Google Cloud release notes

BigQuery ML and Vertex AI Model Registry integration is available in preview. With this integration, BigQuery ML models can be sent to the Vertex AI Model Registry where you can manage the lifecycle of all your ML models. From the Vertex AI Model Registry, you can organize your BigQuery ML models and deploy directly to endpoints.

Cost analysis by project ancestry, including folder-level costs, now available in BigQuery Export and Reports

Viewing your costs by project ancestry helps you do things like analyze costs by folder or organization. For example, if you use folders in an organization to represent cost centers (such as DevOps or Finance), you can effectively configure your report or query to group all costs by those cost centers.

Billing Reports

In the Cloud Billing Console Reports page, you can now Group by Project hierarchy and filter on Folders & Organizations, to analyze costs by project ancestry (such as folders or organizations).

• Group costs by project ancestry – In the Reports page, when you group by Project hierarchy, the report returns a row for each unique combination of Organization > Folder > Project, and the table includes columns for Project, Project ID, Project number, and Project hierarchy. The values listed in the Project hierarchy column show Organization name > Folder name.

• Filter costs by project ancestor(s) – In the Reports page, when you filter by Folders & Organizations, the report returns costs for all projects that are associated with any of the selected folders/organizations in their project ancestry.

In the Cloud Billing Console Cost breakdown report, you can now filter on Folders & Organizations, to analyze costs by project ancestry (such as folders or organizations).

• Filter costs by project ancestor(s) – In the Cost breakdown report, when you filter by Folders & Organizations, the report returns costs and credits aggregated for all projects that are associated with any of the selected folders/organizations in their project ancestry.

To learn more about organizations, folders, and project hierarchy, see Billing reports: Analyzing your costs by project hierarchy.

Cloud Billing data export to BigQuery

In the Cloud Billing usage cost data that exports to BigQuery, you can now see resource hierarchy metadata that describes a project's ancestry, including:

• project.ancestors.resource_name – An identifier containing the resource hierarchy type and ID (for example, folders/234)
• project.ancestors.display_name – A name that you create for the resource (for example, DevOps)

The project.ancestors metadata is available in both the Standard usage cost export and Detailed usage cost export. To help make resource hierarchy levels easier to identify in the BigQuery data tables, the ancestor data includes the resource display name (a human-readable name that you create) and the relative resource hierarchy names (immutable ID numbers representing each project/folder/organization).

For more details about project.ancestry_numbers and project.ancestors, see

• Understand the Cloud Billing data tables in BigQuery
• Query examples to use resource hierarchy filters to review project ancestry

Cloud Data Fusion version 6.6.0 is generally available (GA).

Cloud Functions (1st gen) has added support for Google-managed Artifact Registry at the Preview release level.

You can now specify PATCH requests in a FHIR bundle. This feature is available in Preview. See Executing a PATCH request in a FHIR bundle for more information.

Cloud SQL for MySQL now supports minor versions 8.0.27 and 8.0.28. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Google Cloud Armor now supports TCP Proxy load balancers and SSL proxy load balancers in public preview. For more information, see the security policy overview.

Vertex AI Model Registry is available in Preview. Vertex AI Model Registry is a searchable repository where you can manage the lifecycle of your ML models. From the Vertex AI Model Registry, you can better organize your models, train new versions, and deploy directly to endpoints.

Release 1.11.0

Anthos clusters on bare metal 1.11.0 is now available for download. To upgrade, see Upgrade Anthos on bare metal. Anthos clusters on bare metal 1.11.0 runs on Kubernetes 1.22.

Improved cluster lifecycle functionalities:

• Upgraded Anthos clusters on bare metal to use Kubernetes version 1.22.

• Updated cert-manager to version 1.5.4.

• Added error messaging in the bmctl command line interface to better surface cluster installation or upgrade failure.

• Incorporated audit logs into bmctl snapshots.

• Added ability for registry mirror users to customize containerd configuration and have it automatically mirror public registry hosts other than gcr.io.

• Changed bmctl update command so that it extracts manifests before updating a cluster.

• Added feature so that a cluster's kubeconfig file automatically renews when the cluster is upgraded and the kubeconfig Secret is renewed whenever cluster reconciliation takes place.

• Added support for Red Hat Enterprise Linux (RHEL) and CentOS 8.5.

• Added warning to bmctl command that docker containerRuntime will not be supported in version 1.13 of Anthos cluster on bare metal.

• Added support for specifying CIDR blocks in the NoProxy section of the cluster's configuration file.

• Added Service CIDR to NoProxy section of a cluster's configuration file by default in order to fix a multinic in proxy environment issue.

• Fixed a multinic in proxy environment issue. Whenever the NO_PROXY environment variable is set, it includes the Service CIDR from the cluster specification.

Networking:

• GA: Added egress Network Address Translation (NAT) gateway capability to provide persistent, deterministic routing for egress traffic from clusters. For more information, see Configure an egress NAT gateway for external communication.

• GA: Added option for BGP bundled load balancer which advertises Load Balancer (LB) Virtual IP addresses (VIPs) to the network using the Border Gateway Protocol (BGP). This feature supports topologies across multiple subnets and can provide greater load-balancing bandwidth than bundled Layer 2 mode.

• GA: Enabled SR-IOV. This feature allows you to configure Virtual Functions (VFs) on the supported devices on the nodes of their cluster. It also allows you to define the kernel module you want to bind to the VF.

• GA: Enabled IPv4/IPv6 dual-stack support. Clusters can be deployed in a dual-stack network in which IPv4 and IPv6 addresses are assigned to both nodes and pods. By default, IPv4 is in island mode and IPv6 is in flat mode (a simplified network topology).

• GA: Enabled static flat network (without BGP). This feature lets you configure a flat mode network for IPv4 addresses. A pod's IPv4 address is visible and routable within the same Layer 2 domain, without having to masquerade as the node's IP address.

• Preview: Enabled Dynamic Flat IP with Border Gateway Protocol (BGP) support. This feature lets you configure flat mode using BGP in clusters with the help of Anthos Network Gateway and BGP. In this mode, the pod's IP address is visible and routable without masquerading across multiple subdomains. Currently supports advertising IPv4 and IPv6 routes over IPv4 sessions.

• Fixed issue in which new MAC addresses of re-imaged nodes weren't updated.

Observability:

• GA: Enabled collection of multiple network interfaces (multinic) logs from clusters. Logs are collected as system logs and are sent to Cloud Logging without charge to the customer.

• Preview: Added Summary API metrics. These metrics provide CPU, memory, and storage statistics about pods, containers, and nodes.

• Updated fluent-bit (stackdriver-log-forwarder) cri parser to avoid matching time fields multiple times.

• Upgraded kube-state-metrics from version 1.9 to 2.4. This service generates metrics about Kubernetes API objects such as deployments, nodes, and pods.

• Upgraded Metric Server from version 0.3.6 to 0.4.5. Metrics Server retrieves metrics from kubelets and exposes them through the Kubernetes Metrics API.

Security:

• Preview: Added secure computing mode (seccomp) support. Running containers with a seccomp profile improves the security of a cluster because it restricts the system calls that containers are allowed to make to the kernel.

• Added ability to disable rootless mode for system containers. Since version 1.10.0, Kubernetes control planes and Anthos clusters on bare metal system containers run as non-root containers by default.

• Fixed CA rotation issues by increasing the ca-rotation timeout for admin clusters. While verifying that a static pod has been restarted after manifest update, the current hash is retrieved before the manifest changes are applied.

Release 1.10.3

Anthos clusters on bare metal 1.10.3 is now available for download. To upgrade, see Upgrade Anthos on bare metal. Anthos clusters on bare metal 1.10.3 runs on Kubernetes 1.21.

You can now use Private Service Connect (PSC) to connect to Apigee. This architectural pattern eliminates the need to create managed instance groups to forward requests from the global load balancer to Apigee. For details, see Using Private Service Connect.

The international public dataset for Data Signals for Google Search Trends is now available in Preview and available in the Google Cloud Marketplace and Analytics Hub.

The SAP SLT Replication plugin is generally available (GA). You can replicate your data continuously and in real time from SAP sources into BigQuery with this plugin in Cloud Data Fusion versions 6.4.0 and later.

The Cloud Healthcare API offers single-region support in the us-east1 (South Carolina) region.

The Cloud Healthcare API offers single-region support in the us-west1 (Oregon) region.

The Cloud Healthcare API offers single-region support in the us-west3 (Salt Lake City) region.

Support for creating an Eventarc trigger for a Workflows destination on the Eventarc page in the Cloud Console is now available in Preview.

Maintenance Windows are now Generally Available for Memorystore for Memcached.

Support for creating an Eventarc trigger on the Workflows page in the Cloud Console is now available in Preview.

Anthos Service Mesh now supports GKE on GCP and On-premise combined in a hybrid mesh as a public preview feature. See Install Anthos Service Mesh and Set up a multi-cluster mesh for more information.

Anthos Service Mesh now supports GKE on GCP and Amazon EKS combined in a multi-cloud mesh as a public preview feature. See Install Anthos Service Mesh and Set up a multi-cluster mesh for more information.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Dataplex
  • dataplex.googleapis.com/Lake
  • dataplex.googleapis.com/Task
  • dataplex.googleapis.com/Zone
  • dataplex.googleapis.com/Asset

Two new organization policy constraints are now available in Preview to help ensure CMEK usage across an organization:

• constraints/gcp.restrictNonCmekServices requires CMEK protection.
• constraints/gcp.restrictCmekCryptoKeyProjects limits which Cloud KMS keys are used for CMEK protection.

To learn more, see CMEK organization policies.

Creating and managing data transfers with the gcloud command-line tool is now generally available (GA).

You can use gcloud commands to perform agent installation, manage agent pool lifecycles, and orchestrate transfer jobs. This launch simplifies writing scripts to automate transfer workflow.

The GA launch adds support for transfers between file systems, metadata preservation, and manifests. It also introduces the gcloud transfer authorize command to inspect and grant required permissions for transfers.

The Wide-and-Deep model is now generally available (GA). For more information, see the Wide-and-Deep sections in the end-to-end user journey page.

If the /dags, /data, /logs, or /plugins folder is deleted in an environment's bucket, Cloud Composer re-creates this folder.

New version aliases for Cloud Composer images. Now you can specify the latest version of Airflow 2 with composer-2-airflow-2 and composer-1-airflow-2 aliases. The new composer-1-airflow-1 alias points to the latest version of Airflow 1.

(Cloud Composer 2) Increased the safe interval for tasks executed during maintenance windows. Tasks that take less than 55 minutes to execute are not impacted by maintenance operations.

User-defined labels are now included in PagerDuty, Pub/Sub, Webhooks, and email notifications, and you can also view these labels on the details pages of alerting policies and incidents. To learn how you can create user-defined labels that contain severity information and attach those labels to alerting policies or incidents, see Add severity levels to an alerting policy.

Cloud Run reports a new Cloud Monitoring metric: Container Startup Latency, measuring the startup time of container instances.

Splitting IIS sites into individual containers

Previously to break down N discovered IIS sites into individual containers, you had to manually edit the migration plan to include one site at a time and generate containers artifacts N times. This new feature enables automatic breakdown of N discovered sites into N individual containers in one iteration through a parameter on the migration plan. For more information, see Split a single VM into multiple containers.

Replatform Tomcat applications to containers enhancements

The Tomcat application replatforming flow now enables you to manually specify a Tomcat server installation directory before the migration. This allows you to override the related automatic discovery in cases where you know and would like to provide an exact location. For more information see, Adding a target project.

Building and deploying containers with Skaffold

Skaffold yamls generated as part of the migration artifacts for Tomcat, WebSphere and Linux system container flows now help you to accelerate container image builds and deployments to GKE and Anthos clusters

Migrate for Compute Engine v5.0 as a migration support

Currently, Migrate for GKE and Anthos uses Migrate for Compute Engine 4.X to enable workload migration from VMWare on-premise, AWS EC2, and Azure VM environments to GCP. To simplify setup and elevate the operator experience migrating from inventories in these environments, we now offer using the new Migrate for Compute Engine v5.X managed service. This new integration is now in public preview. For more information, see Enabling Google services and configuring service accounts.

In-place migration on Anthos Bare Metal Clusters

Support has been added for implementing Anthos clusters on Bare Metal as processing clusters to perform migrations for on-premise workloads. This public preview offering will serve customers who would like to deploy on-premises workloads on Anthos Bare Metal clusters allowing the migration to containers to take place on-premise as well. For more information see, Configuring a processing cluster on Anthos on Bare Metal.

Replatform Websphere applications to containers

Version 1.11 introduces a new public offering for replatforming VMs based on WebSphere applications into containers using tWAS (traditional WebSphere Server) container image or Open Liberty community images. Migrate for Anthos and GKE now enables: * Detecting VMs that host WebSphere servers * Discovering WebSphere applications using the IBM binary scanner tool * Splitting the applications into individual containers to increase agility in deployment and operation management * Generating docker file, deployment spec and other artifacts that support deployment to Google modern application platforms and Day2 operations.

Artifact Registry support for attaching tags to repositories is now in Preview. Tags are key-value pairs that you can use to group repositories and other resources across Google Cloud for reporting, auditing, and access control within your Google Cloud organization.. To learn more, see Tagging repositories.

Cloud Bigtable support for Cloud EKM is generally available (GA). You can now choose an externally managed key when you protect your data using customer managed encryption keys (CMEK). Cloud EKM includes Key Access Justification, which lets you view the reason for each Cloud EKM request.

Cloud EKM now supports Cloud Bigtable and Log Storage in Cloud Logging. For more information, see Cloud External Key Manager.

Cloud Logging now supports organization policies that can enforce CMEK protection. For information, see CMEK organization policies.

All instances with a compute capacity of at least one node (1,000 processing units) now have a data storage allotment of 4 TB per node, an increase from 2 TB per node. Relatedly, instances smaller than one node now have a data storage allotment of 409.6 GB for every 100 processing units.

Customer-managed encryption key (CMEK) organization policy constraints are now available in Preview. * constraints/gcp.restrictNonCmekServices allows you to control which resources require the use of CMEK. * constraints/gcp.restrictCmekCryptoKeyProjects allows you to control the projects from which a KMS key can be used to validate requests. * You can use both constraints together to enforce the use of CMEK from allowed projects.

A Dataplex source and sink are in available in Cloud Data Fusion in Alpha.

New & Updated processors available

The following Lending DocAI processors are now available for trusted testers. Access to the trusted testers program is limited and granted on a case by case basis. If you would like to be considered please fill out the DocAI Processor Access Request Form:

New Experimental processors to support new document types:

• Form VA Loan Discharge Statement Processor
• Form USDA Conditional Statement Processor
• Form 1017 Processor
• Form Biweekly Payment Rider Processor
• Form VBA26 1805 Processor
• Form VBA26 6393 Processor
• Form MERS Rider Processor

Updated Experimental processors:

• Form 4506-T Processor
• Form 4506-C Processor
• Form HUD54114 Processor
• Form HUD92900WS Processor
• Form HUD92800 Processor
• Form 1040-NR Processor
• Form HUD92900LT Processor
• Form VBA26 8923 Processor
• Form HUD92900A Processor
• FORM_1005_PROCESSOR

Added ability to set the number of cores available per node in a cluster to meet your application-specific requirements during cluster creation. When you use a custom core count, any future expansions or maintenance of that cluster will also use the custom core count.

The public IP service now supports the ICMP protocol, and default firewall rules for new projects expand the previous outbound rule to allow outbound TCP, UDP, and ICMP any.

Users with Google Cloud projects created before March 8, 2022 must contact Cloud Customer Care to enable the allow-icmp-to-internet firewall rule.

IAM Conditions now provides resource attributes for Apigee X. You can use these resource attributes to grant access to a subset of your Apigee X resources.

Maintenance Windows are now Generally Available for Memorystore for Redis.

Workflows is now available in the following regions:

• asia-east1 (Changhua County, Taiwan)
• asia-northeast1 (Tokyo, Japan)
• asia-south1 (Mumbai, India)
• australia-southeast1 (Sydney, Australia)
• northamerica-northeast1 (Montréal, Québec)
• us-west1 (The Dalles, Oregon)

New Nomos CLI ARM binaries for Linux and Mac (darwin) are now available. Users on these platforms can now install with gcloud components install nomos. The new binary versions will be included in Anthos Config Management downloads.

You can now specify apply and delete ordering using the new config.kubernetes.io/depends-on annotation. To learn more, see Declare resource dependencies between resource objects.

Added dependency enforcement to skip apply of objects whose dependencies are not successfully applied and fully reconciled.

Added support for multiple RootSync objects on the same cluster and multiple RepoSync objects in the same namespace. To learn more, see Configure syncing from multiple repositories.

Added new fields to the ResourceGroup inventory object to distinguish between actuation status and reconciliation status, as well as the intended actuation strategy (apply or delete) before actuation.

Updated the spec.override.resources field on RootSync and RepoSync to let you override the default resource amounts (for example, CPU or memory) requested by the corresponding containers of the reconciler Deployment. To learn more, see Troubleshoot Config Sync.

Anthos clusters on VMware 1.9.5-gke.2 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.5-gke.2 runs on Kubernetes v1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.10, 1.9, and 1.8.

Support for Serverless VPC Access connectors in Shared VPC host projects is now at general availability (GA). Learn about the advantages of this method and how to configure connectors in host projects.

Support for Serverless VPC Access connectors in Shared VPC host projects is now at general availability (GA). Learn about the advantages of this method and how to configure connectors in host projects.

Support for Serverless VPC Access connectors in Shared VPC host projects is now at general availability (GA). Learn about the advantages of this method and how to configure connectors in host projects.

Support for Serverless VPC Access connectors in Shared VPC host projects is now at general availability (GA). Learn about the advantages of this method and how to configure connectors in host projects.

Support for Serverless VPC Access connectors in Shared VPC host projects is now at general availability (GA). Learn about the advantages of this method and how to configure connectors in host projects.

Support for Serverless VPC Access connectors in Shared VPC host projects is now at general availability (GA). Learn about the advantages of this method and how to configure connectors in host projects.

Support for Serverless VPC Access connectors in Shared VPC host projects is now at general availability (GA). Learn about the advantages of this method and how to configure connectors in host projects.

Support for Serverless VPC Access connectors in Shared VPC host projects is now at general availability (GA). Learn about the advantages of this method and how to configure connectors in host projects.

Support for Serverless VPC Access connectors in Shared VPC host projects is now at general availability (GA). Learn about the advantages of this method and how to configure connectors in host projects.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the Feed API, and the Search APIs (SearchAllResources and SearchAllIamPolicies):

• Datastream
  • datastream.googleapis.com/ConnectionProfile
  • datastream.googleapis.com/PrivateConnection
  • datastream.googleapis.com/Stream
• Anthos clusters on-prem
  • anthos.googleapis.com/ConnectedCluster
• Database Migration Service
  • datamigration.googleapis.com/ConnectionProfile
  • datamigration.googleapis.com/MigrationJob

Support for Serverless VPC Access connectors in Shared VPC host projects is now at the General Availability release level. Learn about the advantages of this method and how to configure connectors in host projects.

Support for Serverless VPC Access connectors in Shared VPC host projects is now at general availability (GA). Learn about the advantages of this method and how to configure connectors in host projects.

Release 1.9.6

Anthos clusters on bare metal 1.9.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.9.6 runs on Kubernetes 1.21.

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Dialog ES API
  • dialogflow.googleapis.com/ConversationProfile
  • dialogflow.googleapis.com/KnowledgeBase
• Vertex AI
  • aiplatform.googleapis.com/PipelineJob
  • aiplatform.googleapis.com/MetadataStore
  • aiplatform.googleapis.com/ModelDeploymentMonitoringJob

Storage Transfer Service now enforces the Resource Location Restriction, which is part of the Org Policy Service. This allows an organization to define the allowed regions in which location-based Google Cloud resources, such as transfer jobs, can be created.

To learn how Storage Transfer Service chooses the region in which to run a transfer job, refer to Location of Storage Transfer Service jobs.

Support for conditions in IAM policies

You can add resource conditions in your IAM policies. A resource condition lets you have granular control over your Apigee resources. For more information, see Adding resource conditions in IAM policies.

The Cloud Talent Solutions dashboard management tool has added a Jobs and Companies page, which displays job statistics and metadata. You can use this page to troubleshoot data issues. The Jobs and Companies page has three tabs:

• On the Summary tab, see the latest job count snapshots and a visualization of job count statistics over time.
• On the Job Metadata tab, search for specific jobs and their available metadata.
• On the Exports tab, export your metadata to a BigQuery table for further analysis.

For more about this new feature, see the Jobs and Companies data documentation.

General purpose Tau T2D VMs have limited availability in London (europe-west2-a,c). If you are interested in trying out T2D, speak to your Google Cloud Account Team. For pricing details, see VM instance pricing.

Preview: You can now share sole-tenant node groups with other projects or your entire organization.

Support for Firebase Remote Config, Firebase Alerts, and Firebase Test Lab triggers is now in Preview. This only applies to Cloud Functions (2nd gen).

Added functionality in the companyDisplayNames filter to support fuzzy matching.

M91 Release

• PyTorch 1.11 and PyTorch XLA 1.11 are now available in both Deep Learning Containers and Deep Learning VM Images.

M91 Release

• PyTorch 1.11 and PyTorch XLA 1.11 are now available in both Deep Learning VM Images and Deep Learning Containers.
• Updated NVIDIA drivers to 470.57.02.
• Upgraded Compute Engine Virtual Ethernet (GVE) to 1.3.0.

Support for Firebase Alerts triggers is now in Preview.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the Feed API, and the Search APIs (SearchAllResources and SearchAllIamPolicies):

• Dialog ES API
  • dialogflow.googleapis.com/ConversationProfile
  • dialogflow.googleapis.com/KnowledgeBase

Using Cloud EKM with a Virtual Private Network is now generally available. This means you can access your external key manager with a private endpoint.

See Using Cloud EKM with VPC to learn more.

The BigQuery slot recommender is now available in Preview. The slot recommender creates recommendations for customers using on-demand billing. These recommendations help you to understand the cost and performance tradeoffs of purchasing different amounts of slot capacity.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Network Connectivity API
  • networkconnectivity.googleapis.com/Hub
  • networkconnectivity.googleapis.com/Spoke

The apache-airflow-providers-google package has operators for Cloud Composer, starting from version 6.4.0.

The Logs tab in Cloud Console is now generally available (GA).

Dataflow now supports the following Google-provided templates in GA:

• Pub/Sub Subscription to BigQuery
• Pub/Sub Topic to BigQuery
• Pub/Sub Avro to BigQuery
• Pub/Sub Proto to BigQuery
• Pub/Sub to Pub/Sub
• Pub/Sub to Cloud Storage Avro
• Pub/Sub to Cloud Storage Text
• Cloud Storage Text to BigQuery (Stream)
• Cloud Storage Text to Pub/Sub (Stream)
• Change Data Capture to BigQuery (Stream)
• Apache Kafka to BigQuery
• BigQuery export to Parquet (via Storage API)
• Firestore to Cloud Storage Text
• Cloud Spanner to Cloud Storage Text
• Cloud Storage Text to BigQuery
• Cloud Storage Text to Firestore
• Cloud Storage Text to Pub/Sub (Batch)
• Apache Cassandra to Bigtable
• Datastream to Cloud Spanner
• File Format Conversion
• Bulk Compress Cloud Storage Files
• Bulk Decompress Cloud Storage Files
• Firestore Bulk Delete
• Streaming Data Generator to Pub/Sub, BigQuery, and Cloud Storage

Migrate for Compute Engine allows you to employ a VPC-SC service perimeter and communicate with select services using your migrate connector.

For more information about using a VPC-SC perimeter, see the secure your migrations in a service perimeter documentation.

Beta stage support for the following integration:

• Migrate for Compute Engine

You can now explicitly specify a schema for BigQuery external tables created over Parquet, ORC, and Avro file formats. Previously, the schema was always auto-detected using the last lexicographic file.

Database Migration Service now supports version 14 of Cloud SQL for PostgreSQL. Click here to access the documentation.

General-purpose Tau T2D virtual machine instances are available in the following regions and zones:

• Northern Virginia (us-east4-a,b,c)
• South Carolina (us-east1-b,c,d)
• Frankfurt (europe-west3-a,b,c)
• Sydney (australia-southeast1-a,b,c)
• Taiwan (asia-east1-a,b,c)

See VM instance pricing for details.

Added support for IdentityPlatformConfig resource.

Added support for ARM binaries.

Starting in GKE version 1.22, the Compute Engine persistent disk CSI driver is generally available for Windows clusters.

Read replicas are now Generally Available for Memorystore for Redis.

Anthos clusters on VMware 1.8.8-gke.1 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.8-gke.1 runs on Kubernetes v1.20.12-gke.1500.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.10, 1.9, and 1.8.

GraphQL policy now supports JSON-encoded payloads.

KVM pagination support now available.

All released artifacts that start with version 2.x.x use the open source release mechanism. Released artifacts that start with version 1.9.9xx or earlier use the internal build system. See the appengine-java-standard repository for more details.

Release 1.8.9

Anthos clusters on bare metal 1.8.9 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.8.9 runs on Kubernetes 1.20.

The Java 17 runtime for App Engine standard environment is now available in Preview.

The Ruby 3.0 runtime for App Engine standard environment is now available in Preview.

Cloud Functions has added support for the following new runtimes at the Preview release level:

• Java 17
• Ruby 3.0

Backend subsetting for internal TCP/UDP load balancers lets you scale your internal TCP/UDP load balancer to support a larger number of backend VM instances per internal backend service.

This feature is in General availability.

Generally available: Compute Engine now supports Suspend and Resume in General Availability.

You can now collect RabbitMQ logs from the Ops Agent, starting with version 2.12.0. For more information, see Monitoring third-party applications: RabbitMQ.

You can now collect WildFly metrics from the Ops Agent, starting with version 2.12.0. For more information, see Monitoring third-party applications: WildFly.

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Network Management API
  • networkmanagement.googleapis.com/ConnectivityTest

Database Migration Service now supports adding dump flags for data dump customizations to migration jobs for Cloud SQL for MySQL instances. Click here to access the documentation.

Cloud Spanner now offers committed use discounts. You can get significantly discounted prices in exchange for your commitment to use Cloud Spanner compute resources continuously for a year or longer.

In GKE version 1.23.2-gke.300 and later, you can now use network tags to dynamically apply firewall rules to nodes in your GKE Autopilot clusters and auto-provisioned GKE Standard node pools without disrupting running workloads.

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Certificate Authority Service
  • privateca.googleapis.com/CaPool
  • privateca.googleapis.com/CertificateAuthority
  • privateca.googleapis.com/CertificateRevocationList
  • privateca.googleapis.com/CertificateTemplate
• DLP
  • dlp.googleapis.com/DlpJob
  • dlp.googleapis.com/DeidentifyTemplate
  • dlp.googleapis.com/InspectTemplate
  • dlp.googleapis.com/JobTrigger
  • dlp.googleapis.com/StoredInfoType

The _type and _since parameters are available for the fhirStores.export method. You can use these parameters to filter resources from exporting. This increases the speed of the export process and eliminates unwanted export data.

Basic Tier instances now preserve data during scaling and maintenance. For a full list of operations/scenarios that cause a cache flush for the Basic Tier, see cache flush for Basic Tier.

(Available without upgrading) New version aliases for Cloud Composer images. Now you can specify the latest version of Cloud Composer 2 with composer-2-airflow-x.y aliases. New composer-1-airflow-x.y aliases point to the latest version of Cloud Composer 1.

(Airflow 2) Added a new try-number label to Airflow task log entries.

You can now see and manage the views of your Cloud Spanner databases from the Google Cloud Console. To do so, visit a database's Overview page, and then click the Views tab.

Storage Transfer Service now offers more control over preserving metadata when transferring between Cloud Storage buckets. Choose to retain or discard metadata including object ACLs, customer-managed encryption keys (CMEK), temporary holds, and object creation time. In addition, storage class can be set to any supported value, allowing you to change storage class at scale.

For details, refer to Metadata preservation.

Anthos component releases for February, 2022

Anthos clusters on VMware:

• February 07, 2022: Security bulletin
• February 10, 2022: 1.10.1 patch release
• February 11, 2022: Security bulletin
• February 14, 2022: Security bulletin
• February 17, 2022: 1.8.7 patch release
• February 23, 2022: 1.9.4 patch release
• February 24, 2022: Security bulletin

Anthos clusters on bare metal:

• February 01, 2022: 1.8.8 patch release
• February 04, 2022: Security bulletin
• February 25, 2022: 1.10.2 patch release and security bulletin
• February 28, 2022: 1.9.5 patch release

Anthos clusters on AWS:

• February 04, 2022: Security bulletin
• February 22, 2022: 1.21.6 patch release
• February 24, 2022: aws-1.10.2-gke.0 (previous generation) patch release

Anthos clusters on Azure:

• February 04, 2022: Security bulletin
• February 11, 2022: Security bulletin
• February 14, 2022: Security bulletin
• February 22, 2022: 1.21.6 patch release

Anthos Config Management:

• February 24, 2022: 1.10.2 patch release

Anthos Service Mesh:

• February 04, 2022: Managed Anthos Service Mesh patch release
• February 22, 2022: 1.10.x, 1.11.x, and 1.12.x patch release

Connect:

• February 18, 2020: General Availability (GA) release

Cloud Run for Anthos:

• February 23, 2022: release updates

Migrate for Anthos and GKE:

• N/A

Cloud Logging:

• February, 2022: release updates

Cloud Monitoring:

• February, 2022: release updates

Added Terraform support for Cloud Functions (2nd gen).

Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:

• Council Bluffs, Iowa, North America : us-central1-c
• Eemshaven, Netherlands, Europe : europe-west4-a

For more information about using GPUs on Compute Engine, see GPUs on Compute Engine.

Support for Firebase Remote Config and Firebase Test Lab triggers is now in Preview.

Identity Service for GKE is now generally available. You can authenticate to GKE clusters with external identity providers that use OpenID Connect (OIDC).

Exactly once delivery gives you the ability to receive any successfully published message exactly once.

For more information, see Exactly once delivery.

To support a rich query experience on complex array elements, the contains() filter function was introduced. You can use this function in your finding queries to do the following:

• Exact element matching: Match array elements that contain the exact string, "example".
• Specific number operations: Match array elements that are greater than or equal to 100.
• Complex filtering against array structures: Match array elements that contain property x with a corresponding value y.

For more information, see Filtering on array-type fields.

Vertex AI Feature Store online store autoscaling is available in Preview. The online store nodes automatically scale to balance performance and cost with different traffic patterns. The offline store already scales automatically.

You can now mount Network File System (NFS) shares to access remote files when you run a custom training job. For more information, see Mount an NFS share for custom training.

This feature is in Preview.

Google Cloud Pipeline Components SDK v1.0 is now generally available.

Session support for BigQuery is now generally available (GA). In addition to the features available in the preview, you can:

• Terminate a session automatically or manually.
• Set a label for all queries in a session.
• Get sessions metadata in INFORMATION_SCHEMA.SESSIONS_BY_* views.

You can now organize your dashboard widgets into collapsible groups. For more information, see Organize dashboard widgets.

Public Preview: You can set the maximum amount of time that Compute Engine waits before terminating or restarting an unresponsive VM. For more information, see Set VM availability policies.

Added support for BillingBudgetsBudget resource.

Added support for EventarcTrigger resource.

Added support for LoggingLogView resource.

Added field spec.rule[].rateLimitOptions into ComputeSecurityPolicy resource.

Added fields spec.addonsConfig.gcpFilestoreCsiDriverConfig and spec.clusterAutoscaling.autoProvisioningDefaults.imageType into ContainerCluster resource.

Added fields spec.maintenancePolicy and spec.maintenanceSchedule into RedisInstance resource.

Added fields spec.transferSpec.awsS3DataSource.roleArn, spec.transferSpec.posixDataSink and spec.transferSpec.posixDataSource into StorageTransferJob resource.

Added field status.selfLink into NetworkServicesGateway,NetworkServicesGRPCRoute, NetworkServicesHTTPRoute, NetworkServicesMesh and NetworkServicesTCPRoute resources.

You can now use the Apache Beam SDK for Go to create batch Dataflow pipelines. This feature is in Preview.

Anthos clusters on VMware 1.10.2-gke.34 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.2-gke.34 runs on Kubernetes 1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.10, 1.9, and 1.8.

HTTP request transforms are now available for use with configurable API proxies.

With HTTP request transforms, configurable API proxy developers can quickly rewrite HTTP request paths, header, and query parameters using HTTP Request Transforms. Rewriting is enabled using a simple configuration that can reference incoming path template segments, header values, or query parameter values.

For more information, see HTTP request transforms for configurable proxies.

Google authentication for securing targets is now supported when using configurable API proxies.

With this feature, configurable API proxy developers can secure their Google backend services using Google OAuth and automatically grant access to authorized API consumers. This offers the advantage of seamless integration with other Google services, without requiring API producers to manage private keys.

For more information, see Securing targets for configurable proxies.

Southbound mTLS can be enabled for use with configurable API proxies .

By adding south bound mTLS functionality to configurable proxies, Apigee customers can seamlessly maintain their current usage of mTLS when transitioning to the use of configurable proxies, or increase security for communications between existing configurable proxies and their backends.

For more information, see Enable south bound mTLS for configurable proxies.

Configurable API proxies now support the use of template variables.

Apigee property sets can be used to specify template variables for configurable API proxies in archive deployments. This feature enables customers to use string templates in their proxy configuration YAML files.

For more information, see Template variables for configurable proxies.

You can now use a combination of zonal NEGs (of type GCE_VM_IP_PORT) and hybrid NEGs (of type NON_GCP_PRIVATE_IP_PORT) as backends for your global external HTTP(S) load balancers. For all supported backend combinations, see the table at Backend services.

You can now view aggregated Cloud Spanner statistics related to transactions, reads, queries, and lock contentions in Cloud Monitoring. Additionally, the retention period for these metrics at one-minute intervals has been increased from six hours to six weeks.

You can now use deny policies to prevent principals from using certain permissions, regardless of the roles they're granted. This feature is in Preview.

Add a feature that supports adding node selectors for Kf Builds to isolate Kf Build pods in specific node pool.

Storage Transfer Service now supports Cloud Client Libraries, which are the recommended option for accessing Cloud APIs programmatically. This launch significantly reduces the amount of code you need to write; see Getting started and Migrating to the Cloud Client Library for more details.

Anthos Service Mesh now supports certificate templates with the Certificate Authority Service integration. See Install default features and CA Service for more information.

You can now configure automatic exports of Security Command Center findings to a BigQuery dataset. For more information, see Export findings to BigQuery for analysis.

The vulnerability.cve.upstreamFixAvailable attribute was added to the Finding object. This is a boolean field that specifies whether a Common Vulnerabilities and Exposures (CVE) fix is available. For more information, see the API documentation for the Finding object.

Cloud Composer 2 supports Customer Managed Encryption Keys (CMEK).

Java Client for Cloud Composer version 1.1.3 is released. You can use this library to interact with Cloud Composer API from Java.

A new multi-region instance configuration is now available in North America - nam13 (Iowa/Oklahoma/Salt Lake City).

Released Query Optimizer version 4. Version 3 remains the default optimizer version in production.

gRPC endpoint protocol is available in Preview.

Release 1.9.5

Anthos clusters on bare metal 1.9.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.9.5 runs on Kubernetes 1.21.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Firestore
  • firestore.googleapis.com/Database

Cloud HSM resources are now available in the following regions:

• asia1
• eur3
• eur4
• nam3
• nam4
• nam6
• nam9

For information about which locations are supported by Cloud KMS, Cloud HSM, and Cloud EKM, see Cloud KMS locations.

Cloud SQL for MySQL 8.0.26 is now the default minor version. To upgrade your existing instance to the new version, see Set the MySQL minor version.

M90 Release

• CUDA has been upgraded from 11.3.0 to 11.3.1 to address some NCCL issues.
• VSlim GPU TensorFlow containers are available and have a significantly smaller size.
• TensorFlow 2.7 containers are re-released.

M90 Release

• Vertex AI sample notebooks are now included in the /usr/share/tutorials folder.
• Instances now allow the Jupyter options for disabling terminals and deleting files instead of sending them to the trash or recycling bin.

Eventarc triggers for Workflows is now available in Preview.

Deploying your application to Anthos user clusters is now supported in preview.

Eventarc triggers for Workflows is now available in Preview.

Release 1.10.2

Anthos clusters on bare metal 1.10.2 is now available for download. To upgrade, see Upgrade Anthos on bare metal. Anthos clusters on bare metal 1.10.2 runs on Kubernetes 1.21.

Cloud Data Fusion version 6.6.0 is in Preview. This release is in parallel with the CDAP 6.6.0 release .

Features in 6.6.0:

• Cluster reuse is generally available (GA).
• Predefined autoscaling is available in Preview.
• Cloud Data Fusion flow control prevents you from submitting too many requests, which can cause stuck or failed pipeline runs. It applies to API and scheduled pipeline launch requests for batch and real-time pipelines and replication jobs. It is available in Preview.

Cloud Run now supports using less than one CPU. Refer to CPU limits for details. (Available in public preview.)

The constraint template library includes new templates: K8sPSPAutomountServiceAccountTokenPod, RestrictNetworkExclusions, and K8sDisallowAnonymous.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory), the Feed API, and the Search APIs (SearchAllResources and SearchAllIamPolicies):

• Cloud Healthcare API
  • healthcare.googleapis.com/ConsentStore
  • healthcare.googleapis.com/Dataset
  • healthcare.googleapis.com/DicomStore
  • healthcare.googleapis.com/FhirStore
  • healthcare.googleapis.com/Hl7V2Store

The restrict authentication types organizational constraint is now in Preview. * The constraint allows you to restrict the authentication types that can be used in requests for Cloud Storage resources.

Security Command Center can automatically send findings, assets, and security sources to the following SIEM and SOAR platforms:

• Cortex XSOAR—see Sending Security Command Center data to Cortex XSOAR.
• Elastic Stack—see Sending assets and findings to Elastic Stack and Exporting assets and findings with Docker and Elastic Stack.
• IBM QRadar—see Sending Security Command Center data to IBM QRadar.

Anthos clusters on VMware 1.9.4-gke.3 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.4-gke.3 runs on Kubernetes v1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.10, 1.9, and 1.8.

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Vertex AI
  • aiplatform.googleapis.com/PipelineJob

If your primary instance uses a private IP address, you can now select an allocated IP range for clones and replicas created from the instance.

If your primary instance uses a private IP address, you can now select an allocated IP range for clones and replicas created from the instance.

If your primary instance uses a private IP address, you can now select an allocated IP range for clones and replicas created from the instance.

Public preview: Public tags that provide less strict access control as compared to private tags for searching and viewing tags is rolled out to all Data Catalog regions with minimal disruption and in a controlled way. Public tags support simple search and search with predicates while private tags support only search with predicates.

Networking Connectivity Center now supports the use of a third-party network virtual appliance in any Google Cloud region for the following use cases:

• Providing site-to-cloud connectivity
• Providing connectivity or managing traffic between VPC networks

A third-party network virtual appliance could be an SD-WAN router, a firewall appliance, a load balancer, or another appliance, as long as it uses BGP. After you create a Network Connectivity Center spoke to represent your router appliance instance, it can exchange routes dynamically with Cloud Router.

To view a list of partners whose solutions are integrated with Network Connectivity Center, see Network Connectivity Center partners.

For more information about Network Connectivity Center, see the product overview.

The following accessibility improvements have been made in the Apigee UI:

• In the Develop > API Proxies view, the screen reader now reads "Create new proxy" for the Create New button
• In the Traffic column of the API Proxies view, the screen reader now reads the traffic tooltip text, and the tooltip has been removed.
• In the Last Modified column, the screen reader now reads a message like "5 months ago on Sep 17, 2021 6:21 PM," and the tooltip has been removed.
• Hovering the mouse in the Action column now displays a menu showing the Delete item, to make it accessible.

Zonal Cloud DNS zones are now available in Preview.

You can create private DNS zones that are scoped only to a Google Cloud zone.

You can now stream and export FHIR resources to BigQuery using the FHIR analytics schema with support for repeated extension columns and contained resources as JSON strings.

You can now collect Apache CouchDB logs from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: CouchDB.

You can now collect Apache Hadoop logs and metrics from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: Hadoop.

You can now collect Apache HBase logs and metrics from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: HBase.

You can now collect Apache ZooKeeper logs from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: ZooKeeper.

You can now collect WildFly logs from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: WildFly.

You can now collect Apache ActiveMQ metrics from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: ActiveMQ.

You can now collect Apache Hadoop metrics and logs from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: Hadoop.

You can now collect Apache HBase metrics and logs from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: HBase.

You can now collect MongoDB metrics from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: MongoDB.

You can now collect RabbitMQ metrics from the Ops Agent, starting with version 2.11.0. For more information, see Monitoring third-party applications: RabbitMQ.

Support for applying a path pattern when filtering is now available in Preview.

GKE Gateway traffic management is now in Preview for GKE 1.22 and later version clusters. You can now autoscale Pods or dynamically shift traffic between clusters based on Service traffic capacity.

MITRE ATT&CK framework details related to findings are now available as finding attributes for all Security Command Center services. The framework explains tactics and techniques for attacks against cloud resources, and provides remediation guidance. Although these attributes are available across all built-in and integrated services, only Container Threat Detection and Event Threat Detection are populating them at this time. For more information, see the API documentation for the Findings object.

Network Load Balancing introduces a new monitoring resource type loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule that lets you monitor all the supported protocols including TCP, UDP, ESP, and ICMP.

For details, see Monitoring Network Load Balancing.

This feature is available in General Availability.

The organization policy for integrations with services such as GitHub is now generally available. Users can now apply the policy to control triggered builds from external services, such as GitHub. To learn more, see Limiting builds triggered from external services.

VPC Service Controls support for Cloud Build is now generally available. For instructions on using this feature, see Using VPC Service Controls.

Added support for PrivateCACertificateAuthority resource

Added support for Enhanced Flexibility Mode (EFM) with primary worker shuffle mode on Spark for image version 2.0.

Checking for the existence of a key in a list is supported.

Anthos clusters on VMware 1.8.7-gke.0 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.7-gke.0 runs on Kubernetes v1.20.12-gke.1500.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.10, 1.9, and 1.8.

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Vertex AI
  • aiplatform.googleapis.com/MetadataStore
  • aiplatform.googleapis.com/ModelDeploymentMonitoringJob

DAG UI is available in Preview.

(Cloud Composer 2) Tasks that take less than 25 minutes to execute are not impacted by maintenance operations. Cloud Composer waits until such tasks are finished before the maintenance operation starts.

Dynamic port allocation for Cloud NAT is available in General Availability.

Cloud SQL now supports the use of tags on instances. Tags are key-value pairs you can apply to your resources, such as a project or a Cloud SQL instance, which are used for fine-grained access control. To learn more, see Access control with Google Cloud tags. To use tags now, see Attach and manage tags on Cloud SQL instances.

Cloud SQL now supports the use of tags on instances. Tags are key-value pairs you can apply to your resources, such as a project or a Cloud SQL instance, which are used for fine-grained access control. To learn more, see Access control with Google Cloud tags. To use tags now, see Attach and manage tags on Cloud SQL instances.

Cloud SQL now supports the use of tags on instances. Tags are key-value pairs you can apply to your resources, such as a project or a Cloud SQL instance, which are used for fine-grained access control. To learn more, see Access control with Google Cloud tags. To use tags now, see Attach and manage tags on Cloud SQL instances.

Dataplex Explore is available in Preview. Explore provides a fully-managed, serverless data exploration experience that enables you to query your data using Apache SparkSQL queries and Jupyter notebooks.

Remote functions are now available for preview. Remote functions allow you to implement your function in other languages than SQL and Javascript, or with libraries or services which are not allowed in BigQuery user-defined functions.

Dynamic compression allows Cloud CDN to automatically compress responses as they are being served between the origin and the client. The size of the data sent over the network is reduced by 60% to 85% in typical cases. This feature is supported in Preview.

Cloud Functions has added support for low-configuration access to private dependencies on Artifact Registry in in Node.js and Python.

Profiling Dataflow pipelines with Cloud Profiler is generally available (GA). Use Dataflow integration with Cloud Profiler to monitor pipeline performance.

You can now use a pre-built container to perform custom training with TensorFlow 2.8.

Runtime version 2.8 is available. You can use runtime version 2.8 to train with TensorFlow 2.8, scikit-learn 1.0.2, or XGBoost 1.5.2. Runtime version 2.8 supports training with CPUs, GPUs, or TPUs.

See the full list of updated dependencies in runtime version 2.8.

New Overview Tab in Proxy Editor

We have released a new version of the Overview tab in the Proxy Editor. See Introducing the new Proxy Editor.

Note: The new features in this release will be rolled out over the next week, so you might not be able to view them until the rollout is complete.

The UI now shows a warning when an API Product is in legacy format, stating that some of the displayed fields might be legacy fields.

Backend target routing with Private Service Connect

You can now use Private Service Connect (PSC) to connect Apigee with backend target services running in VPC networks other than the one that is peered with your Apigee organization. For details, see Southbound networking patterns.

Node.js apps now support private dependencies hosted on an Artifact Registry Node.js package repository. To include private dependencies, list the Artifact Registry repository and configure settings for authenticating with the registry in your .npmrc file.

Python 3 apps now support private dependencies hosted on an Artifact Registry Python registry. To include private dependencies, add the Artifact Registry URL and the relevant packages in your requirements.txt file.

On-Demand Scanning for Go packages is now generally available.

You can scan your container images and identify Go package vulnerabilities.

The table clones feature in BigQuery is now in Preview. A table clone is a lightweight, writable copy of a table. You are only charged for storing the data in a table clone that differs from its base table.

DeleteSubject

The DeleteSubject method has been added to the Chronicle Role-Based Access Control (RBAC) API. DeleteSubject enables you to remove user and group role assignments.

Internal TCP/UDP Load Balancing now supports source-IP address session affinity (CLIENT_IP_NO_DESTINATION) in Public Preview.

Data Catalog now supports cataloguing and searching data entries from Dataplex lakes, zones, tables, and filesets. For more information, see the Dataplex documentation and Data Catalog documentation.

Service Directory integration with Traffic Director is available in Preview .

After you register a service with Service Directory, the integration makes services in the service registry available to the applications in your mesh and to gateways configured by Traffic Director. Your service mesh and self- managed gateways can then send traffic to these services

Traffic Director is now integrated with Service Directory. After you register a service with Service Directory, the integration makes services in the service registry available to the applications in your mesh and to gateways configured by Traffic Director. Your service mesh and self- managed gateways can then send traffic to these services.

The INFORMATION_SCHEMA.STREAMING_TIMELINE_* views are now generally available (GA).

The QUALIFY clause, which lets you filter the results of analytic functions in Google Standard SQL, is now generally available (GA).

This release adds filters to ListCustomers. You can use these filters to exclude selected customers from search results. For more information, visit our article about these new filters.

Support for configuring triggers to use a particular service account is now generally available. To learn more, see Configuring user-specified service accounts.

Cloud Functions has released Cloud Functions (2nd gen), available at the Preview release level. Cloud Functions (2nd gen) is Google Cloud's next-generation Functions-as-a-Service offering. This new version of Cloud Functions comes with an advanced feature set, giving you more powerful infrastructure, advanced control over performance and scalability, more control around the functions runtime, and triggers from over 90 event sources.

See the Cloud Functions (2nd gen) documentation for details.

You can now configure default storage regions and disabled _Default sinks for your Google Cloud organizations and all of their new projects and folders. For details, see Configure default resource settings for Logging.

You can now collect Apache Solr metrics and logs from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Solr.

You can now collect Apache Kafka metrics and logs from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Kafka.

You can now collect MongoDB logs from the Ops Agent, starting with version 2.10.0. For more information, see Collect logs from third-party applications: MongoDB.

You can now collect Apache Solr metrics and logs from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Solr.

You can now collect Apache Kafka metrics and logs from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Kafka.

You can now collect Apache CouchDB metrics from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: CouchDB.

You can now collect Apache ZooKeeper metrics from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: ZooKeeper.

You can now collect Elasticsearch metrics from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Elasticsearch.

Added support for enabling read replicas (preview) on existing instances. For more information, see Behavior of enabling read replicas on an existing instance. Also added the capability to perform version upgrade and manual failover operations on instances that use read replicas.

Cloud Spanner now optimizes the way it processes groups of similar statements in DML batches, significantly improving the speed at which it performs batched data writes under certain conditions.

Added support for ComputeFirewallPolicyAssociation resource.

Added support in IAMPartialPolicy and IAMPolicy to cover Organization and BillingAccount resources.

Config Controller is now supported in region us-east1.

Anthos clusters on VMware 1.10.1-gke.19 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.1-gke.19 runs on Kubernetes v1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.10, 1.9, and 1.8.

BigQuery Omni now supports INFORMATION_SCHEMA.JOBS_* and INFORMATION_SCHEMA.RESERVATION* views. This feature is in Preview. For more information, see View resource metadata (AWS) and View resource metadata (Azure).

Your regional preferences, including date and time formatting, are now supported in the Logs Explorer.

Generally available: Compute-optimized C2D machine types are now generally available. C2D machine types are built on top of third generation AMD EPYC Milan processors and are a great fit for high-performance computing (HPC) workloads. For more information, see Compute-optimized machine family.

Access-related details are now available as finding attributes for all Security Command Center services. These attributes relate to an access event associated with a finding. They contain details such as the caller's IP address, which service and method was called, and what region the access event occurred in. Although access-related attributes are available across all built-in and integrated services, they're only populated by Event Threat Detection at this time. For more information, see the API documentation for the Findings object.

Compute Engine resource names, alongside their corresponding resource IDs, are now supported in the Logs Explorer. For details, see View Compute Engine logs.

Public Preview: You can now use the security keys registered for 2-Step Verification in your Google account to connect to VMs that use OS Login. For more information, see Enable security keys with OS Login.

Network Load Balancing now supports load-balancing ESP (Encapsulating Security Payload) and ICMP (Internet Control Message Protocol) traffic. To handle these protocols, you specify the new L3_DEFAULT protocol on the load balancer's forwarding rule.

For details, see:

• Forwarding rule protocols for backend service-based network load balancers
• Setting up Network Load Balancing for multiple protocols

This feature is available in General Availability.

External TCP/UDP Network Load Balancing now allows you to configure a connection tracking policy. A connection tracking policy introduces the following new properties to let you customize your load balancer's connection tracking behavior:

• Tracking mode
• Connection persistence on unhealthy backends

To learn about how connection tracking works, see Backend selection and connection tracking.

To learn how to configure a connection tracking policy, see Configure a connection tracking policy.

This feature is available in General Availability.

Network Load Balancing introduces a new monitoring resource type loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule that lets you monitor all the supported protocols including TCP, UDP, ESP, and ICMP.

For details, see Monitoring Network Load Balancing.

This feature is available in Preview.

You can now view information about your user-defined metrics by using the Diagnostics tab located on the Metrics Explorer page. The Diagnostics tab displays summary information about the user-defined metrics your project injests, charts usage metrics, lists all user-defined metrics. You can use features on this page to create alerts, view audit logs, and get detailed information about individual metrics. For more information, see View metric diagnostics.

Cloud SQL supports the max_parallel_maintenance_workers, max_parallel_workers,
max_parallel_workers_per_gather, and max_pred_locks_per_transaction flags:

• max_parallel_maintenance_workers sets the maximum number of parallel workers that can be started by a single utility command.
• max_parallel_workers sets the maximum number of workers that the system can support for parallel operations.
• max_parallel_workers_per_gather sets the maximum number of workers that can be started by a single Gather or Gather Merge node.
• max_pred_locks_per_transaction controls the average number of object locks allocated for each transaction.

For more information, see Supported flags.

Cross-region replication is now generally available in Cloud SQL for SQL Server.

You can use replication to scale the use of data in a database without degrading performance. Other reasons include migrating or maintaining data duplicates between regions.

For more information, see Replication in Cloud SQL.

Query statistics now cover DML statements, including inserts, updates, and deletes.

Added support for upgrading the Redis version of an instance to any higher version.

Support for agent pools is now generally available (GA) .

You can use agent pools to create isolated groups of agents as a source or sink entity in a transfer job. This enables you to transfer data from multiple data centers and filesystems concurrently, without creating multiple projects for a large transfer spanning multiple filesystems and data centers.

Cloud Build's Bitbucket Server and Bitbucket Data Center integration is now generally available. Users can build repositories from Bitbucket Server and Bitbucket Data Center, including on-premises instances. For more information, see Building repositories from Bitbucket Server and Building repositories from Bitbucket Data Center.

Airflow 2.2.3 is available in Cloud Composer images.

Using the new Integrations page in the Google Cloud Console, you can now configure third-party application integrations that the Ops Agent supports. The Integrations page provides links to install instructions, displays example dashboards, and lists the metrics and logs that the Ops Agent collects for each integration. For more information, see Manage integrations

Bidirectional Forwarding Detection (BFD) for Cloud Router is Generally Available (GA).

Cloud SQL supports the wal_receiver_timeout and wal_sender_timeout flags:

• The wal_receiver_timeout flag ends replication connections that are inactive for the specified time.
• The wal_sender_timeout flag, which is for detection by the ending server, ends replication connections that are inactive for the specified time.

For more information, see Supported flags.

SQL Server 2019 is now the default version. See Database versions and version policies.

Cloud Spanner's CPU Utilization metrics now provide grouping by all task priorities: low, medium, and high.

Relatedly, Cloud Spanner's monitoring console now lets you view the CPU utilization of your instance by operation type, filtered by task priority.

Added cluster_type field to job and operation metrics in Cloud Monitoring.

Google Cloud Armor Rate Limiting is now in General Availability.

Security Health Analytics, a built-in service of Security Command Center, released the OPEN_GROUP_IAM_MEMBER detector to General Availability.

Using the fleet feature API to set up managed Anthos Service Mesh with automatic control plane management is now available as a preview feature in the rapid, regular, and stable release channels. For more information, see Configure managed Anthos Service Mesh with fleet API.

The following PostgreSQL minor versions and extension versions are now available. If you use maintenance windows, you might not yet have these versions. In this case, you will see the new versions after your maintenance update occurs. To find your maintenance window or manage maintenance updates, see Finding and setting maintenance windows.

• 14.0 is upgraded to 14.1.
• 13.4 is upgraded to 13.5.
• 12.8 is upgraded to 12.9.
• 11.13 is upgraded to 11.14.
• 10.18 is upgraded to 10.19.
• 9.6.23 is upgraded to 9.6.24.

Additionally, the following extensions have been upgraded. For more information about these and other extensions, see PostgreSQL extensions.

• The pglogical extension is upgraded to 2.4.1.

• The pgaudit extension is upgraded as follows:

  • For PostgreSQL 14, upgraded to 1.6.1.
  • For PostgreSQL 13, upgraded to 1.5.1.
  • For PostgreSQL 12, upgraded to 1.4.2.
  • For PostgreSQL 11, upgraded to 1.3.3.
  • For PostgreSQL 10, upgraded to 1.2.3.
  • For PostgreSQL 9.6, upgraded to 1.1.4.

Generally available: Support for the Intel Ice Lake processor on general purpose N2 VMs has reached general availablity.

Generally available: The n2-node-128-864 sole-tenant node type.

Traffic Director new service routing APIs are available in preview. The new APIs simplify routing and service mesh configuration with new Mesh, Gateway, and Route resources.

Related to this change, new options are available for automated Envoy deployment.

The BigQuery migration assessment is now available in Preview. Use this feature to assess the complexity of migrating from your current data warehouse to BigQuery.

BigQuery ML Hyperparameter tuning is now generally available (GA). You can use this feature to improve model performance by searching for the optimal hyperparameters when training ML models using CREATE MODEL statements.

To learn more, check out the following topics:

• BigQuery ML Hyperparameter Tuning Overview
• Using the BigQuery ML Hyperparameter Tuning to improve model performance
• End-to-end user journey for each model

You can now save a copy of a chart on a predefined dashboard to one of your custom dashboards by selecting Add to Custom Dashboard from the More Options menu on the chart. When you select a custom dashboard, you also have the option of renaming the copied chart.

In the Data Catalog table details page, there is now an additional section called Schema and column tags that lets you view the applied schema and their values. For more information, see View table details.

Generally available: Managed Microsoft AD now supports the use of tags on domains.

Pub/Sub Lite now supports regional Lite topics that replicate data to a secondary zone.

Secret manager now supports data checksums when adding or accessing a secret version.