for a database, run this command:

exec msdb.[dbo].[gcloudsql_cdc_enable_db] 'demo'

To turn off this feature for a database, run this command: exec msdb.[dbo].[gcloudsql_cdc_disable_db] 'demo'

Cloud SQL for SQL Server enables you to perform common operations on a tempdb database.

After you connect to an instance, the sqlserver user can manage the tempdb files. Specifically, the user has the CONTROL permission on the tempdb database, and can do many operations, including (and not limited to) the following:

    *   ALTER DATABASE [tempdb] ADD FILE
    *   ALTER DATABASE [tempdb] REMOVE
Cloud Spanner

You can now track the progress of long-running index backfill operations through the gcloud command line tool, REST API, and RPC API. For more information, see Checking the progress of a secondary index backfill.

Compute Engine

N2D machines are now available in the following regions and zones:

  • us-central1-b - Iowa
  • asia-northeast1-a,b - Tokyo

See VM instance pricing for details.

Generally available: You can now use instance schedules from the Google Cloud Console.

Google Kubernetes Engine

(2021-R11) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

Regular channel

  • Version 1.18.16-gke.502 is now the default version.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.17 to version 1.18.16-gke.502 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to version 1.18.16-gke.502 with this release.

Rapid channel

  • Version 1.19.8-gke.2000 is now the default version.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.19.8-gke.1600
    • 1.20.4-gke.2200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.8-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.8-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.100 with this release.

Versions no longer available

The following versions are no longer available for new clusters or upgrades:

  • Versions 1.15 and earlier.
Network Intelligence Center

Connectivity Tests now evaluates hierarchical firewall policy rules as part of its configuration analysis. For more information, see Connectivity Tests overview.

April 05, 2021

Anthos Config Management

Anthos Config Management images are no longer included in Anthos on VMWare clusters. To learn more, see Changes to Anthos Config Management updates.

The ability to sync from multiple Git repositories is now a generally-available feature. To learn more, see Syncing from multiple repositories.

A memory leak in the Anthos Config Management Operator Pod that led to high memory utilization or Pod restarts due to out-of-memory errors has been corrected.

Preview versions of multi-repo occasionally used excessive CPU usage and sent unnecessary queries to the apiserver master node, resulting in an unhealthy cluster. This issue has been corrected.

Config Sync configured with sourceFormat: unstructured will have errors during syncing if the Git repository includes a "Repo" resource.

Config Sync configured with sourceFormat: unstructured will have errors during syncing if the Git repository specifies a ClusterSelector with an invalid metadata.name field.

Customers using Anthos Policy Controller who have upgraded since Anthos Config Management 1.5.1 need to update the timeoutSeconds in their ValidatingWebhookConfigurations from "5" to "3" to avoid issues with Kubernetes leader elections.

Dataproc

Image 2.0:

April 02, 2021

Anthos GKE on AWS

An issue has been discovered with Anthos clusters on AWS 1.7.0.

If you use a HTTP proxy, do not upgrade to 1.7.0.

If you do not use a HTTP proxy, you can upgrade to 1.7.0.

A fix for this issue is being developed.

Anthos Service Mesh

1.9.2-asm.1 is now available.

This patch release contains the same bug fixes that are in Istio 1.9.2. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

Anthos Service Mesh user authentication is now available as a public preview feature on installations of 1.9. This feature lets you use existing Identity Providers (IDP) for user authentication and access control to your workloads. For more information, see Configuring Anthos Service Mesh user authentication.

BigQuery

BigQuery standard SQL now supports the ALTER TABLE DROP COLUMN. This feature is in Preview.

The maximum length has been increased from 128 characters to 300 characters for the following BigQuery fields: table column names, column alias names, and user-defined function names.

Cloud CDN

Cloud CDN now treats HTTP responses with a valid, future date in the Expires header as cacheable, even if those responses do not have a Cache-Control: public directive.

This will allow Cloud CDN to cache additional responses and better align with HTTP standards.

Review the caching documentation for details on what content Cloud CDN considers cacheable vs. uncacheable.

Document AI

Lending DocAI General Availability (GA) released

Lending DocAI is now General Availability. See the documentation for more information.

Lending DocAI processors added

The following Lending DocAI processors are now available:

Memorystore for Memcached

Added new Memorystore for Memcached region: Warsaw (europe-central2).

Secret Manager

Secret Manager now has a Best Practices guide.

Learn more about Secret Manager best practices.

April 01, 2021

App Engine standard environment Java
  • Updated Java SDK to version 1.9.88.
  • Upgraded to Jetty 9.4.39 to fix CVE-2021-28163, CVE-2021-28164, CVE-2021-28165.
Cloud Run

Restricting ingress on Cloud Run is now at general availability (GA).

Compute Engine

Memory-optimized machines are now available in the following regions and zones:

  • M1 ultramem (Jakarta ) asia-southeast2-a,c
  • M1 ultramem (Osaka) asia-northeast2-a
  • M1 ultramem, M2 ultramem and M2 megamem (Osaka) asia-northeast2-b
  • M2 ultramem and M2 megamem (Osaka) asia-northeast2-c

See VM instance pricing for details.

Dialogflow

The legacy analytics page has been removed from the Dialogflow ES console. Only the generally available new analytics page remains.

Google Cloud VMware Engine

The Google Cloud Business Associate Agreement (BAA) now also covers Google Cloud VMware Engine. Businesses in the healthcare vertical who need HIPAA compliance can run their workloads on Google Cloud VMware Engine.

For details, see HIPAA Compliance on Google Cloud Platform.

Restructured documentation to better group content and improve workflow discoverability.

Identity and Access Management

Policy Simulator is now generally available. You can use Policy Simulator to simulate policy changes before you apply them.

March 31, 2021

AI Platform (Unified)

AI Platform (Unified) is now available in General Availability (GA).

AI Platform (Unified) has added support for the following regions for custom model training, as well as batch and online prediction for custom-trained models:

  • us-west1 (Oregon)
  • us-east1 (South Carolina)
  • us-east4 (N. Virginia)
  • northamerica-northeast1 (Montreal)
  • europe-west2 (London)
  • europe-west1 (Belgium)
  • asia-southeast1 (Singapore)
  • asia-northeast1 (Tokyo)
  • australia-southeast1 (Sydney)
  • asia-northeast3 (Seoul)
AI Platform Deep Learning Containers

M66 Release

AI Platform Deep Learning VM Image

M66 Release

  • PyTorch 1.8 support in deep learning environments (Deep Learning VM Image and Deep Learning Containers) is available.
  • Fixed scope allocator optimization issue with the TensorFlow Enterprise 2.3/2.1 MKL build.
  • Regular package refreshment and bug fixes.
Anthos GKE on AWS

Anthos clusters on AWS 1.7.0-gke.11 is now available.

This note is updated. For more information, see entry on April 2, 2021.

Anthos clusters on AWS 1.7.0-gke.11 clusters run the following Kubernetes versions:

  • 1.16.15-gke.8100
  • 1.17.13-gke.2800
  • 1.18.12-gke.1800
  • 1.19.8-gke.1000

To upgrade your clusters, perform the following steps:

Anthos clusters on AWS now supports Kubernetes 1.19.

Anthos clusters on AWS now supports exporting logs and metrics from an Anthos clusters on AWS user cluster to Cloud Logging and Cloud Monitoring.

For more information, see Configuring logging and monitoring for Anthos clusters on AWS

Anthos clusters on AWS now supports CMK encryption for component volumes. For more information, see Using CMK to encrypt volumes.

Workload identity in user clusters is now generally available.

Anthos clusters on AWS now supports gp3 EBS volume types. You can configure gp3 volumes on your management service, AWSCluster, and AWSNodePools.

BigQuery

BigQuery standard SQL now supports the following statements for creating, configuring, and deleting datasets:

These statements are generally available (GA).

BigQuery standard SQL now supports the TABLESAMPLE operator, which lets you query random subsets of data from large BigQuery tables. For more information, see Table sampling. This feature is in Preview.

BigQuery standard SQL now supports the following JSON functions:

These statements are generally available (GA).

INFORMATION_SCHEMA views for table partitions are now available. This feature is in Preview.

The INFORMATION_SCHEMA.TABLES view now includes a DDL column that can be used to recreate the table. This feature is in Preview.

Support for the BigNumeric type in BigQuery standard SQL is now generally available (GA).

Cloud Billing

Effective April 1, 2021, for customers in India: Due to new Reserve Bank of India (RBI) regulations, your bank might begin declining automatic card charges for recurring payments for your Google Cloud usage.

To avoid interruptions in service, if your automatic payments are being declined, we recommend that you make a manual payment for your usage.

Cloud Composer

New versions of Cloud Composer images:

  • composer-1.15.2-airflow-1.10.14 (default)
  • composer-1.15.2-airflow-1.10.12
  • composer-1.15.2-airflow-1.10.10

Irrelevant warnings about asynchronous DAG loading parameters no longer show up in the Airflow logs.

Corrected the validation of custom Cloud SQL and Airflow web server IP ranges that are specified during the environment creation. Changed the error code and the message that are returned when a specified CIDR range is not valid.

Fixed an Airflow web UI bug that caused the DAG Tree View page to crash in rare cases.

Cloud Data Fusion

Cloud Data Fusion version 6.4.0 is now available. To upgrade, see Upgrading instances and pipelines. This release is in parallel with the CDAP 6.4.0 release.

Features in 6.4.0:

  • GA: You can now ingest data from SAP tables with the SAP Table Batch Source plugin.

  • Cloud Data Fusion now supports the Datetime data type in the following plugins. You can now read and write to tables that contain Datetime fields:

    • BigQuery batch source
    • BigQuery sink
    • BigQuery multi table sink
    • Bigtable batch source
    • Bigtable sink
    • Datastore batch source
    • Datastore sink
    • GCS file batch source
    • GCS file sink
    • GCS multi file sink
    • Spanner batch source
    • Spanner sink
    • File source
    • File sink
    • Wrangler
    • Amazon S3 batch source
    • Amazon S3 sink
    • Database source
  • You can configure machine type, cluster properties, and idle TTL for the Dataproc provisioner. For the available settings, see the CDAP documentation.

  • Adding, editing, and deleting comments on draft data pipelines is now supported. For more information, see Adding comments to a data pipeline.

  • Advanced join conditions are now available in the Joiner plugin. You can specify an arbitrary SQL condition to join on. For more information, see Join Condition Type.

  • A new post-action plugin is now available: GCS Done File Marker. To help you orchestrate downstream/dependent processes, this post-action plugin marks the end of a pipeline run by creating and storing an empty SUCCESS file in the given GCS bucket upon a pipeline completion, success, or failure.

.

Changed in version 6.4.0:

  • Behavior change: When you validate a plugin, macros get resolved with preferences. In previous releases, to validate a plugin's configuration, you had to change the pipeline to remove the macros.
  • Behavior change: Cloud Data Fusion now determines the schema dynamically at runtime instead of requiring arguments to be set. Multi sink runtime argument requirements have been removed, which lets you add simple transformations in multi-source/multi-sink pipelines. In previous releases, multi-sink plugins require the pipeline to set a runtime argument for each table, with the schema for each table.

  • You can now filter tables in the Multiple Database Tables Batch Source.

  • Multiple Database Batch Source and BigQuery multi-table sink have better error handling and let pipelines continue if one or more tables fail.

  • Cloud Data Fusion Replication changes:

    • Renamed Replication pipelines to Replication jobs.
    • The Customer-managed encryption key (CMEK) configuration property is now available for BigQuery targets in your Replication jobs.
    • On the BigQuery Target properties page, renamed the Staging Bucket Location property to Location.
    • Improved reliability by restarting Replication from the last known checkpoint.
  • You can now use files with ISO-8859, Windows and EBCDIC encoding types with Amazon S3, File and GCS File Reader batch source plugins.

  • Cloud Data Fusion now supports running pipelines on a Hadoop cluster with Kerberos enabled.

Fixed in 6.4.0 (for more information, see the CDAP release note):

  • Fixed Bigtable batch source plugin. In previous versions, pipelines that included the Bigtable source would fail.
  • FTP batch source now works with empty File System Properties.
  • Strings are now supported in Min/Max aggregate functions (used in both Group By and Pivot plugins).
  • Fixed Salesforce plugin to correctly parse the schema as Avro schema to be sure all the field names are accepted by Avro.
  • Fixed data pipeline with BigQuery sink that failed with INVALID_ARGUMENT exception if the range specified was a macro.
  • Fixed a class conflict in the Kinesis Spark Streaming source plugin. You can now run pipelines with this source.
  • Fixed an issue in field validation logic in pipelines with BigQuery sink that caused a NullPointerException.
  • Fixed the Wrangler Generate UUID directive to correctly generate a universally unique identifier (UUID) of the record.
  • Fixed advanced joins to recognize auto broadcast setting.
  • Fixed Pipeline Studio to use current namespace when it fetches data pipeline drafts.
  • Fixed Replication statistics to display on the dashboard for SQL Server.
  • Fixed an issue where clicking the Delete button on Replication Assessment page resulted in an error for the replication job.
  • Schema name is now shown when selecting tables to replicate.
  • Fixed Replication to correctly insert rows that were previous deleted by a replication job.
  • Data pipelines running in Spark 3 enabled Dataproc cluster no longer fail with class not found exception.
  • Fixed Replication with a SQL Server source to generate rows correctly in BigQuery target table if snapshot failed and restarted.
  • Fixed an issue where SQL Server replication job stopped processing data when the connection was reset by the SQL Server.
  • Fixed an error in Replication wizard step to select tables, columns and events to replicate, where selecting no columns for a table caused the wizard to fetch all columns in a table.
  • Using a macro for a password in a replication job no longer results in an error.
  • Fixed logical type display for data pipeline preview runs.
  • Fixed Dashboard API to return programs running but started before the startTime.
  • Fixed deployed Replication jobs to show advanced configurations in Ui.
  • Fixed data pipeline with Python Evaluator transformation to run without stack trace errors.
  • Added loading indicator while fetching logs in Log Viewer.
  • Fixed Pipeline preview so logical start time function doesn't display as a macro.
  • Fixed fields with a list drop down menu in the Replication wizard to default to Select one.
  • Added message in Replication Assessment when there are tables that CDF cannot access.
  • Used error message when an invalid expression is added in Wrangler.
  • Fixed RENAME directive in Wrangler so it is case sensitive.
  • Fixed Pipeline Operations UI to stop showing the loading icon forever when it gets error from backend.
  • Fixed Wrangler to no longer generate invalid reference names.
  • Fixed Wrangler to display logical types instead of java types.
  • Fixed pipelines from Wrangler to no longer generate incorrect for xml files.
  • Added connection in Wrangler hard codes the name of the JDBC driver.
  • Batch data pipelines with Spark 2.2 engine and HDFS sinks no longer fail with delegation token issue error.

FTP Batch Source (system plugin for data pipelines)

FTP Batch Source version 3.0.0 is backward compatible, except that it uses a different artifact. This was done to ensure that updates to the plugin can be delivered out-of-band from Cloud Data Fusion releases, through the Hub.

It is recommended that you use version 3.0.0 or later in your data pipelines.

Cloud Database Migration Service

Database Migration Service makes it easier for you to "lift and shift" your MySQL and PostgreSQL workloads into Cloud SQL. This service streamlines your networking workflows, manages one-time and continuous migrations between your source and destination databases, and provides you with statuses of the migration operations.

The documentation now contains information for using Database Migration Service with PostgreSQL. This information includes:

  • A quickstart
  • Conceptual content
  • How to use this service through the user interface, gcloud, and REST API calls
  • Reference, support, and resource-related information

In addition, for this release, updates include: * Use the Cloud SDK: A guide to get started with the Cloud SDK so you can use it to manage Database Migration Service connection profiles and migration jobs. * Use the Database Migration Service API: This guide provides information about how to enable and use the REST API to administer connection profiles and migration jobs programmatically. * Providing gcloud information for managing connection profiles and migration jobs for MySQL and PostgreSQL.

Click here to access the documentation.

Cloud Key Management Service

Cloud EKM now supports Dataflow Appliance and Pub/Sub. For more information, see Cloud External Key Manager.

Cloud Load Balancing

External TCP/UDP Network Load Balancing is now supported with backend services. Compared to the target pool backend, a backend service gives you more fine-grained control over your load balancer, including access to features such as connection draining, failover policies, and support for managed instance groups as backends.

Network load balancers with a backend service can also use health checks that match the traffic (TCP, SSL, HTTP, HTTPS, or HTTP/2) they are distributing.

To get started, see:

This feature is available in General Availability.

Cloud Run for Anthos

The free trial for Cloud Run for Anthos on Google Cloud has been extended and is now available until September 30, 2021.

Known issue:

Clusters that are upgraded to version 0.20.0-gke.6 might recieve the following error when you update the cluster's configmap:

Error from server (InternalError): error when replacing "/tmp/file.yaml":
Internal error occurred: failed calling webhook "config.webhook.istio.networking.internal.knative.dev":
the server rejected our request for an unknown reason

To resolve the error, you must run the following command to remove the validatingwebhookconfiguration configuration that is no longer supported in 0.20.0:

kubectl delete validatingwebhookconfiguration config.webhook.istio.networking.internal.knative.dev

After removing the unsupported configuration, you can proceed with updating your cluster's configmap.

Cloud SQL for PostgreSQL

Cloud SQL for PostgreSQL flags are now generally available. See supported PostgreSQL flags for more information.

Cloud Spanner

You can now use Customer-Managed Encryption Keys (CMEK) to protect databases in Cloud Spanner. CMEK in Cloud Spanner is now generally available. For more information, see CMEK.

You can now optionally specify the priority of data requests. For more information, see CPU utilization and task priority.

Compute Engine

Preview: You can now configure your VM to shutdown automatically when you revoke the Cloud KMS key protecting a persistent disk attached to the VM. For more information, see Configuring VM shutdown on Cloud KMS key revocation.

Dataproc

Dataproc support of Dataproc Metastore services is now available in GA.

Dataproc Metastore

The GA release of Dataproc Metastore is now available.

Dataproc Metastore imports and exports now support Avro storage format. This feature is in Preview.

Dataproc Metastore supports backing up and restoring service metadata and configuration. This feature is in Preview.

Dataproc Metastore supports asynchronous background tasks through the Canary release channel.

Document AI

Document AI General availability (GA) released

Document AI is now General Availability (GA).

Error Reporting

Service Errors is now available Generally Available (GA). Service Errors automatically captures and groups Google Cloud service errors and notifies you when these errors occur. For more information, refer to the Managing Service Errors documentation.

Kf

Kf supports Role-based access control in Spaces.

Kf supports source code upload without workstation write access to Artifact Registry.

Kf doctor supports running per-object commands.

Ensure log tailing prints the correct number of lines.

Ensure a Space cannot be deleted if a ServiceInstance was not deleted.

Ensure a ServiceBroker cannot be deleted if there is still an active ServiceInstance depending on it.

Run binding before push so VCAP_SERVICES is correct on the first deploy.

Resolved issue with health-check-type=process.

Updated the ASM version to 1.9.1.

SAP on Google Cloud

The Cloud Data Fusion plugin for SAP is now available. With the SAP Table Batch Source plugin and Cloud Data Fusion, you can create a data pipeline to integrate your SAP data with your data repositories on Google Cloud.

For more information, see Using the SAP Table Batch Source plugin.

The Deployment Manager template that Google Cloud provides to automate the deployment of Linux high-availability clusters for SAP HANA now supports Red Hat Enterprise Linux (RHEL) images.

For more information, see Automated SAP HANA HA deployment with load-balancer VIP implementation.

Secret Manager

Secret Manager Event Notifications is generally available.

Secret Manager Event Notifications lets you configure secrets to send messages to Pub/Sub topics whenever a change is made to the secret or one of its versions.

Learn more at enabling event notifications.

Transcoder API

Beta stage support for VPC Service Controls.

March 30, 2021

Secret Manager

Secret Manager Expiration is generally available.

Learn more at creating and managing expiring secrets.

Secret Manager Rotation is generally available.

Secret Manager Rotation sends messages to Pub/Sub topics based on the provided rotation frequency and rotation time.

Learn more at creating and managing rotation policies.

Transfer Appliance

Transfer Appliance version 2.2 is deprecated and replaced by Transfer Appliance version 4.0.

Transfer Appliance version 4.0 is now available to order in Singapore.

Transfer Appliance version 2.2 is deprecated, and replaced by Transfer Appliance version 4.0.

March 29, 2021

Anthos Service Mesh

The Anthos Service Mesh Topology (beta) page in Cloud Console won't display properly if unsupported versions, including versions earlier than Anthos Service Mesh 1.6.8, are installed on your clusters or if you have disabled the Canonical Service controller in clusters in your project.

Note that the Canonical Service controller is enabled by default on version 1.6.8 and higher. If you did not disable the Canonical Service controller on a supported version, no action is required.

What should I do?

Cloud Asset Inventory

New resource types are now available.

The following resource types are now publicly available through the export API (ExportAssets and BatchGetAssetsHistory) and the Feed API:

  • Cloud Memcache
    • memcache.googleapis.com/Instance
  • Memorystore for Redis
    • redis.googleapis.com/Instance

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

  • Cloud Composer
    • composer.googleapis.com/Environment
  • Cloud Run
    • run.googleapis.com/DomainMapping
    • run.googleapis.com/Revision
    • run.googleapis.com/Service
  • Cloud KMS
    • cloudkms.googleapis.com/KeyRing
    • cloudkms.googleapis.com/CryptoKey
    • cloudkms.googleapis.com/CryptoKeyVersion
    • cloudkms.googleapis.com/ImportJob

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

  • Cloud Composer
    • composer.googleapis.com/Environment
  • Cloud Run
    • run.googleapis.com/Service
    • run.googleapis.com/Revision
  • Cloud TPU
    • tpu.googleapis.com/Node
  • Cloud Storage
    • storage.googleapis.com/Bucket
Cloud CDN

Cloud CDN now treats the no-cache Cache-Control directive in a response as per RFC 7234 and allows these responses to be cached, provided that they are validated every time before being reused.

Visit the caching documentation to review how Cloud CDN handles the full set of HTTP caching directives.

Cloud Logging

Logs Views are now Generally Available (GA). Using Logs Views, you can control who has access to the logs within your Logs Buckets. For more information on this feature, refer to the Managing Logs Views guide.

Cloud SQL for SQL Server

You can integrate Cloud SQL for SQL Server with Managed Service for Microsoft Active Directory.

Authentication, authorization, and more are available. For example, joining an instance to a managed Active Directory domain enables you to log in using Windows Authentication. Additionally, you can integrate with your on-premises AD domains by establishing a trust.

Cloud Storage

Cloud CDN, external HTTP(S) Load Balancing, and Cloud Storage services use BoringSSL, and are not affected by the recent OpenSSL security advisory that relates to CA certificate checks (CVE-2021-3450) and TLS renegotiation (CVE-2021-3449).

Google Kubernetes Engine

(2021-R10) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.17.17-gke.2800 is now the default version.
  • The following versions are now available:
  • The following versions are no longer available:
    • 1.15.12-gke.6002
    • 1.16.15-gke.10600
    • 1.16.15-gke.11800
    • 1.16.15-gke.7801
    • 1.17.15-gke.800
    • 1.17.17-gke.1100
    • 1.18.12-gke.1210
    • 1.18.14-gke.1200
    • 1.18.14-gke.1600
    • 1.18.15-gke.1100
    • 1.18.15-gke.1102
    • 1.18.15-gke.1500
    • 1.18.16-gke.1200
    • 1.18.16-gke.500
  • Control planes and nodes with auto-upgrade enabled will be upgraded from versions 1.17 and earlier to version 1.17.17-gke.2800 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to version 1.18.16-gke.302 with this release.

Stable channel

  • Version 1.17.17-gke.2800 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.16.15-gke.7801
    • 1.17.17-gke.1101
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from versions 1.17 and earlier to version 1.17.17-gke.2800 with this release.

Regular channel

  • Version 1.18.16-gke.302 is now the default version in the Regular channel.
  • Version 1.18.16-gke.502 is now available in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.18.15-gke.1501
    • 1.18.15-gke.1502
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to version 1.18.16-gke.302 with this release.

Rapid channel

  • Version 1.19.8-gke.1600 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.19.8-gke.1000
    • 1.20.4-gke.1800
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.8-gke.1600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.4-gke.2200 with this release.

March 28, 2021

Cloud CDN

Cloud CDN, external HTTP(S) Load Balancing and Cloud Storage customers are not affected by the recent OpenSSL security advisory that relates to CA certificate checks (CVE-2021-3450) and TLS renegotiation (CVE-2021-3449).

These services use BoringSSL and are not affected by these OpenSSL-specific bugs.

Cloud Load Balancing

Cloud CDN, external HTTP(S) Load Balancing and Cloud Storage customers are not affected by the recent OpenSSL security advisory that relates to CA certificate checks (CVE-2021-3450) and TLS renegotiation (CVE-2021-3449).

These services use BoringSSL and are not affected by these OpenSSL-specific bugs.

March 26, 2021

AI Platform Notebooks

Cross Project Service Account support

App Engine standard environment Go

App Engine standard environment provides a new metric, CPU Utilization, which indicates the CPU utilization average over all active instances. For more information, see Google Cloud metrics.

App Engine standard environment provides a new metric, CPU Utilization, which indicates the CPU utilization average over all active instances. For more information, see Google Cloud metrics.

App Engine standard environment Java

App Engine standard environment provides a new metric, CPU Utilization, which indicates the CPU utilization average over all active instances. For more information, see Google Cloud metrics.

App Engine standard environment provides a new metric, CPU Utilization, which indicates the CPU utilization average over all active instances. For more information, see Google Cloud metrics.

App Engine standard environment Node.js

App Engine standard environment provides a new metric, CPU Utilization, which indicates the CPU utilization average over all active instances. For more information, see Google Cloud metrics.

App Engine standard environment PHP

App Engine standard environment provides a new metric, CPU Utilization, which indicates the CPU utilization average over all active instances. For more information, see Google Cloud metrics.

App Engine standard environment provides a new metric, CPU Utilization, which indicates the CPU utilization average over all active instances. For more information, see Google Cloud metrics.

App Engine standard environment Python

App Engine standard environment provides a new metric, CPU Utilization, which indicates the CPU utilization average over all active instances. For more information, see Google Cloud metrics.

App Engine standard environment provides a new metric, CPU Utilization, which indicates the CPU utilization average over all active instances. For more information, see Google Cloud metrics.

App Engine standard environment Ruby

App Engine standard environment provides a new metric, CPU Utilization, which indicates the CPU utilization average over all active instances. For more information, see Google Cloud metrics.

Dataproc

Image 2.0:

  • Changed default private IPv6 Google APIs access for 2.0 clusters from OUTBOUND to INHERIT_FROM_SUBNETWORK.

March 25, 2021

Anthos clusters on VMware

Anthos clusters on VMware 1.7.0-gke.16 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.7.0-gke.16 runs on Kubernetes 1.19.7-gke.2400.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting GKE On-Prem are 1.6, 1.5, and 1.4.

Cluster lifecycle improvements

  • The cluster upgrade process has changed. Instead of upgrading the admin cluster first, you can upgrade user clusters to the newer version without upgrading the admin cluster. The new flow, which requires upgrading gkeadm, allows you to preview new features before performing a full upgrade with the admin cluster. In addition, the 1.7.0 version of gkectl can perform operations on both 1.6.X and 1.7.0 clusters.

  • Starting with version 1.7.0, you can deploy Anthos clusters on vSphere 7.0 environments in addition to vSphere 6.5 and 6.7. Note that Anthos clusters on VMware will phase out vSphere 6.5 support following VMware end of general support timelines.

  • Published the minimum hardware resource requirements for a proof-of-concept cluster.

Platform enhancements

  • GA: Node auto repair is now generally available and enabled by default for newly created clusters. When the feature is enabled, cluster-health-controller performs periodic health checks, surfaces problems as events on cluster objects, and automatically repairs unhealthy nodes.

  • GA: vSphere resource metrics is now generally available and enabled by default for newly created clusters. When the feature is enabled, VM level resource contention metrics are collected and displayed in the VM health dashboards automatically created through out-of-the-box monitoring. You can use these dashboards to track VM resource contention issues.

  • GA: Dataplane V2 is now generally available and can be enabled in newly created clusters.

  • GA: Network Policy Logging is now generally available. Network policy logging is available only for clusters running Dataplane V2.

  • You can attach vSphere tags to user cluster node pools during cluster creation and update. You can use tags to organize and select VMs in vCenter.

Security enhancements:

  • Preview: You can run Container-Optimized OS on your user cluster worker nodes.

Simplify Day-2 operations:

  • GA: Support for vSphere folders is now generally available. This allows you to install Anthos clusters on VMware in a vSphere folder, reducing the scope of the permission required for the vSphere user.

  • A new gkectl update admin command supports updating certain admin cluster configurations including adding static IP addresses.

  • The central log aggregator component has been removed from the logging pipeline to improve reliability, scalability and resource usage.

  • Cluster scalability has been improved:

    • 50 user clusters per admin cluster

    • With Seesaw, 500 nodes, 15,000 Pods, and 500 LoadBalancer Services per user cluster

    • With F5 BIG-IP, 250 nodes, 7,500 Pods, and 250 LoadBalancer Services per user cluster

Anthos Config Management:

Anthos Config Management (ACM) is now decoupled from Anthos clusters on VMware. This provides multiple benefits including decoupling the ACM release cadence from Anthos clusters on VMware, simplifying the testing and qualification process, and providing a consistent installation and upgrade flow.

Storage enhancements:

GA: The vSphere CSI driver is now generally available. Your vCenter server and ESXi hosts must both be running 6.7 update 3 or newer. The preflight checks and gkectl diagnose cluster have been enhanced to cover the CSI prerequisites.

Functionality changes:

  • gkectl diagnose cluster now includes validation load balancing, including F5, Seesaw, and manual mode.

  • gkectl diagnose snapshot now provides an HTML index file in the snapshot, and collects extra container information from the admin cluster control-plane node when the Kubernetes API server is inaccessible.

  • gkectl update admin has been updated to:

    • Enable or disable auto repair in the admin cluster
    • Add static IP addresses to the admin cluster
    • Enable/disable vSphere resource metrics in the admin cluster
  • gkectl update cluster has been enhanced to enable or disable vSphere resource metrics in a user cluster.

  • Given that we no longer need an allowlisted service account in the admin workstation configuration file, we deprecated the gcp.whitelistedServiceAccountKeyPath field and added a new gcp.componentAccessServiceAccountKeyPath field. For consistency, we also renamed the corresponding gcrKeyPath field in the admin cluster configuration file.

Breaking changes:

  • The following Google Cloud API endpoints must be allowlisted in network proxies and firewalls. These are now required for Connect Agent to authenticate to Google when the cluster is registered in Hub:

    • securetoken.googleapis.com
    • sts.googleapis.com
    • Iamcredentials.googleapis.com
  • gkectl now accepts only v1 cluster configuration files. For instructions on converting your v0 configuration files, see Converting configuration files.

Fixes:

  • Fixed a bug where Grafana dashboards based on the container_cpu_usage_seconds_total metric show no data.

  • Fixed an issue where scheduling Stackdriver components on user cluster control-plane nodes caused resource contention issues.

  • Fixed Stackdriver Daemonsets to tolerate NoSchedule and NoExecute taints.

  • Fixed an HTTP/2 connection issue that sometimes caused problems with connections from the kubelet to the Kubernetes API server. This issue also could lead to nodes becoming not ready.

Known issues:

  • Calico-node Pods sometimes use an excessive amount of CPU in large-scale clusters. You can mitigate the issue by killing such Pods.

  • When running gkectl update admin against a cluster upgraded from 1.6, you might get the following diff:

    - InternalFields: nil,
    - InternalFields: map[string]string{"features.onprem.cluster.gke.io/bundle- 
    vsphere-credentials": "enabled"},
    

    You can safely ignore this and proceed with the update.

Anthos clusters on bare metal

Anthos on bare metal 1.7.0 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos on bare metal 1.7.0 runs on Kubernetes 1.19.

Extended installation support:

  • Added requirement for Anthos clusters on bare metal connectivity with Google Cloud for install and upgrade operations. As of 1.7.0 preflight checks will check for connectivity to Google Cloud, enabled APIs, and permissions for service accounts. Existing clusters need to be registered in Google Cloud before upgrading. The connectivity checks are not overridable by the --force flag. For details, see the cluster creation and cluster upgrade documentation.

  • Added support for installing Anthos clusters on bare metal on OpenStack. For configuration instructions, see Configure your clusters to use OpenStack.

  • Added support for installing Anthos clusters on bare metal, using a private package repository instead of the default Docker APT repository. For instructions and additional information, see Use a private package repository server.

  • Removed installation prerequisite for setting Security-Enhanced Linux (SELinux) operational mode to be permissive. The related preflight check has been removed, as well.

  • Removed installation prerequisite for disabling firewalld . The related preflight check has also been removed. For information on configuring ports to use firewalld with Anthos clusters on bare metal, see Configuring firewalld ports on the Network requirements page.

  • Updated requirements for installing behind a proxy server and removed restriction on system-wide proxy configurations. For a detailed list of prerequisites, see Installing behind a proxy.

Improved upgrade:

  • Updated cluster upgrade routines to ensure worker node failures do not block cluster upgrades, providing a more consistent user experience. Control plane node failures will still block cluster upgrades.

  • Added bmctl support for running upgrade preflight checks. bmctl check preflight will run upgrade preflight checks if users specify the --kubeconfig flag. For example:
    bmctl check preflight --kubeconfig bmctl-workspace/cluster1/cluster1-kubeconfig

Updated user cluster lifecycle management:

  • Added support in bmctl for user cluster creation and upgrade functions.

  • Improved resource handling. Anthos clusters on bare metal now reconciles node pool taints and labels to nodes unless the node has a baremetal.cluster.gke.io/label-taint-no-sync annotation.

Enhanced monitoring and logging:

  • Preview: Added out-of-the-box alerts for critical cluster metrics and events. For information on working with alerting policies and getting notified, see Creating alerting policies.

  • Added support for collecting ansible job logs in admin and hybrid clusters by default.

Expanded support for newer versions of operating systems:

  • Added support for installing Anthos clusters on bare metal on Red Hat Enterprise Linux (RHEL) 8.3 and CentOS 8.3.

Functionality changes:

  • Added support for configuring the number of pods per node. New clusters can be configured to run up to 250 pods per node. For more information about configuring nodes, see Pod networking. You can find additional information for configuring pods in the cluster creation documentation.
  • Preview: Added support to use containerd as the container runtime. Anthos clusters on bare metal 1.6.x supports only Docker for container runtime (dockershim). In 1.7.0, Kubelet can be configured to use either Docker or containerd, using the new containerRuntime cluster config field. You must upgrade existing clusters to 1.7.0 to add or update the containerRuntime field.
  • Added support for more load balancer addressPool entries under cluster.spec.loadBalancer.addressPools. For existing addressPools, users can use cluster.spec.loadBalancer.AddressPools[].manualAssign specify additional addressPool entries.

Known issues:

  • Under rare circumstances, bmctl upgrade may become stuck at the Moving resources to upgraded cluster stage after finishing upgrading all nodes in the cluster. The issue does not affect cluster operation, but the final step needs to be finished.

    If bmctl does not move forward after 30 minutes in this state, re-run the bmctl upgrade command to complete the upgrade.

    The issue is captured in the upgrade-cluster.log file located in .../bmctl-workspace/<cluster name>/log/upgrade-cluster-<timestamp>. The following log entry shows how the failure is reported:

    Operation failed, retrying with backoff. Cause: error creating "baremetal.cluster.gke.io/v1, Kind=Cluster" <cluster name>: Internal error occurred: failed calling webhook "vcluster.kb.io": Post "https://webhook-service.kube-system.svc:443/validate-baremetal-cluster-gke-io-v1-cluster? timeout=30s": net/http: TLS handshake timeout

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Compute Engine

Generally available: Start and stop virtual machine (VM) instances automatically using instance schedules. By automating the deployment of your VMs, instance schedules can help you optimize costs and manage VMs more efficiently.

Config Connector

Config Connector version 1.44.0 is now available.

Added support for the ContainerAnalysisNote resource (no config-connector CLI support)

Added mtu field to ComputeInterconnectAttachment.

Added nodeConfig.ephemeralStorageConfig field to ContainerCluster and ContainerNodePool.

Added settings.backupConfiguration.backupRetentionSettings and settings.backupConfiguration.transactionLogRetentionDays fields to SQLInstance.

Made materializedView.query field in BigQueryTable immutable.

Deprecated nicType field in ComputeInstanceTemplate.

Added support for acquisitions of Folder using displayName and folderRef/organizationRef.

Fixed incorrect file extension for Terraform files output by the config-connector CLI.

Google Cloud VMware Engine

Added support for using NetApp Cloud Volumes Service for Google Cloud. You can use cloud volumes as NFS mount points or SMB shares in your workload virtual machines.

For details, see Connecting workload VMs to NetApp Cloud Volumes Service.

Recommender

Recommender pricing is now generally available and determines how you can process and view recommendations using the API and BigQuery export. The pricing controls how much read and write quota is provided to individual resources.

March 24, 2021

Access Approval

Access Transparency logs contain a new field called accessApprovals. This field lists the approvals that granted access to a resource that is enrolled in Access Approval. Access Transparency logs published before March 24, 2021 will not have this field populated. This feature is subject to Access Approval exclusions and only available for the services supported by Access Approval.

BigQuery

BigQuery is now available in the Warsaw (europe-central2) region.

BigQuery BI Engine

BigQuery BI Engine is now available in the Warsaw (europe-central2) region.

BigQuery Data Transfer Service

BigQuery Data Transfer Service is now available in the Warsaw (europe-central2) region.

BigQuery ML

BigQuery ML is now available in the Warsaw (europe-central2) region.

Cloud Bigtable

Cloud Bigtable is now available in the europe-central2 (Warsaw) region.

Cloud DNS Cloud Data Fusion

Cloud Data Fusion version 6.3.1 is now available. This version fixes a race condition that results in intermittentant failures in concurrent pipeline executions. This release is in parallel with the CDAP 6.3.1 release.

Cloud Key Management Service

The europe-central2 region in Warsaw is now available. See Cloud KMS locations for more details.

Cloud Load Balancing

Subsetting for internal TCP/UDP load balancers lets you scale your internal TCP/UDP load balancer to support a larger number of backend VM instances per internal backend service.

This feature is in Preview.

Cloud SQL for MySQL Cloud SQL for PostgreSQL Cloud SQL for SQL Server Cloud Spanner

Cloud Spanner regional instances can now be created in Warsaw (europe-central2).

Cloud Storage

Warsaw region (europe-central2) launched.

Cloud VPN

Cloud VPN is now available in region europe-central2 (Warsaw, Poland).

Pricing is available on the Cloud VPN pricing page.

Compute Engine

General-purpose E2 and N1 machines are available in Warsaw, Poland europe-central2 in all three zones. See VM instance pricing for details.

Disks, snapshots, and images are available in Warsaw, Poland europe-central2 in all three zones. See Disks and image pricing for details.

Support for OS Login in VPC Service Controls is now Generally Available.

Dataflow

Dataflow is now able to use workers, Dataflow Shuffle, Streaming Engine, FlexRS, and regional endpoints in zones in europe-central2 (Warsaw).

Dataproc

Dataproc is now available in the europe-central2 region (Warsaw).

Google Kubernetes Engine

The europe-central2 region in Warsaw is now available.

Pub/Sub

Pub/Sub is now available in the europe-central2 region (Warsaw).

Resource Manager

The Resource Manager v3 API has been released into public preview. For more information, see the API reference documentation.

Secret Manager

The europe-central2 region is now available. See Secret Manager locations for more information.

Virtual Private Cloud

For auto mode VPC networks, added a new subnet 10.186.0.0/20 for the Warsaw europe-central2 region. For more information, see Auto mode IP ranges.

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in General Availability for instance templates and managed instance groups. This feature is available in the gcloud command-line tool and the API.

March 23, 2021

Cloud Composer

New versions of Cloud Composer images:

  • composer-1.15.1-airflow-1.10.14 (default)
  • composer-1.15.1-airflow-1.10.12
  • composer-1.15.1-airflow-1.10.10

During the environment creation, Cloud Composer checks that there are enough CPUs, according to the Cloud Compute CPU quota for a region. If there are not enough CPUs, the operation does not start.

Removed the "@-@" workload info prefixes from Airflow task logs in the Airflow UI and Cloud Logging. This change is available for Airflow 1.10.14.

For Cloud Composer versions 1.13.2 and later, regional base images are used for Airflow web server and worker-scheduler builds. This improves customized image build times.

Invalid resource names in API requests now cause a 4xx response. The invalid resource name is reported in the error message.

Improved the validation procedure for custom IP ranges that are specified during the environment creation. Changed the error code and the message that are returned when a specified CIDR range is not valid.

Fixed the documentation link in the Airflow UI.

Improved the file synchronization error handling for environments that run under the Domain Restricted Sharing organizational policy.

Improved error handling when creating node pools during upgrade operations. In some cases, the error was not reported when an upgrade operation failed on a timeout.

Cloud Run for Anthos

Events for Cloud Run for Anthos version 0.19.0-gke.107 is now available for the following GKE minor versions:

  • 1.19
  • 1.20
Config Connector

Config Connector version 1.43.0 is now available

config-connector CLI now supports a flag to filter out deleted IAM members

Added support for IAPBrand (no config-connector CLI support)

Added support for IAPIdentityAwareProxyClient (no config-connector CLI support)

Conflict Prevention is now turned off by default. The current implementation results in the Ready condition destabilizing despite the resource reflecting user-desired state.

Work is enqueued to improve this behavior, but the functionality is turned off for new resources in the interim.

Webhook certificates that do not contain a SAN are now re-created on upgrade of the Config Connector operator.

Added support for folderRef and organizationRef in Project and Folder.

Dataproc

The default Dataproc image is now image version 2.0.

New sub-minor versions of Dataproc images: 1.3.88-debian10, 1.3.88-ubuntu18, 1.4.59-debian10, 1.4.59-ubuntu18, 1.5.34-centos8, 1.5.34-debian10, 1.5.34-ubuntu18, 2.0.7-centos8, 2.0.7-debian10, and 2.0.7-ubuntu18.

Image 2.0:

  • Updated Iceberg to version 0.11.0.
  • Updated Flink to version 1.12.2.

Image 2.0:

  • HIVE-22373: File Merge tasks fail when containers are reused.

Fixed a bug that caused Hive jobs to fail on Ranger-enabled clusters.

Fixed a bug where Spark event logs directory and history server directory could not be set to Cloud Storage correctly.

Fixed a bug where Presto property value with ';' could not be set correctly in the config file.

CVE-2020-13957: SOLR-14663: ConfigSets CREATE does not set trusted flag.

CVE-2020-1926: HIVE-22708: Test fix for http transport.

Google Kubernetes Engine

Starting tomorrow, March 24, 2021, the mechanism we use to create GKE release notes will change. Although this change does not affect the content of the notes, it does affect the presentation and underlying syntax. If you subscribe to the XML feed for this page, entries for March 24 and earlier will be updated as a result of changes to formatting and syntax; the content itself did not change.

The feed URL will also change from https://cloud.google.com/feeds/kubernetes-engine-release-notes.xml to https://cloud.google.com/feeds/gke-main-release-notes.xml. We will automatically redirect from the old URL to the new one.

Workload Identity for Windows Server nodes is now available in GKE versions 1.18.16-gke.1200, 1.19.8-gke.1300, 1.20.4-gke.1500, and later.

Windows Server, version 1909 is reaching end of support on May 11, 2021. Newer Windows Server image versions are available in GKE versions 1.19.8-gke.1600+ and 1.20.4-gke.500+.

Speech-to-Text

Speech-to-Text now allows you to upload your longrunning transcription results directly into a Cloud Storage bucket. See the asynchronous speech recognition documentation for more details.

March 22, 2021

Cloud Asset Inventory

Exporting asset relationships is now available in public preview through the Export API (ExportAssets). The following relationship types are available now:

  • INSTANCE_TO_INSTANCEGROUP
Cloud Bigtable

Cloud Bigtable's Cloud Console navigation has been improved. On the Instances page, the Create Instance button is more prominent. After you navigate to an instance, the following updates are visible:

  • Left-pane navigation is now organized in sections.
  • New breadcrumb navigation on each page shows the ID of the selected instance.
  • Page headings are more prominent.
  • You can now edit or delete an instance from every page.
Cloud CDN

Cloud CDN now defaults to the Cache All Static cache mode for newly created backend buckets and backend services, which allows Cloud CDN to cache static content more readily.

The Cache All Static cache mode caches positive responses with valid caching directives, and will default to caching static content (videos, images, and web assets) for 1 hour. Responses that set a no-store, private, or no-cache cache directive will not be cached.

Existing backends remain unchanged and default to the Use Origin Headers cache mode.

Request coalescing (or collapsing) is now enabled by default on all backend services and backend buckets.

Customers with a high number of requests to cached resources that are updated often, or live streaming workloads, should see a notable reduction in bandwidth from, and requests to, their origin(s).

Cloud Vision

EXIF rotation featured fixed

EXIF rotation is now disabled.

For more information, see the March 8, 2021 release note.

Dataflow

Dataflow SQL now supports user-defined functions (UDFs) written using SQL. For more information, see Dataflow SQL user-defined functions. This feature is in Preview.

Pub/Sub Lite Traffic Director

Traffic Director support for xDS clients that connect and request configuration using the xDS v3 API is now Generally Available. The following setup guides have been updated to use xDS v3:

March 19, 2021

Cloud SQL for PostgreSQL

The following extensions in Cloud SQL for PostgreSQL are generally available:

  • pg_partman. Enables you to create and manage time-based and serial-based table partition sets.
  • pgTAP. Provides a unit testing framework for PostgreSQL, written in PL/pgSQL and PL/SQL.
Compute Engine

N2D machine types are available in the following regions and zones:

  • Frankfurt, europe-west3-a,b
  • Hong Kong, asia-east2-b,c

See VM instance pricing for pricing details.

Dataflow

Execution details are now available in Preview.

Google Kubernetes Engine

Google canonical error codes are now available in GA. GKE operations now use the canonical error model to report errors.

Added support for multiple pod CIDRs (available in Preview) which allows users to specify a different Pod CIDR for a new node pool than the one specified during cluster creation. This alleviates the problem of running out of Pod IP addresses for under provisioned clusters.

You can dynamically update the network tags, node labels and node taints of an existing GKE node pool. This feature is available in Preview. For more information, see Applying updates to node pool metadata.

March 18, 2021

Cloud Functions

Shared VPC on Cloud Functions is now at general availability (GA).

Cloud Logging

Cloud Logging now shows the breakdown of log severity levels in the Histogram pane. To learn more, see the Histogram section on the Logs Explorer page.

Cloud Run

Shared VPC on Cloud Run is now at general availability (GA).

Virtual Private Cloud

Serverless VPC Access support for Shared VPC is now available in General availability.

March 17, 2021

Cloud Data Fusion

Preview: Cloud Data Fusion now supports Access Transparency. Access Transparency is a part of Google's long-term commitment to transparency and user trust. Access Transparency logs record the actions that Google personnel take when accessing customer content. For more information, see the Access Transparency overview.

Cloud Spanner

The Cloud Console query page has been updated with a revamped query editor, which now offers improved autocomplete, prevalidation of your query, formatting options, and the ability to run a selection from your query. This update also includes a new query plan visualizer. For a tour of these features and to learn more, see Tuning a query using the query plan visualizer.

Compute Engine

Preview: You can now configure N2 and C2 VMs with up to 100 Gbps of network bandwidth.

This feature is ideal for network-intensive, distributed workloads such as high-performance computing (HPC), machine learning (ML), and deep learning (DL).

Learn more about higher bandwidth configurations, the regions and zones where these machines are available, and the post preview pricing for this new feature.

M2 machine types are now available in the following regions and zones:

  • Sydney — australia-southeast1-b,c
  • London — europe-west2-b,c
  • Montréal — northamerica-northeast1-b,c

See VM instance pricing for details.

Generally Available: Use the bulk instance API to create multiple, homogeneous VMs that are independent from each other. For more information, see Using the bulk instance API.

Google Cloud VMware Engine

VMware Engine nodes are now available in the following additional region:

  • Council Bluffs, Iowa, North America (us-central1)
Istio on Google Kubernetes Engine

1.4.10-gke.8 is available.

Fixes known security issue of OpenSSL in base images.

March 16, 2021

Cloud Interconnect

Cloud Interconnect support for GRE traffic is available in Preview. For more information, see the Cloud Interconnect overview.

Cloud VPN

Cloud VPN support for GRE traffic is available in Preview. For more information, see the Cloud VPN overview.

Compute Engine

Generally Available: NVIDIA® A100 GPUs are now available in the following three regions:

  • Iowa, North America: us-central1-a,b,c
  • Netherlands, Europe: europe-west4-a,b
  • Singapore, APAC: asia-southeast1-c

    For more information, see GPUs on Compute Engine.

Generally Available: Accelerator-optimized (A2) machine types are now available in the following three regions:

  • Iowa, North America: us-central1-a,b,c
  • Netherlands, Europe: europe-west4-a,b
  • Singapore, APAC: asia-southeast1-c

N2D machine types are now available in Frankfurt, europe-west3-c and Hong Kong, asia-east2-a. See VM instance pricing for pricing details.

N2 machine types are now available in Zurich, europe-west6 in all three zones. See VM instance pricing for details.

C2 machine types are now available in Salt Lake City, us-west3 in all three zones. See VM instance pricing for details.

Memory-optimized machine types are now available in Tokyo, asia-northeast1 in all zones. See VM instance pricing for details.

C2 machine types are now available in Zürich, europe-west6 in all three zones. See VM instance pricing for details.

Dataproc

New sub-minor versions of Dataproc images: 1.3.87-debian10, 1.3.87-ubuntu18, 1.4.58-debian10, 1.4.58-ubuntu18, 1.5.33-centos8, 1.5.33-debian10, 1.5.33-ubuntu18, 2.0.6-centos8, 2.0.6-debian10, and 2.0.6-ubuntu18.

Image 2.0: Upgraded Spark to version 3.1.1

Google Kubernetes Engine

(2021-R9) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Version 1.17.17-gke.2800 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from versions 1.17 and earlier to version 1.17.17-gke.1101 with this release.
  • Version 1.17.17-gke.1100 is no longer available in the Stable channel.

Regular channel

  • Version 1.18.15-gke.1501 is now the default version in the Regular channel.
  • Version 1.18.15-gke.1502 is now available in the Regular channel.
  • Version 1.18.16-gke.302 is now available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to version 1.18.15-gke.1501 with this release.
  • Version 1.18.12-gke.1210 is no longer available in the Regular channel.

Rapid channel

  • Version 1.19.8-gke.1000 is now the default version in the Rapid channel.
  • Version 1.19.8-gke.1600 is now available in the Rapid channel.
  • Version 1.20.4-gke.1800 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.8-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.4-gke.1800 with this release.
  • Version 1.19.7-gke.2503 is no longer available in the Rapid channel.
  • Version 1.20.4-gke.400 is no longer available in the Rapid channel.

Internal TCP/UDP load balancer subsetting (Preview) is available on GKE. With subsetting, GKE clusters using internal load balancer Services can scale beyond 250 nodes. This feature is in Preview for new GKE clusters on version 1.18 and existing clusters on version 1.19. Subsetting removes the current node scale limitations associated with GKE internal TCP/UDP load balancers.

All ports (Preview) is available for internal load balancer Services on GKE. All ports lets you open more than 5 ports on a TCP/UDP load balancer that is being used with GKE. This feature is in Preview for new GKE clusters on version 1.18 and is automatically enabled when subsetting is enabled on the GKE cluster.

Identity and Access Management

Tags are now generally available. You can attach tags to resources, then use the tags to manage access to your resources.

Resource Manager

The Organization Policy Service v2 API has launched into general availability.

Tags have been launched into general availability. For more information, see the Tags overview.

March 15, 2021

AI Platform (Unified) Access Approval

Cloud Logging and Cloud Spanner are supported by Access Approval in Preview stage.

Filestore

Filestore is available in the europe-central2 (Warsaw) region. See Regions and zones.

Speech-to-Text

Speech-to-Text has launched the Model Adaptation feature. You can now create custom classes and build phrase sets to improve your transcription results.

March 12, 2021

Cloud Logging

Suggested queries is now generally available (GA). To learn more, go to Suggested queries.

Cloud SQL for MySQL

Cloud SQL for MySQL now supports the innodb_buffer_pool_size flag. To learn more about how to set this flag, see buffer pool size.

Config Connector

Config Connector version 1.42.0 is now available.

Increase resource limits of webhook, recorder and deletiondefender workloads

On upgrade, ensure that your cluster has sufficient CPU/Memory to allocate if you have seen Pod Unschedulable errors

Added operation field into ContainerNodePool

Ensure that CLI will not terminate on particular problematic resources when on-error is set with ignore or continue

Miscellaneous bug fixes

SAP on Google Cloud

The Google Storage Backint agent for SAP HANA has been updated to version 1.0.8. You can now upload backups to Cloud Storage faster using the Backint agent parallel upload function.

For more information, see Parallel uploads.

March 11, 2021

App Engine standard environment Go

The Go 1.15 runtime for the App Engine standard environment is now generally available.

App Engine standard environment Java
  • Updated Java SDK to version 1.9.87.
  • Upgraded to Jetty 9.4.38 to fix CVE-2020-27223.
App Engine standard environment Node.js

The Node.js 14 runtime for the App Engine standard environment is now generally available.

App Engine standard environment Python

The Python 3.9 runtime for the App Engine standard environment is now generally available.

BigQuery ML

BigQuery ML now supports training for DNN/Boosted Tree models in the Iowa (us-central1) region.

Cloud Billing

List cost and Unrounded cost columns now available in the Cost Table report

We've added two columns of data to the Cost table report: List cost and Unrounded cost.

  • List cost: The List cost column is available for Cloud Billing accounts associated with a negotiated pricing contract, and represents the monthly cost of your cloud usage calculated using list prices. If your account has negotiated, custom pricing, you can compare List cost amounts to Cost amounts to determine how much you are saving with your negotiated prices.
  • Unrounded cost: The Unrounded cost column contains the calculated cost of the usage to a precision of up to six decimal places. Unrounded costs can be helpful when analyzing your cost details and understanding the source of any discrepancies due to rounding.

For more information on the Cost table report, see View and download the cost details of your invoice or statement.

Cloud Composer

New versions of Cloud Composer images:

  • composer-1.15.0-airflow-1.10.14
  • composer-1.15.0-airflow-1.10.12 (default)
  • composer-1.15.0-airflow-1.10.10

DAG serialization is enabled by default in new environments created for Cloud Composer versions 1.15.0 and later. Upgrading an existing environment to 1.15.0 does not change the existing DAG serialization settings.

When creating new environments, enabling asynchronous DAG loading disables DAG serialization.

Before creating or updating an environment, Cloud Composer checks that required APIs are enabled in a project and that CIDR blocks specified for VPC Native and Private IP are valid. If these requirements are not met, Cloud Composer reports an error and the operation does not start. This change is available only for new Cloud Composer environments.

Environment deletion operations no longer fail when Artifact Registry API is disabled.

Fixed a bug that caused upgrades to fail during an in-cluster build in public IP environments.

Environment creation operations no longer fail in Private IP configurations that use Customer Managed Encryption Keys (CMEK).

The environment creation process now aborts early on any web server deployment failure.

Improved error reporting for web server deployment failures. App Engine errors that occur during the deployment are now marked as web server deployment errors.

Cloud Spanner

Cloud Spanner provides a new metric, CPU Utilization by operation types, which breaks down CPU usage by user-initiated operations. For more information, see CPU utilization metrics.

Network Intelligence Center

Connectivity Tests now includes a feature that verifies connectivity by sending probes. This feature, which is in Preview, is available for VM-to-VM tests. In the Google Cloud console, you can see the results of this analysis in the column labeled Last packet transmission result. In the gcloud command-line and API responses, you can see the results in the probingDetails object. This feature complements the existing configuration analysis feature, which evaluates reachability by assessing your network's configuration.

SAP on Google Cloud

Deployment checklists for SAP on Google Cloud: These additions to the SAP on Google Cloud documentation can help you to migrate your SAP systems to Google Cloud quickly and to avoid costly missteps in the process.

For more information, see Overview of the SAP on Google Cloud deployment checklists.

VPC Service Controls

Beta stage support for the following integration:

March 10, 2021

Cloud Build

Users can now create triggers to execute builds in response to events published to a Pub/Sub topic. For more information see, Creating Pub/Sub triggers.

Google Kubernetes Engine

40 Kubernetes metrics as part of Cloud Operations for GKE are now generally available.

Starting in version 1.19.8-gke.1000, in the Rapid release channel, the --can-ip-forward flag is disabled for all new clusters. Existing VPC-native clusters when upgraded to 1.19.8-gke.1000 will set the --can-ip-forward flag to disabled.

Pub/Sub

Pub/Sub push subscriptions can now be created with Cloud Run service endpoints protected by VPC Service Controls. This feature is available in the Preview launch stage.

March 09, 2021

Channel Services

(v1alpha1 only) This release includes the new LookupOffer method.

LookupOffer displays the Offer for an entitlement. This provides a programmatic way to pull the pricing details of any online offer, including expired offers and special sales proposals that are unavailable through the ListOffers endpoint.

Network Connectivity Center

Router appliance for Network Connectivity Center is available in Preview.

Secret Manager

Secret Manager support for Customer-Managed Encryption Keys (CMEK) is now generally available.

Learn more by reading Enabling CMEK in Secret Manager.

March 08, 2021

Channel Services

(v1alpha1 only) This release includes the new ImportCustomer method.

ImportCustomer replaces CreateCustomer as the first step of a Transfer. You can use this method to import customer information using their domain or Cloud Identity ID.

Cloud Load Balancing

You can now use the gcloud compute url-maps validate command to test advanced route configurations such as routing based on headers and query parameters, HTTP to HTTPS redirects, and URL rewrites.

You can also use this command to independently run tests without saving changes to the URL map. This protects live traffic to your production services and prevents any unintended interruptions due to URL map misconfigurations.

This feature is now available in General Availability.

Cloud Run

The ability to specify a minimum number of container instances to be kept warm and ready to serve requests is now at general availability (GA).

Cloud Vision

EXIF rotation feature fix

This fix will disable EXIF rotation, a feature activated by the model update mentioned in the November 11, 2020 release note. This feature affects the DOCUMENT_TEXT_DETECTION and TEXT_DETECTION features.

EXIF rotation will be turned down on March 22, 2021. If your usage relies on this specific behavior, please file a feature request to us.

Dataproc

Dataproc 2.0 image version will become a default Dataproc image version in 1 week on March 15, 2021.

Security Command Center

Security Health Analytics, a built-in service of Security Command Center, launched new detectors in general availability:

Detects resources that are not using customer-managed encryption keys (CMEK)

  • BUCKET_CMEK_DISABLED
  • DISK_CMEK_DISABLED
  • NODEPOOL_BOOK_CMEK_DISABLED
  • SQL_CMEK_DISABLED

Detects vulnerabilities in Compute Engine instances

  • DEFAULT_SERVICE_ACCOUNT_USED
  • SHIELDED_VM_DISABLED

Detects publicly accessible Cloud KMS keys

  • KMS_PUBLIC_KEY

Detects out-of-region Compute Engine resources

  • ORG_POLICY_LOCATION_RESTRICTION

Detects misconfiguration of SQL instances

  • SQL_CROSS_DB_OWNERSHIP_CHAINING
  • SQL_CONTAINED_DATABASE_AUTHENTICATION
  • SQL_CROSS_DB_OWNERSHIP_CHAINING
  • SQL_LOCAL_INFILE
  • SQL_LOG_CHECKPOINTS_DISABLED
  • SQL_LOG_CONNECTIONS_DISABLED
  • SQL_LOG_DISCONNECTIONS_DISABLED
  • SQL_LOG_LOCK_WAITS_DISABLED
  • SQL_LOG_MIN_DURATION_STATEMENT_ENABLED
  • SQL_LOG_MIN_ERROR_STATEMENT
  • SQL_LOG_TEMP_FILES

For more information on these and other Security Health Analytics detectors, see Vulnerabilities findings.

Event Threat Detection, a built in service of Security Command Center, launched a preview for a new detector.

Service account self-investigation detects when a service account is used to investigate roles associated with that same service account. For more information on Event Threat Detection detectors, see Event Threat Detection conceptual overview.

Documentation

  • Security Health Analytics documentation now includes more detailed information about detectors, including supported assets and scan configurations. For more information, see Vulnerabilities findings.

  • The Security Health Analytics remediation page now includes suggested instructions to resolve all Security Health Analytics findings. For more information, see Remediating Security Health Analytics findings.

  • Event Threat Detection documentation now includes additional details on cloud logs used by the service. For more information, see Event Threat Detection conceptual overview.

VPC Service Controls

Preview for the following integration:

March 05, 2021

AI Platform Deep Learning Containers

M65 release

  • Upgraded tensorflow-cloud to 0.1.13.

  • Regular package refreshment and bug fixes.

AI Platform Deep Learning VM Image

M65 release

  • Added support for DooD (Docker outside of Docker) in Dataflow notebooks container images.

  • Upgraded tensorflow-cloud to 0.1.13.

  • Regular package refreshment and bug fixes.

AI Platform Training

AI Platform Training now provides pre-built PyTorch containers for PyTorch 1.7.

In addition to training with CPUs or GPUs, you can use one of the PyTorch 1.7 containers to perform PyTorch training with a TPU.

Cloud CDN

Support for item request coalescing is now Generally Available.

Item request coalescing allows multiple requests for a small object to be coalesced (collapsed) into a single origin request for the same cache key into a single origin request per edge node.

This enhances Cloud CDN's existing request coalescing behaviour for large objects, such as video and file downloads.

To enable request coalescing for your Cloud CDN enabled backends, visit the documentation.

Cloud Composer

New versions of Cloud Composer images:

  • composer-1.14.5-airflow-1.10.14
  • composer-1.14.5-airflow-1.10.12 (default)
  • composer-1.14.5-airflow-1.10.10

Improved the logging of Airflow exceptions. Full Python tracebacks for Airflow exceptions are reported and marked as errors in the logs.

Fixed a potential infinite loop in the airflow-monitoring pod. Environment health checks no longer get stuck after certain types of environment update operations.

Fixed the cause of failures when creating Qwiklabs environments.

When creating environments, unmet network requirements for pods and services cause the operation to fail immediately. Previously, the operation failed when a timeout was reached.

Cloud Composer acquires existing environment resources if they are available during an upgrade operation. Before, the operation could fail with the "ALREADY_EXISTS" error in some cases.

Added a precondition check for upgrade operations. This check verifies that GKE control plane can reach GKE nodes. Previously, if there was a networking problem with communication between the control plane and GKE nodes, the operation failed on a timeout.

Fixed a problem with airflow-monitoring not having logs after changing the machine type for GKE Cluster in a Cloud Composer environment.

PyPI packages can now be installed in Cloud Composer versions 1.11.0 and 1.11.1.

Cloud Run

You can now use VPC Service Controls with Cloud Run to set up a secure perimeter to guard against data exfiltration. (Available in public preview.)

Cloud SQL for MySQL

The following MySQL minor versions have been upgraded:

  • MySQL 5.6.47 is upgraded to 5.6.50
  • MySQL 5.7.25 is upgraded to 5.7.32

Cloud SQL for MySQL now supports flexible instance configurations. Compared to our predefined machine types, flexible instance configurations offer you the extra freedom to configure your instance with the specific number of vCPUs and GB of RAM that fits your workload. To set up a new instance with a flexible instance configuration, see our documentation here.

Config Connector

Config Connector version 1.41.0 is now available.

Added targetGRPCProxyRef field in ComputeForwardingRule.

Added insightsConfig field in SQLInstance.

Added transitEncryptionMode field in RedisInstance. Also added serverCaCerts to the status of RedisInstance.

Updated the format of the version tag to v0.0.0 so that Config Connector v1.41.0 and above can be fetched as a Go module. (Issue #408)

Dataproc

New sub-minor versions of Dataproc images: 1.3.86-debian10, 1.3.86-ubuntu18, 1.4.57-debian10, 1.4.57-ubuntu18, 1.5.32-centos8, 1.5.32-debian10, 1.5.32-ubuntu18, 2.0.5-debian10, and 2.0.5-ubuntu18

Image 2.0:

Fixed a bug where YARN applications launched by Hive jobs were not correctly tagged, leading to missing YARN application status from job state.

Fixed the permission for mounted SSD Hadoop directories.

Google Cloud VMware Engine

Added security bulletin for the VMware Engine response to VMware security advisory VMSA-2021-0002.

Google Kubernetes Engine

(2021-R8) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Version 1.17.17-gke.1101 is now available in the Stable channel. This version is now the default.
  • Auto-upgrading nodes and control planes in the Stable channel upgrade from versions 1.17 and earlier to version 1.17.17-gke.1100 with this release.
  • Version 1.15.12-gke.6002 is no longer available in the Stable channel.
  • Version 1.16.15-gke.7800 is no longer available in the Stable channel.
  • Version 1.17.15-gke.800 is no longer available in the Stable channel.

Regular channel

  • Version 1.18.15-gke.1501 is now available in the Regular channel.
  • Version 1.18.15-gke.1102 is no longer available in the Regular channel.

Rapid channel

  • Version 1.19.7-gke.2503 is now available in the Rapid channel. This version is now the default.
  • Version 1.19.8-gke.1000 is now available in the Rapid channel.
  • Version 1.20.4-gke.400 is now available in the Rapid channel.
  • Auto-upgrading nodes and control planes in the Rapid channel upgrade from version 1.19 to version 1.19.7-gke.2503 with this release.
  • Auto-upgrading nodes and control planes in the Rapid channel upgrade from version 1.20 to version 1.20.4-gke.400 with this release.
  • Version 1.19.7-gke.1500 is no longer available in the Rapid channel.
  • Version 1.20.2-gke.2500 is no longer available in the Rapid channel.
Memorystore for Redis

Support for In-transit encryption on Memorystore for Redis is now Generally Available.

March 04, 2021

AI Platform Notebooks

New Notebooks instances add labels for VM image (goog-caip-notebook) and volume (goog-caip-notebook-volume).

Anthos Service Mesh

1.9.1-asm.1 is now available. Anthos Service Mesh 1.9 includes the features of Istio 1.9 subject to the list of Anthos Service Mesh supported features.

Google-managed control plane is now available as a public preview feature. This feature lets you move from managing istiod in your clusters to configuring the control plane as a service. Google will manage the availability, scalability and security of the control plane.

Using the managed control plane also simplifies multi-cluster mesh configuration and reduces the Kubernetes Engine privileges needed to install Anthos Service Mesh. For more information see Configuring the Google-managed control plane.

Anthos Service Mesh for Compute Engine VMs is now available as a public preview feature. With this new feature you can manage, observe, and secure services running on both Compute Engine Managed Instance Groups and Kubernetes Engine clusters in the same mesh. You can mix and choose the best environment to run your services while enjoying the benefits of Anthos Service Mesh.

This feature also improves security and usability by letting you use Compute Engine service accounts for mTLS authentication to other Compute Engine VMs and Kubernetes Engine Pods. For more information see the documentation.

Anthos Service Mesh 1.5 is no longer supported. For more information see Supported versions.

Cloud Monitoring

Compute Engine's VM instance details page now offers a guided installation path for the Monitoring agent when it is not detected on the VM.

Compute Engine

The VM instance details page for Compute Engine now offers a guided installation path for Monitoring agents when they are not detected.

Identity and Access Management

For workload identity federation, available in beta, you can now use updated client libraries for C++, Go, Java, Node.js, and Python to automatically obtain Google credentials.

For details, see the documentation for your identity provider:

March 03, 2021

Cloud Run

Cloud Run reports a new Cloud Monitoring metric: Instance count, which counts the number of container instances that exist, broken down by state (active or idle).

Cloud Spanner

Cloud Spanner now supports point-in-time recovery (PITR), which lets you recover data from a specific point in time in the past.

Dataproc Metastore

Fixed a bug where specifying a Cloud Storage URI without an object would return an internal error.

Fixed metastore.googleapis.com/service/health metric not showing up for some services.

Dialogflow

Dialogflow now supports VPC Service Controls for both CX and ES agents.

Error Reporting

Error Reporting has been updated to only analyze logs that are stored in global buckets in the same project where they are ingested. For more information, see Using Error Reporting with regionalized logs.

March 02, 2021

AI Platform (Unified)

CMEK compliance using the client libraries

You can now use the client libraries to create resources with a customer-managed encryption key (CMEK).

For more information on creating a resource with an encryption key using the client libraries, see Using customer-managed encryption keys (CMEK).

BigQuery

Updated version of Magnitude Simba ODBC driver includes bug fixes, performance improvements, and enhancements such as support for dynamic SQL and additional DDL and DML keywords.

Updated version of Magnitude Simba JDBC driver includes bug fixes and performance improvements.

Cloud Composer

GA: Support for the Airflow Role-Based Access Control (RBAC) UI is now generally available.

GA: Support for Resource location restrictions and Data Residency is now generally available.

Dataproc

Added the --cluster-labels flag to gcloud dataproc jobs submit to allow submitting jobs to a cluster that matches specified cluster labels. Also see Submitting a Dataproc job.

Google Kubernetes Engine

Starting with GKE version 1.19.7-gke.2000 (minimum GKE node version: 1.18.12- gke.1203, 1.19.6-gke.800), the Compute Engine persistent disk Container Storage Interface (CSI) Driver for Windows (Preview) is available in GKE. This feature allows you to take advantage of the latest persistent disk features without having to manually manage the CSI driver lifecycle. The CSI driver provides access to features such as volume snapshot and volume expansion. For more information, see Using the Compute Engine persistent disk CSI Driver.

The GKE Service Level Agreement now covers the Regular channel for both Standard and Autopilot modes of operation.

SAP on Google Cloud

Google Cloud monitoring agent for SAP NetWeaver, Version 1.1 is now available. This new version removes automatic updates so that you can control when new versions are applied to your system. It also adds support for Bare Metal Solution environments.

For information about the new update method, see Updating the monitoring agent for SAP NetWeaver.

New SAP certifications: For SAP NetWeaver, the following Compute Engine virtual machine types that use the AMD CPU platform are certified by SAP:

  • n2d-standard-128
  • n2d-standard-224
  • n2d custom machine type vCPU limit increased to 96

For more information, see:

March 01, 2021

AI Platform (Unified)

The client library for Java now includes enhancements to improve usage of training and prediction features. The client library includes additional types and utility functions for sending training requests, sending prediction requests, and reading prediction results.

To use these enhancements, you must install the latest version of the client library.

Cloud Run

Cloud Run is now available in the following regions:

  • us-west2 (Los Angeles)
  • us-west3 (Salt Lake city)
  • us-west4 (Las Vegas)
Cloud Run for Anthos

Cloud Run for Anthos on Google Cloud version 0.20.0-gke.6 is now available for the following GKE minor versions:

  • 1.19
  • 1.20

Events for Cloud Run for Anthos version 0.18.1-gke.108 is now available for the following GKE minor versions:

  • 1.19
  • 1.20
Cloud Scheduler

The maximum job size (payload) is now 1 MB total, including ~1KB request overhead.

Cloud Spanner

You can now optionally receive the mutation count for a transaction in the commit response to optimize the transactions while staying within the mutation count limit. For more information, see Retrieving commit statistics for a transaction.

Dataproc

Dataproc 2.0 image version will become a default Dataproc image version in 2 weeks on March 15, 2021.

Google Cloud Armor

Google Cloud Armor Managed Protection Plus Tier is in General Availability. Managed Protection Plus Tier offers a monthly subscription that includes all of the features of Standard Tier, and bundles Google Cloud Armor WAF policy, rules, HTTP request usage, and named IP lists.

Pub/Sub

Pub/Sub message schemas are now available in the Preview launch stage.

SAP on Google Cloud

The preview release of Google Cloud monitoring agent for SAP HANA, version 2 is now available. Version 2.0 represents a complete refactoring of the monitoring agent for SAP HANA.

For more information, see Monitoring agent for SAP HANA V2.0 planning guide.

Version 1.0 of the Google Cloud monitoring agent for SAP HANA is deprecated. For new installations, use the Google Cloud monitoring agent for SAP HANA V2.0.

Support for version 1 of the monitoring agent for SAP HANA ends on December 31, 2021.

For information about version 2, see Monitoring agent for SAP HANA V2.0 planning guide.

Text-to-Speech

Text-to-Speech has launched Beta support of new SSML tags: <phoneme>, <mark>, <lang>, <voice>, and <say-as interpret-as="duration"> to specify durations. See the phonemes for a list of phonemes available for your language.

Support for the <prosody> SSML tag has been enhanced to produce continuous TTS when possible.

  • Text-to-speech has resolved an issue that affected how volume changes are calculated, resulting in different but correct behavior.
  • Text-to-speech has resolved an issue that affected how pitch changes are calculated, resulting in different but correct behavior.

Text-to-Speech has improved the continuity of mixed-media results. Now when you mix text and sounds within a <s>/<s> block, Text-to-Speech generates a much shorter pause and better transition between the synthesized speech and the sound.

Text-to-Speech has improved its handling of speech synthesis requests sent using SSML markup.

Text-to-Speech has improved the verbalization and pacing of phone numbers.

February 26, 2021

Anthos Anthos clusters on VMware

Anthos clusters on VMware (GKE on-prem) 1.6.2-gke.0 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.6.2-gke.0 clusters run on Kubernetes 1.18.13-gke.400.

Fixed in 1.6.2-gke.0:

  • Fixed a kubelet restarting issue that was found when running workloads that rely on kubectl exec/port-forward/attach, such as Jenkins.

  • Fixed CVE-2021-3156 in the node operating system image. CVE-2021-3156 is described in Security bulletins.

GKE on-prem 1.4.5-gke.0 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.4.5-gke.0 clusters run on Kubernetes 1.16.11-gke.11.

Fixed in 1.4.5-gke.0:

Anthos clusters on bare metal

Anthos on bare metal 1.6.2 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos on bare metal 1.6.2 runs on Kubernetes 1.18.

Fixes:

  • Updated custom resource API to reject changes to Cluster and NodePool configuration fields that are not currently supported. For a list of supported mutable fields, see Configuration in Known Issues.
  • Updated bmctl to allow creating or upgrading Anthos clusters on bare metal to the current bmctl version (1.6.2) only. For more information about version restrictions, see Installation in Known Issues.
  • Fixed an issue that caused the automatic reset of bare metal machines to fail after deleting the user cluster.
  • Added preflight check to verify that control group v2, or cgroup v2 for short, is not in use on the cluster machine. Anthos on bare betal 1.6.x is incompatible with cgroup v2. For more information, see Control group v2 incompatibility in Known Issues.
  • Updated csi-snapshot-validation-webhook to support certification rotation. For more information about certificate rotation, see Security in Known Issues.
  • Fixed an issue to prevent constant patching for snapshot.storage.k8s.io CRDs.
  • Fixed a Certificate Signing Request (CSR) issue with kubelet to ensure fully qualified domain name(FQDN) hostnames are supported.

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Artifact Registry

Support for Python packages in private PyPI repositories is now in alpha. This feature is only available to alpha users. If you are interested in joining the alpha, fill in the sign up form.

  • See the quickstart to get started.
  • Learn more about working with Python packages in the overview.
Cloud Asset Inventory

New resource types now available.

The following resource types are now publicly available through the resource search API (SearchAllResources), policy search API (SearchAllIamPolicies), and analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

  • Cloud Functions
    • cloudfunctions.googleapis.com/CloudFunction
  • Cloud SQL
    • sqladmin.googleapis.com/Instance
  • Cloud TPU
    • tpu.googleapis.com/Node

The following resource types are now publicly available through the export API (ExportAssets and BatchGetAssetsHistory) and the Feed API:

  • Artifact Registry
    • artifactregistry.googleapis.com/DockerImage
  • Api Gateway
    • apigateway.googleapis.com/Api
    • apigateway.googleapis.com/ApiConfig
    • apigateway.googleapis.com/Gateway
  • Assured Workloads for Government
    • assuredworkloads.googleapis.com/Workload

The following searchable fields are now publicly available through the resource search API (SearchAllResources):

  • parentAssetType
  • project
  • folders
  • organization
Config Connector

Config Connector version 1.40.0 is now available

Added support for DataprocAutoscalingPolicy (no config-connector CLI support, expected Q2)

Added support for DataprocCluster (no config-connector CLI support, expected Q2)

Added support for DataprocWorkflowTemplate (no config-connector CLI support, expected Q2)

Added support for MemcacheInstance

New field for ComputeInstance: nicType

New fields for ComputeInstanceTemplate: nicType and resourcePolicies

New status field for BigQueryJob: status

Go client is no longer nested under generated folder.

Dataproc

New sub-minor versions of Dataproc images: 1.3.85-debian10, 1.3.85-ubuntu18, 1.4.56-debian10, 1.4.56-ubuntu18, 1.5.31-centos8, 1.5.31-debian10, 1.5.31-ubuntu18, 2.0.4-debian10, and 2.0.4-ubuntu18

Image 2.0: Upgraded Spark to 3.1.1 RC2 version

Allow stopping clusters that have autoscaling enabled, and allow enabling autoscaling on clusters that are STOPPED, STOPPING, or STARTING. If you stop a cluster that has autoscaling enabled, the Dataproc autoscaler will stop scaling the cluster. It will resume scaling the cluster once it has been started again. If you enable autoscaling on a stopped cluster, the autoscaling policy will only take effect once the cluster has been started (see Starting and stopping clusters).

Deactivated mysql and hive-metastore components for clusters created with a Dataproc Metastore service on an image that has the DISABLE_COMPONENT_HIVE_METASTORE and DISABLE_COMPONENT_MYSQL capabilities.

Image 1.3 - 1.5: HIVE-18871: hive on Tez execution error due to set hive.aux.jars.path to hdfs://

Recommender

The product suggestion recommender helps you to optimize your Cloud usage by providing you with product suggestions. This can help you improve performance and security, and manage your resources better.

Resource Manager

Project migration between organizations is now a self-serve process in public preview. For more information, see Migrating projects.

Transcoder API

Sprite sheets now support different image compression levels with the new quality setting.

Sprite sheets now preserve the source aspect ratio. Set the sprite width or height field, but not both (the API will automatically calculate the missing field).

The API now supports video padding with black.

Virtual Private Cloud

Hierarchical firewall policies are now available in General Availability.

February 25, 2021

AI Platform (Unified)

AI Platform (Unified) now supports Access Transparency in beta. Google Cloud organizations with certain support packages can use this feature. Learn more about using Access Transparency with AI Platform (Unified).

The client libraries for Node.js and Python now include enhancements to improve usage of training and prediction features. These client libraries include additional types and utility functions for sending training requests, sending prediction requests, and reading prediction results.

To use these enhancements, you must install the latest version of the client libraries.

The predict and explain method calls no longer require the use of a different service endpoint (for example, https://us-central1-prediction-aiplatform.googleapis.com). These methods are now available on the same endpoint as all other methods.

In addition to Docker images hosted on Container Registry, you can now use Docker images hosted on Artifact Registry and Docker Hub for custom container training on AI Platform.

The Docker images for pre-built training containers and pre-built prediction containers are now available on Artifact Registry.

Anthos Config Management

Hierarchy Controller now includes a preview of Hierarchical Resource Quotas (HRQs). HRQs are drop-in replacements for Kubernetes Resource Quotas, but apply to resources in both a namespace as well as all of its descendants. To learn more, see Using hierarchical resource quotas.

The Anthos Config Management Operator Deployment now specifies resources.limits for config-management-operator:manager.

This release note was updated on March 5, 2021. The update removed information about a feature that is not yet available.

Config Sync multi-repo mode can't sync Git repositories using ssh as the authentication method. To workaround the issue, see Syncing from multiple repositories.

Anthos GKE on AWS

Anthos clusters on AWS 1.6.2-gke.0 is now available.

Anthos clusters on AWS 1.6.2-gke.0 clusters run the following Kubernetes versions:

  • 1.16.15-gke.5302
  • 1.17.9-gke.6402
  • 1.18.10-gke.902

To upgrade your clusters, perform the following steps:

This release fixes an issue where the management service fails to start when provided with a KMS alias.

Bug fixes and security improvements.

BigQuery

BigQuery materialized views are now generally available (GA). BigQuery materialized views are now generally available (GA). Materialized views are precomputed views that periodically cache the results of a query, enhancing performance and efficiency, and reducing costs, particularly for aggregated queries. For more information, see Introduction to materialized views.

BigQuery BI Engine

BigQuery BI Engine now interacts with popular BI tools such as Looker, Tableau, and more, by means of an SQL interface. You must enroll to participate in the preview.

Cloud Composer

New versions of Cloud Composer images:

  • composer-1.14.4-airflow-1.10.14
  • composer-1.14.4-airflow-1.10.12 (default)
  • composer-1.14.4-airflow-1.10.10

When an environment update operation cannot start, an error message that lists possible causes for the error is generated.

Improved the syncing of DAGs and plugins to the Airflow web server. DAG parsing is now less likely to break because of race conditions.

Added FreeTDS system package to Cloud Composer images.

Updated apache-beam package version to 2.24.0 in Airflow 1.10.10 so that Dataflow jobs now correctly create partitioned BigQuery tables. Airflow versions 1.10.12 and 1.10.14 already have apache-beam version 2.27.0 installed.

Upgraded apache-airflow-backport-providers-google package to version 2021.2.5 in Airflow 1.10.12 and 1.10.14. This is potentially a breaking change because the package contains updates of Python Google Cloud libraries. For a list of new operators and for more information about breaking changes, see the 2021.2.5 release notes.

The google-cloud-pubsublite package is installed by default in Composer images for Airflow 1.10.12 and 1.10.14.

Improved the reliability of environment upgrade operations. Added new retrying procedures and enhanced existing ones.

Fixed the cause of several update-related errors.

When an environment deletion operation fails, a correct GKE error is displayed. Before, a different GKE error was displayed in some cases.

The Airflow scheduler liveness checker is now compatible with google-cloud-logging==2.2.0.

Fixed an error when some MsSQL operators were not working with Azure instances.

Fixed an error in GKE cluster builds. In private IP environments, an additional nodepool no longer remains after an update.

Compute Engine

Preview: You can now use the gcloud command-line tool to import images from AWS into Google Cloud. For more information, see Importing images from AWS.

Firestore Google Kubernetes Engine

(2021-R7) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

Regular channel

  • Version 1.18.15-gke.1102 is now available in the Regular channel.
  • Version 1.18.12-gke-1206 is no longer available in the Regular channel.
  • Auto-upgrading control planes in the Regular channel automatically upgrade from version 1.18 to version 1.18.12-gke.1210 with this release.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.18.12-gke.1210 with this release.

Rapid channel

  • Version 1.19.7-gke.1500 is the new default version in the Rapid channel.
  • Version 1.19.7-gke.2503 is now available in the Rapid channel.
  • Version 1.20.2-gke.2500 is now available in the Rapid channel. Before upgrading to 1.20.2-gke.2500, read the 1.20 available in the Rapid channel section in the release notes.
  • Version 1.19.7-gke.1302 is no longer available in the Rapid channel.
  • Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.1500 with this release.
  • Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.20 to version 1.20.2-gke.2500 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.1500 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.20 to version 1.20.2-gke.2500 with this release.

1.20 available in the Rapid channel

Kubernetes 1.20 is now available in the Rapid channel. Before upgrading to 1.20.2-gke.2500, read the Kubernetes 1.20 ReleaseNotes especially the Urgent upgrade notes and Deprecations sections.

RuntimeClass graduated to GA in version 1.20: The node.k8s.io/v1beta1 RuntimeClass API has graduated to node.k8s.io/v1 with no changes. API clients and manifests should switch to using the node.k8s.io/v1 API after version 1.20. The node.k8s.io/v1beta1 API is deprecated and will no longer be served starting in version 1.25.

As of version 1.20, the kubelet no longer creates the target_path for NodePublishVolume in accordance with the CSI spec. If you have self-managed CSI drivers deployed in your cluster, ensure that they are idempotent and do any necessary mount creation or verification. For more information, see Kubernetes issue #88759.

Starting in version 1.20, timeouts on exec probes are honored, and default to 1 second if unspecified. If you have Pods using exec probes, ensure that they can easily complete in 1 second or explicitly set an appropriate timeout. For more information, see ConfigureProbes.

Non-deterministic treatment of objects with invalid ownerReferences was fixed in version 1.20. Run the kubectl-check-ownerreferences tool prior to upgrade to locate existing objects with invalid ownerReferences.

  • A namespaced object with an ownerReference to another namespaced object which does not exist in the same namespace is now consistently treated as having a missing owner and is deleted.

  • A cluster-scoped object with an ownerReference to a namespaced object is now consistently treated as having an unresolvable owner, and is ignored by the garbage collector.

  • Starting in version 1.20, when a namespace mismatch between a child and owner object is detected, an event with a reason code of OwnerRefInvalidNamespace is recorded.

The metadata.selfLink field, deprecated since version 1.16, is no longer populated in version 1.20. See Kubernetes issue #1164 for details. A related bug in the k8s.io/client-golibrary in the GetReference function was fixed in versions 0.15.9 or later, 0.16.4 or later, and 0.17.0 or later. Clients using the GetReference function should upgrade to one of those versions of client-go or newer in order to work correctly against an API Server running version 1.20 or later.

You can now create clusters using the Autopilot mode. Autopilot is a new mode of operation in GKE that is designed to reduce the operational cost of managing clusters, optimize your clusters for production, and yield higher workload availability. For more information, see the Autopilot overview and blog post.

Memorystore for Memcached

General Availability release of Memorystore for Memcached.

Secret Manager

Event notifications is now available in Preview.

Event notifications sends information about changes to your secrets and secret versions to Pub/Sub. These notifications can be used to trigger arbitrary workflows, such as restarting an application when a new secret version is added, or notifying security engineers when a secret is deleted.

Learn more at Enabling event notifications.

February 24, 2021

BigQuery Data Transfer Service

The BigQuery Data Transfer Service's 1-hour minimum file age requirement for transfers from Cloud Storage has been eliminated.

Cloud Composer

GA: Support for Customer Managed Encryption Keys (CMEK) is now generally available.

Cloud SQL for MySQL

Cloud SQL now offers faster maintenance, with average connectivity loss lasting 90 seconds or less on average. See more about maintenance timelines.

Cloud SQL for PostgreSQL

Cloud SQL now offers faster maintenance, with average connectivity loss lasting 90 seconds or less on average. See more about maintenance timelines.

Cloud Tasks

Maximum push task size is now increased to 1 MB.

Identity and Access Management

You can now use Policy Simulator to simulate policy changes before you apply them. This feature is available in Preview.

Private Catalog

Private Catalog supports Terraform. Admins can create and curate Terraform configurations as solutions for their catalogs. Learn more

Pub/Sub

An Apache Spark connector is now available for Pub/Sub Lite, allowing you to read messages from Pub/Sub Lite in your Spark clusters.

Pub/Sub Lite

An Apache Spark connector is now available for Pub/Sub Lite, allowing you to read messages from Pub/Sub Lite in your Spark clusters.

February 23, 2021

Anthos Service Mesh

1.8.3-asm.2 is now available.

This patch release contains the same bug fixes that are in Istio 1.8.3. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

BigQuery Data Transfer Service

The BigQuery Data Transfer Service's minimum interval time between recurring transfers from Cloud Storage has been reduced from one hour to 15 minutes.

Channel Services

Reseller Billing Account name is now available in the Offer resource.

For Google Cloud Platform offers, you can use this field to map an offer to the Reseller Billing Account name from Cloud Console.

In the CreateCustomer and PatchCustomer endpoints, the addressLines field is now required for customer.orgPostalAddress.

This field is optional in v1alpha1.

In the CheckCloudIdentityAccountsExist method, CloudIdentityAccounts now returns an empty list instead of a 404 error if the domain does not match an existing Cloud Identity.

In v1alpha1, this returns a 404 error.

Migrate for Anthos

180576558: Fixed an issue where the Linux discovery tool calculated an incorrect score.

Fixed an issue where using an Envoy proxy sidecar, not as part of Istio or Anthos Service Mesh, created networking issues with the migrated workload.

Virtual Private Cloud

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in General Availability. This feature presently only GA for individual VM instances. Support for instance templates and managed instance groups is still Preview.

February 22, 2021

Cloud Billing

Optimal Recommendations for Compute Engine committed use discounts are now Generally Available. Recommendations provide you opportunities to optimize your compute costs by analyzing your VM spending trends and recommending committed use discount contracts.

Recommendations are presented in two forms:

  • Optimal recommendations are based on overall usage and might cover resources that are not on all the time.
  • Stable usage recommendations cover minimum stable usage over time.

For understanding and purchasing committed use discount recommendations, see the documentation.

Cloud Data Fusion

Cloud Data Fusion Beta instances (versions 6.1.0.2 and lower that were created before November 21, 2019) will be turned down on March 1, 2021. Instead, export your pipeline, delete the old instance to avoid billing impact, create a new instance, and import your pipeline into the new instance.

Cloud SQL for PostgreSQL

The following PostgreSQL minor versions are now available. If you use maintenance windows, you might not yet have the minor version. In this case, you will see the new minor version once your maintenance update occurs. To find your maintenance window or manage maintenance updates, see Finding and setting maintenance windows.

  • PostgreSQL 9.6.19 is upgraded to 9.6.20.
  • PostgreSQL 10.14 is upgraded to 10.15.
  • PostgreSQL 11.9 is upgraded to 11.10.
  • PostgreSQL 12.4 is upgraded to 12.5.
  • PostgreSQL 13 is upgraded to 13.1.
Config Connector

Config Connector version 1.39.0 is now available

Alpha release of Go types and clients for Config Connector resources

Added support for CloudSchedulerJob resource

Reverted webhook port to 443 to alleviate forwarding rule issue on GKE private clusters

Fixed issue with aggressive retrying of failed updates leading to exhausting quota

Fixed issue with ArtifactRegistryRepository always failing to update

Dataproc

Dataproc 2.0 image version will become a default Dataproc image version in 3 weeks on March 15, 2021.

Google Kubernetes Engine

This note was updated on March 2, 2021. The issue with the Config Connector add-on with private clusters is a known issue, not a fixed issue.

GKE version 1.19.7-gke.1500 contains a fix for a performance issue in NodeLocal DNSCache. For more information, see NodeLocalDNS timeout errors.

Customers using the Config Connector add-on with private clusters might see an issue with all resource requests timing out. Affected customers must manually create a firewall rule that allows your cluster control plane to initiate TCP connections to your nodes on port 9443. For more information, see Adding firewall rules for specific use cases. This issue will be fixed in a future release.

February 19, 2021

AI Platform Deep Learning Containers

M64 release

  • Upgraded TensorFlow 2.4 to 2.4.1.

  • Upgraded TFX and Fairness Indicators from 0.26.0 to 0.27.0.

  • Miscellaneous bug fixes and updates.

Swift For TensorFlow

  • The Swift For TensorFlow project is entering archive mode. Containers will be deprecated and will no longer receive updates after this release.
AI Platform Deep Learning VM Image

M64 release

  • Upgraded TensorFlow 2.4 to 2.4.1.

  • Upgraded TFX and Fairness Indicators from 0.26.0 to 0.27.0.

  • Added the Fast.ai book tutorials to Pytorch images.

  • Enabled gVNIC for all DLVM images.

  • Miscellaneous bug fixes and updates.

Swift For TensorFlow

  • The Swift For TensorFlow project is entering archive mode. Swift images will be deprecated and will no longer receive updates after this release.
Cloud Monitoring

The Incident details page has been completely revised, making it easier to investigate and manage incidents. New features include a timeline of incidents, the addition of a chart with time-range controls and a link to Metrics Explorer, a log for recording the investigative history. For more information, see Investigating incidents.

Dataproc Metastore

Hive configuration overrides are rejected if either the key or value contains a newline or "<" character.

Fixed a bug where services would fail to create in projects with project IDs that contain the colon "(:)" character.

Logs query builder doesn't work when selecting location and service ID.

The MetadataImport.DatabaseDump.source_database field is deprecated. It will be removed from the v1beta API channel no earlier than August 18, 2021.

Google Cloud Armor

Google Cloud Armor Adaptive Protection is available in Public Preview. Adaptive Protection builds machine-learning models that help you protect your Google Cloud applications, websites, and services against L7 distributed denial-of-service (DDoS) attacks.

Google Cloud VMware Engine

Added upfront prepay option for 3-year and 1-year commitment contracts. VMware Engine provides an option to unlock up to 50% off the hourly rate savings on resources through the prepay upfront option. Contact Sales for more information.

February 18, 2021

Cloud Logging

Cloud Logging agent for Windows version 1-14 is now available. This version changes the default Windows configuration from using gRPC to REST for sending logs to the Cloud Logging API. For more information, refer to the release information on GitHub.

Dialogflow

Dialogflow ES now supports the europe-west1 (Belgium) region.

February 17, 2021

Compute Engine

Preview: Predictive autoscaling for managed instance groups lets you improve the availability of your workloads by using Machine Learning to predict future demand and create virtual machines ahead of forecasted load.

Google Cloud VMware Engine

Added password management of the CloudOwner@gve.local user for vCenter and the admin user for NSX-T Manager. VMware Engine generates a password for these users when you deploy a private cloud. You can view and reset credentials from the private cloud details page.

Added the ability to peer multiple VPCs with private clouds in a region. This improvement enables you to establish a many-to-many relationship between your VPCs and regions.

Added support for global DNS name resolution for management components of your private cloud using Cloud DNS. You can set up Cloud DNS to resolve domain names of management components of multiple private clouds (in the same or different regions) in your project.

For more information, see Configuring DNS for vCenter access.

Updated private cloud nodes so that the ESXi advanced parameter fakescsireservation and MAC learning are now enabled by default. This allows creation of a nested ESXi environment on your private cloud.

Added missing release notes for previous region launches of VMware Engine resources:

  • Montréal, Québec (northamerica-northeast1)
  • São Paulo, Brazil (southamerica-east1)
  • Jurong West, Singapore (asia-southeast1)
  • Eemshaven, Netherlands (europe-west4)
  • Sydney, Australia (australia-southeast1)
  • London, England (europe-west2)
  • Tokyo, Japan (asia-northeast1)
  • Frankfurt, Germany (europe-west3)
Google Kubernetes Engine

This note was updated on March 3, 2021. Version 1.15.12-gke.6002 is still available in the Stable channel for R6.

(2021-R6) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.16.15-gke.11800 is now available.
  • Version 1.17.17-gke.1500 is now available.
  • Version 1.18.15-gke.1500 is now available.
  • Version 1.15.12-gke.6002 is no longer available.
  • Version 1.16.15-gke.6000 is no longer available.
  • Version 1.16.15-gke.6900 is no longer available.
  • Version 1.16.15-gke.7300 is no longer available.
  • Version 1.17.14-gke.1600 is no longer available.
  • Version 1.17.15-gke.300 is no longer available.
  • Version 1.18.12-gke.1205 is no longer available.
  • Version 1.18.15-gke.800 is no longer available.
  • Auto-upgrading control planes automatically upgrade from version 1.15 to version 1.16.15-gke.7800 with this release.

Stable channel

  • Version 1.16.15-gke.6000 is no longer available in the Stable channel.
  • Auto-upgrading control planes in the Stable channel automatically upgrade from version 1.0.0 to version 1.16.15-gke.7800 with this release.

Regular channel

  • Version 1.18.12-gke.1206 is now available in the Regular channel. This version is now the default.
  • Version 1.17.14-gke.1600 is no longer available in the Regular channel.
  • Version 1.17.15-gke.800 is no longer available in the Regular channel.
  • Auto-upgrading control planes in the Regular channel automatically upgrade from version 1.17 to version 1.18.12-gke.1206 with this release.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.18.12-gke.1206 with this release.

Rapid channel

  • Version 1.19.7-gke.1302 is now available in the Rapid channel. This version is now the default.
  • Version 1.19.7-gke.1500 is now available in the Rapid channel.
  • Version 1.18.12-gke.1206 is no longer available in the Rapid channel.
  • Version 1.19.7-gke.800 is no longer available in the Rapid channel.
  • Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.18 to version 1.19.7-gke.1302 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.19.7-gke.1302 with this release.

Multi-cluster Services (MCS) is now Generally Available (GA) for GKE versions 1.17 and later. MCS provides a Kubernetes-native interface to build Kubernetes applications that span multiple clusters.

MCS enables existing Services to be discoverable and accessible across clusters with a virtual IP, matching the behavior of a ClusterIP Service accessible in a cluster.

The COS image for GKE 1.16 clusters is now cos-77-12371-1109-0.

GKE version 1.16.15-gke.11800 contains a fix for the certificate update issue in Internal Ingress.

February 16, 2021

AI Platform Training

The default boot disk type for virtual machine instances used for training jobs has changed from pd-standard to pd-ssd. Learn more about disk types for custom training and read about pricing for different disk types.

Note that for training jobs where you don't specify a DiskConfig, pricing does not change. This is because the first 100 GB of disk for each VM do not incur any charge, regardless of disk type.

BigQuery

BigQuery now supports exporting table data in Parquet format. This feature is in Preview. For more information, see Parquet export details.

Cloud Composer

GA: Setting and updating machine types for CloudSQL/Web Server is now generally available.

GA: Support for Domain restricted sharing is now generally available.

Cloud Composer 1.14.3 release was rolled back. If you have an environment that was created with a composer-1.14.3-airflow-* image, you can later upgrade it to a newer version.

Cloud DNS

Managing response policies and rules in Cloud DNS is available in Preview.

Cloud Load Balancing

Zonal NEGs (with GCE_VM_IP network endpoints) can now be used as backends for internal TCP/UDP load balancers. For more information on this type of zonal NEG, see Zonal NEGs overview.

This feature is in Preview.

Dataproc

New sub-minor versions of Dataproc images: 1.3.84-debian10, 1.3.84-ubuntu18, 1.4.55-debian10, 1.4.55-ubuntu18, 1.5.30-centos8, 1.5.30-debian10, 1.5.30-ubuntu18, 2.0.3-debian10, and 2.0.3-ubuntu18

Fixed a bug that prevented Dataproc on GKE cluster creation.

Dataproc Metastore

You must now have storage.objects.get permission on the Cloud Storage object in order to import metadata from the Cloud Storage file.

Google Kubernetes Engine

For clusters using a 1.19 version, with the Container-Optimized OS with Containerd (cos_containerd) node image, the issue where dockerd (the Docker Daemon) is not running at boot is now fixed.

Identity and Access Management

You can now use IAM conditions to set limits on the roles that a member can grant and revoke. This feature is generally available.

SAP on Google Cloud

For SAP HANA host auto-failover, version 2.0 of the gceStorageClient is now available with a new human-readable name: Google Cloud Storage Manager for SAP HANA Standby Nodes (Storage Manager for SAP HANA for short). The new version uses RPM Package Manager for installation and updates, and supports all versions of SAP HANA that are in mainstream maintenance.

For more information, see SAP HANA host auto-failover on Google Cloud.

Version 1.n releases of the gceStorageClient for SAP HANA host auto-failover are deprecated.

If you are using a version 1.n release, upgrade to version 2.0 of the gceStorageClient, the Google Cloud Storage Manager for SAP HANA Standby Nodes, at your earliest convenience, but before support is discontinued.

Version 1.n releases of the gceStorageClient will be supported until December 31, 2021.

To determine which version you are running, see Deprecation of version 1.n releases of the storage manager for SAP HANA.

VPC Service Controls

Preview release of Ingress and egress rules for VPC Service Controls.