Google Cloud release notes

• More detailed error messages are now provided for errors during Python package installation.

In Cloud SQL for MySQL, 80 supported flags that previously were in beta are now generally available.

Anthos Config Management now includes the ability to sync from multiple Git repositories. This is a preview feature. To learn more, see Syncing from multiple repositories.

The following updates for Cloud Spanner SQL are now available:

• Ability to convert between BYTES and base32-encoded strings using FROM_BASE32 and TO_BASE32 functions.

• Support for ARRAY_IS_DISTINCT.

NVIDIA® V100 GPUs are now available in the following additional regions and zones:

• South Carolina, North America: us-east1-c

For information about using V100 GPUs on Compute Engine, see GPUs on Compute Engine.

You can use VM Manager in VPC Service Controls. This feature is available in beta.

Document AI Preview released

The following beta and preview features are available in API version v1beta3:

• Procure-to-pay processors: Invoice parser and receipt parser.

• Added PyTorch 1.6 CUDA 11 environments that support A100 GPU accelerators. This special PyTorch build provides another option to add to our A100-compatible TensorFlow Enterprise builds.

Organization policy constraints for Cloud Interconnect is now available in General Availability.

You can now create sinks from within the Logs Explorer and Logs Router pages. To learn more, see Exporting logs with the Google Cloud Console.

Organization policy constraints for Cloud NAT is available in General Availability.

You can now start import and export operations from the Google Cloud Console.

M58 release

• Added PyTorch 1.6 CUDA 11 images that support A100 GPU accelerators. This special PyTorch build provides another option to add to our A100-compatible TensorFlow Enterprise builds.
• Added the PyTorch/XLA package.
• Added the Swift for TensorFlow framework.
• Added the Ubuntu 18.04 OS.

You can now use use a custom container to customize how you serve predictions. To try using a custom container, read the new tutorial on serving predictions from a PyTorch model.

This feature is in preview.

Read a new document about using custom service accounts with custom containers or custom prediction routines.

This feature is in beta.

BigQuery standard SQL now supports the SUBSTRING function. This function is generally available (GA).

Cloud CDN can now cache more response codes, including common error codes such as 404 (Not Found), 301 (Permanent Redirect), 302 (Temporary Redirect), and many others.

If you are sending valid cache directives from your origin, you do not need to make any changes to benefit from this.

You can also set (and override) per-status code TTLs by configuring negative caching as of gcloud SDK 316.0.0.

A new configuration field enable_full_index, has been added for HL7v2 stores. This field enables indexing for all HL7v2 message fields so that you can search on any message field using a new generic filter.

Enhancements to the pre-configured Compute Engine VM Instances dashboard. The inventory table now includes a Logging Agent Status column, and the Logging agent can be installed by using a UI workflow from the table.

N2D Machine types are now available in London, europe-west2-a,b. See VM instance pricing for details.

N2D Machine types are now available in Eemshaven, Netherlands, europe-west4-a. See VM instance pricing for details.

Anthos 1.5.1 is now available.

Updated components:

• Anthos GKE on-prem release notes

Anthos GKE on-prem 1.5.1-gke.8 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.5.1-gke.8 clusters run on Kubernetes 1.17.9-gke.4400.

Binary Authorization for GKE on-prem Preview is now available:

• Binary Authorization for GKE on-prem extends centralized Binary Authorization enforcement policies to GKE on-prem user clusters.
• Set up Binary Authorization for GKE on-prem

This release enables customers to generate credential configuration templates by using the gkectl create-config credential command.

Published the best practices for how to set up GKE on-prem components for high availability and how to recover from disasters.

Published the best practices for creating, configuring, and operating GKE on-prem clusters at large scale.

• The following Composer environment database metrics are now available in Cloud Monitoring: CPU usage, CPU cores, CPU utilization, memory usage, memory quota, memory utilization, disk usage, disk quota, disk utilization.

Cloud Run services can now be triggered using Eventarc (available in public preview)

A new multi-region instance configuration is now available in North America - nam7 (Iowa/North Virginia/Oklahoma).

Access levels now support checking the Storage encryption (allowedEncryptionStatuses), Require admin approval (requireAdminApproval) and Require corp owned device (requireCorpOwned) attributes of requests originating from mobile devices.

The ST_GEOGFROMGEOJSON and ST_GEOGFROMTEXT geographic functions support a new make_valid parameter. If set to TRUE, the function attempts to correct polygon issues when importing geography data.

The ST_GEOGFROMTEXT function also supports a new planar parameter. If set to TRUE, the function treats imported WKT geometries as having planar edges.

These new function parameters are in Beta.

Announcing the Alpha release of the Dataproc Persistent History Server, which provides a UI to view job history for jobs run on active and deleted Dataproc clusters.

Added support for externally referencing billing account and organizations in IAMPolicyMember

Added LoggingLogSink resource for creating log sinks at project, folder, and organization scopes

Added ResourceManagerPolicy resource for setting organization policy at project, folder, and organization scopes

For HTTP requests, the httpRequest.remoteIp and httpRequest.serverIp fields can include port information. For example 10.0.0.1:80.

In the Logs Explorer you can now download your logs in JSON and CSV to your computer, Google Drive, or view them in a new tab. To learn more, see Downloading logs.

Cloud Run is now available in the following regions:

• asia-east2 (Hong Kong)
• asia-northeast3 (Seoul, South Korea)
• asia-southeast2 (Jakarta)
• asia-south1 (Mumbai, India)
• europe-west2 (London, UK)
• europe-west3 (Frankfurt, Germany)
• europe-west6 (Zurich, Switzerland)
• southamerica-east1 (Sao Paulo, Brazil)

You can now purchase a custom domain via Cloud Domains using the Cloud Run user interface.

Memory-optimized M1 machine types are available in Frankfurt europe-west3-a,b,c. Memory-optimized M2 machine types are available in Frankfurt, europe-west3-a,b. See VM instance pricing for details.

Adds support for MonitoringNotificationChannel

Announcing the GA (General Availability) release of the Dataproc Ranger Optional Component and the Dataproc Solr Optional Component.

Pub/Sub message ordering is now available in GA.

Announcing the GA (General Availability) release of the Dataproc - Docker Optional Component and the Dataproc - Flink Optional Component.

Document AI Preview released

The following beta and preview features are available in API version v1beta3:

• General processors: Document OCR (Optical Character Recognition), form parser, and document splitter.
• Lending processors: W9, 1040, W2, 1099-MISC, and 1003 parsers, as well as lending document splitter & classifier.

Discount sharing for committed use discounts is now Generally Available. With discount sharing enabled, you can apply your purchased commitments across multiple projects within a single Cloud Billing account. Discount sharing helps you minimize the overhead of managing each of your commitments individually and provides increased flexibility so that you can use the compute options that best suit your needs, while also increasing cost predictability.

• For more information about enabling committed use discount sharing, see Turning on committed use discount sharing.
• For more information on the possible cost savings using committed use discount sharing, see Understanding discount sharing.

• Cloud Build logs from the tenant project are now published in the Composer logs. They are available under the log name build-log-webserver.
• Airflow DAG processor manager logs are now published in the Composer logs. They are available under the log name dag-processor-manager.
• If an update operation fails, links to the specific Cloud Build log will now be included in the error message.
• Compatibility with Domain Restricted sharing has been improved. Upgrading your environment to the newest version of Composer can now enable or disable its compatibility with Domain Restricted Sharing based on your organization policy.

You can now specify a minimum number of container instances to be kept warm and ready to serve requests, for services requiring reduced latency and fewer cold starts.

A new multi-region instance configuration is now available in North America - nam9 (North Virginia/Iowa/South Carolina/Oregon).

Support for 1500 MTU in VPC networks is now Generally available.

Support export sub-command in the config-connector CLI

Add support for the AccessContextManagerServicePerimeter resource

Add support for Folder-level IAM Audit Configs

Support for 1500 MTU in VPC networks is now available in General Availability.

Dynamic SQL is now generally available (GA). Dynamic SQL lets you generate and execute SQL statements dynamically at runtime. For more information, see EXECUTE IMMEDIATE.

BigQuery standard SQL now supports the following new functions. These functions are generally available (GA).

• ASCII
• CHR
• INITCAP
• INSTR
• LAST_DAY
• LEFT
• OCTET_LENGTH
• REGEXP_EXTRACT with 2 additional parameters (position and occurrence)
• REGEXP_INSTR
• REGEXP_SUBSTR
• RIGHT
• SOUNDEX
• TRANSLATE
• UNICODE

BigQuery now supports the following new statements. These statements are generally available (GA).

• CREATE EXTERNAL TABLE
• DROP EXTERNAL TABLE
• ALTER TABLE ADD COLUMN
• EXPORT DATA
• TRUNCATE TABLE

BigQuery standard SQL now supports DATE arithmetics operators.

The following INFORMATION_SCHEMA views are now generally available (GA).

• TABLES
• TABLE_OPTIONS
• COLUMNS
• COLUMN_FIELD_PATHS
• VIEWS
• ROUTINES
• ROUTINE_OPTIONS
• PARAMETERS
• SCHEMATA
• SCHEMATA_OPTIONS

BigQuery now supports Unicode table names. For more information, see Table naming.

Queries can now have duplicate column names.

Compute-optimized (C2) machine types are now available in the following regions and zones:

• Finland: europe-north1-a,b,c
• Seoul: asia-northeast3-a,b,c

See VM-instance-pricing for details.

Sign in with Apple is now supported.

1.4.10-asm.19 is now available

In runtimes that use buildpacks you can now configure aspects of your build by setting build configuration variables. See Using Environment Variables for more information. In Preview.

You can now control egress traffic from a service and route all outbound requests to your VPC network. This allows you to configure a static outbound IP address by leveraging Cloud NAT.

CHECK constraints is now generally available, allowing you to define a boolean expression on the columns of a table and require that all rows in the table satisfy the expression. For more information, see Creating and managing check constraints.

Generated columns support is now generally available, allowing you to define columns that are computed from other columns in a row. For more information, see Creating and managing generated columns.

Cloud Talent Solution has launched the v4 version of the API. Migrate to Cloud Talent Solution v4 by October 14, 2021 to continue using Cloud Talent Solution.

Obtaining the status of the latest transfer operation is in Preview.

GKE on AWS 1.5.0 supports volume snapshots.

You can now allocate 4 vCPUs to container instances of Cloud Run services.

Cloud SQL now offers "deny maintenance periods". With deny maintenance periods, you can prevent automatic maintenance from occurring during a specific time period. For example, the end-of-year holiday season is a time of peak load that requires heightened focus on infrastructure stability for many retail businesses. By setting a deny maintenance period from mid-October to mid-January, these businesses can prevent planned upgrades from Cloud SQL during their busiest time of year.

Cloud SQL for PostgreSQL now offers IAM database authentication to help you better monitor and manage access for users and service accounts to databases. This feature allows users and service accounts to use IAM credentials to log into PostgreSQL instances. To learn more about how IAM database authentication works, see the Overview of Cloud SQL IAM database authentication. To configure an instance, see Configuring instances for IAM database authentication. To create users or service accounts, see Creating and managing users that use IAM database authentication.

Cloud SQL now offers "deny maintenance periods". With deny maintenance periods, you can prevent automatic maintenance from occurring during a specific time period. For example, the end-of-year holiday season is a time of peak load that requires heightened focus on infrastructure stability for many retail businesses. By setting a deny maintenance period from mid-October to mid-January, these businesses can prevent planned upgrades from Cloud SQL during their busiest time of year.

Database auditing in Cloud SQL for PostgreSQL is available through the open-source pgAudit extension. Using this extension, you can selectively record and track SQL operations performed against a given database instance.

The pgAudit extension helps you configure many of the logs often required to comply with government, financial, and ISO certifications.

Cloud SQL now offers "deny maintenance periods". With deny maintenance periods, you can prevent automatic maintenance from occurring during a specific time period. For example, the end-of-year holiday season is a time of peak load that requires heightened focus on infrastructure stability for many retail businesses. By setting a deny maintenance period from mid-October to mid-January, these businesses can prevent planned upgrades from Cloud SQL during their busiest time of year.

N2 machine types are now available in the following four regions and zones:

• Las Vegas: us-west4-a,b,c
• Montréal: northamerica-northeast1-a,b,c
• Finland: europe-north1-a
• Hong Kong: asia-east2-a,b,c

For pricing details, see VM instance pricing.

You can now customize who receives notifications from GCP with Essential Contacts. This feature is available in preview. For more information, see Managing contacts for notifications.

When a container instance needs to be shut down, it now receives a SIGTERM signal. If handled, CPU is allocated for up to 10 seconds before the container is shut down.

Pub/Sub Lite is now available in GA.

The Consent Management API is available in beta.

External HTTP(S) Load Balancing is now supported for App Engine, Cloud Functions, and Cloud Run services. To configure this, you will need to use a new type of network endpoint group (NEG) called a Serverless NEG.

This feature is now available in General Availability.

The following updates to Cloud Spanner standard SQL are now available :

• Support for SELECT * REPLACE and SELECT * EXCEPT syntax.
• Documentation for Net functions.

Support for migrating Windows VM workloads has moved from the Beta stage to general availability.

This release adds full support for migrating Windows VM workloads to the Google Cloud Console, including the ability to create a Windows migration source. See Migrating a Windows VM for more.

Migrate for Anthos provides tools that you run on a Linux or Windows VM workload to determine the workload's fit for migration to a container. See Using the Linux discovery tool and Using the Windows discovery tool for more.

Custom Services Blocklist support added which lets you define a list of services to disable in a migrated container. See Custom Services Blocklist for more.

The image field value of the GenerateArtifactsFlow CRD defines the names and locations of two images created from a migrated VM. In previous releases, the names contained a predefined tag.

To ensure that the tag value is unique, the format of the tag has changed for this release to specify the timestamp of the migration.

You can also explicitly set the tag if you prefer to another value. See Setting the name of the container image for more.

When you deploy your migrated Windows containers to a cluster, you can now use a Group Managed Service Account (gMSA) to execute the container under a specific service account identity. See Configuring gMSA for more.

Event Threat Detection, a built-in service of Security Command Center Premium, now includes two new detectors to monitor your organization's BigQuery resources. The detectors identify data exfiltration - resources saved outside of your organization or attempts to access protected data.

Read more about available detectors in Event Threat Detection conceptual overview.

The Security Command Center API now includes a severity field for Findings. This feature is available using Security Command Center's v1p1beta1 API.

• Added the log entry labels version_id and instance_id to differentiate the logs of different Airflow web server instances.
• Airflow database upgrade logs are now published in the Composer logs under a separate log name.
• Cloud Storage syncing logs are now published together in the Composer logs under a separate log name. They can be separated based further on pod_id.

The Cloud Healthcare API offers single-region support in the southamerica-east1 (Osasco (São Paulo), Brazil) region.

The Cloud Healthcare API offers single-region support in the australia-southeast1 (Sydney, Australia) region.

Add support for the DataflowFlexTemplateJob resource

Add the transformNameMapping field to DataflowJob

Add the auditConfigs field to IAMPolicy

Add the loadBalancerType, datapathProvider, and notificationConfig fields to ContainerCluster

Add the artifacts and options fields to CloudBuildTrigger

Add support for the GRPC protocol for ComputeBackendService

Add logic to auto-trigger server-side apply metadata on resources on K8s clusters with server-side apply enabled (i.e. K8s 1.16+)

Authorized user-defined functions (UDFs) are now generally available (GA). Authorized UDFs let you share query results without giving access to the underlying tables. For more information, see Authorized UDFs.

The Cloud Console now lets you opt in to search and autocomplete powered by Data Catalog. This feature is in beta.

The ability to enable or disable Endpoint-Independent Mapping for your gateway is now available in Preview.

Cloud Run now supports request timeouts up to 60 minutes. However, timeouts greater than 15 minutes are a beta feature.

Added support for Redis AUTH to Memorystore for Redis.

Alerting is now available for Monitoring Query Language (MQL). For more information, see Alerting policies with MQL

You can use OS Login in VPC Service Controls. This feature is in Beta stage support.

Beta stage support for the following integration:

• OS Login

Workload identity (preview) lets you bind Kubernetes service accounts to AWS IAM accounts with specific permissions. Workload identity blocks unwanted access to cloud resources with AWS IAM permissions. With workload identity, you can assign different IAM roles to each workload. Fine grained permissions control allows you to follow the principle of least privilege. For more details, see Creating a user cluster with workload identity

You can now route traffic from the GKE on AWS management service and Connect through an HTTP/HTTPS proxy. For more details, see Using a proxy with GKE on AWS

Improved installation experience

• This version enables installation and upgrade by using any Google Cloud–authenticated service account. You no longer need to be on the allowlist to access GKE on AWS components..

• Additional preflight checks enforce enablement of required Google Cloud APIs. See Google Cloud requirements for more information.

N2D machine types are available in The Dalles, Oregon, in the us-west1-c zone. For more information, see the VM instance pricing page.

C2 machine types are now available in Sydney, Australia australia-southeast1-b. See the VM instance pricing page for details.

Added Cloud IAM support for ComputeImage.