Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud Console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

March 17, 2022

BigQuery

The BigQuery slot recommender is now available in Preview. The slot recommender creates recommendations for customers using on-demand billing. These recommendations help you to understand the cost and performance tradeoffs of purchasing different amounts of slot capacity.

Config Controller

Config Controller now uses version 1.75.0 for Config Connector (release notes)

Dataflow Dataproc

New sub-minor versions of Dataproc images:

1.5.59-debian10, 1.5.59-ubuntu18, and 1.5.59-rocky8

2.0.33-debian10, 2.0.33-ubuntu18, and 2.0.33-rocky8

VPC Service Controls

Preview stage support for the following integration:

Beta stage support for the following integration:

March 16, 2022

BigQuery

You can now explicitly specify a schema for BigQuery external tables created over Parquet, ORC, and Avro file formats. Previously, the schema was always auto-detected using the last lexicographic file.

Cloud Database Migration Service

Database Migration Service now supports version 14 of Cloud SQL for PostgreSQL. Click here to access the documentation.

Compute Engine

General-purpose Tau T2D virtual machine instances are available in the following regions and zones:

  • Northern Virginia (us-east4-a,b,c)
  • South Carolina (us-east1-b,c,d)
  • Frankfurt (europe-west3-a,b,c)
  • Sydney (australia-southeast1-a,b,c)
  • Taiwan (asia-east1-a,b,c)

See VM instance pricing for details.

Config Connector

Config Connector version 1.77.0 is now available.

Added support for IdentityPlatformConfig resource.

Added support for ARM binaries.

Google Kubernetes Engine

Starting in GKE version 1.22, the Compute Engine persistent disk CSI driver is generally available for Windows clusters.

Memorystore for Redis

Read replicas are now Generally Available for Memorystore for Redis.

March 15, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.8.8-gke.1 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.8-gke.1 runs on Kubernetes v1.20.12-gke.1500.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.10, 1.9, and 1.8.

Apigee X

GraphQL policy now supports JSON-encoded payloads.

KVM pagination support now available.

Issue ID Description
209622008 Dynamic updates to rate in spike arrest are now reflected immediately.
Google Kubernetes Engine

The following GKE versions fix a known issue in which random TCP connection resets might happen for GKE nodes that use Container-Optimized OS with Docker (cos). To fix the issue, upgrade your nodes to any of these versions:

  • 1.20.15-gke.3400 and later
  • 1.21.10-gke.1300 and later
  • 1.22.7-gke.1300 and later
  • 1.23.4-gke.1300 and later
Kf

Fixed bug in App controller, made App.Status.RouteConditions as an optional field.

March 14, 2022

Anthos clusters on bare metal

Release 1.8.9

Anthos clusters on bare metal 1.8.9 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.8.9 runs on Kubernetes 1.20.

Fixes:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

App Engine standard environment Java App Engine standard environment Ruby Cloud Functions

Cloud Functions has added support for the following new runtimes at the Preview release level:

Cloud Load Balancing

Starting October 1, 2022, we'll apply an outbound data processing charge of $0.008 - $0.012 per GB (based on region) to all Cloud Load Balancing products in order to maintain consistency and alignment with the variable costs of the services across our Cloud Load Balancing portfolio. The charge will be called Outbound data processed by load balancer and the price will mirror the existing price for the Inbound data processed by load balancer charge.

If you are on an existing contract, your prices will not change for the lifetime of the contract, or until renewal.

The current internal HTTP(S) load balancer pricing already includes this charge, so no changes are being made there.

To learn more about this change, see the Google Cloud Blog post: Unlock more choice with updates to Google Cloud's infrastructure capabilities and pricing.

Backend subsetting for internal TCP/UDP load balancers lets you scale your internal TCP/UDP load balancer to support a larger number of backend VM instances per internal backend service.

This feature is in General availability.

Cloud Storage

On October 1, 2022, certain prices in Cloud Storage will be changing. For a list of pricing changes, see the announcement.

Compute Engine

Generally available: Compute Engine now supports Suspend and Resume in General Availability.

Fixed the issue causing the Compute Engine API Quotas page in the Cloud Console to display duplicate API quota groups.

Google Kubernetes Engine

(2022-R5) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.21.9-gke.1002 is now the default version.

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.19.16-gke.3600
    • 1.20.11-gke.1300
    • 1.20.11-gke.1801
    • 1.22.4-gke.1501

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.6100 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.15-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.20.15-gke.300 with this release.

Stable channel

  • Version 1.20.15-gke.300 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.3600
    • 1.20.11-gke.1801

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.6100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.20.15-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.20.15-gke.300 with this release.

Regular channel

  • Version 1.21.9-gke.1002 is now the default version in the Regular channel.
  • Version 1.20.15-gke.1000 is now available in the Regular channel.
  • Version 1.20.15-gke.300 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.9-gke.1002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.9-gke.1002 with this release.

Rapid channel

  • Version 1.22.7-gke.300 is now the default version in the Rapid channel.

  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.9-gke.1002
    • 1.22.6-gke.1000
    • 1.23.4-gke.300

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.10-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.10-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.6-gke.1500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.23.4-gke.1300 with this release.

If you specify --enable-dataplane-v2 in a Windows LTSC node pool running GKE version 1.22.7-gke.1300, Windows nodes cannot join the cluster.

(2022-R5) Version updates

  • Version 1.21.9-gke.1002 is now the default version.

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.19.16-gke.3600
    • 1.20.11-gke.1300
    • 1.20.11-gke.1801
    • 1.22.4-gke.1501

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.6100 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.15-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.20.15-gke.300 with this release.

If you specify --enable-dataplane-v2 in a Windows LTSC node pool running GKE version 1.22.7-gke.1300, Windows nodes cannot join the cluster.

(2022-R5) Version updates

  • Version 1.22.7-gke.300 is now the default version in the Rapid channel.

  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.9-gke.1002
    • 1.22.6-gke.1000
    • 1.23.4-gke.300

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.10-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.10-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.6-gke.1500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.23.4-gke.1300 with this release.

If you specify --enable-dataplane-v2 in a Windows LTSC node pool running GKE version 1.22.7-gke.1300, Windows nodes cannot join the cluster.

(2022-R5) Version updates

  • Version 1.20.15-gke.300 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.3600
    • 1.20.11-gke.1801

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.6100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.20.15-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.20.15-gke.300 with this release.

(2022-R5) Version updates

  • Version 1.21.9-gke.1002 is now the default version in the Regular channel.
  • Version 1.20.15-gke.1000 is now available in the Regular channel.
  • Version 1.20.15-gke.300 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.9-gke.1002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.9-gke.1002 with this release.
Storage Transfer Service

Between April 2, 2022 and December 31, 2022, transfers using Storage Transfer Service will not result in Cloud Storage charges for certain transfer scenarios.

For more details, refer to the Storage Transfer Service pricing page.

Traffic Director

A new client_zone label is added to the Connected Streams metric. The new label might introduce a breaking change. The change creates a stream discontinuity, which might have some effect on your monitoring, depending on whether you configured an alert on this metric.

March 11, 2022

Cloud Logging

You can now collect RabbitMQ logs from the Ops Agent, starting with version 2.12.0. For more information, see Monitoring third-party applications: RabbitMQ.

Cloud Monitoring

You can now collect WildFly metrics from the Ops Agent, starting with version 2.12.0. For more information, see Monitoring third-party applications: WildFly.

Cloud Talent Solution Job Search

The Cloud Talent Solutions dashboard management tool has added a Jobs and Companies page, which displays job statistics and metadata. You can use this page to troubleshoot data issues. The Jobs and Companies page has three tabs:

  • On the Summary tab, see the latest job count snapshots and a visualization of job count statistics over time.
  • On the Job Metadata tab, search for specific jobs and their available metadata.
  • On the Exports tab, export your metadata to a BigQuery table for further analysis.

For more about this new feature, see the Jobs and Companies data documentation.

March 10, 2022

Anthos Service Mesh

The Istio project recently disclosed a CVE that can expose Anthos Service Mesh to remotely exploitable vulnerabilities. For more information, see the security bulletin.

1.12.5-asm.0 is now available.

This patch release contains the fixes for the security vulnerability listed in GCP-2022-010. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

1.11.8-asm.0 is now available.

This patch release contains the fixes for the security vulnerability listed in GCP-2022-010. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

1.10.6-asm.2 is now available.

This patch release contains the fixes for the security vulnerability listed in GCP-2022-010. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

Cloud Asset Inventory

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

  • Network Management API
    • networkmanagement.googleapis.com/ConnectivityTest
Cloud Database Migration Service

Database Migration Service now supports adding dump flags for data dump customizations to migration jobs for Cloud SQL for MySQL instances. Click here to access the documentation.

Cloud Spanner

Cloud Spanner now offers committed use discounts. You can get significantly discounted prices in exchange for your commitment to use Cloud Spanner compute resources continuously for a year or longer.

Document AI

Document AI is now generally available (GA) in the following new locations:

  • europe-west3
  • asia-southeast1

You must request access to use the new locations. For more information, see Regional and multi-regional support.

Google Kubernetes Engine

In GKE version 1.23.2-gke.300 and later, you can now use network tags to dynamically apply firewall rules to nodes in your GKE Autopilot clusters and auto-provisioned GKE Standard node pools without disrupting running workloads.

March 09, 2022

Cloud Asset Inventory

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

  • Certificate Authority Service
    • privateca.googleapis.com/CaPool
    • privateca.googleapis.com/CertificateAuthority
    • privateca.googleapis.com/CertificateRevocationList
    • privateca.googleapis.com/CertificateTemplate
  • DLP
    • dlp.googleapis.com/DlpJob
    • dlp.googleapis.com/DeidentifyTemplate
    • dlp.googleapis.com/InspectTemplate
    • dlp.googleapis.com/JobTrigger
    • dlp.googleapis.com/StoredInfoType
Cloud Healthcare API

The _type and _since parameters are available for the fhirStores.export method. You can use these parameters to filter resources from exporting. This increases the speed of the export process and eliminates unwanted export data.

Cloud TPU

Cloud TPU now supports Tensorflow 2.5.3 and 2.7.1. For more information see TensorFlow 2.5.3 release notes and TensorFlow 2.7.1 release notes.

Google Kubernetes Engine

The following GKE versions fix a known issue in which the CAP_NET_BIND_SERVICE file capability was dropped from the metrics-server. To fix the issue, upgrade your control plane to any of these versions:

  • 1.21.9-gke.1002 and later
  • 1.21.10-gke.400 and later
  • 1.22.6-gke.300 and later
  • 1.22.7-gke.300 and later
  • 1.22.7-gke.900 and later
  • 1.23.4-gke.300 and later
Memorystore for Redis

Basic Tier instances now preserve data during scaling and maintenance. For a full list of operations/scenarios that cause a cache flush for the Basic Tier, see cache flush for Basic Tier.

March 08, 2022

Cloud Billing

Report filters now support the display of IDs in addition to names in the filter panels.

In the Cloud Billing Console, when you are viewing the options displayed in the filter panels for Subaccounts, Projects, Services, and SKUs, you can now see both the option name and the option ID (for example, project name and project ID). The ID displays below each option name. Previously, only the name was displayed when viewing the list of options in a filter panel. View an example of the Services filter panel, before and after the update.

With the addition of the ID, you can do the following:

  • Within a filter panel, search by name or by ID (for example: "BigQuery" or "services/24E6-581D-38E5").
  • More easily match a filter option to an invoice line item. For example, instead of searching for the "Active Storage" SKU, you can search for SKU ID "services/24E6-581D-38E5/skus/947D-3B46-7781".
  • You can use partial values when searching within a filter panel, and you will get back all matching results. For example, you can type to filter on "storage" or "24e6" or "7781".

Learn more about using filters in Cloud Billing Reports and the Cost breakdown report.

Cloud Composer

(Available without upgrading) New version aliases for Cloud Composer images. Now you can specify the latest version of Cloud Composer 2 with composer-2-airflow-x.y aliases. New composer-1-airflow-x.y aliases point to the latest version of Cloud Composer 1.

(Airflow 2) Added a new try-number label to Airflow task log entries.

(Cloud Composer 1) Fixed a problem with web server metrics not being reported or being reported partially.

(Available without upgrading) DAG UI now correctly handles invalid serialized DAG data.

Improved the handling of errors generated during update and upgrade operations because of an invalid pip.conf configuration file.

(Airflow 1) The apache-airflow-backport-providers-google package is updated to version 2022.2.22.

Cloud Composer 1.18.2 and 2.0.6 images are available:

  • composer-2.0.6-airflow-2.2.3
  • composer-2.0.6-airflow-2.1.4
  • composer-1.18.2-airflow-2.2.3
  • composer-1.18.2-airflow-2.1.4
  • composer-1.18.2-airflow-1.10.15 (default)

Cloud Composer 1.14.5 has reached its end of full support period.

Cloud Spanner

You can now see and manage the views of your Cloud Spanner databases from the Google Cloud Console. To do so, visit a database's Overview page, and then click the Views tab.

Google Kubernetes Engine

Setting a minimum CPU platform for node pools created by node auto-provisioning using the autoscaling.autoprovisioning_node_pool_defaults.min_cpu_platform field is deprecated. This field will be removed in a future release. In GKE versions 1.23 and later, you can request a minimum CPU platform at the workload level using a node selector or node affinity rule for cloud.google.com/requested-min-cpu-platform. For instructions, refer to Minimum CPU platform.

Storage Transfer Service

Storage Transfer Service now offers more control over preserving metadata when transferring between Cloud Storage buckets. Choose to retain or discard metadata including object ACLs, customer-managed encryption keys (CMEK), temporary holds, and object creation time. In addition, storage class can be set to any supported value, allowing you to change storage class at scale.

For details, refer to Metadata preservation.

VPC Service Controls

General availability for the following integration:

March 07, 2022

Anthos Cloud Functions Compute Engine

Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:

  • Council Bluffs, Iowa, North America : us-central1-c
  • Eemshaven, Netherlands, Europe : europe-west4-a

For more information about using GPUs on Compute Engine, see GPUs on Compute Engine.

Dataproc

New sub-minor versions of Dataproc images:

1.5.58-debian10, 1.5.58-ubuntu18, and 1.5.58-rocky8

2.0.32-debian10, 2.0.32-ubuntu18, and 2.0.32-rocky8

Fixed bug where clusters created via Dataproc Hub failed with Unit file jupyter.service does not exist error.

Fixed bug where clusters created with Kerberos failed with SSL Certificate string is too long error.

Eventarc Google Kubernetes Engine

(2022-R4) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.1500
    • 1.20.11-gke.1300

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.3600 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.3600 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.5-gke.1805 with this release.

Regular channel

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.12-gke.1500
    • 1.21.5-gke.1805
    • 1.22.3-gke.1500
    • 1.22.4-gke.1501

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1503 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1503 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.6-gke.300 with this release.

Rapid channel

  • Version 1.22.6-gke.1500 is now the default version in the Rapid channel.

  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.9-gke.300
    • 1.21.9-gke.1001
    • 1.22.4-gke.1501
    • 1.22.6-gke.300
    • 1.23.3-gke.1100

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.9-gke.1002 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.9-gke.1002 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.6-gke.1000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.4-gke.300 with this release.

Identity Service for GKE is now generally available. You can authenticate to GKE clusters with external identity providers that use OpenID Connect (OIDC).

(2022-R4) Version updates

(2022-R4) Version updates

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.12-gke.1500
    • 1.21.5-gke.1805
    • 1.22.3-gke.1500
    • 1.22.4-gke.1501

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1503 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1503 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.6-gke.300 with this release.

(2022-R4) Version updates

  • Version 1.22.6-gke.1500 is now the default version in the Rapid channel.

  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.9-gke.300
    • 1.21.9-gke.1001
    • 1.22.4-gke.1501
    • 1.22.6-gke.300
    • 1.23.3-gke.1100

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.9-gke.1002 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.9-gke.1002 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.6-gke.1000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.4-gke.300 with this release.

(2022-R4) Version updates

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.1500
    • 1.20.11-gke.1300

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.3600 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.3600 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.5-gke.1805 with this release.

Pub/Sub

Exactly once delivery gives you the ability to receive any successfully published message exactly once.

For more information, see Exactly once delivery.

Security Command Center

To support a rich query experience on complex array elements, the contains() filter function was introduced. You can use this function in your finding queries to do the following:

  • Exact element matching: Match array elements that contain the exact string, "example".
  • Specific number operations: Match array elements that are greater than or equal to 100.
  • Complex filtering against array structures: Match array elements that contain property x with a corresponding value y.

For more information, see Filtering on array-type fields.

Vertex AI

Vertex AI Feature Store online store autoscaling is available in Preview. The online store nodes automatically scale to balance performance and cost with different traffic patterns. The offline store already scales automatically.

You can now mount Network File System (NFS) shares to access remote files when you run a custom training job. For more information, see Mount an NFS share for custom training.

This feature is in Preview.

Google Cloud Pipeline Components SDK v1.0 is now generally available.

reCAPTCHA Enterprise

You can now enable and use reCAPTCHA Enterprise on Google Cloud without enabling billing for your Google Cloud project. For more information, see Billing information.

March 04, 2022

BigQuery Cloud Monitoring

You can now organize your dashboard widgets into collapsible groups. For more information, see Organize dashboard widgets.

Compute Engine

Public Preview: You can set the maximum amount of time that Compute Engine waits before terminating or restarting an unresponsive VM. For more information, see Set VM availability policies.

Config Connector

Config Connector version 1.75.0 is now available.

Added support for BillingBudgetsBudget resource.

Added support for EventarcTrigger resource.

Added support for LoggingLogView resource.

Added field spec.rule[].rateLimitOptions into ComputeSecurityPolicy resource.

Added fields spec.addonsConfig.gcpFilestoreCsiDriverConfig and spec.clusterAutoscaling.autoProvisioningDefaults.imageType into ContainerCluster resource.

Added fields spec.maintenancePolicy and spec.maintenanceSchedule into RedisInstance resource.

Added fields spec.transferSpec.awsS3DataSource.roleArn, spec.transferSpec.posixDataSink and spec.transferSpec.posixDataSource into StorageTransferJob resource.

Added field status.selfLink into NetworkServicesGateway,NetworkServicesGRPCRoute, NetworkServicesHTTPRoute, NetworkServicesMesh and NetworkServicesTCPRoute resources.

StorageTransferJob: Fields spec.schedule and spec.transferSpec.awsS3DataSource.awsAccessKey are no longer required.

Dataflow

You can now use the Apache Beam SDK for Go to create batch Dataflow pipelines. This feature is in Preview.

Google Kubernetes Engine

Some unexpected paths to access the node VM on GKE Autopilot clusters could have been used to escalate privileges in the cluster. These issues have been fixed and no further action is required. The fixes address issues reported through our Vulnerability Reward Program.

For instructions and more details, see the GCP-2022-009 security bulletin.

Public clusters created on GKE versions 1.22 and later, and created between October 28, 2021 and February 17, 2022 use Private Service Connect (PSC). Therefore, each control plane is assigned to a private IP address from the cluster node subnet.

For public clusters created outside of this time frame or with a different GKE version, the control plane has a public IP address by default.

March 03, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.10.2-gke.34 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.2-gke.34 runs on Kubernetes 1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.10, 1.9, and 1.8.

Changes

  • gkectl diagnose now reports a broken cluster caused by an admin cluster registration error during creation.

Fixes

  • Fixed issue: Failure to register admin cluster during creation

    • You can upgrade an admin cluster to version 1.10.2 without applying the documented mitigation, even if the cluster failed to register with the provided gkeConnect configuration during its creation. You can fix the registration issue by running gkectl update admin with the correct gkeConnect configuration after upgrade.
    • If the cluster registration failed when creating a version 1.10.2 admin cluster, no mitigation is needed to upgrade to later versions after version 1.10.2.

  • Fixed ".local" DNS lookup issue caused by Ubuntu 20.04 systemd-resolved configuration changes.

  • Fixed issue where Docker bridge IP incorrectly used 172.17.0.1/16 instead of 169.254.123.1/24.

  • Fixed unexpectedly high network traffic to monitoring.googleapis.com in a newly created cluster.

  • Fixed an issue that admin cluster creation or upgrade might be interrupted by temporary vCenter connection issue.

  • Fixed critical CVEs:

  • Fixed this high-severity CVE:

When cluster autoscaling is enabled in a Dataplane-v2 cluster, scale down may sometimes take longer than expected. For example, it may take approximately 20 minutes instead of 10 minutes as in a normal case.

Apigee Adapter for Envoy

Envoy adapter v2.0.5

On March 3, 2022 we released a new version of Apigee Adapter for Envoy v2.0.5.

Security release to address a Denial of Service (DoS) risk in the prometheus library. See CVE-2022-21698.

Apigee X

On March 3, 2022, we released new features for the Public Preview of configurable API proxies. To learn more, see Introduction to configurable API proxies.

HTTP request transforms are now available for use with configurable API proxies.

With HTTP request transforms, configurable API proxy developers can quickly rewrite HTTP request paths, header, and query parameters using HTTP Request Transforms. Rewriting is enabled using a simple configuration that can reference incoming path template segments, header values, or query parameter values.

For more information, see HTTP request transforms for configurable proxies.

Google authentication for securing targets is now supported when using configurable API proxies.

With this feature, configurable API proxy developers can secure their Google backend services using Google OAuth and automatically grant access to authorized API consumers. This offers the advantage of seamless integration with other Google services, without requiring API producers to manage private keys.

For more information, see Securing targets for configurable proxies.

Southbound mTLS can be enabled for use with configurable API proxies .

By adding south bound mTLS functionality to configurable proxies, Apigee customers can seamlessly maintain their current usage of mTLS when transitioning to the use of configurable proxies, or increase security for communications between existing configurable proxies and their backends.

For more information, see Enable south bound mTLS for configurable proxies.

Configurable API proxies now support the use of template variables.

Apigee property sets can be used to specify template variables for configurable API proxies in archive deployments. This feature enables customers to use string templates in their proxy configuration YAML files.

For more information, see Template variables for configurable proxies.

Cloud Load Balancing

You can now use a combination of zonal NEGs (of type GCE_VM_IP_PORT) and hybrid NEGs (of type NON_GCP_PRIVATE_IP_PORT) as backends for your global external HTTP(S) load balancers. For all supported backend combinations, see the table at Backend services.

Cloud Spanner

You can now view aggregated Cloud Spanner statistics related to transactions, reads, queries, and lock contentions in Cloud Monitoring. Additionally, the retention period for these metrics at one-minute intervals has been increased from six hours to six weeks.

Identity and Access Management

You can now use deny policies to prevent principals from using certain permissions, regardless of the roles they're granted. This feature is in Preview.

Kf

Add a feature that supports adding node selectors for Kf Builds to isolate Kf Build pods in specific node pool.

Remove Config Connector as a dependency of Kf.

Storage Transfer Service

Storage Transfer Service now supports Cloud Client Libraries, which are the recommended option for accessing Cloud APIs programmatically. This launch significantly reduces the amount of code you need to write; see Getting started and Migrating to the Cloud Client Library for more details.

VPC Service Controls

Beta stage support for the following integration:

Workflows

Support for VPC Service Controls is now in Beta stage.

March 02, 2022

Anthos Service Mesh

1.12.4-asm.2 is now available.

Anthos Service Mesh includes the features of Istio 1.12 subject to the list of Anthos Service Mesh supported features.

Anthos Service Mesh now supports certificate templates with the Certificate Authority Service integration. See Install default features and CA Service for more information.

Cloud Build

The operating system of the machine that Cloud Build uses to run builds has been upgraded to Debian 11. This results in faster build start up time when you run builds on:

Security Command Center

You can now configure automatic exports of Security Command Center findings to a BigQuery dataset. For more information, see Export findings to BigQuery for analysis.

The vulnerability.cve.upstreamFixAvailable attribute was added to the Finding object. This is a boolean field that specifies whether a Common Vulnerabilities and Exposures (CVE) fix is available. For more information, see the API documentation for the Finding object.

March 01, 2022

Apigee hybrid

hybrid v1.5.8

On March 1, 2022 we released an updated version of the Apigee hybrid v1.5.8 software.

For information on upgrading, see Upgrading Apigee hybrid to version 1.5.

Bug ID Description
219523719 Fix to address the CPU and memory consumption when debug-session is enabled with response-status as the filtering criteria.
217386412 Change the property set logging level to fine when property is not found.
215773113 Setting the securityPolicy appeared to have no effect for specific configurations.
209484701 Invalid client IP sent to analytics.
189233354 Distributed tracing with Jaeger would error out.

Bug ID | Description N/A | Multiple security fixes including CVE-2019-5021.

Artifact Registry

Support for Python repository hostnames ending in pypi.pkg.dev is no longer available. If you use commands that reference hosts with LOCATION-pypi.pkg.dev you must replace these references with LOCATION-python.pkg.dev.

The pypi.pkg.dev hostname was available when Python repositories were available in alpha, and alpha users were notified about the change.

Cloud Composer

Cloud Composer 2 supports Customer Managed Encryption Keys (CMEK).

Java Client for Cloud Composer version 1.1.3 is released. You can use this library to interact with Cloud Composer API from Java.

Cloud Spanner

A new multi-region instance configuration is now available in North America - nam13 (Iowa/Oklahoma/Salt Lake City).

Released Query Optimizer version 4. Version 3 remains the default optimizer version in production.

Dataproc Metastore

gRPC endpoint protocol is available in Preview.

Google Cloud Deploy

Google Cloud Deploy is now available in the following region: asia-northeast3 (Seoul)

Transcoder API

The following preprocessing configurations are not supported: Color, Denoise, Deblock, and Boost.

February 28, 2022

Agent Assist

Agent Assist is now GA. GA status applies to the following features:

Anthos clusters on bare metal

Release 1.9.5

Anthos clusters on bare metal 1.9.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.9.5 runs on Kubernetes 1.21.

Fixes:

Known issues:

When you upgrade Anthos clusters on bare metal from a version with a security patch to the next minor release, we recommend that you upgrade to the highest patch version to ensure that you have the latest security fixes. Always review the release notes before upgrading so that you're aware of what has changed, including security fixes and known issues. Upgrading to a lower release version isn't supported.

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee hybrid

hybrid v1.6.5

On February 28, 2022 we released an updated version of the Apigee hybrid v1.6.5 software.

For information on upgrading, see Upgrading Apigee hybrid to version 1.6.

Bug ID Description
217386412 Change the property set logging level to fine when property is not found.
215773113 Setting the securityPolicy appeared to have no effect for specific configurations.
211787541 Errors displayed in synchronizer logs for stale contracts.
209484701 Invalid client IP sent to analytics.
204905727 GenerateResponse was hanging on response flow when enabled=true.
191853747 Apigee Workload Identities not working for specific configurations.
173566787 Reuse existing target IPs if DNS resolution fail on DNS cache refresh.
111777025 LookupCache: cachehit was shown false in trace when the actual value was true.
Bug ID Description
204994504 Container Vulnerability fixed: CVE-2018-12934.
N/A Multiple security fixes including CVE-2019-5021.
Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

  • Firestore
    • firestore.googleapis.com/Database
Cloud Composer

(New environments only) Temporary Pub/Sub topics created during environment operations are now labeled.

(Airflow 2) The google-cloud-datastore package was added to the list of preinstalled packages.

(Airflow 2) Fix the problem with task logs not being exported to Cloud Logging.

(Airflow 1) The apache-airflow-backport-providers-google package is updated to version 2022.2.11.

(Cloud Composer 2) Fixed the problem with an environment having 0 workers after an unsuccessful upgrade operation is rolled back.

(Available without upgrading) Improved the handling of errors in DAG UI for tasks without a set operator.

Cloud Composer 1.18.1 and 2.0.5 images are available:

  • composer-2.0.5-airflow-2.2.3
  • composer-2.0.5-airflow-2.1.4
  • composer-1.18.1-airflow-2.2.3
  • composer-1.18.1-airflow-2.1.4
  • composer-1.18.1-airflow-1.10.15 (default)

Cloud Composer 1.14.4 has reached its end of full support period.

Cloud Key Management Service

Cloud HSM resources are now available in the following regions:

  • asia1
  • eur3
  • eur4
  • nam3
  • nam4
  • nam6
  • nam9

For information about which locations are supported by Cloud KMS, Cloud HSM, and Cloud EKM, see Cloud KMS locations.

Cloud Monitoring

GA: Google Cloud Managed Service for Prometheus, Google Cloud's fully managed, Prometheus-compatible monitoring solution, is now generally available. You can use the managed service anywhere that you use standard Prometheus today. The collector retains all expected Prometheus functionality, such as local storage and rule evaluation.

Managed Service for Prometheus also offers managed data collection in Kubernetes environments, reducing the complexity of deploying, scaling, sharding, configuring, and maintaining the collectors. For more information, see Google Cloud Managed Service for Prometheus.

Cloud SQL for MySQL

Cloud SQL for MySQL 8.0.26 is now the default minor version. To upgrade your existing instance to the new version, see Set the MySQL minor version.

Dataproc Metastore

Fixed the issue causing metadata batch sync from Dataproc Metastore to Data Catalog to not work.

Deep Learning Containers

M90 Release

  • CUDA has been upgraded from 11.3.0 to 11.3.1 to address some NCCL issues.
  • VSlim GPU TensorFlow containers are available and have a significantly smaller size.
  • TensorFlow 2.7 containers are re-released.
Deep Learning VM Images

M90 Release

  • Vertex AI sample notebooks are now included in the /usr/share/tutorials folder.
  • Instances now allow the Jupyter options for disabling terminals and deleting files instead of sending them to the trash or recycling bin.

In M90 release instances, gRPC 1.44.0 can generate spurious error logs, though this doesn't affect the VM's ability to boot up. A fix is planned for the next release.

Eventarc Google Cloud Deploy Private Catalog

Specify which Terraform version is used to deploy your Terraform configurations in new or existing solutions.

Workflows

February 25, 2022

Anthos clusters on bare metal

Release 1.10.2

Anthos clusters on bare metal 1.10.2 is now available for download. To upgrade, see Upgrade Anthos on bare metal. Anthos clusters on bare metal 1.10.2 runs on Kubernetes 1.21.

Functionality changes:

  • A preflight check now verifies whether your node machine has enough disk space before starting an install.

  • Updated the bmctl check cluster --snapshot command so that snapshots now capture information about pods in cluster namespaces.

  • Updated the bmctl check cluster --snapshot command so that snapshots now capture information about cluster API machines and kubeadmin Secrets.

Fixes:

  • Fixed issue in which the edge profile's request to reserve resources is lost during the upgrade process.

  • Fixed bmctl upgrade command so that the log file upgrade-cluster.log is generated in the bmctl-workspace/cluster/logs directory.

  • Fixed issue in which the non-root login didn't have the proper permissions to perform bmctl backup or bmctl restore.

  • Fixed a Node Problem Detector service that sometimes failed to run on nodes after a cluster installation or upgrade.

  • The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Security bulletin (1.8, 1.9, and 1.10)

Envoy recently released multiple security vulnerability fixes. The vulnerabilities affect Anthos clusters on bare metal, because Envoy is used for Metrics Server.

For instructions and more details, see the GCP-2022-008 security bulletin.

Cloud Data Fusion

Cloud Data Fusion version 6.6.0 is in Preview. This release is in parallel with the CDAP 6.6.0 release .

Features in 6.6.0:

  • Cluster reuse is generally available (GA).
  • Predefined autoscaling is available in Preview.
  • Cloud Data Fusion flow control prevents you from submitting too many requests, which can cause stuck or failed pipeline runs. It applies to API and scheduled pipeline launch requests for batch and real-time pipelines and replication jobs. It is available in Preview.

Changes in 6.6.0:

Fixed in 6.6.0:

  • Improved instance stability. Fixed a number of system service unavailability cases resulting in the message "Necessary services are experiencing intermittent problems" and API call failures.
  • Fixed an issue that caused pipelines to fail when a Database Batch Source included a decimal column with precision greater than 19.
  • Fixed an issue that caused pipelines with a Conditional plugin that were running on MapReduce to fail.
  • Fixed an issue that caused pipelines with a Conditional plugin and running on Spark to fail.
  • Fixed an issue that caused validation to fail for Cloud Storage Multi File Sinks.
Cloud Run

Cloud Run now supports using less than one CPU. Refer to CPU limits for details. (Available in public preview.)

Google Kubernetes Engine

The Envoy project recently discovered a set of vulnerabilities. All issues listed below are fixed in Envoy release 1.21.1.

For more information, see the GCP-2022-008 security bulletin.

February 24, 2022

Anthos Config Management

The constraint template library includes new templates: K8sPSPAutomountServiceAccountTokenPod, RestrictNetworkExclusions, and K8sDisallowAnonymous.

The template library's K8sContainerRatios template supports a new field: cpuRatio.

The template library's K8sRestrictRoleBindings template now supports regular expression matching of role/clusterRole names by using the regexMatch field.

The template library's K8sProhibitRoleWildcardAccess template now allows roles and clusterRoles specified in the constraint to be exempted from the policy.

A set of template library's templates now include the exemptImages parameter, which exempts specific containers from the policy. Those templates are:

  • K8sPSPAllowPrivilegeEscalationContainer
  • K8sPSPAppArmor
  • K8sPSPCapabilities
  • K8sContainerLimits
  • K8sContainerRatios
  • K8sPSPHostNetworkingPorts
  • K8sImageDigests
  • K8sPSPPrivilegedContainer
  • K8sPSPProcMount
  • K8sPSPReadOnlyRootFilesystem
  • K8sPSPSeccomp
  • K8sPSPSELinuxV2
  • K8sPSPAllowedUsers
  • K8sContainerLimits

Fixed an issue in the hydration-controller container causing the reconciler Pod crash looping when there is a malformed or missing kustomization.yaml in the base directory.

Fixed a memory leak in the Config Sync reconciler container that led to high memory utilization or Pod restarts due to out-of-memory errors.

Anthos clusters on AWS (previous generation)

Anthos Clusters on AWS aws-1.10.2-gke.0 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:

  • 1.21.9-gke.1900
  • 1.20.15-gke.1900
  • 1.19.16-gke.7700
Anthos clusters on VMware

The Envoy project recently discovered a set of vulnerabilities. All issues listed in the security bulletin are fixed in Envoy release 1.21.1. For more information, see the GCP-2022-008 security bulletin.

Apigee Integrated Portal

On February 24, 2022 we released an updated version of the Apigee Integrated Portal software.

Bug ID Description
216299743 Inconsistent button icon for delete in Pages. Updated the page delete button from (circle with x) to (trash can).
210539825 CSS compiler should gracefully handle errors with unexpected form. Fixed a rare issue where some custom CSS payloads would result in an Internal Server Error.
205579028 500s caused by could not get auth token for GCP. Periodically, under high load, GCP Authentication would fail on the backend and return a 500 internal exception.
194226935 Update site pages to link to Quickstart documentation. The Quick Start tutorial is no longer embedded in the portal. See Build your first portal in the Apigee documentation.
Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the Feed API, and the Search APIs (SearchAllResources and SearchAllIamPolicies):

  • Cloud Healthcare API
    • healthcare.googleapis.com/ConsentStore
    • healthcare.googleapis.com/Dataset
    • healthcare.googleapis.com/DicomStore
    • healthcare.googleapis.com/FhirStore
    • healthcare.googleapis.com/Hl7V2Store
Cloud SQL for PostgreSQL

Due to a change in a recent maintenance update, the changes listed in the February 4 Release Notes entry have been applied to some instances but postponed for the others. In the Google Cloud Console, you can determine if the maintenance update was applied. Specifically, on the Instance Overview page, review the instance's operations and logs for an occurrence of a maintenance operation since January 27.

Cloud Storage

The restrict authentication types organizational constraint is now in Preview. * The constraint allows you to restrict the authentication types that can be used in requests for Cloud Storage resources.

Config Controller

December 2021, Config Controller became Generally Available (GA). Config Controller is a managed service to provision and orchestrate Anthos and Google Cloud resources. For information on Config Controller, see Config Controller overview.

Config Controller now uses the following versions of its included products:

Eventarc

Eventarc is now HIPAA, SOC 1, SOC 2, and SOC 3-compliant.

Google Kubernetes Engine

(2022-R3) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.19.16-gke.3600 is now available in the Stable channel.
  • Version 1.21.5-gke.1805 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.19.15-gke.1801
    • 1.21.5-gke.1802
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.5-gke.1805 with this release.

Regular channel

  • Version 1.21.6-gke.1503 is now the default version in the Regular channel.
  • Version 1.21.5-gke.1805 is now available in the Regular channel.
  • Version 1.21.6-gke.1503 is now available in the Regular channel.
  • Version 1.22.4-gke.1501 is now available in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.20.11-gke.1801
    • 1.21.5-gke.1802
    • 1.21.6-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1503 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1503 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.4-gke.1501 with this release.

Rapid channel

  • Version 1.22.6-gke.300 is now the default version in the Rapid channel.
  • Version 1.21.9-gke.1001 is now available in the Rapid channel.
  • Version 1.22.6-gke.1000 is now available in the Rapid channel.
  • Version 1.22.6-gke.1500 is now available in the Rapid channel.
  • Version 1.23.3-gke.1100 is now available in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.21.6-gke.1500
    • 1.22.3-gke.700
    • 1.22.3-gke.1500
    • 1.23.2-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.9-gke.1001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.9-gke.1001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.3-gke.1100 with this release.

GKE nodes that use Container-Optimized OS with Docker (cos) may experience random TCP connection resets when two pods on the same node communicate using a Kubernetes ClusterIP Service.

For more information, see GKE Node images known issues.

(2022-R03) Version updates

(2022-R03) Version updates

  • Version 1.19.16-gke.3600 is now available in the Stable channel.
  • Version 1.21.5-gke.1805 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.19.15-gke.1801
    • 1.21.5-gke.1802
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.5-gke.1805 with this release.

(2022-R03) Version updates

  • Version 1.21.6-gke.1503 is now the default version in the Regular channel.
  • Version 1.21.5-gke.1805 is now available in the Regular channel.
  • Version 1.21.6-gke.1503 is now available in the Regular channel.
  • Version 1.22.4-gke.1501 is now available in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.20.11-gke.1801
    • 1.21.5-gke.1802
    • 1.21.6-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1503 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1503 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.4-gke.1501 with this release.

(2022-R03) Version updates

  • Version 1.22.6-gke.300 is now the default version in the Rapid channel.
  • Version 1.21.9-gke.1001 is now available in the Rapid channel.
  • Version 1.22.6-gke.1000 is now available in the Rapid channel.
  • Version 1.22.6-gke.1500 is now available in the Rapid channel.
  • Version 1.23.3-gke.1100 is now available in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.21.6-gke.1500
    • 1.22.3-gke.700
    • 1.22.3-gke.1500
    • 1.23.2-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.9-gke.1001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.9-gke.1001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.3-gke.1100 with this release.
Security Command Center

Security Command Center can automatically send findings, assets, and security sources to the following SIEM and SOAR platforms:

Traffic Director

Read Security Bulletin GCP-2022-008 about Envoy security vulnerabilities and update Envoy proxies in your Traffic Director installation to Envoy release 1.21.1.

February 23, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.9.4-gke.3 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.4-gke.3 runs on Kubernetes v1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.10, 1.9, and 1.8.

Fixes

  • Upgraded Cilium to version 1.10.5.

    • This upgrade also fixed the issue where unreachable node endpoints caused application 503 errors. Previously, when cilium-health status was run in anetd daemons, the output showed stale remote nodes.

  • Fixed unexpectedly high network traffic to monitoring.googleapis.com in a newly created cluster.

  • Fixed these high-severity CVEs:

When cluster autoscaling is enabled in a Dataplane-v2 cluster, scale down may sometimes take longer. For example, it may take approximately 20 minutes instead of 10 minutes as in a normal case.

Cloud Asset Inventory

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

  • Vertex AI
    • aiplatform.googleapis.com/PipelineJob
Cloud Run for Anthos

Support for Knative Serving 1.1.2 is now available in version 1.23.0-gke.17 of Cloud Run for Anthos on Google Cloud.

The following GKE minor versions are supported:

  • 1.19 with Anthos Service Mesh 1.10
  • 1.20 with Anthos Service Mesh 1.10
  • 1.21 with Anthos Service Mesh 1.11 or 1.12
Cloud SQL for MySQL

If your primary instance uses a private IP address, you can now select an allocated IP range for clones and replicas created from the instance.

Cloud SQL for PostgreSQL

If your primary instance uses a private IP address, you can now select an allocated IP range for clones and replicas created from the instance.

Cloud SQL for SQL Server

If your primary instance uses a private IP address, you can now select an allocated IP range for clones and replicas created from the instance.

Compute Engine

NVIDIA 510 driver not yet supported for GPUs running on Compute Engine, see Known issues.

Data Catalog

Public preview: Public tags that provide less strict access control as compared to private tags for searching and viewing tags is rolled out to all Data Catalog regions with minimal disruption and in a controlled way. Public tags support simple search and search with predicates while private tags support only search with predicates.

Network Connectivity Center

Networking Connectivity Center now supports the use of a third-party network virtual appliance in any Google Cloud region for the following use cases:

A third-party network virtual appliance could be an SD-WAN router, a firewall appliance, a load balancer, or another appliance, as long as it uses BGP. After you create a Network Connectivity Center spoke to represent your router appliance instance, it can exchange routes dynamically with Cloud Router.

To view a list of partners whose solutions are integrated with Network Connectivity Center, see Network Connectivity Center partners.

For more information about Network Connectivity Center, see the product overview.

February 22, 2022

Anthos Service Mesh

The Istio project recently disclosed a series of CVEs that can expose Anthos Service Mesh to remotely exploitable vulnerabilities. For more information, see the security bulletin.

1.12.4-asm.1 is now available.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-007. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

1.11.7-asm.1 is now available.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-007. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

1.10.6-asm.1 is now available.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-007. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

Anthos clusters on AWS

Kubernetes version 1.21.6-gke.1500 is now available. For more information, see the Kubernetes OSS release notes.

You can now launch clusters in the ap-northeast1 and sa-east-1 AWS regions.

Fixed CVE-2021-4154, see GCP-2022-002 for more details.

Fixed CVE-2022-0185, see GCP-2022-002 for more details.

Anthos clusters on Azure

Kubernetes version 1.21.6-gke.1500 is now available. For more information, see the Kubernetes OSS release notes.

You can now launch clusters in the brazilsouth Azure region.

Fixed CVE-2021-4154, see GCP-2022-002 for more details.

Fixed CVE-2022-0185, see GCP-2022-002 for more details.

Fixed CVE-2021-4034, see GCP-2022-004 for more details.

Fixed CVE-2021-43527, see GCP-2022-005 for more details.

Apigee UI

On February 22, 2022 we released an updated version of the Apigee UI software.

The following accessibility improvements have been made in the Apigee UI:

  • In the Develop > API Proxies view, the screen reader now reads "Create new proxy" for the Create New button
  • In the Traffic column of the API Proxies view, the screen reader now reads the traffic tooltip text, and the tooltip has been removed.
  • In the Last Modified column, the screen reader now reads a message like "5 months ago on Sep 17, 2021 6:21 PM," and the tooltip has been removed.
  • Hovering the mouse in the Action column now displays a menu showing the Delete item, to make it accessible.

The help text in the project selector menu at the top of the UI was out of date. The information has now been updated.

Proxy/sharedflow undeployment was failing in the new Proxy Editor. This has been fixed.

Cloud DNS

Zonal Cloud DNS zones are now available in Preview.

You can create private DNS zones that are scoped only to a Google Cloud zone.

Cloud Healthcare API

You can now stream and export FHIR resources to BigQuery using the FHIR analytics schema with support for repeated extension columns and contained resources as JSON strings.

Cloud Logging

You can now collect Apache CouchDB logs from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: CouchDB.

You can now collect Apache Hadoop logs and metrics from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: Hadoop.

You can now collect Apache HBase logs and metrics from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: HBase.

You can now collect Apache ZooKeeper logs from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: ZooKeeper.

You can now collect WildFly logs from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: WildFly.

Cloud Monitoring

Metrics Explorer and charts on dashboards have a new metric selection interface. For more information, see Select metrics when using Metrics Explorer.

You can now collect Apache ActiveMQ metrics from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: ActiveMQ.

You can now collect Apache Hadoop metrics and logs from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: Hadoop.

You can now collect Apache HBase metrics and logs from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: HBase.

You can now collect MongoDB metrics from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: MongoDB.

You can now collect RabbitMQ metrics from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: RabbitMQ.

Eventarc

Support for applying a path pattern when filtering is now available in Preview.

Google Kubernetes Engine

GKE Gateway traffic management is now in Preview for GKE 1.22 and later version clusters. You can now autoscale Pods or dynamically shift traffic between clusters based on Service traffic capacity.

Istio on Google Kubernetes Engine

The Istio project recently disclosed a series of CVEs that can expose Istio on GKE to remotely exploitable vulnerabilities. For more information, see the security bulletin.

1.6.14-gke.9 is now available. This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-007. For more information, see Upgrading operator based 1.6 Istio to the latest patch release.

1.4.11-gke.4 and 1.4.10-gke.23 are now available. These patch releases contain the fixes for the security vulnerabilities listed in GCP-2022-007. For more information see Upgrading 1.4 Istio to the latest patch release.

Security Command Center

MITRE ATT&CK framework details related to findings are now available as finding attributes for all Security Command Center services. The framework explains tactics and techniques for attacks against cloud resources, and provides remediation guidance. Although these attributes are available across all built-in and integrated services, only Container Threat Detection and Event Threat Detection are populating them at this time. For more information, see the API documentation for the Findings object.

February 21, 2022

Apigee Integration

On February 21, 2022 we released an updated version of the Apigee Integration software.

Bug ID Description
N/A Cloud Pub/Sub trigger having same topic in multiple region fails. You can now create a Cloud Pub/Sub trigger for the same topic in multiple regions. Because of this fix, your already existing Cloud Pub/Sub trigger may now execute multiple times. Contact Apigee support if you notice this problem. However, if you haven't used the Cloud Pub/Sub trigger in your integrations, you can ignore this fix.
Cloud Domains

Cloud Domains now supports the following new TLDs:

  • .day
  • .contact
  • .de
  • .nl
  • .autos

The annual price for the following two TLDs has changed to $15:

  • .boats
  • .homes

For details, see Cloud Domains Pricing.

Cloud Load Balancing

Network Load Balancing introduces a new monitoring resource type loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule that lets you monitor all the supported protocols including TCP, UDP, ESP, and ICMP.

For details, see Monitoring Network Load Balancing.

This feature is available in General Availability.

February 19, 2022

Dataproc Metastore

Fixed the issue causing Dataproc Metastore service creation to fail with the error NO_MATCHING_ACCESS_LEVEL due to a known issue where dns.googleapis.com is in the service perimeter but not in the allowlist.

February 18, 2022

Cloud Build

The organization policy for integrations with services such as GitHub is now generally available. Users can now apply the policy to control triggered builds from external services, such as GitHub. To learn more, see Limiting builds triggered from external services.

VPC Service Controls support for Cloud Build is now generally available. For instructions on using this feature, see Using VPC Service Controls.

Config Connector

Config Connector version 1.74.0 is now available.

Added support for PrivateCACertificateAuthority resource

Fixed topicRef in CloudBuildTrigger (Issue #605).

Dataproc

Added support for Enhanced Flexibility Mode (EFM) with primary worker shuffle mode on Spark for image version 2.0.

General Availability (GA) release of new Rocky Linux based images: 1.5.57-rocky8 and 2.0.31-rocky8. These images are replacing CentOS images which are EOL.

Dataproc Serverless for Spark now uses runtime version 1.0.4, which updates GCS connector to 2.2.5 version.

New sub-minor versions of Dataproc images:

1.5.57-debian10, 1.5.57-ubuntu18, and 1.5.57-rocky8

2.0.31-debian10, 2.0.31-ubuntu18, and 2.0.31-rocky8

Upgraded Cloud Storage connector version to 2.2.5 in image version 2.0.

Upgraded Cloud Storage connector version to 2.1.7 in image version 1.5.

CentOS images are EOL. 1.5.56-centos8 and 2.0.30-centos8 are the final CentOS based images. CentOS images are no longer supported and will not receive new releases.

Document AI

New Versions of Procurement Processors

We have launched a new Google Pretrained version of the following procurement processors with various quality improvements:

The changes from the old Google default next version have been applied to the new Google Pretrained version. The old Google default version is still available and will not be deprecated for at least 180 days.

Workflows

February 17, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.8.7-gke.0 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.7-gke.0 runs on Kubernetes v1.20.12-gke.1500.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.10, 1.9, and 1.8.

Fixes:

App Engine standard environment Java

Updated the Java SDK to version 1.9.95.

Cloud Asset Inventory

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

  • Vertex AI
    • aiplatform.googleapis.com/MetadataStore
    • aiplatform.googleapis.com/ModelDeploymentMonitoringJob
Cloud Composer

DAG UI is available in Preview.

(Cloud Composer 2) Tasks that take less than 25 minutes to execute are not impacted by maintenance operations. Cloud Composer waits until such tasks are finished before the maintenance operation starts.

Cloud Monitoring

You can now configure how missing data is treated in alerting policies. Currently, if data stops arriving, the alerting policy repeats the previous measurement, so open incidents stay open. You can now treat missing data as violating the condition so an active condition stays active, or treat it as non-violating so that an active condition closes. For more information, see Partial metric data.

The install-monitoring-agent.sh installation script for the Cloud Monitoring agent for Linux has been decommissioned. See the Installing the Cloud Monitoring agent guide for the latest installation procedures.

Cloud NAT

Dynamic port allocation for Cloud NAT is available in General Availability.

Cloud SQL for MySQL

Cloud SQL now supports the use of tags on instances. Tags are key-value pairs you can apply to your resources, such as a project or a Cloud SQL instance, which are used for fine-grained access control. To learn more, see Access control with Google Cloud tags. To use tags now, see Attach and manage tags on Cloud SQL instances.

Cloud SQL for PostgreSQL

Cloud SQL now supports the use of tags on instances. Tags are key-value pairs you can apply to your resources, such as a project or a Cloud SQL instance, which are used for fine-grained access control. To learn more, see Access control with Google Cloud tags. To use tags now, see Attach and manage tags on Cloud SQL instances.

Cloud SQL for SQL Server

Cloud SQL now supports the use of tags on instances. Tags are key-value pairs you can apply to your resources, such as a project or a Cloud SQL instance, which are used for fine-grained access control. To learn more, see Access control with Google Cloud tags. To use tags now, see Attach and manage tags on Cloud SQL instances.

Dataplex

Dataplex Explore is available in Preview. Explore provides a fully-managed, serverless data exploration experience that enables you to query your data using Apache SparkSQL queries and Jupyter notebooks.

Dataproc

A script that checks if a project or organization is using an unsupported Dataproc image is available for downloading (see Unsupported Dataproc versions).

Google Kubernetes Engine

Kubernetes Network Policy API allows specifying range of ports (see KEP on port ranges) on which the policy is enforced in GKE 1.22 and later versions. If you specify endPort field in a Network Policy, it might not take effect in Dataplane V2 based on the cluster configuration. This API will be supported in Calico Network Policy enabled clusters but not in Dataplane V2 clusters.

For more information, see GKE Dataplane V2 known issues.

February 16, 2022

BigQuery

Remote functions are now available for preview. Remote functions allow you to implement your function in other languages than SQL and Javascript, or with libraries or services which are not allowed in BigQuery user-defined functions.

Cloud CDN

Dynamic compression allows Cloud CDN to automatically compress responses as they are being served between the origin and the client. The size of the data sent over the network is reduced by 60% to 85% in typical cases. This feature is supported in Preview.

Cloud Functions

Cloud Functions has added support for low-configuration access to private dependencies on Artifact Registry in in Node.js and Python.

Cloud Shell

Cloud Shell Editor is now built with Theia 1.21.0

For a complete list of features, updates, and bug fixes, see the Theia release notes.

.NET 6.0 Support added.

Cloud Shell and the Cloud Shell Editor now support .NET 6.0 development.

Debian 11

Cloud Shell is now built on top of Debian 11. For a full list of updates, see the Debian 11 release notes.

Upcoming switch to Python 3

Cloud Shell will soon default to Python 3. Python 2 will still be included as a development tool in Cloud Shell and may be invoked by issuing the python2 command.

Compute Engine

New documentation for licenses and appending licenses.

T2D machines are now available in the following regions and zones:

  • St. Ghislain, Belgium: europe-west1
  • The Dalles, Oregon: us-west1

See VM instance pricing for details.

Dataflow

Profiling Dataflow pipelines with Cloud Profiler is generally available (GA). Use Dataflow integration with Cloud Profiler to monitor pipeline performance.

VPC Service Controls

General availability for the following integration:

Vertex AI

You can now use a pre-built container to perform custom training with TensorFlow 2.8.

February 15, 2022

AI Platform Training

Runtime version 2.8 is available. You can use runtime version 2.8 to train with TensorFlow 2.8, scikit-learn 1.0.2, or XGBoost 1.5.2. Runtime version 2.8 supports training with CPUs, GPUs, or TPUs.

See the full list of updated dependencies in runtime version 2.8.

Apigee UI

On February 15, 2022 we released an updated version of the Apigee UI software.

New Overview Tab in Proxy Editor

We have released a new version of the Overview tab in the Proxy Editor. See Introducing the new Proxy Editor.

Note: The new features in this release will be rolled out over the next week, so you might not be able to view them until the rollout is complete.

The UI now shows a warning when an API Product is in legacy format, stating that some of the displayed fields might be legacy fields.

Bug ID Description
201759530 Operations that did not have methods defined were not appearing in the operations table in the API Products UI
199814779 The test button in Admin > Environments > Keystores was not working correctly. The button has been temporarily removed from the UI.
Apigee X

On February 15, 2022 we released an updated version of the Apigee X software.

Backend target routing with Private Service Connect

You can now use Private Service Connect (PSC) to connect Apigee with backend target services running in VPC networks other than the one that is peered with your Apigee organization. For details, see Southbound networking patterns.

App Engine standard environment Node.js

Node.js apps now support private dependencies hosted on an Artifact Registry Node.js package repository. To include private dependencies, list the Artifact Registry repository and configure settings for authenticating with the registry in your .npmrc file.

App Engine standard environment Python

Python 3 apps now support private dependencies hosted on an Artifact Registry Python registry. To include private dependencies, add the Artifact Registry URL and the relevant packages in your requirements.txt file.

Artifact Registry

On-Demand Scanning for Go packages is now generally available.

You can scan your container images and identify Go package vulnerabilities.

BigQuery

The table clones feature in BigQuery is now in Preview. A table clone is a lightweight, writable copy of a table. You are only charged for storing the data in a table clone that differs from its base table.

Chronicle

DeleteSubject

The DeleteSubject method has been added to the Chronicle Role-Based Access Control (RBAC) API. DeleteSubject enables you to remove user and group role assignments.

Cloud Composer

Cloud Composer 1.18.0 and 2.0.4 release started on February 15, 2022. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

(Cloud Composer 1) Starting from this version, newly created environments use Python 3.8 as the default Python version. Python 3.6 is no longer available. If you upgrade an existing environment to 1.18.0 and later versions, the Python version changes from Python 3.6 to Python 3.8.

(Cloud Composer 2) Environment creation no longer fails if the default Compute Engine service account is deleted in a project.

Cloud Composer 1.18.0 and 2.0.4 images are available:

  • composer-2.0.4-airflow-2.2.3
  • composer-2.0.4-airflow-2.1.4
  • composer-1.18.0-airflow-2.2.3
  • composer-1.18.0-airflow-2.1.4
  • composer-1.18.0-airflow-1.10.15 (default)

Airflow 2.0.2 is no longer included in Cloud Composer images.

Cloud Composer 1.14.3 has reached its end of full support period.

Cloud Load Balancing

Internal TCP/UDP Load Balancing now supports source-IP address session affinity (CLIENT_IP_NO_DESTINATION) in Public Preview.

Config Controller

Config Controller now uses version 1.10.1 for Anthos Config Management (release notes)

Data Catalog

Data Catalog now supports cataloguing and searching data entries from Dataplex lakes, zones, tables, and filesets. For more information, see the Dataplex documentation and Data Catalog documentation.

Dataplex

Dataplex is generally available (GA). Dataplex is an intelligent data fabric that helps organizations to centrally manage, monitor, and govern their data across data lakes, data warehouses, and data marts with consistent controls, providing access to trusted data and powering analytics at scale.

Dataproc

Dataproc images prior to 1.3.95, 1.4.77, 1.5.53, and 2.0.27 are deprecated and cluster creations based on these images will fail starting 2/28/2022.

Google Cloud VMware Engine

Beginning on February 21 2022, the VMware Engine operations team will perform essential maintenance of the network infrastructure to improve equipment robustness and apply security patches. Users affected by this upgrade will receive an email with planned maintenance dates and times.

For details about the upgrade and steps to prepare, see Service announcements.

Google Kubernetes Engine

A security vulnerability, CVE-2022-0492, has been discovered in the Linux kernel's cgroup_release_agent_write function. The attack uses unprivileged user namespaces, and under certain circumstances, this vulnerability can be exploitable for container breakout.

For more information, see the GCP-2022-006 security bulletin.

Service Directory

Service Directory integration with Traffic Director is available in Preview .

After you register a service with Service Directory, the integration makes services in the service registry available to the applications in your mesh and to gateways configured by Traffic Director. Your service mesh and self- managed gateways can then send traffic to these services

Traffic Director

Traffic Director is now integrated with Service Directory. After you register a service with Service Directory, the integration makes services in the service registry available to the applications in your mesh and to gateways configured by Traffic Director. Your service mesh and self- managed gateways can then send traffic to these services.

February 14, 2022

Anthos clusters on Azure

A security vulnerability, CVE-2022-0492, has been discovered in the Linux kernel's cgroup_release_agent_write function. The attack uses unprivileged user namespaces and under certain circumstances this vulnerability can be exploitable for container breakout. For more information, see the GCP-2022-006 security bulletin.

Anthos clusters on VMware

A security vulnerability, CVE-2022-0492, has been discovered in the Linux kernel's cgroup_release_agent_write function. The attack uses unprivileged user namespaces, and under certain circumstances, this vulnerability can be exploitable for container breakout. For more information, see the GCP-2022-006 security bulletin.

BigQuery

The QUALIFY clause, which lets you filter the results of analytic functions in Google Standard SQL, is now generally available (GA).

BigQuery reliability guide is now available. This guide describes how to build solutions with BigQuery that meet your application's needs for availability, durability, consistency, and data recovery. Topics include the following:

BigQuery ML

BigQuery ML time series ARIMA_PLUS now trains models 5 times faster than previous training.

Channel Services

This release adds filters to ListCustomers. You can use these filters to exclude selected customers from search results. For more information, visit our article about these new filters.

Cloud Build

Support for configuring triggers to use a particular service account is now generally available. To learn more, see Configuring user-specified service accounts.

Cloud Functions

Cloud Functions has released Cloud Functions (2nd gen), available at the Preview release level. Cloud Functions (2nd gen) is Google Cloud's next-generation Functions-as-a-Service offering. This new version of Cloud Functions comes with an advanced feature set, giving you more powerful infrastructure, advanced control over performance and scalability, more control around the functions runtime, and triggers from over 90 event sources.

See the Cloud Functions (2nd gen) documentation for details.

Cloud Key Management Service

Virtru is now available as a supported Cloud EKM partner. See Supported key managers to learn more.

Cloud Logging

You can now configure default storage regions and disabled _Default sinks for your Google Cloud organizations and all of their new projects and folders. For details, see Configure default resource settings for Logging.

You can now collect Apache Solr metrics and logs from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Solr.

You can now collect Apache Kafka metrics and logs from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Kafka.

You can now collect MongoDB logs from the Ops Agent, starting with version 2.10.0. For more information, see Collect logs from third-party applications: MongoDB.

Cloud Monitoring

You can now collect Apache Solr metrics and logs from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Solr.

You can now collect Apache Kafka metrics and logs from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Kafka.

You can now collect Apache CouchDB metrics from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: CouchDB.

You can now collect Apache ZooKeeper metrics from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: ZooKeeper.

You can now collect Elasticsearch metrics from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Elasticsearch.

Google Kubernetes Engine

Kubernetes 1.23 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.23 Release Notes, especially the action required and deprecation sections. Also, read the guide for ensuring compatibility of webhook and aggregated API server certificates before the upgrade.

Memorystore for Redis

Added support for enabling read replicas (preview) on existing instances. For more information, see Behavior of enabling read replicas on an existing instance. Also added the capability to perform version upgrade and manual failover operations on instances that use read replicas.

SAP on Google Cloud

SAP NetWeaver certifications: T2D AMD-based general-purpose machine types

For SAP NetWeaver, SAP now certifies Compute Engine general-purpose T2D series machine types with the AMD EPYC Milan CPU platform.

For more information, see T2D general-purpose machine types.

February 11, 2022

Anthos clusters on Azure

A security vulnerability, CVE-2021-43527, has been discovered in any binary that links to the vulnerable versions of libnss3 found in NSS (Network Security Services) versions prior to 3.73 or 3.68.1. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. For more information, see the GCP-2022-005 security bulletin.

Anthos clusters on VMware

A security vulnerability, CVE-2021-43527, has been discovered in any binary that links to the vulnerable versions of libnss3 found in NSS (Network Security Services) versions prior to 3.73 or 3.68.1. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS.

For more information, see the GCP-2022-005 security bulletin.

Cloud Scheduler

Cloud Scheduler jobs for HTTP or Pub/Sub Targets can be deployed in multiple GCP Regions around the world and no longer require that an App Engine application be deployed.

Cloud Spanner

Cloud Spanner now optimizes the way it processes groups of similar statements in DML batches, significantly improving the speed at which it performs batched data writes under certain conditions.

Config Connector

Config Connector version 1.73.0 is now available.

Added support for ComputeFirewallPolicyAssociation resource.

Added support in IAMPartialPolicy and IAMPolicy to cover Organization and BillingAccount resources.

Fixed spec.target.targetHTTPProxyRef issue in ComputeForwardingRule (Issue #596).

CRD go clients (alpha) have moved to pkg/clients/generated/client/clientset/versioned/ package.

Config Controller

Config Controller is now supported in region us-east1.

Config Controller now uses the following versions of its included products:

Dataproc Dataproc Metastore

Performing import, export, backup, or restore on Spanner-backed services now returns a 4XX error since these operations aren't supported.

Added additional mutual exclusion validation for Data Catalog and Spanner-backed services.

Fixed the issue causing request_count metric spikes due to a bug in the logic of our metrics reporting pipeline.

Eventarc Google Kubernetes Engine

A security vulnerability, CVE-2021-43527, has been discovered in any binary that links to the vulnerable versions of libnss3 found in NSS (Network Security Services) versions prior to 3.73 or 3.68.1.

Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS.

For more information, see the GCP-2022-005 security bulletin.

SAP on Google Cloud

SAP NetWeaver certifications: C2D AMD-based compute-optimized machine types

For SAP NetWeaver, SAP now certifies Compute Engine compute-optimized C2D series machine types with the AMD EPYC Milan CPU platform.

For more information, see C2D compute-optimized machine types.

February 10, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.10.1-gke.19 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.1-gke.19 runs on Kubernetes v1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.10, 1.9, and 1.8.

  • Removed unintentional infrastructure log lines from the cluster snapshot.

  • Upgraded the Connect Agent version to 20211210-01-00.

    • This upgrade also fixed the issue where the Connect Agent restarts unexpectedly on either a newly-created cluster or an existing cluster that uses Anthos Identity Service to manage the Anthos Identity Service ClientConfig.

  • Fixed two high severity CVEs:

  • Fixed the short metric probing interval issue that sends a high volume of traffic to the monitoring.googleapis.com endpoint in a cluster.

  • If your admin cluster failed to register with the provided gkeConnect spec during creation, upgrading to a later 1.9 or 1.10 release will fail with the following error:

    failed to migrate to first admin trust chain: failed to parse current version "": invalid version: "" failed to migrate to first admin trust chain: failed to parse current version "": invalid version: ""

    If you have experienced this issue, follow these instructions to fix the gkeConnect registration issue before you upgrade your admin cluster.

BigQuery

BigQuery Omni now supports INFORMATION_SCHEMA.JOBS_* and INFORMATION_SCHEMA.RESERVATION* views. This feature is in Preview. For more information, see View resource metadata (AWS) and View resource metadata (Azure).

Cloud Logging

Your regional preferences, including date and time formatting, are now supported in the Logs Explorer.

Compute Engine

Generally available: Compute-optimized C2D machine types are now generally available. C2D machine types are built on top of third generation AMD EPYC Milan processors and are a great fit for high-performance computing (HPC) workloads. For more information, see Compute-optimized machine family.

Google Kubernetes Engine

Versions 1.21.9-gke.300, 1.22.6-gke.300, and 1.23.2-gke.300 contain a fix for a race condition which could result in erroneously detaching all endpoints from network endpoint groups for a short period.

Security Command Center

Access-related details are now available as finding attributes for all Security Command Center services. These attributes relate to an access event associated with a finding. They contain details such as the caller's IP address, which service and method was called, and what region the access event occurred in. Although access-related attributes are available across all built-in and integrated services, they're only populated by Event Threat Detection at this time. For more information, see the API documentation for the Findings object.

Vertex AI

For Vertex AI featurestore resources, the online store is optional. You can set the number of online nodes to 0. For more information, see Manage featurestores.

February 09, 2022

Cloud Logging

Compute Engine resource names, alongside their corresponding resource IDs, are now supported in the Logs Explorer. For details, see View Compute Engine logs.

Cloud Run

The configured container arguments are now correctly overriding arguments defined inside the container image. This change applies to new services only.

Compute Engine

Public Preview: You can now use the security keys registered for 2-Step Verification in your Google account to connect to VMs that use OS Login. For more information, see Enable security keys with OS Login.

SAP on Google Cloud

SAP NetWeaver certifications: N2D series Compute Engine VMs on the AMD EPYC Milan CPU platform

For SAP NetWeaver, SAP now certifies Compute Engine N2D series machine types with the AMD EPYC Milan CPU platform.

For more information, see N2D general-purpose machine types.

February 08, 2022

Apigee Integrated Portal

On February 8, 2022 we released an updated version of the Apigee Integrated Portal software.

Bug ID Description
212421254 Consumers can access teams in a portal for which they have no IDP account. Before, a consumer could access a team as long as they were added to the team and had an IDP account in the same organization as the team. Now they can only access the team if they are added as a member and have an IDP account in the same portal as the team.
209436418 Display asset file sizes in megabytes. Asset file size was being incorrectly displayed in mebibytes and is now shown in megabytes.
207130598 Improve asset upload error messages. Improved an error message when an unsupported image type was uploaded.
205963075 New portal name rules are not enforced on backend. The same portal name rules that were already enforced on the front end are now also enforced on the backend.
205881764 Cannot delete mobile logo/favicon in Apigee X/Hybrid. Fixed a bug where Apigee X and Hybrid customers could not delete mobile logos or favicons.
205629978 Broken HTML after portals v2 migration. The live portal of the upgraded portal will not be displayed correctly after migrating a portal from v1 to v2.
205581372 Users endpoint should not crash when passed an invalid Enum value. Passing an invalid sortBy value to the providers/{scope}/users endpoint is now handled gracefully.
196875216 Team does not exist exceptions should not be reported as 500s. When API producers attempted to retrieve a team which does not exist, they got an uniformative 500. Now they get an easy-to-read 404.
Apigee UI

On February 8, 2022 we released an updated version of the Apigee UI software.

Bug ID Description
212782769 An issue prevented editing a new target server that used a keystore reference, and selecting a key alias when using a keystore.
Apigee X

On February 8, 2022 we released an updated version of the Apigee X software.

Bug ID Description
N/A Upgraded infrastructure and libraries
Chronicle

Chronicle Forwarder

For the Chronicle Forwarder to function properly, an additional firewall rule is needed for host oauth2.googleapis.com. This information has been added to both the Windows and Linux versions of the Forwarder documentation.

Cloud Billing

Starting in February 2022, if you have committed use discounts (CUDs), Google Cloud Billing calculates the attribution for your fees and credits every hour, to help you track costs faster and more accurately.

Learn about how your CUD fees and credits are attributed across your resources.

Cloud Load Balancing

Network Load Balancing now supports load-balancing ESP (Encapsulating Security Payload) and ICMP (Internet Control Message Protocol) traffic. To handle these protocols, you specify the new L3_DEFAULT protocol on the load balancer's forwarding rule.

For details, see:

This feature is available in General Availability.

External TCP/UDP Network Load Balancing now allows you to configure a connection tracking policy. A connection tracking policy introduces the following new properties to let you customize your load balancer's connection tracking behavior:

To learn about how connection tracking works, see Backend selection and connection tracking.

To learn how to configure a connection tracking policy, see Configure a connection tracking policy.

This feature is available in General Availability.

Network Load Balancing introduces a new monitoring resource type loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule that lets you monitor all the supported protocols including TCP, UDP, ESP, and ICMP.

For details, see Monitoring Network Load Balancing.

This feature is available in Preview.

Cloud Monitoring

You can now view information about your user-defined metrics by using the Diagnostics tab located on the Metrics Explorer page. The Diagnostics tab displays summary information about the user-defined metrics your project injests, charts usage metrics, lists all user-defined metrics. You can use features on this page to create alerts, view audit logs, and get detailed information about individual metrics. For more information, see View metric diagnostics.

You can now configure private uptime checks by using the Cloud Console. For more information, see Create private uptime checks.

Cloud SQL for PostgreSQL

Cloud SQL supports the max_parallel_maintenance_workers, max_parallel_workers,
max_parallel_workers_per_gather, and max_pred_locks_per_transaction flags:

  • max_parallel_maintenance_workers sets the maximum number of parallel workers that can be started by a single utility command.
  • max_parallel_workers sets the maximum number of workers that the system can support for parallel operations.
  • max_parallel_workers_per_gather sets the maximum number of workers that can be started by a single Gather or Gather Merge node.
  • max_pred_locks_per_transaction controls the average number of object locks allocated for each transaction.

For more information, see Supported flags.

Cloud SQL for SQL Server

Cross-region replication is now generally available in Cloud SQL for SQL Server.

You can use replication to scale the use of data in a database without degrading performance. Other reasons include migrating or maintaining data duplicates between regions.

For more information, see Replication in Cloud SQL.

Cloud Spanner

Query statistics now cover DML statements, including inserts, updates, and deletes.

Memorystore for Redis

Added support for upgrading the Redis version of an instance to any higher version.

Storage Transfer Service

Support for agent pools is now generally available (GA) .

You can use agent pools to create isolated groups of agents as a source or sink entity in a transfer job. This enables you to transfer data from multiple data centers and filesystems concurrently, without creating multiple projects for a large transfer spanning multiple filesystems and data centers.

February 07, 2022

Anthos clusters on VMware

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services, and so forth, as governed by a policy.

For instructions and more details, see the GCP-2022-004 security bulletin.

Cloud Build

Cloud Build's Bitbucket Server and Bitbucket Data Center integration is now generally available. Users can build repositories from Bitbucket Server and Bitbucket Data Center, including on-premises instances. For more information, see Building repositories from Bitbucket Server and Building repositories from Bitbucket Data Center.

Cloud Composer

Airflow 2.2.3 is available in Cloud Composer images.

(Airflow 2.2.3) Support for Deferrable Tasks is not available in Cloud Composer yet.

Cloud Composer 1.17.10 and 2.0.3 images are available:

  • composer-2.0.3-airflow-2.2.3
  • composer-2.0.3-airflow-2.1.4
  • composer-2.0.3-airflow-2.0.2
  • composer-1.17.10-airflow-2.2.3
  • composer-1.17.10-airflow-2.1.4
  • composer-1.17.10-airflow-2.0.2
  • composer-1.17.10-airflow-1.10.15 (default)

Cloud Composer versions 1.14.0, 1.14.1, and 1.14.2 have reached their end of full support period.

Cloud DNS

This release fixes an issue in which Audit Logs for PATCH operations on managed zones and DNS server policies were not being generated.

Cloud Monitoring

Using the new Integrations page in the Google Cloud Console, you can now configure third-party application integrations that the Ops Agent supports. The Integrations page provides links to install instructions, displays example dashboards, and lists the metrics and logs that the Ops Agent collects for each integration. For more information, see Manage integrations

Cloud Router

Bidirectional Forwarding Detection (BFD) for Cloud Router is Generally Available (GA).

Cloud SQL for PostgreSQL

Cloud SQL supports the wal_receiver_timeout and wal_sender_timeout flags:

  • The wal_receiver_timeout flag ends replication connections that are inactive for the specified time.
  • The wal_sender_timeout flag, which is for detection by the ending server, ends replication connections that are inactive for the specified time.

For more information, see Supported flags.

Cloud SQL for SQL Server

SQL Server 2019 is now the default version. See Database versions and version policies.

Cloud Spanner

Cloud Spanner's CPU Utilization metrics now provide grouping by all task priorities: low, medium, and high.

Relatedly, Cloud Spanner's monitoring console now lets you view the CPU utilization of your instance by operation type, filtered by task priority.

Dataproc

Added cluster_type field to job and operation metrics in Cloud Monitoring.

Google Cloud Armor

Google Cloud Armor Rate Limiting is now in General Availability.

Google Cloud Marketplace Partners

The deprecated product field on the provider Entitlement resource has been updated. The field now correctly populates the product, quote, or offer depending on the entity that was purchased. If you want to use other fields to view this information, see REST Resource: providers.entitlements.

Security Command Center

Previously, the following Event Threat Detection rules were made temporarily unavailable because they were generating extraneous findings:

  • Persistence: New API Method
  • Persistence: New Geography

The underlying issue has been resolved. These rules are now operational. For more information, see Event Threat Detection rules.

Security Health Analytics, a built-in service of Security Command Center, released the OPEN_GROUP_IAM_MEMBER detector to General Availability.

February 04, 2022

Anthos Service Mesh

Using the fleet feature API to set up managed Anthos Service Mesh with automatic control plane management is now available as a preview feature in the rapid, regular, and stable release channels. For more information, see Configure managed Anthos Service Mesh with fleet API.

Anthos clusters on AWS

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services etc, as governed by a policy.

Anthos clusters on AWS is unaffected.

For instructions and more details, see the GCP-2022-004 security bulletin

Anthos clusters on AWS (previous generation)

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services etc, as governed by a policy.

Anthos clusters on AWS is unaffected.

For instructions and more details, see the GCP-2022-004 security bulletin.

Anthos clusters on Azure

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services etc, as governed by a policy.

For instructions and more details, see the GCP-2022-004 security bulletin

Anthos clusters on bare metal

Security bulletin (all minor versions)

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions, such as rebooting the system, installing packages, restarting services, as governed by a policy.

For instructions and more details, see the GCP-2022-004 security bulletin.

Cloud SQL for PostgreSQL

The following PostgreSQL minor versions and extension versions are now available. If you use maintenance windows, you might not yet have these versions. In this case, you will see the new versions after your maintenance update occurs. To find your maintenance window or manage maintenance updates, see Finding and setting maintenance windows.

  • 14.0 is upgraded to 14.1.
  • 13.4 is upgraded to 13.5.
  • 12.8 is upgraded to 12.9.
  • 11.13 is upgraded to 11.14.
  • 10.18 is upgraded to 10.19.
  • 9.6.23 is upgraded to 9.6.24.

Additionally, the following extensions have been upgraded. For more information about these and other extensions, see PostgreSQL extensions.

  • The pglogical extension is upgraded to 2.4.1.

  • The pgaudit extension is upgraded as follows:

    • For PostgreSQL 14, upgraded to 1.6.1.
    • For PostgreSQL 13, upgraded to 1.5.1.
    • For PostgreSQL 12, upgraded to 1.4.2.
    • For PostgreSQL 11, upgraded to 1.3.3.
    • For PostgreSQL 10, upgraded to 1.2.3.
    • For PostgreSQL 9.6, upgraded to 1.1.4.
Compute Engine

Generally available: Support for the Intel Ice Lake processor on general purpose N2 VMs has reached general availablity.

Generally available: The n2-node-128-864 sole-tenant node type.

Dataproc Metastore

Creating a Dataproc Metastore service results in the error NO_MATCHING_ACCESS_LEVEL due to dns.googleapis.com in the service perimeter but not in the allowlist. To work around this issue, remove dns.googleapis.com from the perimeter during API calls.

Data Catalog sync users must request roles/metastore.metadataViewer to view synced Dataproc Metastore entries in Data Catalog. The roles/metastore.Admin and roles/metastore.Editor no longer support metastore databases and tables permissions.

The request_count metric spikes due to a bug in the logic of our metrics reporting pipeline.

Google Kubernetes Engine

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services etc, as governed by a policy. GKE clusters are not affected.

For instructions and more details, see the GCP-2022-004 security bulletin.

You will not be able to create new node pools that use a Docker node image starting with GKE v1.23 when:

  • Creating a new cluster,
  • Adding a node pool to an existing cluster, or
  • Using Node Auto-provisioning (NAP) with --autoprovisioning-image-type set to Docker node images.
  • For existing clusters, you will also not be able to change the value of --autoprovisioning-image-type to Docker node images.

If you are upgrading your GKE clusters from GKE v1.22 to v1.23, then you will be able to continue using:

  • Docker node pools that were configured before the upgrade.
  • Cluster Autoscaler on Docker node pools.
  • Node Auto-provisioning (NAP) with --autoprovisioning-image-type set to Docker node images if it was configured before upgrading to v1.23. However, we highly recommend you to migrate to GKE node images that use the Containerd container runtime.

For your reference, below are the GKE node images for the Containerd and Docker container runtimes:

  • Containerd container runtime (recommended): cos_containerd, ubuntu_containerd, windows_ltsc_containerd, windows_sac_containerd
  • Docker container runtime (unsupported starting with v1.24): cos, ubuntu, windows_ltsc, windows_sac

Containerd is the default runtime on GKE. Most user workloads do not have dependencies on the container runtime. Support for Docker as a container runtime on Kubernetes nodes will be removed from OSS Kubernetes and GKE starting with v1.24. If you use a node image based on Docker container runtime, please migrate your GKE workloads to a Containerd node image as soon as possible. For more details, see Containerd node images.

Traffic Director

Traffic Director new service routing APIs are available in preview. The new APIs simplify routing and service mesh configuration with new Mesh, Gateway, and Route resources.

Related to this change, new options are available for automated Envoy deployment.

February 03, 2022

BigQuery

The BigQuery migration assessment is now available in Preview. Use this feature to assess the complexity of migrating from your current data warehouse to BigQuery.

BigQuery ML

BigQuery ML Hyperparameter tuning is now generally available (GA). You can use this feature to improve model performance by searching for the optimal hyperparameters when training ML models using CREATE MODEL statements.

To learn more, check out the following topics:

Cloud Monitoring

You can now save a copy of a chart on a predefined dashboard to one of your custom dashboards by selecting Add to Custom Dashboard from the More Options menu on the chart. When you select a custom dashboard, you also have the option of renaming the copied chart.

Cloud TPU

Cloud TPU now supports Tensorflow 2.8.0. For more information, see TensorFlow 2.8.0 Release Notes.

Compute Engine

Rate limits for all Compute Engine requests have the following changes:

  • All per-user rate limits are removed.
  • Rate limits are now enforced in 1-minute (60-second) intervals instead of 100-second intervals.
  • Due to this change, you might receive more 403 rateLimitExceeded errors when bursting.
    • Although per-second rate limits increased slightly, the enforcement intervals are now shorter, so the maximum number of requests per enforcement interval is slightly reduced overall. For example, the default Queries group's rate limit is changing from 20 requests per second with a maximum of 2000 requests per 100 seconds to 25 requests per second with a maximum of 1500 requests per 60 seconds.

Additionally, rate limits are now documented for the following groups:

  • Instance list referrer requests
  • Instance get serial port output requests

For details, see API rate limits.

Duplicate API quota groups are displayed in the Cloud Console. For more information about requesting API quota, see Known issues.

Data Catalog

In the Data Catalog table details page, there is now an additional section called Schema and column tags that lets you view the applied schema and their values. For more information, see View table details.

Google Cloud Deploy

Google Cloud Deploy is now available in the following regions:

  • northamerica-northeast1 (Montréal)
  • asia-northeast1 (Tokyo)
Google Kubernetes Engine

(2022-R02) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Control plane and node version 1.19.16-gke.6100 is now available.
  • Control plane and node version 1.20.15-gke.300 is now available.
  • Control plane and node version 1.21.9-gke.300 is now available.
  • Control plane and node version 1.22.6-gke.300 is now available.
  • Control plane version 1.21.5-gke.1302 is no longer available.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.16-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.

Stable channel

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.1500 with this release.

Regular channel

  • Version 1.22.3-gke.1500 is now available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.

Rapid channel

  • Version 1.22.4-gke.1501 is now the default version in the Rapid channel.
  • Version 1.21.9-gke.300 is now available in the Rapid channel.
  • Version 1.22.6-gke.300 is now available in the Rapid channel.
  • Version 1.23.2-gke.300 is now available in the Rapid channel.
  • Version 1.21.5-gke.1802 is no longer available in the Rapid channel.
  • Version 1.23.1-gke.500 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.4-gke.1501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.2-gke.300 with this release.

(2022-R02) Version updates

  • Version 1.22.3-gke.1500 is now available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.

(2022-R02) Version updates

  • Version 1.22.4-gke.1501 is now the default version in the Rapid channel.
  • Version 1.21.9-gke.300 is now available in the Rapid channel.
  • Version 1.22.6-gke.300 is now available in the Rapid channel.
  • Version 1.23.2-gke.300 is now available in the Rapid channel.
  • Version 1.21.5-gke.1802 is no longer available in the Rapid channel.
  • Version 1.23.1-gke.500 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.4-gke.1501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.2-gke.300 with this release.

(2022-R02) Version updates

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.1500 with this release.

(2022-R02) Version updates

  • Control plane and node version 1.19.16-gke.6100 is now available.
  • Control plane and node version 1.20.15-gke.300 is now available.
  • Control plane and node version 1.21.9-gke.300 is now available.
  • Control plane and node version 1.22.6-gke.300 is now available.
  • Control plane version 1.21.5-gke.1302 is no longer available.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.16-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.
Pub/Sub Lite

Pub/Sub Lite now supports regional Lite topics that replicate data to a secondary zone.

SAP on Google Cloud

SAP HANA certifications: N2 series Compute Engine VMs on the Intel Ice Lake CPU platform

SAP now certifies Compute Engine N2 series machine types with the Intel Ice Lake CPU platform. The new SAP HANA certifications include two new machine sizes, n2-highmem-96 and n2-highmem-128.

For more information, see Certified Compute Engine VMs for SAP HANA.

SAP NetWeaver certifications: N2 series Compute Engine VMs on the Intel Ice Lake CPU platform

SAP now certifies Compute Engine N2 series machine types with the Intel Ice Lake CPU platform. The new SAP NetWeaver certifications include two new machine sizes, n2-highmem-96 and n2-highmem-128.

For more information, see N2 general-purpose machine types.

Secret Manager

Secret manager now supports data checksums when adding or accessing a secret version.

February 02, 2022

Anthos

Anthos component releases for January, 2022

Anthos clusters on VMware:

Anthos clusters on bare metal:

Anthos clusters on AWS:

Anthos Config Management:

Anthos Service Mesh:

Connect:

  • N/A

Cloud Run for Anthos:

  • N/A

Migrate for Anthos and GKE:

Cloud Logging:

Cloud Monitoring:

Apigee UI

On February 2, 2022 we released an updated version of the Apigee UI software.

The Apigee provisioning wizard can now auto-allocate /22 and /28 IP address ranges, instead of the larger /21 range

This feature makes it easier to allocate IP address ranges when you are provisioning Apigee. The feature is an enhancement to the IP range feature released on Jan. 24, 2022.

Bug ID Description
205810610 Products couldn't be removed from an app if the product's name contained a trailing space
BigQuery

The WITH RECURSIVE feature has been added to Google Standard SQL for BigQuery and is now in Preview. This feature allows a query in a WITH clause to refer to either itself or to queries defined later in the WITH clause.

Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

  • Google Kubernetes Engine
    • apps.k8s.io/Deployment
  • Cloud Billing
    • cloudbilling.googleapis.com/ProjectBillingInfo

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

  • Cloud Billing
    • cloudbilling.googleapis.com/ProjectBillingInfo
Cloud Debugger

Cloud Debugger now has Preview support for VPC Service Controls.

Deep Learning Containers

M89 release

Deep Learning VM Images

M89 release

Google Kubernetes Engine

Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185 have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems and Anthos clusters on VMware node operating systems (COS and Ubuntu).

Pods using GKE Sandbox are not vulnerable to these vulnerabilities. For more information, see the GCP-2022-002 security bulletin.

Security Command Center

Event Threat Detection, a built-in service of Security Command Center, launched the Exfiltration: BigQuery Data to Google Drive rule to Preview. This rule detects events where the protected organization's BigQuery data is saved, through extraction operations, to a Google Drive folder. For more information, see Event Threat Detection rules.

Tensorflow Enterprise

TensorFlow Enterprise 2.8 is now available and includes Long Term Version Support.

February 01, 2022

Anthos clusters on bare metal

Release 1.8.8

Anthos clusters on bare metal 1.8.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.8.8 runs on Kubernetes 1.20.

Fixes:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Cloud Billing

Starting on February 1, 2022, Google Cloud usage by customers in Bahrain is subject to 10% VAT.

Learn about taxes applied in your country.

Cloud Monitoring

You can now view SLOs on a custom dashboard. For more information, see Display SLOs on a dashboard.

Cloud SQL for PostgreSQL

Query Insights lets you configure the query sampling rate. For information, see Using Query Insights to improve query performance.

Compute Engine

As of February 1, 2022, all CentOS 8 images are deprecated. CentOS 8 reached EOL on December 31, 2021. If you use CentOS 8 images in your project, review CentOS 8 end of life.

Config Connector

Config Connector version 1.72.1 is now available.

Miscellaneous bug fixes.

Dataproc

Enabled the Resource Manager UI and HA capable UIs in HA cluster mode.

1.4.80-debian10 and 1.4.80-ubuntu18 are the last releases for the 1.4 images. Dataproc 1.4 images will no longer be supported and will not receive new releases.

New sub-minor versions of Dataproc images:

1.4.80-debian10 and 1.4.80-ubuntu18

1.5.56-debian10, 1.5.56-ubuntu18, and 1.5.56-centos8

2.0.30-debian10, 2.0.30-ubuntu18, and 2.0.30-centos8

Configured Zeppelin Spark interpreter to run in YARN client mode by default for image version 2.0.

Kf

Bug fix for Kf Build garbage collection.

Added buildTimeout configuration feature.

Transcoder API

VP9 codec settings do not support a rateControlMode set to crf (constant rate factor).

The v1beta1 API is no longer available. As previously announced, the v1beta1 API was deprecated in July 2021.

Added v1 gcloud commands.

Added a guide on how to concatenate multiple input videos into a single output video.

VPC Service Controls

General availability for the following integrations:

Preview support for the following integration:

January 31, 2022

Access Approval

Access Approval provides a public issue tracker that you can use for suggesting product features, providing product and documentation feedback, and reporting issues. For more information, see File bugs or feature requests.

Access Transparency

Access Transparency provides a public issue tracker that you can use for suggesting product features, providing product and documentation feedback, and reporting issues. For more information, see File bugs or feature requests.

Apigee hybrid

hybrid v1.6.4

On January 31, 2022 we released an updated version of the Apigee hybrid v1.6.4 software

For information on upgrading, see Upgrading Apigee hybrid to version 1.6.

Bug ID Description
214960081 HTTPS endpoints could be called as HTTP resulting in an "EOF unexpected" error.
210590135 Invalid protocol in proxy.url flow variable in Apigee X. The proxy.url flow variable could show as http even when the request is https.
203785814 A transient error could occur when calling conversion webhook for Apigee Telemetry. The error would occur when Apigee CRD is installed too early in the sequence. The installer job now checks for the correct sequence.
197945951 Stale DNS record in MP memory could cause an outage for a proxy.
210314786 The backup utility did not work with workload identity.
BigQuery Cloud Data Fusion

The SAP OData plugin is generally available (GA). You can use SAP as a source for batch-based data extraction in Cloud Data Fusion using the Open Data Protocol (OData). This plugin is available in any Cloud Data Fusion edition, version 6.4.0 and later.

Cloud Key Management Service

You can now use Cloud EKM with a Virtual Private Network (preview). This means you can access your external key manager with a private endpoint.

See Using Cloud EKM with VPC to learn more.

Cloud SQL for MySQL

The Key Access Justifications (KAJ) feature is now generally available in Cloud SQL. You can use KAJ as part of Cloud External Key Manager (EKM). KAJ enables you to view the reason for each Cloud EKM request. Additionally, based on the justification provided, you can automatically approve or deny a request. For related information, see the Overview.

Cloud SQL for PostgreSQL

The Key Access Justifications (KAJ) feature is now generally available in Cloud SQL. You can use KAJ as part of Cloud External Key Manager (EKM). KAJ enables you to view the reason for each Cloud EKM request. Additionally, based on the justification provided, you can automatically approve or deny a request. For related information, see the Overview.

Cloud SQL for SQL Server

The Key Access Justifications (KAJ) feature is now generally available in Cloud SQL. You can use KAJ as part of Cloud External Key Manager (EKM). KAJ enables you to view the reason for each Cloud EKM request. Additionally, based on the justification provided, you can automatically approve or deny a request. For related information, see the Overview.

Compute Engine

Restructured documentation to better group content and improve discoverability.

Dataproc

Dataproc Serverless for Spark now uses runtime version 1.0.2, which updates Spark to 3.2.1 version.

Google Kubernetes Engine

In GKE, you can now filter Pub/Sub cluster notifications by notification type. For more information, see Receive cluster notifications.

When creating a maintenance exclusion window, you can restrict the exclusion to specify types of maintenance. For example, during a specific time period you can exclude minor upgrades from occurring on your cluster. For more information, see Maintenance exclusions documentation.

SAP on Google Cloud

BigQuery Connector for SAP: Google Cloud BigQuery Connector for SAP is now generally available (GA).

With BigQuery Connector for SAP version 2.0, the GA release, you can replicate SAP application data changes into BigQuery in near real-time for analytical and ML/AI consumption. BigQuery Connector for SAP connects SAP Landscape Transformation Replication Server directly to BigQuery through the BigQuery streaming API.

For more information, see:

Security Command Center

Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, is in Preview. During the Preview, VM Threat Detection detects cryptocurrency mining software, which is among the most common types of software installed in compromised cloud environments.

For more information, see Virtual Machine Threat Detection conceptual overview.

Web Security Scanner, a built-in service of Security Command Center, released the CACHEABLE_PASSWORD_INPUT and SESSION_ID_LEAK finding types.

For more information, see Web Security Scanner findings.

Web Security Scanner, a built-in service of Security Command Center, provides detectors for the OWASP Top 10 2017 and OWASP Top 10 2021. For more information, see Detectors and Compliance.

Workflows

January 28, 2022

Anthos Service Mesh

The Anthos Service Mesh dashboard in the Cloud Console now supports cross-project clusters, Anthos on GKE-on-vSphere (on-prem), and Anthos on Bare Metal. For more information, see Observability overview.

Apigee X

On January 28, 2022 we released an updated version of the Apigee X software.

UI updates for service networking and instance creation

UI updates were made to support changes to network IP CIDR range requirements for service networking and instance creation. These changes simplify Apigee provisioning.

Apigee hybrid

hybrid v1.5.7

On January 28, 2022 we released an updated version of the Apigee hybrid v1.5.7 software

For information on upgrading, see Upgrading Apigee hybrid to version 1.5.

Bug ID Description
214960081 HTTPS endpoints could be called as HTTP resulting in an EOF unexpected error.
204368970 TLS variables were not being set by Apigee Runtime.
189341334 Fixed potential connection leaks for watcher component.
App Engine standard environment Go

Builds are now handled by regional Cloud Build pools within the selected App Engine region. To view build logs, go to Cloud Build in the Cloud Console, select the History page, and select the region you would like to filter by.

Builds are now handled by regional Cloud Build pools within the selected App Engine region. To view build logs, go to Cloud Build in the Cloud Console, select the History page, and select the region you would like to filter by.

App Engine standard environment Java

Builds are now handled by regional Cloud Build pools within the selected App Engine region. To view build logs, go to Cloud Build in the Cloud Console, select the History page, and select the region you would like to filter by.

Builds are now handled by regional Cloud Build pools within the selected App Engine region. To view build logs, go to Cloud Build in the Cloud Console, select the History page, and select the region you would like to filter by.

App Engine standard environment Node.js

Builds are now handled by regional Cloud Build pools within the selected App Engine region. To view build logs, go to Cloud Build in the Cloud Console, select the History page, and select the region you would like to filter by.

App Engine standard environment PHP

Builds are now handled by regional Cloud Build pools within the selected App Engine region. To view build logs, go to Cloud Build in the Cloud Console, select the History page, and select the region you would like to filter by.

Builds are now handled by regional Cloud Build pools within the selected App Engine region. To view build logs, go to Cloud Build in the Cloud Console, select the History page, and select the region you would like to filter by.

App Engine standard environment Python

Builds are now handled by regional Cloud Build pools within the selected App Engine region. To view build logs, go to Cloud Build in the Cloud Console, select the History page, and select the region you would like to filter by.

Builds are now handled by regional Cloud Build pools within the selected App Engine region. To view build logs, go to Cloud Build in the Cloud Console, select the History page, and select the region you would like to filter by.

App Engine standard environment Ruby

Builds are now handled by regional Cloud Build pools within the selected App Engine region. To view build logs, go to Cloud Build in the Cloud Console, select the History page, and select the region you would like to filter by.

Certificate Manager

This is the initial Preview release of Certificate Manager.

Cloud CDN

Cloud CDN support for custom named cookies and headers in the cache key are Generally Available. You can use these features for A/B (multivariate) testing, canary testing, and similar scenarios. Allowlisting of query parameters is now also enabled for backend buckets, to allow for cache busting.

For details, see the caching documentation.

Cloud Composer

The DAG UI feature was rolled back. We plan to make it available with the next release of Cloud Composer.

Cloud Healthcare API

The Healthcare Natural Language API now uses Vertex AI to extract medical insights from medical text. A new model is now used for healthcare-specific entity extraction.

Cloud Key Management Service

Cloud EKM now supports Cloud Run, Dataproc, and Vertex AI. For more information, see Cloud External Key Manager.

Cloud Talent Solution Job Search

Fixed a bug with certain DIVERSIFICATION_LEVELS where results were dropped.

Improvements in spell correction.

Cloud Translation

Cloud Translation - Advanced (v3) support for a regional EU endpoint is now generally available (GA).

VPC Service Controls

Beta stage support for the following integration:

Workflows

Workflows is now available in the following regions:

  • europe-west1 (Belgium)
  • europe-west6 (Zurich)
  • us-east1 (South Carolina)

January 27, 2022

Actifio

This update addresses shortcomings to minimize support/manual intervention required to make the service usable immediately after subscription.

  • Expanded deployment automation to eliminate manual steps required to deploy into service projects

  • Use-case based self-service sizing of backup engines

  • Streamlined hybrid deployments require fewer manual steps and no intervention from Support

  • Auto-upgrades are included in the deployment process

Reduced operational toil

  • Automated service monitoring through deeper integration with Google Cloud monitoring and alerting tools

  • Improved operational efficiency of service in billing, support, and customer onboarding

Improved usage telemetry and supportability.

Anthos Config Management

Eliminated duplicate metrics and reduced nonessential tags. For a full list of metrics, see Monitor Config Sync in multi-repo mode.

Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: a478ae6).

This release note was updated on January 31, 2022. The update removed information about two new templates K8sPSPAutomountServiceAccountTokenPod and RestrictNetworkExclusions that are not yet available.

This release note was updated on January 31, 2022. The update removed information about a new field cpuRatio that is not yet available.

This release note was updated on January 28, 2022. The update removed information about a change to the K8sRestrictRoleBindings template that is not yet available.

Fixed the issue in legacy mode (not using RootSync and RepoSync APIs) where unmanaged namespaces (with the configmanagement.gke.io/managed:disabled annotation) were deleted in the cluster when they were deleted from the repository.

Fixed the issue where nomos bugreport could leak Git proxy credentials if present in the git-sync ConfigMap.

Anthos clusters on AWS (previous generation)

Anthos Clusters on AWS aws-1.10.1-gke.0 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:

  • 1.21.8-gke.2000
  • 1.20.14-gke.2000
  • 1.19.16-gke.5300

The release note from December 14 has been updated to clarify which service account no longer needs the ServiceUsageViewer role. The ServiceUsageViewer role is now required for the user that runs the anthos-gke command-line tool.

Anthos clusters on bare metal

Release 1.9.4

Anthos clusters on bare metal 1.9.4 is now available for download. To upgrade, see Upgrade Anthos on bare metal. Anthos clusters on bare metal 1.9.4 runs on Kubernetes 1.21.

Fixes:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Release 1.10.1

Anthos clusters on bare metal 1.10.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.1 runs on Kubernetes 1.21.

Fixes:

  • Fixed PreflightCheck to allow the preflightCheck.Spec.ConfigYAML field to be empty.

  • Fixed PreflightCheck to allow an existing GKE Hub membership, if the cluster already exists.

  • Fixed issue that blocked access to external Virtual IP addresses of Services, such as a Load Balancer, when Flat IPv4 is enabled.

  • Fixed issue in which the use of –nodes/ and –node-ssh-key flags when taking an admin-less snapshot of a cluster resulted in an empty snapshot.

  • Fixed issue that caused installation of version 1.10.0 clusters to fail when the umask setting for the root user on the target machine wasn't 0022. For more information, see Failure on systems with restrictive umask setting.

  • Fixed issue in which BGP load balancer preflight checks failed if the Kubernetes interface had a period ('.') in the name. (For example, VLAN interfaces often have names such as eth0.1).

  • The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Cloud Asset Inventory

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

  • Access Policy (VPC Service Controls Policy)
    • identity.accesscontextmanager.googleapis.com/AccessLevel
    • identity.accesscontextmanager.googleapis.com/AccessPolicy
    • identity.accesscontextmanager.googleapis.com/ServicePerimeter
Cloud Storage

The Storage Object Admin IAM role now correctly includes all storage.multipartUploads permissions.

Google Kubernetes Engine

Starting with GKE version 1.23.0, if a Kubernetes event is created using k8s.io/api/core/v1, the LastTimestamp field is used as the timestamp of the corresponding event log if the field is non-empty. Otherwise, the timestamp field will be unset and will be determined by Cloud Logging.

If a Kubernetes event is created using k8s.io/api/events/v1, the Series.LastObservedTime field is used as the timestamp of the corresponding event log if the field is non-empty. Otherwise, the timestamp field will be unset and will be determined by Cloud Logging. An event created with k8s.io/api/events/v1 will be converted to k8s.io/api/core/v1 before exporting to Cloud Logging.

Log payload of an event log will contain the LastTimestamp field from k8s.io/api/core/v1 Event API. If an event is created using k8s.io/api/events/v1, the value of this field will be null. Instead, use the Series.LastObservedTime field in the log payload.

Identity and Access Management

You can now set an expiry time for all newly created service account keys in your project, folder, or organization. This feature is in Preview. To use this feature, request access to the Preview release.

Kf

Support for Anthos Service Mesh v1.12

Storage Transfer Service

Storage Transfer Service now offers Preview support for moving data between two filesystems and keeping them in sync on a periodic schedule. Transfers can be orchestrated by creating a transfer job through the API or gcloud command-line tool. See Transfer data between POSIX file systems for details.

This launch offers a managed way to migrate from a self-managed filesystem to Filestore. If you have on-premises systems generating massive amounts of data that needs to be processed in Google Cloud, you can now use Storage Transfer Service to accelerate data transfer from an on-prem filesystem to a cloud filesystem.

Storage Transfer Service now offers Preview support for preserving POSIX attributes and symlinks when transferring to, from, and between POSIX filesystems. Attributes include the user ID of the owner, the group ID of the owning group, the mode or permissions, the modification time, and the size of the file. See Metadata preservation for details.

January 26, 2022

Cloud Load Balancing

Internal HTTP(S) Load Balancing now supports Shared VPC configurations where the load balancer's frontend and URL map can be created in a host or service project, while the backend services and backends can be distributed across multiple service projects in the Shared VPC environment. This is referred to as cross-project service referencing. Cross-project backend services can be referenced in a single URL map.

Cross-project service referencing gives service developers and admins autonomy over the exposure of their services through the centrally managed load balancer.

For details, see:

This feature is available in Preview.

Cloud Logging

You can now collect Apache Tomcat metrics and logs from the Ops Agent, starting with version 2.9.0. For more information, see Monitoring third-party applications: Apache Tomcat.

You can now collect PostgreSQL metrics and logs from the Ops Agent, starting with version 2.9.0. For more information, see Monitoring third-party applications: PostgreSQL.

You can now collect Elasticsearch logs from the Ops Agent, starting with version 2.9.0. For more information, see Monitoring third-party applications: Elasticsearch.

Starting with Ops Agent version 2.9.0, you can use the exclude_logs logging processor to prevent the Ops Agent from ingesting specific logs. For more information, see Logging processors.

Cloud Monitoring

You can now collect Apache Tomcat metrics and logs from the Ops Agent, starting with version 2.9.0. For more information, see Monitoring third-party applications: Apache Tomcat.

You can now collect PostgreSQL metrics and logs from the Ops Agent, starting with version 2.9.0. For more information, see Monitoring third-party applications: PostgreSQL.

Compute Engine

Generally available: Support for up to 48 vCPUs and 312 GB memory on virtual machine (VM) instances that have a single T4 GPU attached is now generally available.

For more information, see Network bandwidths and GPUs.

Dataproc Metastore

Dataproc Metastore Auxiliary versions are available in Preview.

Spanner database type is available in Preview.

Document AI

Enrichment using the Knowledge Graph is now Generally Available.

For more information, see Enterprise Knowledge Graph field enrichment.

Security Command Center

Security Command Center supports CIS Google Cloud Computing Foundations Benchmark v1.2.0 (CIS Google Cloud Foundation 1.2.0).

The following detectors have been added:

  • BIGQUERY_TABLE_CMEK_DISABLED
  • CONFIDENTIAL_COMPUTING_DISABLED
  • DNS_LOGGING_DISABLED
  • SQL_EXTERNAL_SCRIPTS_ENABLED
  • SQL_LOG_DURATION_DISABLED
  • SQL_LOG_ERROR_VERBOSITY
  • SQL_LOG_EXECUTOR_STATS_ENABLED
  • SQL_LOG_HOSTNAME_ENABLED
  • SQL_LOG_MIN_ERROR_STATEMENT_SEVERITY
  • SQL_LOG_MIN_MESSAGES
  • SQL_LOG_PARSER_STATS_ENABLED
  • SQL_LOG_PLANNER_STATS_ENABLED
  • SQL_LOG_STATEMENT
  • SQL_LOG_STATEMENT_STATS_ENABLED
  • SQL_REMOTE_ACCESS_ENABLED
  • SQL_SKIP_SHOW_DATABASE_DISABLED
  • SQL_TRACE_FLAG_3625
  • SQL_USER_CONNECTIONS_CONFIGURED
  • SQL_USER_OPTIONS_CONFIGURED

For more information, see Detectors and compliance.

January 25, 2022

BigQuery ML

Explainable AI in BigQuery ML is now generally available (GA). This feature helps you understand BigQuery ML prediction or forecasting results at scale. For additional information about explainable AI, see the following:

Certificate Authority Service

Certificate Authority Service provides a public issue tracker that you can use for suggesting product features, providing product and documentation feedback, and reporting issues. For more information, see File bugs or feature requests.

Cloud Asset Inventory

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

  • Cloud Dataplex
    • dataplex.googleapis.com/Asset
    • dataplex.googleapis.com/Zone
    • dataplex.googleapis.com/Task
    • dataplex.googleapis.com/Lake
Cloud Functions

Cloud Functions support for secrets is now at the General Availability release level.

Cloud Router

The Cloud Router documentation now includes a page that describes the possible values for a BGP session's state. Also, the documentation about diagnostic messages and session states related to Bidirectional Forwarding Detection (BFD) has moved from Troubleshooting to a new page. BFD is in preview and is covered by the Pre-GA Offerings Terms of the Google Cloud Terms of Service.

Cloud Spanner

Starting no sooner than February 23, 2022, the data type of the COLUMN_DEFAULT column in the information schema's COLUMNS table will change from BYTES to STRING. This aligns better with industry standards, and enables future improvements to Cloud Spanner.

Config Connector

Config Connector version 1.72.0 is now available.

Added support for LoggingLogBucket resource.

Added support for CloudFunctionsFunction resource.

Added fields spec.alertStrategy and spec.conditions.conditionMatchedLog to MonitoringAlertPolicy resource.

January 24, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.9.3-gke.4 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.3-gke.4 runs on Kubernetes v1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.10, 1.9, and 1.8.

Fixes for version 1.9.3:

  • Fixed issue where special characters in the vSphere username are not properly escaped.

Changes in version 1.9.3:

  • Upgraded the Connect Agent version to 20211210-01-00.

    • This upgrade also fixed the issue where the Connect Agent restarts unexpectedly on a newly-created cluster that uses Anthos Identity Service to manage the Anthos Identity Service ClientConfig.

Known issue in version 1.9.3:

  • The Connect Agent restarts unexpectedly on an existing cluster that uses Anthos Identity Service to manage the Anthos Identity Service ClientConfig. If you have experienced this issue, follow these instructions to upgrade the Connect Agent version.

Anthos clusters on VMware 1.8.6-gke.4 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.6-gke.4 runs on Kubernetes 1.20.12-gke.1500.

Fixes for version 1.8.6:

  • Fixed issue where special characters in the vSphere username are not properly escaped.
Apigee X

On January 24, 2022 we released an updated version of the Apigee X software.

Reduce the IP range required to peer your VPC network

The required IP range needed to peer your VPC network to the Apigee network is now limited to a non-overlapping CIDR range of /22. This change simplifies Apigee provisioning. Note that the provisioning step for service network configuration has been updated to reflect this change. For more information, see Understanding peering ranges.

Dataproc

Dataproc Serverless for Spark now uses runtime version 1.0.1, which includes improved error messaging for network connectivity issues.

Dialogflow

Dialogflow CX has a new agent design best practices guide.

Memorystore for Redis

Released the RDB Snapshots (Preview) feature for Memorystore for Redis. For more details, see RDB Snapshots.

Security Command Center

Web Security Scanner, a built-in service of Security Command Center, released the SQL_INJECTION and STRUTS_INSECURE_DESERIALIZATION finding types.

For more information, see Web Security Scanner findings.

Service Directory

Private network access in Service Directory is available in GA.

Private network access helps supported Google Cloud services to connect directly to VPC networks.

Virtual Private Cloud Workflows

Callback endpoints are now generally available (GA).

January 21, 2022

Cloud DNS

Managing routing policies in Cloud DNS is available in GA.

Cloud Monitoring

Private uptime checks are now available in Preview. Private uptime checks enable HTTP requests into a customer Virtual Private Cloud (VPC) network while enforcing Identity and Access Management (IAM) restrictions and VPC Service Controls perimeters. Private uptime checks can send requests over the private network to resources like a virtual machine (VM) or an L4 internal load balancer (ILB).

For more information, see Create private uptime checks.

Cloud Vision

OCR model update

We have updated the "builtin/latest" OCR model with quality improvements. Consequently, customers can continue to test this model for 90 additional days.

Please note that you have 90 days from today to test the new model by specifying "builtin/latest" in the model field of the Feature object. At the end of that period, it will be promoted to the default model accessible as "builtin/stable". After that event, the original models will still be available for another 90 days using "builtin/legacy". If you encounter problems with this upgrade, please contact Vision API engineering team by submitting a ticket in the private issue tracker.

For the original announcement of this change, see the October 1, 2021 release note.

Region forwarding from the global to the regional endpoint has been deprecated. For more information, see the October 1, 2021 release note.

Document AI

The Intelligent Document Quality Processor is now publicly accessible and now supports 3 more defect types:

  • quality/defect_document_cutoff
  • quality/defect_text_cutoff
  • quality/defect_glare
Google Kubernetes Engine

1.23 is now available in the Rapid channel

Kubernetes 1.23 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.23 Release Notes, especially the action required and deprecation sections.

Notable features

Beta: PodSecurity admission

PodSecurity replaces the deprecated PodSecurityPolicy admission controller (which will be removed in 1.25). PodSecurity is an admission controller that enforces Pod Security Standards on Pods in a Namespace based on specific namespace labels that set the enforcement level. In 1.23, the PodSecurity feature is enabled by default, and applies to namespaces that opt into enforcement. Refer to the PodSecurity documentation and PodSecurityPolicy migration guide for more information.

Notable changes and bug fixes

Kubernetes 1.23 is built with go1.17, which requires aggregated API servers, admission webhooks, and custom resource conversion webhooks to use TLS certificates that include the service DNS name as a subjectAltName.

  • Before upgrading to 1.23, ensure any non-local aggregated API servers, admission webhooks, and custom resource conversion webhooks in your cluster are served using valid TLS certificates.

  • At cluster version 1.22.3-gke.700 or higher, GKE provides a Cloud Audit log to check if your cluster contains an affected service. You can use the following filter to search for the logs:

    logName: "projects/$PROJECT/logs/cloudaudit.googleapis.com%2Factivity"
resource.type = "k8s_cluster"
operation.producer = "k8s.io"
"invalid-cert.webhook.gke.io"

  • If you are not affected you won't see any logs. If you do see such an audit log, it will include the name of the service (whether webhook or aggregated API).

New API versions

  • flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration
  • autoscaling/v2 HorizontalPodAutoscaler

Deprecated API versions

These APIs are still served in version 1.23 but are in a deprecation period:

  • PodSecurityPolicy
    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 with removal targeted for version 1.25.
  • The following Beta versions of graduated APIs will be removed in 1.25 in favor of their GA versions:
    • discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
    • policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
    • batch/v1beta1 CronJob, deprecated since 1.21
    • node.k8s.io/v1beta RuntimeClass
    • autoscaling/v2beta1 HorizontalPodAutoscaler
  • The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.23
      • use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
    • autoscaling/v2beta2 HorizontalPodAutoscaler
      • deprecated since 1.23
    • use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)

(2022-R01) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.21.6-gke.1500 is now the default version.
  • Control plane and node version 1.19.16-gke.3600 is now available.
  • The following control plane versions are no longer available:
    • 1.19.15-gke.1300
    • 1.20.10-gke.1600
    • 1.20.10-gke.2100
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.15-gke.1801 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.5-gke.1802 with this release.

Stable channel

  • Version 1.20.12-gke.1500 is now the default version in the Stable channel.
  • Version 1.21.5-gke.1802 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.5-gke.1802 with this release.

Regular channel

  • Version 1.21.6-gke.1500 is now the default version in the Regular channel.
  • Version 1.21.6-gke.1500 is now available in the Regular channel.
  • Version 1.21.5-gke.1302 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.

Rapid channel

  • Version 1.22.3-gke.1500 is now the default version in the Rapid channel.
  • Version 1.22.4-gke.1501 is now available in the Rapid channel.
  • Version 1.23.1-gke.500 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.5-gke.1802 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.5-gke.1802 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.3-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.1-gke.500 with this release.

Clusters running GKE node versions 1.19.16-gke.1500 and 1.19.16-gke.3600 will be unstable if Container Threat Detection (KTD) is enabled. To use KTD, create the cluster with the most recent 1.19.15 version or any GKE version 1.20 or later. If you require GKE version 1.19.16-gke.1500 or 1.19.16-gke.3600, you should disable KTD on the cluster using the Cloud Security Command Center Advanced Settings before creating or upgrading nodes to these versions

(2022-R01) Version updates

  • Version 1.22.3-gke.1500 is now the default version in the Rapid channel.
  • Version 1.22.4-gke.1501 is now available in the Rapid channel.
  • Version 1.23.1-gke.500 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.5-gke.1802 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.5-gke.1802 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.3-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.1-gke.500 with this release.

(2022-R01) Version updates

  • Version 1.21.6-gke.1500 is now the default version in the Regular channel.
  • Version 1.21.6-gke.1500 is now available in the Regular channel.
  • Version 1.21.5-gke.1302 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.

(2022-R01) Version updates

  • Version 1.20.12-gke.1500 is now the default version in the Stable channel.
  • Version 1.21.5-gke.1802 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.5-gke.1802 with this release.

(2022-R01) Version updates

  • Version 1.21.6-gke.1500 is now the default version.
  • Control plane and node version 1.19.16-gke.3600 is now available.
  • The following control plane versions are no longer available:
    • 1.19.15-gke.1300
    • 1.20.10-gke.1600
    • 1.20.10-gke.2100
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.15-gke.1801 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.5-gke.1802 with this release.
Retail API

The Retail console is now available to all Recommendations AI users. The Retail Console is a new way to manage both Recommendations AI and Retail Search seamlessly in one project through a unified onboarding and admin console experience.

We recommend switching to the Retail console and using the Retail documentation, which documents Recommendations AI, the Retail console, and Retail Search.

To switch, go to the new console and click Enable the Retail API. You can then view and manage your project from the new console.

SAP on Google Cloud

SAP HANA HA/DR provider hook configuration updated for RHEL and SLES high-availability clusters

The Google Cloud guidance for configuring an SAP HANA HA/DR provider hook has been updated in the HA cluster configuration guides for SAP HANA on RHEL and SLES. You can enable the SAP HANA HA/DR provider hook to improve signaling of SAP HANA's replication state within the Pacemaker cluster.

The latest version of the Deployment Manager template that Google Cloud provides to deploy an HA cluster for SAP HANA configures the hook automatically.

For more information, see:

reCAPTCHA Enterprise

You can now use reCAPTCHA Enterprise account defender to detect and prevent account-related fraudulent activities. This feature is in Public Preview.

January 20, 2022

Anthos Service Mesh

1.10.6-asm.0 is now available.

This patch release contains the same bug fixes that are in Istio 1.10.6. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

1.12.2-asm.0 is now available.

This patch release contains the same bug fixes that are in Istio 1.12.2. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

Carbon Footprint

A Carbon Footprint Looker block is available to create custom dashboards using Looker.

Cloud Asset Inventory

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

  • Game Services
    • gameservices.googleapis.com/GameServerCluster
    • gameservices.googleapis.com/Realm
    • gameservices.googleapis.com/GameServerConfig
    • gameservices.googleapis.com/GameServerDeployment
Cloud Composer

(New environments only) Cloud Composer 2 environments with a user-managed service account now correctly use this service account to get Cloud Composer images and export workload metrics (CPU, memory, disk usage).

Reliability of writing to and reading from /logs and /data folders in Airflow components is improved in Cloud Composer 2 environments.

Cloud Composer 1.17.9 and 2.0.2 images are available:

  • composer-2.0.2-airflow-2.1.4
  • composer-2.0.2-airflow-2.0.2
  • composer-1.17.9-airflow-2.1.4
  • composer-1.17.9-airflow-2.0.2
  • composer-1.17.9-airflow-1.10.15 (default)

Cloud Composer 1.13.4 has reached its end of full support period.

Compute Engine

Learn about the differences between multi-tenancy and sole-tenancy by reading the new About VM tenancy document.

Data Catalog

Public preview: Creating rich-text overview and adding data stewards to your data entries is rolled out to all Data Catalog regions with minimal disruption and in a controlled way. For more information, see Create tag templates, tags, overviews, and data stewards.

Google Cloud Deploy

Google Cloud Deploy support for Skaffold version 1.35.1 has been updated to version 1.35.2, which is now the default Skaffold version.

Google Kubernetes Engine

VPC-scoped DNS for GKE using Cloud DNS is now generally available for GKE versions 1.21 and later. This allows for seamless VPC-wide DNS resolution of GKE Services. Note that cluster-scoped DNS using Cloud DNS is still in public preview.

A new kubernetes metric, Network policy event count (kubernetes.io/pod/network/policy_event_count), is available (beta) for GKE Dataplane V2 clusters in GKE versions 1.22.3-gke.700 and later.

This metric can be viewed in the Metrics Explorer in Cloud Monitoring for resource type, Kubernetes Pod.

This metric provides visibility into network policy events and shows the Change in the number of network policy events seen in the dataplane, each event has the following metric labels:

  • verdict: Policy verdict, possible values: [allow, deny].
  • workload_kind: Kind of the workload, policy-enforced-pod belongs to, for example, "Deployment", "Replicaset", "StatefulSet", "DaemonSet", "Job", or "CronJob".
  • workload_name: Name of the workload, policy-enforced-pod belongs to.
  • direction: Direction of the traffic from the point of view of policy-enforced-pod, possible values: [ingress, egress].

In addition to these metric labels, customers can also see usual resource labels for resource type, Kubernetes Pod: project_id, location, cluster_name, namespace_name, and pod_name.

This metric can be used for setting up automated alerts for specific behaviors (denials higher than a threshold), identifying security issues, gaining better understanding of traffic flow, and troubleshooting.

Network Intelligence Center

Overly permissive rule insights are now generally available. For information about these insights, see the Firewall Insights overview.

January 19, 2022

Anthos Service Mesh

Version 1.12 is now available for managed Anthos Service Mesh and is rolling out into the Rapid Release Channel.

Version 1.11 has been promoted to the Regular Release Channel, and version 1.10 has been promoted to the Stable Release Channel.

See Select a managed Anthos Service Mesh release channel for more information.

Managed Anthos Service Mesh now supports GKE Autopilot in the Regular and Rapid channels. For more information, see Configure managed Anthos Service Mesh.

Managed Anthos Service Mesh control plane now displays its provisioning status in the ControlPlaneRevision API. For more information, see Verify the control plane has been provisioned.

Managed Anthos Service Mesh now supports deploying a proxy built on the distroless base image. Note that distroless proxy images do not work with managed data plane.

The distroless base image ensures that the proxy image contains the minimal number of packages required to run the proxy. This improves security posture by reducing the overall attack surface of the image and gets cleaner results with CVE scanners. See Distroless proxy image for more information.

Apigee Integration

On January 19, 2022 we released an updated version of the Apigee Integration software.

Filter clause in the Connectors task

You can add a filter to restrict the amount of data processed by an entity operation. For more information, see Add a filter for an operation.

Upload and download integrations

The Upload/download menu button in the integration designer lets you upload and download integrations in a JSON file format. For more information, see Upload and download integrations.

App Engine standard environment Java

Updated Java SDK to version 1.9.94.

App Engine standard environment Python

Users of the App Engine Bundled Services for Python 3 can now access Blobstore, Deferred, and Mail handlers in preview, through language-idiomatic libraries.

Cloud Load Balancing

The default behavior for HTTP/3 and Google QUIC is changing for global external HTTP(S) load balancers. The default setting of quicOverride=NONE will now advertise support for HTTP/3 to your clients. This change is currently rolling out globally.

If you don't want this behavior to change, you can disable HTTP/3 by setting quicOverride to DISABLE. For instructions, see Configuring HTTP/3.

Compute Engine

Generally available: You can now use the SSH troubleshooting tool to help you determine the cause of failed SSH connections.

Generally Available: Configure commitments to renew automatically. For more information, see Renew commitments automatically.

Config Connector

Config Connector version 1.71.0 is now available.

Added support for LoggingLogMetric resource.

Added support for NetworkConnectivitySpoke resource.

Added regional support for ComputeTargetHTTP(S)Proxy resource(s).

Added spec.build.availableSecrets to CloudBuildTrigger resource.

Added spec.nodeConfig.nodeGroupRef and spec.nodeConfig.spot to ContainerCluster and ContainerNodePool resources.

Added spec.readReplicaMode, spec.replicaCount and status.nodes to RedisInstance resources.

Added spec.settings.ipConfiguration.allocatedIpRange to SQLInstance resource.

Added spec.publicAccessPrevention to StorageBucket resource.

Added spec.identityServiceConfig to ContainerCluster resource.

Dataproc

Announcing the General Availability (GA) release of Dataproc Serverless for Spark, which allows you to run your Spark jobs on Dataproc without having to spin up and manage your own cluster.

Dialogflow

Dialogflow CX now provides an IDENTITY system function, which is useful to copy a composite parameter object in a parameter preset field.

The Dialogflow CX QueryResult.match.event field previously only populated custom events. It is now also populated with no-match and no-input built-in events.

Google Cloud Deploy

Google Cloud Deploy is generally available (GA).

Google Cloud Deploy now has beta stage support for VPC Service Controls.

You can now roll back targets from the delivery pipeline visualization in Google Cloud Console.

SAP on Google Cloud

Google Cloud Connector for SAP Landscape Management version 2.3.0

Version 2.3.0 of the Google Cloud Connector for SAP Landscape Management is now available. Version 2.3.0 adds support for duplicate IP addresses in managed SAP landscapes.

For more information, see Configuring support for duplicate IP addresses.

VPC Service Controls

Preview support for the following integration:

January 18, 2022

Cloud Data Loss Prevention

The SOUTH_AFRICA_ID_NUMBER infoType detector is available in all regions.

Cloud Monitoring

When you click on an entry in the Instances table on the Monitoring VM Instances dashboard, a sliding panel now appears with the instance details, replacing the VM Instance Details page.

Dataproc

Added support for Dataproc Metastore's beta NetworkConfig field. Beta services using this field can now be used in conjunction with v1 Dataproc clusters.

Dataproc extracts the warehouse directory from the Dataproc Metastore service for the cluster-local warehouse directory.

Workflows

Workflows is now certified as SOC 1-compliant.