Google Cloud release notes

Support for australia-southeast2 (Melbourne) region.

Support for australia-southeast2 (Melbourne) region.

Support for australia-southeast2 (Melbourne) region.

Added support for NetworkSecurityClientTLSPolicy

Added support for NetworkSecurityServerTLSPolicy

Added support for strong hierarchal references to several resources:

• Add spec.projectRef to DataprocAutoScalingPolicy
• Add spec.projectRef to DataprocCluster
• Add spec.projectRef to DataprocWorkflowTemplate
• Add spec.projectRef to MonitoringGroup

Generally available: You can now create application consistent snapshots of disks attached to Linux VMs. For more information, see Creating Linux application consistent snapshots.

Storage Transfer Service offers Preview support for transferring data from Azure ADLS Gen 2 to Cloud Storage.

Query Insights is now supported for read replicas.

You can now customize E2 shared-core machine types. Shared-core machine types provide a fractional vCPU with the ability to burst to 2 vCPU for a short period of time.

• E2 shared-core machine types support predefined platforms with Intel or AMD EPYC Rome processors.

• The custom memory range is:

  • 1 to 2 GB for micro machines
  • 1 to 4 GB for small machines
  • 1 to 8 GB for medium machines

E2 shared-core custom machine pricing is the same as E2 custom machine pricing. E2 machines are available in all regions and zones.

Create a custom E2 shared-core machine using gcloud or the API.

Memory-optimized M2 machine types are now available in Belgium, europe-west1-b,c. See VM instance pricing for details.

M72 Release

• Added PyTorch 1.9 and PyTorch/XLA 1.9 containers.

M72 Release

• Added PyTorch 1.9 and PyTorch/XLA 1.9 images.

Added autoscale policies that can automatically expand or shrink a cluster in your private cloud based on factors like CPU utilization or storage capacity thresholds. All clusters begin with a default autoscale policy that adds a node based on a storage capacity threshold.

For details about this feature, see Autoscale policies.

Preview: vSAN data encryption for data at rest now uses keys generated by Cloud Key Management Service for all new private clouds.

For details about this feature, see Configuring vSAN encryption for your private cloud.

Text-to-Speech now offers voices in the following new languages. See the supported voices page for a complete list of voices and audio samples.

• ms-MY (Malay, Malaysia)
• nl-BE (Dutch, Belgium)

The SAP accelerator for the order to cash process is now available. It provides sample pipelines that you can use to build your end-to-end order to cash process and analytics with Cloud Data Fusion, BigQuery, and Looker. The accelerator is a sample implementation of the SAP Table Batch Source plugin, which enables bulk data integration from SAP applications with Cloud Data Fusion. The accelerator is available in Cloud Data Fusion environments running in version 6.3.0 and above.

Cloud Tasks is now available in us-west1, asia-east1, and asia-southeast1.

Google-managed control plane is now a generally available (GA) feature. This feature lets you move from managing Istiod in your clusters to configuring the control plane as a service. Google will manage the availability, scalability and security of the control plane.

In addition, it offers these new features:

• Support for CNI
• Support for private clusters with a public IP address/endpoint access for the control plane
• Support for private clusters with Master Authorized Network (MAN)

Using the Google-managed control plane also simplifies multi-cluster mesh configuration and reduces the Kubernetes Engine privileges needed to install Anthos Service Mesh. For more information see Configuring the Google-managed control plane.

Support for Identity and Access Management custom roles.

Support for Identity and Access Management custom roles.

Kf Operator to manage Kf installation.

Added Operator diagnostics to kf doctor.

Allow target command to take arg instead of flag.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

Cloud Functions is now available in the following region:

• asia-southeast1 (Singapore)

See Cloud Functions Locations for details.

In addition to scalar functions, Dataflow SQL now supports aggregate user-defined functions (UDFs) for Java. For more information, see Dataflow SQL user-defined functions. This feature is in Preview.

Support for the following additional locations:

• asia-southeast1 Singapore
• us-west1 Oregeon
• asia-east1 Taiwan

See the full list of locations.

Support for the following additional locations:

• asia-southeast1 Singapore
• us-west1 Oregeon
• asia-east1 Taiwan

See the full list of locations.

Added support for ComputeURLMap, DataFusionInstance, LoggingLogExclusion.

IAMServiceAccount: added support for resourceID.

GKE Multi-cluster Services support for pod-specific addressing is now generally available.

You can now use a pre-built container to serve predictions from TensorFlow 2.5 models.

You can now use a pre-built container to serve predictions from XGBoost 1.4 models.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, BatchGetAssetsHistory) and the Feed API:

• Serverless VPC Access
  • vpcaccess.googleapis.com/Connector
• Certificate Authority Service
  • privateca.googleapis.com/CaPool
  • privateca.googleapis.com/CertificateAuthority
  • privateca.googleapis.com/CertificateRevocationList
  • privateca.googleapis.com/CertificateTemplate

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Cloud KMS
  • cloudkms.googleapis.com/KeyRing
  • cloudkms.googleapis.com/CryptoKey
  • cloudkms.googleapis.com/CryptoKeyVersion
  • cloudkms.googleapis.com/ImportJob
• Service Usage
  • serviceusage.googleapis.com/Service
• Cloud Data Fusion
  • datafusion.googleapis.com/Instance

NVIDIA® T4 GPUs are now available in the following additional regions and zones:

• St. Ghislain, Belgium: europe-west1-b,c,d

For more information about using GPUs on Compute Engine, see GPUs on Compute Engine.

Volume snapshots is now generally available. Starting in GKE version 1.21 and later, you can now use v1 snapshots; v1beta1 snapshots will continue to operate as expected until further notice.

Committed use discounts are now generally available to purchase for Google Kubernetes Engine (Autopilot Mode).

Google Kubernetes Engine (Autopilot Mode) committed use discounts apply to all Autopilot Pod workload vCPU, memory, and ephemeral storage usage in the region in which you have committed. Google Kubernetes Engine (Autopilot Mode) committed use discounts do not apply to the cluster management fee or to GKE Standard mode compute nodes.

See the documentation for more details.

For GKE clusters running Windows Server node pools, you can see the version mapping between GKE versions and Windows Server versions for all available GKE versions by using a gcloud command. This feature is now available in preview.

For more details, see Use gcloud tool to get version mapping.

Added support for Upgrading the Redis version of an instance with the Google Cloud Console.

Released support for Redis version 6.x (Preview) on Memorystore for Redis. For more details, see Supported versions.

Network Load Balancing now supports load-balancing ESP (Encapsulating Security Payload) and ICMP (Internet Control Message Protocol) traffic. To handle these protocols, you specify the new L3_DEFAULT protocol on the load balancer's forwarding rule.

For details, see:

• Forwarding rule protocols for backend service-based network load balancers
• Setting up Network Load Balancing for multiple protocols

This feature is available in Preview.

Dataflow SQL now supports user-defined functions (UDFs) written using Java. For more information, see Dataflow SQL user-defined functions. This feature is in Preview.

VPC Service Controls

Integration with Document AI VPC Service Controls is now generally available.

Integration with Document AI VPC Service Controls is now generally available.

Runtime version 2.5 is now available. You can use runtime version 2.5 to serve online predictions with TensorFlow 2.5.1, scikit-learn 0.24.1, or XGBoost 1.4.0. Runtime version 2.5 does not support batch prediction.

See the full list of updated dependencies in runtime version 2.5.

Anthos clusters on VMware 1.5.4-gke.2 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.5.4-gke.2 runs on Kubernetes v.1.17.9-gke.4400. The supported versions that offer the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.7, 1.6, and 1.5.

Committed use discounts for Google Kubernetes Engine (GKE) are now Generally Available to purchase for workloads running on GKE Autopilot.

They provide discounted prices in exchange for your commitment to use a minimum level of resources for a specified term. The spend-based committed use discounts apply to all GKE Autopilot Pod workload CPU, memory, and ephemeral storage usage in the region in which you have committed. This gives you low, predictable costs, without the need to make any manual changes or updates yourself. This flexibility saves you time and helps you to save more by achieving high utilization rates across your commitments.

GKE Autopilot Mode commitments do not apply to the cluster management fee or to GKE Standard mode compute nodes.

See the documentation for more details.

You can check for VPN tunnel overutilization using the VPN tunnel utilization recommender. A recommender is a service in Google Cloud that provides usage recommendations for cloud resources.

Generally available: You can configure how your regional managed instance group distributes instances across zones by using capacity-aware distribution shapes, which can automatically deploy instances to zones where capacity is available and optionally prioritize the use of reservations.

Preview: When rolling out configuration or application updates to a stateful or stateless managed instance group, use the minimum and most disruptive allowed actions to control disruption to your workload.

Transition the underlying OS used by Migrate for Compute Engine components (Manager, Cloud Extensions, Importers, and Exporters) to use Ubuntu Advantage.

The Resource Settings API has entered general availability. You can use Resource Settings to centrally configure settings for your Google Cloud projects, folders, and organization. For more information, see Resource Settings overview.

Anthos clusters on VMware 1.6.3-gke.3 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.6.3-gke.3 runs on Kubernetes v1.18.18-gke.100. The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.7, 1.6, and 1.5.

BigQuery now supports parameterized types. The following parameterized types are supported:

• STRING(L)
• BYTES(L)
• NUMERIC(P) / NUMERIC(P, S)
• BIGNUMERIC(P) / BIGNUMERIC(P, S)

This feature is in Preview.

New resource types are now available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Cloud Redis
  • redis.googleapis.com/Instance

You can now store values for the smtp_password Airflow configuration option in Secret Manager.

Cloud SQL now offers faster maintenance, with connectivity dropping for less than 60 seconds on average.

Cloud SQL now offers faster maintenance, with connectivity dropping for less than 60 seconds on average.

Cloud SQL now offers faster maintenance, with connectivity dropping for less than 120 seconds on average.

Dataflow is now able to use workers, Dataflow Shuffle, Streaming Engine, FlexRS, and regional endpoints in zones in Melbourne (australia-southeast2).

String processing functions are now available in the text module of the Workflows standard library.

Maven, npm, and Python repositories are now in Preview.

Storage and network egress charges apply to all formats that are in Preview or are generally available.

Cloud Asset Inventory Console Preview is now publicly available. It enables you to see insights about Google Cloud footprint, details and history of resources, and provides powerful and easy filtering and search capabilities.

Both the Cloud SQL Java Connector and Cloud SQL Python Connector now support IAM Authentication for PostgreSQL.

Artifact Registry now supports Access Transparency. Access Transparency provides you with logs of actions that Google staff have taken when accessing your data. To learn more about Access Transparency, see the Overview of Access Transparency.

New resource types are now available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Cloud Bigtable
  • bigtableadmin.googleapis.com/AppProfile

N2D machine types are now available in us-west4-a , Las Vegas, Nevada. See VM instance pricing for details.

Anthos 1.7.2 is now available.

Updated components

• Anthos clusters on VMware release notes

• Anthos clusters on bare metal release notes

• Anthos clusters on AWS release notes

• Anthos Config Management release notes

Release 1.7.2

Anthos clusters on bare metal release 1.7.2 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.7.2 runs on Kubernetes 1.19.

M71 release

• Upgraded TensorFlow Probability, TensorFlow I/O, and TensorFlow Estimator in TensorFlow 2.5 containers.

M71 Release

• Refreshed the Debian-10 images (Ubuntu images not refreshed in this release).
• Upgraded TensorFlow Probability, TensorFlow I/O, and TensorFlow Estimator in TensorFlow 2.5 images.
• Added support for a Post Startup script and provided status in guest attributes.
• TensorFlow 2.x image names are now available in two formats: tf-xxx-2-y-zzz (the new standard format) tf2-xxx-2-y-zzz (the previous standard format). Image names in the previous standard format will be deprecated in a future release.

Transfer Appliance offers the Transfer Appliance Cloud Setup Application. The application prompts for several settings, and uses the information you provide to configure your Google Cloud permissions, preferred Cloud Storage bucket, and Cloud KMS key for your transfer.

Publishing services and accessing published services using Private Service Connect is now available in Preview.

Chronicle Automated GCP Log Ingestion

Google Cloud customers can now send logs directly to their Chronicle account. Customers can send both Cloud Audit and Cloud DNS logs. See Ingesting GCP Logs in to Chronicle for more information.

A JSON editor has been integrated with the dashboard page. In addition to using the JSON editor to change the contents of the dashboard, you can save the current dashboard definition to a local system, and you can upload a dashboard definition to your Google Cloud project. For more information, see Managing dashboards through the Cloud Console.

CloudSQL for MySQL now supports the MySQL flags expire_logs_days (for MySQL 5.6 and 5.7) and binlog_expire_logs_seconds (for MySQL 8.0). Note that if you enable point-in-time recovery, the expiration period of your binary logs will be determined by the lesser of your transaction log retention period and the value of these flags.

The logical replication and decoding functionality of PostgreSQL is available as a preview. These features enable logical replication workflows and change data capture workflows.

For more information, see Setting up logical replication and decoding.

Cloud SQL for PostgreSQL now supports the pg_similarity extension, which provides support for similarity queries in PostgreSQL.

Also, the default value for the database flag autovacuum_vacuum_cost_delay is changed to 2 milliseconds in PostgreSQL 9.6, 10 and 11.

The minor versions for various extensions have also been upgraded:

Preview: Access the Compute Engine API using Cloud Client Libraries built on our latest client library model. Updated client libraries are now available in the following languages:

• Java
• .NET
• Node.js
• PHP
• Python
• Ruby

For more information, see Compute Engine client libraries.

1.21 Features

The following features are introduced in version 1.21:

CronJob (GA)

The CronJob API has graduated to General Availability (GA), bringing performance improvements and allowing scheduled jobs to be run using a stable API.

• This resource is now available in the batch/v1 group/version.
• The batch/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

PodDisruptionBudget (GA)

The PodDisruptionBudget has graduated to GA, allowing pod evictions to be controlled using a stable API.

• This resource is now available in the policy/v1 group/version.
• The policy/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

EndpointSlice (GA)

The EndpointSlice API has graduated to GA, bringing performance improvements over the v1 Endpoints API.

• This more scalable API for service discovery is now enabled on all clusters and is promoted to discovery.k8s.io/v1.
• The discovery.k8s.io/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

Default namespace label (Beta)

Namespace API objects now have a kubernetes.io/metadata.name label matching their metadata.name field to allow selecting any namespace by its name using a label selector. This can be used for objects which select namespaces by label, such as admission webhooks and network policies.

Bound service account token volumes (Beta)

• The API credentials injected into containers at /var/run/secrets/kubernetes.io/serviceaccount/token are now time-limited, auto-refreshed, and invalidated when the containing pod is deleted.
• By default, injected tokens are given an extended lifetime so they remain valid even after a new refreshed token is provided. The metric serviceaccount_stale_tokens_total and the audit annotation authentication.k8s.io/stale-token can be used to monitor for workloads that depend on the extended lifetime and are continuing to use tokens even after a refreshed token is provided to the container.
• Clients should reload the token from disk periodically (once per minute is recommended) to ensure they use the refreshed token. k8s.io/client-go version 11.0.0+ and 0.15.0+ reload tokens automatically.

GKE clusters running version 1.18 or later now support container native Cloud DNS (available in Preview). Cloud DNS can be used as the in-cluster DNS provider instead of kube-dns.

Anthos clusters on VMware 1.7.2-gke.2 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.7.2-gke.2 runs on Kubernetes 1.19.10-gke.1602.

The supported versions that offer the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.7, 1.6, and 1.5.

Cloud Data Fusion version 6.4.1 is now available. To upgrade, see Upgrading instances and pipelines. This release is in parallel with the CDAP 6.4.1 release.

In Cloud Data Fusion version 6.4.1, Replication supports the Datetime data type in BigQuery targets. You can now read and write to tables that contain Datetime fields.

Added support for the Reserved Memory configuration for Memorystore for Memcached. For more information, see Memory management best practices.

Preview: Disable simultaneous multithreading (SMT) on VMs. For more information, see Disabling simultaneous multithreading.

The Cloud documentation now includes a list of partners whose solutions are integrated with Network Connectivity Center.

The process for migrating a project from one organization to another has released into general availability. To make it easier to see the impact a project migration will have on your organization, you can use the Cloud Asset Inventory Analyze Move API to get a detailed report before performing a move. For more information, see Migrating projects and Analyze project move.

Generally Available: Enable nested virtualization directly when creating a VM. For more information, see Nested virtualization overview.

New resource types are now available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Artifact Registry
  • artifactregistry.googleapis.com/Repository

Added support for specifying an IP address range for the private service access connection mode. For more information, see Custom ranges with private services access.

Security Command Center Premium has launched project- and folder-level roles in general availability. The feature lets you grant users Identity and Access Management (IAM) roles for specific folders and projects. You have more granular control over who can access what resources throughout your organization. For more information, see Access control.

You must be a Security Command Center Premium customer to use this feature. Security Command Center Standard continues to support granting roles only at the organization level. To subscribe to Security Command Center Premium, contact your sales representative or fill out our inquiry form.

Speech-to-Text now supports Spoken Punctuation and Spoken Emoji as Preview features. See the documentation for details.

Network Policy Logging is generally available (GA). Note that Network Policy Logging requires Dataplane V2.

BigQuery GIS now supports loading geography data from newline-delimited GeoJSON files. This feature is generally available (GA). For more information, see Loading GeoJSON data.

BigQuery GIS now supports the following functions. These functions are generally available (GA).

• ST_STARTPOINT
• ST_ENDPOINT
• ST_POINTN

These functions return a point of a linestring geography as a point geography.

Policy Analyzer now supports evaluations on time-based conditions. See the user guide for more information.

Asset Insights are now available. See the user guide for more information.

Cloud DNS monitoring dashboard is available in GA.

BigQuery now supports the ability to rename tables using SQL. See ALTER TABLE RENAME TO. This feature is generally available (GA).

Cloud SQL supports the preview version of the out-of-disk recommender. This feature proactively generates recommendations that helps you reduce the risk of downtime that might be caused by your instances running out of disk space. These recommendations can be applied when a Cloud SQL instance is trending towards the storage limit.

For information about pricing, prerequisites, and instructions for how to view the out-of-disk recommender, see Cloud SQL out of disk recommender.

Cloud SQL supports the preview version of the out-of-disk recommender. This feature proactively generates recommendations that helps you reduce the risk of downtime that might be caused by your instances running out of disk space. These recommendations can be applied when a Cloud SQL instance is trending towards the storage limit.

For information about pricing, prerequisites, and instructions for how to view the out-of-disk recommender, see Cloud SQL out of disk recommender.

Cloud SQL supports the preview version of the out-of-disk recommender. This feature proactively generates recommendations that helps you reduce the risk of downtime that might be caused by your instances running out of disk space. These recommendations can be applied when a Cloud SQL instance is trending towards the storage limit.

For information about pricing, prerequisites, and instructions for how to view the out-of-disk recommender, see Cloud SQL out of disk recommender.

Generally Available: You can now create VM instances with V100, A100, and T4 GPUs that support network bandwidths of up to 100 Gbps. See Using network bandwidths of up to 100 Gbps.

Traffic Director security service with GKE is now available in Public Preview. This provides the following:

• Authentication and encryption using transport layer security (TLS) and mutual TLS (mTLS) for both Traffic Director with Envoy and proxyless gRPC applications. Server TLS policies and client TLS policies control whether services need to prove their identities to each other and use encrypted communication channels.

• Authorization, based on characteristics of the client and the request. Authorization policies control whether a service is permitted to access another service, and which actions are allowed. Authorization is currently available only for Traffic Director with Envoy.

The CREATE MODEL statement for training AutoML Tables models is now generally available (GA). AutoML Tables enable you to automatically build state-of-the-art machine learning models on structured data at massively increased speed and scale. For more information, see CREATE MODEL statement for training AutoML Tables models.

Vertex AI has added support for custom model training, custom model batch prediction, custom model online prediction, and a limited number of other services in the following regions:

• us-west1
• us-east1
• us-east4
• northamerica-northeast1
• europe-west2
• europe-west1
• asia-southeast1
• asia-northeast1
• australia-southeast1
• asia-northeast3

Vertex AI now supports forecasting with time series data for AutoML tabular models, in Preview. You can use forecasting to predict a series of numeric values that extend into the future.

Vertex Pipelines is now available in Preview. Vertex Pipelines helps you to automate, monitor, and govern your ML systems by orchestrating your ML workflow.

Vertex Model Monitoring is now available in Preview. Vertex Model Monitoring enables you to monitor model quality over time.

Vertex Feature Store is now available in Preview. Vertex Feature Store provides a centralized repository for organizing, storing, and serving ML features.

Vertex ML Metadata is now available in Preview. Vertex ML Metadata lets you record the metadata and artifacts produced by your ML system so you can analyze the performance of your ML system.

Vertex Matching Engine is now available in Preview. Vertex Matching Engine enables vector similarity search.

Vertex TensorBoard is now available in Preview. Vertex TensorBoard enables you to track, visualize, and compare ML experiments.

Release 1.6.3

Anthos clusters on bare metal release 1.6.3 is now available. To upgrade, see Upgrading Anthos clusters on bare metal. Anthos clusters on bare metal 1.6.3 runs on Kubernetes 1.18.

The UpgradeAvailableEvent notification is now generally available.

Archive Rules

You can now archive rules specified for the Detection Engine. Archiving a rule hides the security data related to that rule (and all of its versions) without actually deleting the rule. See Archive rules for more information.

XML API multipart uploads^Preview launched.

You can now enable logging of human-readable hot keys. For more information, see the hot key entry in Pipeline options.

M70 Release

• Added TensorFlow Enterprise 2.5 containers. Note this is an Enterprise version but not a Long Term Support (LTS) version.

M70 Release

• Added TensorFlow Enterprise 2.5 images. Note this is an Enterprise version but not a Long Term Support (LTS) version.

Preview launch of Twilio telephony integration.

You can now use the Google Cloud Console to manage workload identity federation. For details, see the documentation for your identity provider:

• Access resources from AWS
• Access resources from Microsoft Azure
• Access resources from an OIDC identity provider

Secret Manager now supports etags for optimistic concurrency control. This feature is available in Preview.

See Etags to learn more.

Anthos 1.7.1 is now available.

Updated components

• Anthos clusters on VMware release notes

• Anthos clusters on bare metal release notes

• Anthos clusters on AWS release notes

• Anthos Config Management release notes

Anthos Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: 9b5e4cf).

Committed use discounts are now available for public preview to purchase for Cloud Run. They provide discounted prices in exchange for your commitment to use a minimum level of resources for a specified term. The spend-based committed use discounts apply to all aggregated Cloud Run CPU, memory, and request usage in a region, giving you low, predictable costs when your code is running in one of the supported container ecosystems.

Cloud Run commitments do not apply to networking changes.

See the documentation for more details.

Preview: Cloud Composer supports Airflow 2. For more information about transferring from environments with Airflow 1 to Airflow 2, see Migrate environments to Airflow 2.

Airflow 2.0.1 is available in Cloud Composer images.

You can now break down costs associated with particular Cloud Composer environments. User labels that you assign to your environments now appear in billing reports.

Preview: You can use OS configuration management to deploy and automate software configurations on your virtual machine (VM) instances using gcloud command-line and OS Config API.

With the release of OS configuration management (preview), you can now rollout policies from the Cloud console, control the rollout pace, use more VM filter options, and view compliance reports. For more information, see OS configuration management (preview).

You can now view recent import and export operations from the Google Cloud Console.

M69 Release

• Updated cuDNN from 8.0.4 to 8.0.5.

M69 Release

• Migrated Collection Agent to Cloud Monitoring version 2.

Configuring Cloud DNS scopes is now available in Preview.

Cloud Monitoring is introducing metrics scopes. For a Google Cloud project, its metrics scope defines the projects whose metrics the project can view and monitor:

• When you create a project, its metrics scope is set to self.
• You can modify a project's metrics scope to include other Google Cloud projects, or to include AWS accounts. For more information, see Viewing metrics for multiple projects.
• A Google Cloud project can be included in multiple metrics scopes.

For more information about metrics scopes, see Configuring your project for Cloud Monitoring.

Committed use discounts are now available for Cloud Run . (Available in public preview.)

Customer managed encryption keys are now available for use with Cloud Run. (Available in public preview.)

You can now use Binary authorization with Cloud Run to enforce policy-based deployment of Cloud Run services. (Available in public preview.)

Recommender now provides recommendations for securing Cloud Run services by creating dedicated service accounts. (Available in public preview.)

Cloud Run now provides UI, command line, and YAML support for referencing Secret Manager Secrets. (Available in public preview.)

N2 machines are now available in the following regions and zones:

• Osaka, Japan: asia-northeast2-a,b,c
• Seoul, South Korea: asia-northeast3-a,b,c

See VM instance pricing for details.

Dataplane V2 is generally available in newly created clusters using GKE versions 1.20.6-gke.700 and later.

The GKE Gateway controller, Google Cloud's implementation of the Gateway API, is available in Preview in GKE version 1.20 and later. See Deploying Gateways for how to expose applications using Gateway.

Secret Manager integration with Cloud Run

Cloud Run now provides UI, command line, and YAML support for using secrets. This feature is available in Preview.

New resource types are now available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Cloud Bigtable
  • bigtableadmin.googleapis.com/Backup

Dataflow Shuffle is now the default mode for all batch pipelines.

BigQuery now supports the following SQL query clauses and operators:

• PIVOT operator
• UNPIVOT operator
• QUALIFY clause

This feature is in Preview.

You can now use IAM conditions to define and enforce conditional access control for Cloud Bigtable instances, clusters, and tables. This feature is generally available.

Cloud Billing Reports now show the target budget amount when you open the report from a budget

In the Cloud Billing Console, Billing Budgets are linked to the Billing Reports page. If you open the Reports page from a Budget, the budget's scopes are used to set the report's filters and the report opens displaying the costs tracked by the budget. Additionally, the budget's target amount appears in the report chart as a red, dashed line, helping you to visualize the budget amount in the report while you are analyzing the specific, budget-related costs. You can open the cost report from the list of budgets, or from a budget's cost trend chart.

For more details about how budgets and cost reports are linked, see Viewing a budget in your report.

N2D machines are now available in Tokyo asia-northeast1-c. See VM instance pricing for details.

Workflows is HIPAA compliant.

Cloud Interconnect support for GRE traffic is available in General Availability. For more information, see the Cloud Interconnect overview.

Cloud VPN support for GRE traffic is available in General Availability. For more information, see the Cloud VPN overview.

The Speech-to-Text model adaptation feature is now a GA feature. See the model adaptation concepts page for more information about using this feature.

gRPC's observability features can now be used with services that use Traffic Director, including monitoring and tracing metrics that help you solve issues with your deployment. For more details, see Observability with proxyless gRPC applications.

Proxyless gRPC applications can now use these advanced traffic management features:

• Circuit breaking
• Fault injection
• Max stream duration

For complete information, see Setting up proxyless gRPC services with advanced traffic management

GRE support for VPC networks is now available in General Availability.

The Logs Explorer Histogram offers new time controls, including zooming and scrolling, to give you more in-depth analysis of your logs data. For details, see Analyzing logs using time controls.

You can now enable and configure OS Login for private GKE clusters and nodes. This feature is enabled for private GKE clusters running node pool versions 1.20.5 or later.

General availability for the following integration:

• Memorystore for Memcached

Anthos clusters on VMware 1.7.1-gke.4 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.7.1-gke.4 runs on Kubernetes 1.19.7-gke.2400.

The supported versions that offer the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.7, 1.6, and 1.5.

Cloud Monitoring has added new ways to interact with charts. You can now select a range of lines displayed on chart, shift the time axis by using your pointer, and have new controls to expand the chart around a specific point in time. Charts displaying distribution data include 50th, 95th, and 99th percentile lines as an optional overlay. For more information, see Exploring charted data.

M68 Release

• Upgraded R containers from 3.6 to 4.0.
• Added xai-tabular-widget onto all TensorFlow containers.
• Miscellaneous bug fixes and updates.

M68 Release

• Upgraded R Images from 3.6 to 4.0.
• Added xai-tabular-widget onto all TensorFlow images.
• Miscellaneous bug fixes and updates.

Security Command Center Premium has launched Continuous Exports for Pub/Sub in general availability. The feature simplifies the process of creating a NotificationConfig and automates the export of new findings to Pub/Sub.

You must be a Security Command Center Premium customer to use the feature. Security Command Center Standard continues to support one-time exports. To subscribe to Security Command Center Premium, contact your sales representative or fill out our inquiry form.

Zonal NEGs (with GCE_VM_IP network endpoints) can now be used as backends for internal TCP/UDP load balancers. For more information on this type of zonal NEG, see Zonal NEGs overview. For instructions on how to set up an internal TCP/UDP load balancer with a zonal NEG backend, see Setting up Internal TCP/UDP Load Balancing with zonal NEGs

This feature is in General Availability.

Pub/Sub Lite is now available in the following regions:

• Hong Kong (asia-east2)
• Tokyo (asia-northeast1)
• Osaka (asia-northeast2)
• Seoul (asia-northeast3)
• Mumbai (asia-south1)
• Jakarta (asia-southeast2)
• Warsaw (europe-central2)
• Montreal (northamerica-northeast1)
• Sao Paulo (southamerica-east1)
• Northern Virginia (us-east4)
• Salt Lake City (us-west3)
• Las Vegas (us-west4)

For the full list of available regions, see Pub/Sub Lite locations.

The following features are available in the Video Intelligence API version v1:

Face detection: Locate faces within a video, and identify attributes such as glasses being worn. Learn more

Person detection: Locate people in a video, and identify attributes and 2D landmarks. Learn more

This GA launch brings significant quality improvement to both features.

Artifact Registry now supports audit logging for container images in Cloud Audit Logs.

The ability to restore from a Cloud Bigtable backup to a different instance is now generally available. This feature enhancement lets you use backups for a wider variety of use cases.

You can now add custom fields in the Logs Explorer to better analyze logs and refine your queries. For more information, see Adding fields to Log fields pane .

The Inventory tab on the Cloud Monitoring VM Instances dashboard now offers the ability to filter and sort the instance table by any combination of columns. In addition, new health scorecards report a variety of metrics and statistics related to the health and status of your VMs and agents.

You can now use Identity-aware Proxy with Cloud Run to use identity and context to guard access to your applications. (Available in public preview.)

Generally available: Create virtual machines for high performance computing (HPC) workloads using the HPC VM image.

The kubelet graceful node shutdown feature is now enabled on preemptible and GPU accelerator nodes running versions 1.20.5-gke.500 or later.

You can now use a pre-built container to serve predictions from TensorFlow 2.4 models.

You can now use a pre-built container to serve predictions from scikit-learn 0.24 models.

You can now use a pre-built container to serve predictions from XGBoost 1.3 models.

Anthos clusters on bare metal release 1.7.1 is now available. To upgrade, see Upgrading Anthos clusters on bare metal. Anthos clusters on bare metal 1.7.1 runs on Kubernetes 1.19.

BigQuery now supports the following data definition language (DDL) statements:

• CREATE VIEW with column name list
• ALTER COLUMN DROP NOT NULL constraint

This feature is in GA.

New resource types are now available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Cloud Monitoring
  • monitoring.googleapis.com/AlertPolicy
• Cloud Filestore
  • file.googleapis.com/Backup

The following version upgrade applies to Cloud SQL for SQL Server:

• SQL Server 2017 is upgraded from 14.0.3257.3 to 14.0.3370.1

If you use maintenance windows, the new version will be available after your maintenance update. For information about maintenance windows, and to manage maintenance updates, see Finding and setting maintenance windows.

Preview: With the introduction of OS inventory management v2.0, you can now query the OS Config API to get inventory and vulnerability report data for your VMs in a specific zone, see OS inventory management.

You can now create extreme persistent disks in certain regions. With consistently high performance for both random access workloads and bulk throughput, extreme persistent disks are designed for high-end database workloads.

For more information, see Extreme persistent disks.

Internal TCP/UDP Load Balancing now supports session affinity for the UDP protocol. This feature is available in General Availability.

C2 machines are available in the following regions and zones:

• Osaka asia-northeast2-a

See VM instance pricing for details.

Google Kubernetes Engine is supported by Access Approval in Preview stage.

Cloud Spanner is supported by Access Approval in GA stage.

Webhook triggers are now generally available. Learn more about using webhook triggers to build repos hosted on Gitlab, Bitbucket Cloud, and Bitbucket Server.

Users can now run manual triggers on a schedule. For more information, see Scheduling builds.

You can now install the Cloud Logging agent, Cloud Monitoring agent, and Ops Agent on VMs running OpenSUSE Leap versions 15, 15.1, and 15.2.

You can now install the Cloud Logging agent, Cloud Monitoring agent, and Ops Agent on VMs running OpenSUSE Leap versions 15, 15.1, and 15.2.

N2D machines are available in the following regions and zones:

• Osaka asia-northeast2-c
• Montréal northamerica-northeast1-a,c
• Finland europe-north1-a,b,c

See VM instance pricing for details.

ComputeDisk added support for projectRef

Added go-clients for GKEHubMembership and CloudIdentityGroup

Multi-Instance GPU on GKE is available in Preview.

Vizier is now available in preview. Vizier is a feature of AI Platform (Unified) that you can use to perform black-box optimization. You can use Vizier to tune hyperparameters or optimize any evaluable system.

Document Translation for Cloud Translation - Advanced (v3) is now available in Preview. Document Translation supports the DOCX, PPTX, XLSX, and PDF file formats. For more information, see Translate documents.

Preview launch of the following languages in Dialogflow ES:

• Bengali
• Filipino
• Finnish
• Malay
• Marathi
• Romanian
• Sinhala
• Tamil
• Telugu
• Vietnamese

The reference patterns document provides sample code and technical reference guides for common Cloud Healthcare API use cases.

The following PostgreSQL minor versions are now available. If you use maintenance windows, you might not yet have the minor version. In this case, you will see the new minor version once your maintenance update occurs. To find your maintenance window or manage maintenance updates, see Finding and setting maintenance windows.

• 9.6.20 is upgraded to 9.6.21.
• 10.15 is upgraded to 10.16.
• 11.10 is upgraded to 11.11.
• 12.5 is upgraded to 12.6.
• 13.1 is upgraded to 13.2.

For more information about the content of these minor versions, please see the PostgreSQL release notes.