Google Cloud release notes

Community contributed UDFs are now generally available in the bigquery-utils GitHub repository and the bigquery-public-data.persistent_udfs public dataset.

Cloud console updates: In the query editor, when you select a function signature from the autocomplete list, you can remove the parameter names quickly by pressing the Backspace or Delete key.

You can now manage Monitoring-specific roles by using the Cloud Monitoring pages in the Google Cloud console. For more information, see Grant access to Cloud Monitoring.

Filestore is now available in Madrid, Spain (europe-southwest1 region).

Filestore is now available in Paris, France (europe-west9 region).

Filestore is now available in Milan, Italy (europe-west8 region).

The following extensions in Cloud SQL for PostgreSQL are generally available:

• pgRouting. Enhances geospatial processing, through network routing and analysis, for PostGIS.
• plv8. Provides a procedural language for enabling the use of JavaScript.
• amcheck. Enables the use of the pg_amcheck application to check for corruption in PostgreSQL databases.

AlloyDB supports customer-managed encryption keys (CMEK), an alternative to its default Google-managed encryption. CMEK is especially useful for AlloyDB users who need to manage their own data encryption keys in order to satisfy specific compliance or regulatory requirements.

You can now launch clusters with the following Kubernetes versions:

• 1.21.14-gke.2900
• 1.22.12-gke.1100
• 1.23.9-gke.800

Anthos clusters on VMware 1.12.1-gke.57 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.12.1-gke.57 runs on Kubernetes 1.23.5-gke.1505.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

• GA: You can now have your GKE clusters in separate vSphere clusters. With this feature, you can deploy the admin cluster in one vSphere cluster, and a user cluster in a different vSphere cluster.

Release 1.12.2

Anthos clusters on bare metal 1.12.2 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.2 runs on Kubernetes 1.23.

Features:

• Added –use-disk flag to bmctl backup cluster command to use the disk instead of the in-memory buffer to back up a cluster. Use this option when available RAM is limited on your admin workstation.
• Added --quiet flag to bmctl check cluster -- snapshot command to suppress logging to the console during the snapshot creation.

Container Analysis automatic scanning for Java and Go vulnerabilities in container images is now in Preview. If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry for Java and Go vulnerabilities, in addition to operating system vulnerabilities.

Container Analysis returns Java and Go vulnerability results for images that have a supported or unsupported operating system. When you push new versions of images to the registry, you might see more successful vulnerability scans and corresponding charges against images without a supported operating system.

For more information, see the Types of scanning in the Container Analysis documentation.

Preview: You can double the default size limit for a managed instance group (MIG): Zonal MIGs now support up to 2,000 VMs and regional MIGs support up to 4,000 VMs. For more information, see Increase the group's size limit

Deinterlace configurations are now supported.

You can view which zones host a primary instance's active or standby VMs.

The restrict authentication types organization policy constraint is now generally available (GA). This constraint allows you to restrict the authentication types that can be used in requests for Cloud Storage resources.

Organization Policy custom constraints has launched into public preview. Custom constraints can allow or restrict access to API calls in the same way that predefined constraints do, but allow administrators to configure conditions based on request parameters and other metadata. For more information, see Creating and managing custom constraints.

Release 1.10.8

Anthos clusters on bare metal 1.10.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.8 runs on Kubernetes 1.21.

Anthos VM Runtime

Anthos VM Runtime is Generally Available (GA). Some features and capabilities are available for Preview only, as indicated in the following descriptions:

• Upgraded Kubevirt to version 0.49.
• Upgraded Containerized Data Importer (CDI) to version 1.43.0.
• Added bmctl command to enable or disable Anthos VM Runtime on user clusters.
• Added automatic upgrade of Anthos VM Runtime when upgrading Anthos clusters on bare metal.
• Preview: Added ability to configure an eviction policy that controls how VMs automatically migrate to other hosts during maintenance events.
• Preview: Added non-disruptive upgrading of VM runtime during live migration (that is, when VMs are unobtrusively migrated from one node to another).

VM APIs:

• Simplified VM Compute API.
• Added ability to create and manage disk resources for VMs that use Anthos VM Runtime.
• Added ability to schedule VMs using standard Kubernetes scheduling primitives.
• Preview: Added ability to use GPUs in VMs.
• Added more access management capabilities to VM Guest Environment.
• Preview: Added support for guest OS booting of UEFI. Previously, only BIOS was supported.

Observability:

• Integrated VM telemetry and console logs into Google Cloud console. Telemetry information and log data are critical for monitoring the status of VMs and for troubleshooting problems with your cluster VMs.
• Added VM CPU and memory metrics to Cloud Monitoring. These metrics can be viewed in the Anthos clusters VM status dashboard.
• Added ability to view console logs for VMs that use Anthos VM Runtime.
• Added logs that audit VM pods.

Guest OS support:

Added support for the following guest OS versions running on a Virtual Machine:

• Windows Server 2019
• Windows Server 2016
• Windows 10
• Red Hat Enterprise Linux (RHEL) 8
• RHEL 7
• CentOS 8
• CentOS 7
• Ubuntu 20.04
• Ubuntu 18.04

VM networking features:

• IPAMv4: Static IP Allocation for VM interfaces.
• IP and MAC Stickiness for VM interfaces.
• IPAMv4: DHCP for VM interfaces.
• VLAN tagging support for VM Interfaces.
• Multi-NIC for VM interfaces through native Dataplane V2 support (macvtap + Dataplane V2).
• Static routes and DNS configurations at per-network basis.
• NetworkPolicy enforcement at per-network basis.
• Validating admission webhooks for Network and NetworkInterface object.
• Network Mutation, allow the mutations of Gateway, DNS and the customized network routes in the network custom resource. The parent interface for the VM and the VLAN ID are not mutable. VMs that were already running before the network configuration change need to be restarted to pick up the change.
• Added command to restart all VMs in a network.

• Graceful IP release for VMs:

  • During VM migration, the IP isn't released.
  • IP addresses are released for VMs that are deleted or stopped.

  For more information on networking, see Create and use virtual networks for Anthos VM Runtime.

In this release, you can view both the visual editor and the text editor at the same time in the Develop view, without having to manually switch between the two. You can also resize the display area of either editor to view it more easily. See Change the target endpoint for a description of the changes to the editor layout.

For VPC-native clusters, the user-managed secondary range for Services can now be shared among clusters in the same subnet. The Services range no longer needs to be unique for clusters on the same subnet. Shared Services ranges are backwards-compatible with all GKE versions.

Audio-only outputs are now supported. For more information, see the Pricing page and the sample configuration.

Labels are now supported. Labels are key-value pairs you can use to organize resources.

API Keys API is now available in GA.

Apigee Ingress gateway

Starting in version 1.8, Apigee hybrid offers a new feature to manage the ingress gateway for your hybrid installation, Apigee ingress gateway. Anthos Service Mesh is no longer a prerequisite for hybrid installation. With Apigee ingress gateway, Apigee will stop supplying routing configuration to Anthos Service Mesh. See Managing Apigee ingress.

ORG-level UDCA

Apigee hybrid now supports setting UDCA at the org level instead of at the environment level. See orgScopedUDCA in the Configuration property reference.

Support for newer versions of Anthos, Anthos Service Mesh, and Kubernetes

Starting in version 1.8, Apigee hybrid supports Anthos version 1.12, Anthos Service Mesh version 1.13, and Kubernetes version 1.23 on specific platforms. See Apigee hybrid supported platforms and versions for details.

KVM pagination

Apigee hybrid now supports KVM pagination (introduced in Apigee X on March 10, 2022). See REST Resource: organizations.keyvaluemaps and REST Resource: v1.organizations.environments.keyvaluemaps.

apigeectl now supports the --v option to set the log verbosity level

Starting in version 1.8, apigeectl includes a --v option to set log verbosity levels in the format --v=int, for example apigeectl apply --v=5. This option replaces the --verbose option (now deprecated). This is the same as the kubectl --v option. See apigeectl for details.

tools/apigee-pull-push.sh includes a –list option to list all images

Starting in version 1.8, The tools/apigee-pull-push.sh utility has a --list or -l option that will list all images in the gcr repo. See apigee-pull-push.sh for details.

The following attributes were added to the Finding object of the Security Command Center API:

• Database provides information about access to a database that is related to a finding.
• serviceAccountKeyName, serviceAccountDelegationInfo, and principalSubject attributes were added to the existing access attribute. These new attributes provide additional context about the principals that are associated with a finding.
• uris, a new attribute within the indicator attribute, lists any malicious URIs that are associated with a finding.

For more information, see the Security Command Center API documentation for the Finding object.

The ALTER TABLE RENAME COLUMN DDL statement, which allows you to rename the columns of a table, is now in preview.

You can now use tags to allow or deny security policies on a Cloud Bigtable instance. This feature is generally available (GA). To learn more, see Create and manage tags.

Customer-managed encryption keys are now Generally Available for Memorystore for Redis.

For all the connectors that require a hostname and port configuration, you can now see a Destinations section when creating the connector. In this section, you must enter the details of the remote host (backend system) you want to connect. You can now specify the destination details either as a host address or a service attachment.

VirusTotal Context

Chronicle's integration with VirusTotal has been revised and enhanced. This feature enables you to pivot from finding domains linked to an asset in Chronicle to viewing information about that domain from VirusTotal. From a Chronicle event view, such as Asset view, Domain view, or IP Address view, click VT Context to open the VirusTotal Context window. Some of the VirusTotal information is only available to users with a VirusTotal Enterprise account.

Some of the older links in the Chronicle user interface to VirusTotal, for example the option in Asset view to display the first 50 results in VirusTotal Graph and the VirusTotal Insights results panel, have been removed. Clicking VT Context provides access to the same information and VirusTotal functionality, including access to VirusTotal Graph.

Health checks for internal load balancers and automatic failovers in Cloud DNS routing policies are now available in Preview.

Workforce identity federation now lets users from external identity providers sign in to the Google Cloud workforce identity federation console, also known as the console (federated). The console (federated) provides UI access to supported Google Cloud products. This feature is available in Preview.

You can now set default values on columns in your BigQuery tables. This feature is now in preview.

Cloud console updates: You can now copy BigQuery metadata to your clipboard by using the following options:

• In the Schema view, to copy a table's schema, select any fields, and then click content_copy Copy.

• In the Explorer pane, to copy the ID of a resource, click more_vert View actions, and then click Copy ID.

Cloud console updates: Improvements include the following:

• Query results are now displayed in resizable columns.

• Tab titles now expand when space is available for longer names.

• Tooltips no longer display text immediately when you hold the pointer over them, avoiding unnecessary distraction.

• In the Explorer pane, you can now access saved queries by expanding your project. The Saved Queries pane is no longer at the bottom of the console.

• In the Explorer pane, you can now find a table by searching for mydataset.mytable.

• In the query editor, you can now press the F1 shortcut key to view more editor shortcuts.

Chronicle curated detections provide out-of-the-box threat detection content curated, built, and maintained by Google Cloud Threat Intelligence (GCTI) researchers. This release of curated detections cover the following range of threats:

• Windows-based threats: Coverage for several classes of threats including infostealers, ransomware, RATs, misused software, and crypto activity.
• Cloud attacks and cloud misconfigurations: Secure cloud workloads with additional coverage around exfiltration of data, suspicious behavior, and additional vectors.

The DISABLE_INLINE hint is now available to use in a Google Standard SQL function call. This allows a function to be computed once instead of each time another part of a query references it.

For Cloud Translation - Advanced (v3) glossaries, you can now manage glossary entries. This feature is Generally Available (GA).

Added support for IAMWorkforcePoolProvider resource.

Added support for "reconcile resource immediately once its dependency is ready" feature for CloudFunctionsFunction, EventarcTrigger, MonitoringUptimeCheckConfig, ServiceDirectoryEndpoint, ServiceDirectoryService

M95 Release

The M95 release of Vertex AI Workbench managed notebooks includes the following:

• Fixed a bug where users were regularly getting a 502 error when trying to access JupyterLab.
• Fixed a bug where opening an instance in Single User mode slowed the start of an instance.
• Fixed a bug where a managed notebooks instance was not starting after adding a GPU.
• Fixed bugs on the Serverless Spark form input.
• Improved the ActivityLog refresh after Serverless Spark creation.
• Fixed a bug related to the display of materialized views in BigQuery.
• Refreshed the JupyterLab interface with an improved Google-specific theme.
• Fixed a bug related to viewing Cloud Storage buckets and folders with large numbers of objects.
• Regular package refreshment and bug fixes.

Learn more about managed notebooks versions.

Workforce identity federation lets you authenticate and authorize users from external identity providers to access supported Google Cloud products, including BigQuery resources. This feature is now in preview.

Feed Management

You can now configure new data feeds for your Chronicle account using Feed Management. This feature makes it possible for you to setup your own data feeds without the assistance of Chronicle support personnel. You can setup new data feeds using either the Feed Management user interface or the Feed Management API. Chronicle returns error messages in the event you have misconfigured a feed and need to make changes.

Alias records are available in Preview.

You can now manage an alias record, which maps an alias domain name to a canonical name at the zone apex, by using Cloud DNS.

On August 15, 2022, we released the preview version of the Oracle DB connector for Apigee. For more information, see Create a Oracle DB connection.

BigQuery Omni now supports reservation DDL and access control DCL. This feature is now generally available (GA).

Cloud Data Fusion version 6.7.1 is generally available (GA). This release is in parallel with the CDAP 6.7.1 release.

The SAP Ariba Batch Source plugin is available in Preview. You can connect your data pipeline to an SAP Ariba Source and a BigQuery Sink with this plugin in Cloud Data Fusion versions 6.5.1 and later.

Bucket-level log-based metrics are now available in Preview. You can now create log-based metrics that are computed from the logs routed to a specific log bucket. For more information, see Log-based metrics on log buckets.

The GKE Clusters List page now includes a new Observability tab that displays Monitoring data. This tab shows infrastructure health metric trends such as CPU, memory, container restarts and control-plane metrics. It also provides visibility into ingestion into Google Cloud Managed Service for Prometheus and Cloud Logging. For more information, see View observability metrics.

By enabling instance deletion protection, you can prevent the accidental removal of Cloud SQL instances. This functionality is generally available.

For more information, see Prevent deletion of an instance.

By enabling instance deletion protection, you can prevent the accidental removal of Cloud SQL instances. This functionality is generally available.

For more information, see Prevent deletion of an instance.

By enabling instance deletion protection, you can prevent the accidental removal of Cloud SQL instances. This functionality is generally available.

For more information, see Prevent deletion of an instance.

The GKE Clusters List page now includes a new Observability tab. This tab shows infrastructure health metric trends such as CPU, Memory, container restarts and Control Plane metrics. It also provides visibility into ingestion into Google Cloud Managed Service for Prometheus and Cloud Logging. For more information, see View observability metrics.

Anthos clusters on VMware 1.10.6-gke.36 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.6-gke.36 runs on Kubernetes 1.21.14-gke.2100.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Dataproc
  • dataproc.googleapis.com/AutoscalingPolicy
  • dataproc.googleapis.com/Batch
  • dataproc.googleapis.com/WorkflowTemplate

Cloud Bigtable-BigQuery federation is now generally available (GA). You can use BigQuery to query data from Cloud Bigtable and blend it with data from other federated data sources. For more information, see Querying Cloud Bigtable data.

M95 Release

• Tensorflow has been updated to 2.9.1, 2.8.1, and 2.6.5 to include upstream changes.
• Regular package refreshment and bug fixes.

M95 Release

• Tensorflow has been updated to 2.9.1, 2.8.1, and 2.6.5 to include upstream changes.
• Updated to the latest NVIDIA driver version: 510.47.03.
• The latest NVIDIA driver version does not support K80 GPUs. To use K80 GPUs, you must use an M94 or earlier environment.
• Fixed bug in which the user is prompted with the warning JupyterLab build is suggested on startup for TensorFlow Deep Learning VMs.
• Regular package refreshment and bug fixes.

You can now place your Transfer Appliance into suspend mode before moving it to a new location. Suspend mode removes access to data on the device and suspends any transfers.

Learn more from the Suspend section of the documentation.

Vertex Explainable AI

Vertex Explainable AI now offers Preview support for example-based explanations. For more information, see Configure example-based explanations for custom training.

This release contains the new Abuse page in Advanced API Security, which displays information about bots that have been detected by analysis of your API traffic. The Abuse page displays the IP addresses of detected bots, as well as their locations, the bot rules that led to their detection, and other details.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) , Feed API, and Search APIs (SearchAllResources and SearchAllIamPolicies):

• Cloud IDS (Cloud Intrusion Detection System)

  • ids.googleapis.com/Endpoint

• Speech-to-Text

  • speech.googleapis.com/CustomClass
  • speech.googleapis.com/PhraseSet

New tooling is available to help you migrate to Cloud Bigtable from HBase clusters that are hosted on another Google Cloud service. For more information, see Migrate from HBase on Google Cloud.

You can now prevent Cloud Monitoring from sending notifications or creating incidents during specific time periods. For general information, see Snooze notifications and alerts. For information about how to create, view, and modify a snooze, see Create and manage snoozes.

Support for VPC Service Controls (Preview)

VPC Service Controls lets you define a security perimeter around the Apigee Integration Google Cloud service. For more information, see Set up VPC Service Controls for Apigee Integration.

You can now set default configurations at a project or organization level. This feature is now generally available (GA).

You can now manage query execution priority for Cloud Spanner federated queries. This feature is now generally available (GA).

Network Load Balancing logging and Internal TCP/UDP Load Balancing logging are now available in Preview.

Storage Transfer Service now supports transfers from AWS S3 using self-hosted transfer agents. This feature provides a way to configure the data transfer path between AWS and Google Cloud and offers more control over performance.

See the documentation for details.

Querying Google Cloud Bigtable external data sources is now generally available (GA).

Importing a domain from Google Domains to Cloud Domains is available in Preview.

You can now launch clusters with the following Kubernetes versions:

• 1.23.8-gke.2000
• 1.22.12-gke.300
• 1.21.14-gke.2100

External TCP/UDP network load balancers can now be configured to handle IPv6 traffic from clients. To enable this, you must configure your subnet, backend VMs, and the forwarding rules to handle IPv6 traffic.

This feature is only available for backend service-based network load balancers.

For details, see:

• Backend service-based network load balancer overview

• Set up a backend service-based network load balancer

This feature is available in General Availability.

Generally Available: Internal and external IPv6 addresses for Google Compute Engine instances are available in all regions.

For more information, see Configuring IPv6 for instances and Creating instances with multiple network interfaces.

Connectivity Tests now includes a feature that performs live data plane analysis by testing connectivity between a VM and a Google network edge location. This feature is available for the following traffic flows:

• Between VM and non-Google Cloud network
• Between VM and Cloud SQL instances

In the Google Cloud console, you can see the results of this analysis in the column labeled Last live data plane analysis result. In the gcloud command-line and API responses, you can see the results in the probingDetails object.

Event Threat Detection, a built-in service of Security Command Center, launched the following rules to Preview.

• Discovery: Can get sensitive Kubernetes object check
• Privilege Escalation: Changes to sensitive Kubernetes RBAC objects
• Privilege Escalation: Create Kubernetes CSR for master cert
• Privilege Escalation: Creation of sensitive Kubernetes bindings
• Privilege Escalation: Get Kubernetes CSR with compromised bootstrap credentials
• Privilege Escalation: Launch of privileged Kubernetes container

These rules detect scenarios where a malicious actor attempted to query for or escalate privileges in Google Kubernetes Engine. For more information, see Event Threat Detection rules.

Beta stage support for the following integration:

• Service Account Credentials API

Internal and external IPv6 addresses are available in all regions in General Availability:

• Subnets: Dual-stack subnets that have both IPv4 and IPv6 subnet ranges.

• Routes: Subnet routes for IPv6 subnet ranges.

• Instances: Dual-stack instances with both IPv4 and IPv6 addresses, including instances with multiple network interfaces.

The new Cloud SQL System insights dashboard helps you detect and analyze system performance problems.

Generally available: You can now use the os-config troubleshoot command to help verify the setup of VM Manager. For more information, see Verifying VM Manager setup.

You can now schedule a custom cycle to refresh shadowed rule insights in Firewall Insights. For more information, see Schedule a custom refresh cycle.

Firewall Insights now identifies firewall misconfigurations for firewall rules which contain IPv6 IP address ranges. For more information, see Firewall Insights overview.

Text-to-Speech now offers these new voices. See the supported voices page for a complete list of voices and audio samples.

1. cloud-pt-BR-Standard-C
2. cloud-pt-BR-Wavenet-C

Beta stage support for the following integration:

• Integration Platform

Network firewall policies and regional firewall policies are now available in General Availability.

Added skip_polling so that connectors can execute asynchronously without waiting for the operation to complete.

You can now launch clusters with the following Kubernetes versions:

• 1.23.8-gke.1700
• 1.22.12-gke.200
• 1.21.14-gke.2100

You can now launch clusters with the following Kubernetes versions:

• 1.23.8-gke.1700
• 1.22.12-gke.200
• 1.21.14-gke.2100

Release 1.11.4

Anthos clusters on bare metal 1.11.4 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.4 runs on Kubernetes 1.22.

The Logs Explorer query results now show an icon for log entries that are part of error groups. You can click the icon to view details about the error group, exclude or show only log entries from the error group in the query results, or view related documentation. For more information, see Find log entries with error groups.

Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:

• Ashburn, Virginia, North America: us-east4-a

For more information about using GPUs on Compute Engine, see GPU platforms.

Added support for the IAMWorkforcePool resource.

Added spec.configmanagement.policyController.monitoring and spec.configmanagement.policyController.mutationEnabled fields to GKEHubFeatureMembership.

Added support for state-into-spec to StorageBucket.

Access Approval supports Secret Manager in the Preview stage.

Release 1.12.1

Anthos clusters on bare metal 1.12.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.1 runs on Kubernetes 1.23.

The max_staleness materialized view option helps you achieve consistently high performance with controlled costs when processing large, frequently changing datasets. This feature is now in preview.

GKE total size control is now available in GKE version 1.24 clusters. For autoscaled node pools you can now set the minimum and maximum number of the total number of nodes across all zones, rather than specify a per zone limit. To learn more, see Cluster autoscaler.

The maximum number of Pods that can run on each node has increased from 110 to 256 with GKE version 1.23.5-gke.1300 or later. To learn more, see Optimizing IP address allocation.

RDB Snapshots are now Generally Available on Memorystore for Redis.

Serving controls can now be imported from and exported to files. This allows you to move serving controls between projects and do bulk edits and additions of serving controls within a project. This feature is available in Preview.

See the new documentation:

• Export serving controls
• Import serving controls

Configuring an internal TCP/UDP load balancer and network load balancer in Service Directory is available in GA.

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Firebase
  • firebase.googleapis.com/FirebaseProject
  • firebase.googleapis.com/FirebaseAppInfo

Customer-managed encryption key (CMEK) organization policy constraints are now generally available (GA).

• constraints/gcp.restrictNonCmekServices allows you to control which resources require the use of CMEK.
• constraints/gcp.restrictCmekCryptoKeyProjects allows you to control the projects from which a Cloud KMS key can be used to validate requests.
• You can use both constraints together to enforce the use of CMEK from allowed projects.

New commands are now available gcloud alpha storage.

• Commands include the ability to create buckets, view metadata for buckets and objects, and edit metadata for buckets and objects.
• Note that all Cloud Storage gcloud commands continue to be in Preview.

Two Organization Policy constraints have launched into general availability to help ensure CMEK usage across an organization. For more information, see CMEK organization policies.

The following functions have been added:

• text.url_encode returns a string with percent-encoded reserved characters, including spaces
• text.url_encode_plus returns a string with percent-encoded reserved characters, and spaces replaced by pluses
• text.url_decode returns a string with pluses and percent-escaped characters converted to UTF-8

Release 1.10.7

Anthos clusters on bare metal 1.10.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.7 runs on Kubernetes 1.21.

The trigonometric SQL function CBRT is now generally available (GA). With this function, you can compute the cube root of a value.

The LOAD DATA statement is now available for Preview in Google Standard SQL for BigQuery. You can use the LOAD DATA statement to load data from one or more files into a table.

Cloud DLP can de-identify sensitive data stored in Cloud Storage. This feature is in generally available. For more information, see De-identification of sensitive data in storage.

Bucket tags are now available in Preview. You can apply tags to buckets for fine-grained access control.

TensorFlow Profiler integration: Debug model training performance for your custom training jobs. For details, see Profile model training performance using Profiler.

Enhancements to Bare Metal Solution resource management–Adds the following functionality:

• Change the operating system for a Bare Metal Solution server
• Enable hyperthreading on a Bare Metal Solution server
• View advanced networking information
• Implement IP address management
• Provision storage volume resources
• Remove storage volume resources

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) , Feed API, and Search APIs (SearchAllResources and SearchAllIamPolicies):

• Backup for GKE
  • gkebackup.googleapis.com/BackupPlan
  • gkebackup.googleapis.com/Backup
  • gkebackup.googleapis.com/VolumeBackup
  • gkebackup.googleapis.com/RestorePlan
  • gkebackup.googleapis.com/Restore
  • gkebackup.googleapis.com/VolumeRestore

You can now add table widgets to custom dashboards that let you limit the number of table rows, display only those rows with the highest, or lowest values, and that display a visual indicator of the value as compared to the range of possible values. For more information, see Display data in tabular form on a dashboard.

Generally available: When you autoscale a MIG, you can view the reasons for why the autoscaler adds or removes VMs in your MIG. For more information, see Viewing autoscaler logs.

We now offer Preview support for Custom prediction routines (CPR). CPR lets you easily build custom containers for prediction with pre/post processing support.

You can now create BigQuery subscriptions in Pub/Sub to write messages directly to an existing BigQuery table.

You can now add user-defined labels to public and private Uptime checks. For more information, see Create public uptime checks.

Configurable dual-region storage is generally available (GA).

Preview: You can now merge or split your existing hardware resource commitments to create new upsized or downsized commitments. For more information, see Merge and split commitments.

Generally available: Use the Cloud console, the gcloud tool, or the API to configure a VM to shut down when a Cloud KMS key is revoked. For more information, see Configure VM shutdown on Cloud KMS key revocation.

Generally available: When you create VMs in bulk, you can now use the following new values with the TARGET_SHAPE flag:

• ANY: Use this value to place VMs in zones to maximize unused zonal reservations.
• BALANCED: Use this value to place VMs uniformly across zones.

Anthos clusters on VMware 1.11.2-gke.53 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.2-gke.53 runs on Kubernetes 1.22.8-gke.204.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

Inverse trigonometric SQL functions are now generally available (GA). These functions include:

• COT: Compute the cotangent for an angle.
• COTH: Compute the hyperbolic cotangent for an angle.
• CSC: Compute the cosecant for an angle.
• CSCH: Compute the hyperbolic cosecant for an angle.
• SEC: Compute the secant for an angle.
• SECH: Compute the hyperbolic secant for an angle.

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Firestore
  • firestore.googleapis.com/Database

Added support for ServiceDirectoryEndpoint resource.

Added support for the DLPStoredInfoType resource.

Added support for state-into-spec: absent to MonitoringAlertPolicy.

Added spec.iap.oauth2ClientIdRef field to ComputeBackendService.

Added spec.egressPolicies.egressTo.externalResources field to AccessContextManagerServicePerimeters,

Added spec.externalDataConfiguration.connectionId field to BigQueryTable.

Added spec.includeBuildLogs field to CloudBuildTrigger.

Added spec.cacheKeyPolicy.cdnPolicy.includeNamedCookies field to ComputeBackendService.

Added spec.enableUlaInternalIpv6 and spec.internalIpv6Range fields to ComputeNetwork.

Added spec.maxPortsPerVm field to ComputeRouterNats.

Added spec.advancedOptionsConfig field to ComputeSecurityPolicy.

Added spec.sslPolicyRef field to ComputeTargetHTTPSProxy.

Added spec.monitoringConfig.managedPrometheus field to ContainerCluster.

Added spec.sqlServerUserDetails field to SQLUser.

Added spec.schemaSettings field to PubSubTopic.

Added status.pscConnectionId and status.pscConnectionStatus fields to ComputeForwardingRule.

Added status.creationTime and status.managedZoneId fields to DNSManagedZones.

Added support for "reconcile resource immediately once its dependency is ready" feature for ComputeTargetPool, ComputeNetworkEndpointGroup, NetworkServicesGRPCRoute, NetworkServicesTLSRoute.

You can now have Google Cloud Deploy generate a skaffold.yaml configuration file for you when you create a release, based on a single Kubernetes manifest which you provide. This configuration file is suitable for learning and onboarding.

GKE node system configuration now supports setting the cgroup mode to use the cgroupv2 resource management subsystem.

Export filter for GCP logs

Previously, you could export DNS and Cloud Audit logs using the Chronicle panel within the GCP Cloud Console. You can now configure the default export filter to export additional log types. You can not only control the log types, but also the source projects producing these logs. Both inclusion and exclusion of logs are supported as well. In addition, semantic validation of the log filters can catch malformed log filters with invalid log types or identifiers. The filter language is defined by the Google logging query language that is shared with Cloud Logging.

For more information about the Export Log Filter Settings, see Exporting Google Cloud Logs to Chronicle.

You can now collect Couchbase logs and metrics from the Ops Agent, starting with version 2.18.2. For more information, see Monitoring third-party applications: Couchbase.

You can now collect Aerospike metrics from the Ops Agent, starting with version 2.18.2. For more information, see Monitoring third-party applications: Aerospike.

You can now collect Couchbase logs and metrics from the Ops Agent, starting with version 2.18.2. For more information, see Monitoring third-party applications: Couchbase.

You can now collect Vault metrics from the Ops Agent, starting with version 2.18.2. For more information, see Monitoring third-party applications: Vault.

The UI for dataset entry detail pages now includes a section that lets you see what entries are included in that dataset. Look for the new Entry list section when browsing dataset entries in Data Catalog.

General availability for the following integration:

• BigQuery Reservation API

BigLake is now generally available (GA). You can now create BigQuery ML models using data in Cloud Storage by using BigLake and publish BigLake tables as Analytics Hub listings.

Cloud Load Balancing introduces the internal regional TCP proxy load balancer. This is an Envoy proxy-based regional layer 4 load balancer that enables you to run and scale your TCP service traffic behind an internal regional IP address that is accessible only to clients in the same VPC network or clients connected to your VPC network.

The internal regional TCP proxy load balancer distributes TCP traffic to backends hosted on Google Cloud, on-premises, or other cloud environments.

For details, see the following:

• Internal TCP Proxy Load Balancing overview
• Set up an internal TCP proxy load balancer:
  • Instance group backends
  • Zonal NEG backends
  • Hybrid connectivity NEG backends

The following PostgreSQL minor versions and extension versions are now available:

• 14.3 is upgraded to 14.4.
• 13.6 is upgraded to 13.7.
• 12.10 is upgraded to 12.11.
• 11.15 is upgraded to 11.16.
• 10.20 is upgraded to 10.21.

If you use maintenance windows, then you might not yet have these versions. In this case, you'll see the new versions after your maintenance update occurs. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Added information about checking the LC_COLLATE value for your databases before performing a major version upgrade of the databases for your Cloud SQL for PostgreSQL instance. For more information, refer to the Cloud SQL documentation.

Query Optimizer version 5 is generally available. Version 4 remains the default optimizer version in production.

You can now view and compare Kubernetes and Skaffold confguration files for releases, using Google Cloud Console.

You can now create BigQuery subscriptions in Pub/Sub to write messages directly to an existing BigQuery table. The change is being rolled out in a phased manner over the rest of the week.

Secure the link between a project and its billing account

In the Cloud Billing Console, you can now lock the link between a project and its Cloud Billing account, in order to prevent accidental changes to the billing state, such as disabling billing or moving the project to a different billing account. You can also unlock this protected state if you want to unlink a project from a Cloud Billing account.

Google Cloud projects contain all the resources required for a system to operate. To pay for the usage of the Cloud resources (such as Compute Engine or Storage), each project must be linked to an active Cloud Billing account. If you unlink the project from a billing account, you disable billing on that project. When billing is disabled on a project, all resources contained within the project will shut down, which can cause outages to your normal business operation.

To prevent unintentional outages due to billing issues, lock your valuable projects to their linked billing account. Locking creates a two-step process to change the billing state of a project, improving billing reliability and reducing accidental outages due to billing issues.

Learn how to secure the link between a project and a Cloud Billing account.

GKE Gateway integration with Cloud Certificate Manager is now available as Public Preview in GKE versions 1.20 and later. Use the new TLS features and high scale offered by Cloud Certificate Manager with GKE Gateway. For more information, see Gateway Security.

The constraint template library includes a new template: K8sRequireCosNodeImage. For reference, see Constraint template library.

The Advanced API Security's target assessment, which evaluates the security of target servers in your API, is now available. See Security scores in the Apigee UI to learn more.

Generally available: Compute Engine committed use discounts are now Generally Available for SUSE Linux Enterprise Server (SLES) image licenses. Learn more about discounted SLES image pricing and how to purchase a license commitment.

Kubernetes control plane metrics are now Generally Available. You can now configure GKE clusters with control plane version 1.23.6-gke.1500 or later to export to Cloud Monitoring certain metrics emitted by the Kubernetes API server, scheduler, and controller manager.

These metrics are stored in Cloud Monitoring in a Prometheus-compatible format. They can be queried by sending either a PromQL or MQL query to the Cloud Monitoring API. They can also be used anywhere within Cloud Monitoring, including in custom dashboards or alerting rules.

Secret Manager now supports accessing secret versions using aliases. For information, see Assign an alias to a secret version.

The container and kubernetes attributes were added to the Finding object.

The container attribute provides information about both Kubernetes and non-Kubernetes containers that are associated with a given finding. The kubernetes attribute provides information about Kubernetes resources that are associated with a given finding.

For more information, see the Security Command Center API documentation for the Finding object.

Anthos Service Mesh allows you to configure the minimum TLS version for your Istio workloads. See Configure minimum TLS version for your workloads for more information.

Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:

• Montréal, Québec, North America : northamerica-northeast1-c

For more information about using GPUs on Compute Engine, see GPU platforms.

Dataflow Prime is now in General Availability.

Anthos clusters on VMware 1.9.7-gke.8 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.7-gke.8 runs on Kubernetes 1.21.5-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Network Connectivity

  • networkconnectivity.googleapis.com/Hub
  • networkconnectivity.googleapis.com/Spoke

• Compute

  • compute.googleapis.com/ServiceAttachment

Time-to-live (TTL) policies now available in Preview.

Time-to-live (TTL) policies now available in Preview.

You can now find legacy secret keys for all reCAPTCHA Enterprise keys in the Google Cloud console. These keys can be useful if you are using a third-party plug-in/implementation that does not yet call the reCAPTCHA Enterprise API. For more information, see FAQs.

The App Engine legacy bundled services for PHP 7+ are now available at the General Availability release level. These APIs can be accessed through language-idiomatic libraries. Calls to these API are billed according to the standard rates.

You can now search your correlated log entries in the Logs Explorer. For more information, see Correlate log entries.

Cloud Run now supports container images in the Open Container Initiative (OCI) image format.

Dataproc Metastore is available in the following regions: us-west2 (Los Angeles), us-west3 (Salt Lake City), europe-west4 (Netherlands), europe-west6 (Zürich), and asia-east1 (Taiwan). For more information, see Dataproc Metastore locations.

Note that these services are immediately available through the gcloud CLI and the REST API. Cloud console availability will vary by region over the next few weeks.

Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, is generally available (GA). VM Threat Detection detects cryptocurrency mining software, which is among the most common types of software installed in compromised cloud environments.

Detailed logging for objects copied between AWS S3, Azure Blob Storage, ADLS Gen 2, and Cloud Storage with Storage Transfer Service is now generally available (GA).

With detailed logs of individual objects available in Cloud Logging, you can verify what was transferred and perform additional data integrity checks. This launch simplifies monitoring, reporting, and troubleshooting. Read Cloud Logging for Storage Transfer Service for details.

NFS support for custom training is GA. For details, see Mount an NFS share for custom training.

Generally available: Internal and external IPv6 addresses for Google Compute Engine instances are available in all regions.

For more information, see Configuring IPv6 for instances and instance templates and Creating instances with multiple network interfaces.

You can now collect SAP HANA logs and metrics from the Ops Agent, starting with version 2.18.1. For more information, see Monitoring third-party applications: SAP HANA.

You can now collect Vault logs from the Ops Agent, starting with version 2.18.1. For more information, see Monitoring third-party applications: Vault.

You can now collect Flink metrics from the Ops Agent, starting with version 2.18.1. For more information, see Monitoring third-party applications: Flink.

You can now collect SAP HANA logs and metrics from the Ops Agent, starting with version 2.18.1. For more information, see Monitoring third-party applications: SAP HANA.

You can now download third-party peer VPN configuration templates for Cloud VPN from the Google Cloud console. Use these templates to configure HA VPN tunnels on your peer VPN device. Configuration templates are currently available for the following vendor platform and software versions:

• Cisco Firepower, running ASA 9.13(1)2 or later
• Fortinet FortiGate 200E, running FortiOS 6.2.3 or later
• Juniper vSRX, running JunOS 18.4R3-S2 or later

For more information, see Download a peer VPN configuration template.

Cluster autoscaler Location Policy is now generally available in GKE version 1.24.1-gke.800. This change allows users to pick one of two different spreading policies. For more information see Location policy.

For enhanced security with built-in authentication, Cloud SQL now lets you set password policies at the instance and user levels.

You can now view aggregated Cloud Spanner statistics related to transactions, reads, queries, and lock contentions in GA in Cloud Monitoring.

Generally available: You can use the Cloud console to configure autoscaling based on unacknowledged messages in a Pub/Sub subscription. For more information, see Autoscale based on unacknowledged messages in Pub/Sub.

Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:

Ashburn, Virginia, North America : us-east4-c

For more information about using GPUs on Compute Engine, see GPU platforms.

Eventarc support for Customer-Managed Encryption Keys (CMEK) using the Cloud Console is available in Preview.

Manage your private offers, including approving an offer, by using the Private Offers page.

The Pipeline Templates feature is available in Preview. For documentation, refer to Create, upload, and use a pipeline template.

The features supported by pipeline templates include the following:

• Create a template registry using Artifact Registry (AR).
• Compile and publish a pipeline template.
• Create a pipeline run using the template and filter the runs.
• Manage (create, update, or delete) the pipeline template resources.

Private Service Connect supports publishing a service that is hosted on the following load balancers:

• Internal TCP/UDP load balancer with global access enabled
• Internal protocol forwarding (target instances)

These features are available in General Availability.

You can now launch Kubernetes 1.23 clusters.

Kubernetes 1.23.7-gke.1300 includes the following changes:

• Disable profiling endpoint (/debug/pprof) by default in kube-scheduler and kube-controller-manager.
• Update kube-apiserver and kubelet to only use Strong Cryptographic Ciphers.
• Add an instance metadata server (IMDS) emulator.

In a future release of 1.23 VolumeSnapshot v1beta1 APIs will no longer be served. Please update to VolumeSnapshot v1 APIs as soon as possible.

In Kubernetes 1.23 and higher, cluster Cloud Audit Logs is now available and is enabled by default.

CIS benchmarks are now available for Kubernetes 1.23 clusters.

You can now launch Kubernetes 1.23 clusters.

Kubernetes 1.23.7-gke.1300 includes the following changes:

• Disable profiling endpoint (/debug/pprof) by default in kube-scheduler and kube-controller-manager.
• Update kube-apiserver and kubelet to only use Strong Cryptographic Ciphers.

In a future release of 1.23 VolumeSnapshot v1beta1 APIs will no longer be served. Please update to VolumeSnapshot v1 APIs as soon as possible.

In Kubernetes 1.23 and higher, cluster Cloud Audit Logs is now available and is enabled by default.

CIS benchmarks are now available for Kubernetes 1.23 clusters.

Generally Available: A version of Rocky Linux is now available that is optimized for running on Compute Engine.

This version of Rocky Linux is configured to use the latest version of the Google virtual network interface (gVNIC) which is specifically designed to support workloads that require higher network bandwidths. For more information, see the Rocky Linux section of the Operating systems details documentation.

Preview: Tau T2A, Google Cloud's first general purpose VM family to run on Arm architecture, is now available. Tau T2A VMs are available in three regions.

For more information, see Arm VMs on Compute Engine.

VMware Engine nodes are now available in the following additional region:

• Zurich, Switzerland, Europe (europe-west6)

You can now run Arm-based workloads in Preview in Standard clusters with GKE version 1.24 and later, and in Autopilot clusters with GKE version 1.24.1-gke.1400 and later.

You can now select compute classes to run GKE Autopilot workloads that have specialized hardware requirements, such as Arm architecture. The Scale-Out compute class is available in Preview in Autopilot clusters running GKE version 1.24.1-gke.1400 and later.

Modernize VMs to run Anthos for VMs (A4VM)

Migrate to Containers has added a new modernization feature, which enables traditional VMs to run on Anthos for VMs. Anthos for VMs extends Anthos on bare metal (now known as Google Distributed Cloud Virtual) to let you run and manage containers and VMs on a unified, Google Cloud-connected platform in your data center or at the edge. For more information on this feature, see About Anthos for VMs.

Support for local-ovf sources

Migrate to Containers has added support for creating Anthos VM runtimes from local OVF files. This enables users to modernize VMs to the Anthos VM Runtime by importing their OVF file into their local Anthos bare metal cluster using Migrate to Containers.

List the source inventory for Google Compute Engine, local-vmware, and Migrate for Compute Engine 5.x sources

Migrate to Containers has added support for the inventory listings of VMs in connected sources. Users can list an inventory of the VMs in connected Migrate to Containers sources. The new inventory listings are available for Google Compute Engine, local-vmware, and Migrate for Compute Engine v5.0 sources.

Agent Assist now offers UI Modules as a public Preview feature. UI Modules are an out-of-the-box option for integrating Agent Assist features into your agent UI system. For more information, see the UI Modules documentation.

When creating a primary or read-pool instance, or scaling either one, you can choose a machine size as small as 2 vCPUs with 16 GB of RAM.

You can now select a job type when assigning a folder, organization, or project to a reservation in the Google Cloud console. This feature is now generally available (GA).

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) , Feed API, and Search APIs (SearchAllResources and SearchAllIamPolicies):

• Dataproc
  • dataproc.googleapis.com/AutoscalingPolicy
  • dataproc.googleapis.com/Batch
  • dataproc.googleapis.com/WorkflowTemplate

Transfer Appliance is now available in an additional size. The TA7 appliance offers up to 7TB of storage in a smaller form factor than our other appliances. It offers both online and offline transfer modes.

Learn more about the TA7 on the Specifications page, or order an appliance from the Cloud console.

Cloud Bigtable is available in the us-south1 (Dallas) and europe-southwest1 (Madrid) regions. For more information, see Bigtable locations.

DAG UI is now generally available (GA).

Cloud Run now writes Access Transparency logs, see Enabling Access Transparency.

You can enable high availability for read replicas. See Disaster recovery for additional information about the use of high-availability replicas in a disaster recovery configuration.

You can create external server replicas with HA enabled.

You can enable high availability for read replicas. See Disaster recovery for additional information about the use of high-availability replicas in a disaster recovery configuration.

You can create external server replicas with HA enabled.

The database major version upgrade feature of Cloud SQL for SQL Server is generally available. For more information, see Upgrade the database major version in-place.

You can use the Apache Beam SDK for Go to create batch and streaming Dataflow pipelines. This feature is now in General Availability.

You can now permanently abandon a release using Google Cloud Deploy.

You can now suspend a delivery pipeline using Google Cloud Deploy.

Activity logging can now be enabled on a a per-tenant basis. The feature is generally available.

Added support to deploy a workflow using a cross-project service account through the Google Cloud CLI.

Data Mapping task enhancements

The Data Mapping task in Apigee Integrations now provides the following enhancements:

• Nested function support. You can pass one or more transformation functions as input parameters to another function.

• New transformation functions. You can use the following new transform functions for array-type variables:

  • FILTER - Filters the array elements that satisfy a given condition.
  • FOR_EACH - Applies one or more transformation functions for each element in an array.

• Subfield mapping support for JSON variables. You can view and search all the subfields of a JSON variable in the data mapping editor variable list.

For more information, see the Data Mapping task.

The July maintenance changelog is now available. For more information, use the links at Maintenance changelog.

The July maintenance changelog is now available. For more information, use the links at Maintenance changelog.

Recommender now offers role recommendations for Cloud Storage buckets. Role recommendations help you reduce excess permissions by suggesting role changes based on actual permission usage. This feature is available in Preview.

You can now launch clusters with the following Kubernetes versions:

• 1.23.7-gke.1500
• 1.22.10-gke.1500
• 1.21.13-gke.1600

You can now launch Kubernetes 1.23 clusters.

Anthos clusters on VMware v1.12.0-gke.446 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware v1.12.0-gke.446 runs on Kubernetes v1.23.5-gke.1504.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

Platform enhancements:

• General Availability (GA): Separate vSphere data centers for the admin cluster and the user clusters are supported.
• GA: Anthos Identity service LDAP authentication is supported.
• GA: User cluster control-plane node and admin cluster add-on node auto sizing is supported.

Security enhancements:

• Preview: Preparing credentials for user clusters as Kubernetes secrets before cluster creation.

  • The credential preparation feature prepares the credentials before a user cluster is created. After credential preparation, user cluster credentials are saved as versioned Kubernetes secrets in the admin cluster, and the template which is used for credential preparation can be deleted from the admin workstation. When creating a user cluster, it only needs to configure the namespace and the versions of the prepared secrets in the user cluster config file. Using this feature can help protect user cluster credentials.

• Preview: The gkectl update credentials command supports rotating the component access SA key for both the admin and the user clusters.

• The COS node image shipped in version 1.12.0 is qualified with the Center for Internet Security (CIS) L1 Server Benchmark.

• The gkectl update credentials command supports register service account key rotation.

Cluster lifecycle Improvements:

• Preview: You can configure the time duration of Pod Disruption Budget (PDB) violation timeout during a node drain. The default behavior is to always block on a PDB violation and to not force-delete pods during node drain, to avoid unexpected data corruption, and this default is unchanged. In certain cases, when users want to unblock the PDB violation deadlock with the bound timeout during cluster upgrade, they can apply the special annotation onprem.cluster.gke.io/pdb-violation-timeout: TIMEOUT on the machine objects.

Simplify day-2 operations

• Preview: Launched the enablement of Google Cloud Managed Service for Prometheus to track metrics in Anthos on vSphere clusters, and introduced two separate flags to enable logging and monitoring for user applications separately: EnableCloudLoggingForApplications and EnableGMPForApplications. The legacy flag EnableStackdriverForApplications is deprecated, and will be removed in a future release. Customers can monitor and alert on the applications using Prometheus with Google-managed Prometheus without managing and operating Prometheus. Customers can set enableGMPForApplications in the Stackdriver spec to enable Google Managed Prometheus for application metrics without any other manual steps, and the Google Managed Prometheus components are then set up automatically. See Enable Managed Service for Prometheus for user applications for details.

• All sample dashboards to monitor cluster health are available in Cloud Monitoring sample dashboards. Customers can install the dashboards with one click. See Install sample dashboards.

• Improvements to cluster diagnosis: The gkectl diagnose cluster command automatically runs when gkectl diagnose snapshot is run, and the output is saved in a new folder in the snapshot called /diagnose-report.

• The gkectl diagnose cluster command surfaces more detailed information for issues arising from virtual machine creation.

• A validation check for the existence of an OS image has been added to the gkectl update admin and gkectl diagnose cluster commands.

• A blocking preflight check has been added. This check validates that the vCenter.datastore specified in the cluster configuration file doesn't belong to a DRS-enabled datastore cluster.

Release 1.10.6

Anthos clusters on bare metal 1.10.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.6 runs on Kubernetes 1.21.

Azure workload identity federation is now available in preview for BigQuery Omni connections. This feature helps you secure data by allowing you to grant Google access to an application you manage in your Azure tenant so that neither you nor Google must manage application client secrets.

Carbon Footprint now reports carbon emissions broken down by scope 1, scope 2, and scope 3 categories, following the Greenhouse Gas (GHG) Protocol carbon reporting standards.

Cloud SQL for MySQL now supports setting timezone names as values for the time_zone parameter. Refer to the Cloud SQL documentation for a list of supported timezone names.

Workforce identity federation lets you authenticate and authorize users from external identity providers to access supported Google Cloud products. This feature is available in Preview.

The APPENDS change history TVF is now in preview. This table-valued function provides a history of table appends over a window of time.

InfoType categories were added to built-in infoTypes.

To get a list of built-in infoTypes, call the infoTypes.list method.

M94 Release

• Added support for PyTorch 1.12.
• Added more system libraries to the R Deep Learning Containers image.

M94 Release

• Added support for PyTorch 1.12.
• Added more system libraries to the R Deep Learning VM image.

Dialogflow CX now provides new client libraries for C++, C#, and Go.

Dialogflow ES now provides a new client library for C++.

The blue-green upgrade mechanism is now available to upgrade your GKE node pools, and can be selected per node pool instead of the default surge upgrade mechanism.

Tabular Workflows is available in Preview. For documentation, refer to Tabular Workflows on Vertex AI.

End-to-End AutoML workflow is available in Public Preview. For documentation, refer to End-to-End AutoML.

Artifact Registry is now available in the us-south1 region (Dallas, United States).

This release contains a new version of the Debug tab in the Apigee Proxy Editor. Following previous releases of new versions of the Overview and Develop tabs, this completes the initial release of the new Proxy Editor.

To view the new Debug tab, see Using Debug.

The Java 17 runtime for App Engine standard environment is now generally available.

The PHP 8.1 runtime for App Engine standard environment is now generally available.

The Python 3.10 runtime for App Engine standard environment is now generally available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) , Feed API, and Search APIs (SearchAllResources and SearchAllIamPolicies):

• Google Kubernetes Engine (GKE)

  • batch.k8s.io/Job
  • apps.k8s.io/ReplicaSet

• Compute

  • compute.googleapis.com/ServiceAttachment