Google Cloud release notes

Connectivity Tests now includes a feature that verifies connectivity from a Cloud Run revision to a VM instance, an IP address, or a Google-managed service. For more information, see Create and run Connectivity Tests.

Connectivity Tests now includes a feature that verifies connectivity from an App Engine standard environment version to a VM instance, an IP address, or a Google-managed service. For more information, see Create and run Connectivity Tests.

Cloud Composer 1.20.4 and 2.1.4 images are available:

• composer-1.20.4-airflow-1.10.15 (default)
• composer-1.20.4-airflow-2.2.5
• composer-1.20.4-airflow-2.3.4
• composer-1.20.4-airflow-2.4.3
• composer-2.1.4-airflow-2.2.5
• composer-2.1.4-airflow-2.3.4 (default)
• composer-2.1.4-airflow-2.4.3

Now the alerting policy can forecast, or predict, that the threshold will be violated within a configurable time window. These policies are designed to monitor constraint metrics like those that record quota, memory, and storage usage. Forecasting alerts is in Public Preview. For more information, see Forecast condition.

Runtime version 2.11 is available. You can use runtime version 2.11 to train with TensorFlow 2.11, scikit-learn 1.0.2, or XGBoost 1.6.1. Runtime version 2.11 supports training with CPUs, GPUs, or TPUs.

See the full list of updated dependencies in runtime version 2.11.

You can now expose randomly assigned host ports in Pods on GKE Autopilot running version 1.24.7-gke.1200 and later or 1.25.3-gke.1100 and later.

Access Transparency supports Cloud NAT in GA stage. For the complete list of services that Access Transparency supports, see Supported services.

Cloud Build repositories (2nd gen) lets you easily create and manage repository connections, not only through Cloud Console but also through gcloud and the Cloud Build API. Cloud Build repositories (2nd gen) is available for GitHub and GitHub Enterprise repositories at the preview release stage. To learn more, see the Repositories overview page.

Added support for enabling Hive Metastore OSS metrics by passing hivemetastore to --metric-sources property during cluster creation.

You can now migrate your producers from Apache Kafka to Pub/Sub Lite with only configuration changes. To check the feasibility of the migration and to perform the migration workflow, refer to the Kafka to Pub/Sub Lite migration guide.

ListCuratedRules and ListCuratedRuleDetections

Two new methods are now available for the Detection Engine API. ListCuratedRules enables you to return a current list of all of the Chronicle rules with detections. ListCuratedRuleDetections enables you to return a list of the detections associated with a specified rule.

The VerifyAPIKey policy and the VerifyAccessToken action of the OAuth2 policy now support CacheExpiryInSeconds. Setting this variable enforces TTL on the cache and enables customization of the time period for cached token expiry.

You can now attach Resource Manager tags to datasets, which let you conditionally apply Identity and Access Management (IAM) policies to your resources. This feature is generally available (GA).

More than 20 BigQuery ML components for Vertex AI Managed Pipelines are now generally available. These components benefit AI/ML users for the following:

• Building pipelines using the KFP SDK and TFX SDK
• Linking and tracking metadata automatically
• Seamless integration with Vertex AI for online prediction

Major Google Cloud pipeline components available in Vertex AI are.

• BigqueryQueryJobOp
• BigqueryCreateModelJobOp
• BigqueryExportModelJobOp
• BigqueryPredictModelJobOp
• BigqueryEvaluateModelJobOp
• BigqueryDropModelJobOp
• BigqueryEvaluateModelJobOp
• BigqueryExplainForecastModelJobOp
• BigqueryExplainPredictModelJobOp
• BigqueryForecastModelJobOp

You can now use the TRANSFORM clause to train models which you can then export in the Tensorflow SavedModel format. This feature is now available in preview.

The following functions have been added for BigQuery ML:

• ML.ROBUST_SCALER
• ML.NORMALIZER
• ML.ONE_HOT_ENCODER
• ML.IMPUTER
• ML.MAX_ABS_SCALER
• ML.LABEL_ENCODER

These features are now available in preview.

Chronicle has released a set of ingestion scripts, written in Python, that can be deployed as Cloud Functions. These scripts ingest data from the following log sources, listed by name and ingestion label:

• Citrix audit logs (CITRIX_MONITOR)
• Duo Admin (DUO_ADMIN)
• One Login User Context (ONELOGIN_USER_CONTEXT)
• MISP (MISP_IOC)
• Citrix session metadata (CITRIX_SESSION_METADATA)
• Slack Audit (SLACK_AUDIT)
• Box (BOX)
• OneLogin (ONELOGIN_SSO)
• Google Cloud Pub/Sub
• STIX/TAXII threat intelligence (STIX)

The scripts can be used as-is or as templates to customize and ingest logs from another product. They are located in the Chronicle GitHub repository. See Use ingestion scripts deployed as Cloud Functions for instructions about how to configure and deploy the scripts in your environment.

Database Migration Service support for migrating Oracle workloads into Cloud SQL for PostgreSQL is now in Public Preview. Click here to access the documentation.

Dataproc Metastore is available in the following regions: asia-east2 (Hong Kong), europe-central2 (Warsaw), europe-north1 (Finland), and us-west4 (Las Vagas). For more information, see Dataproc Metastore locations.

Service mesh cloud gateway is now available as a preview feature for managed Anthos Service Mesh in the rapid release channel. With service mesh cloud gateway, you can configure Anthos Service Mesh ingress gateway with Cloud Load Balancing through the Kubernetes Gateway API. For more information, see Configure external HTTP(S) Load Balancing for managed Anthos Service Mesh.

Committed Use Discounts: View your usage data at an hourly granularity in the CUD Analysis dashboard

You can now analyze the effectiveness of your spend-based or resource-based committed use discounts at an hourly granularity. Previously, you could only analyze your CUDs at the daily level.

Access your usage data at an hourly granularity in the CUD Analysis dashboard.

Users can now configure private pools to consume fewer IP addresses within their peered Virtual Private Clouds (VPCs). The new peeredNetworkIpRange config field enables users to specify a starting IP address and the IP block size that a private pool uses. The IP block size can be as small as /29. This feature is generally available.

The ability to optionally configure 2nd gen functions with user-specified concurrency and vCPU is now available in preview.

Cloud SQL now supports viewing an audit log for an automated backup of an instance to verify whether the backup is completed successfully. You can also configure a log-based alert so that a user can be notified of the backup's status.

Cloud SQL now supports viewing an audit log for an automated backup of an instance to verify whether the backup is completed successfully. You can also configure a log-based alert so that a user can be notified of the backup's status.

Cloud SQL for SQL Server enables you to use point-in-time recovery.

Point-in-time recovery helps you recover an instance to a specific point in time. For example, if an error causes a loss of data, you can recover a database to its state before the error occurred. This feature is generally available.

Cloud SQL now supports viewing an audit log for an automated backup of an instance to verify whether the backup is completed successfully. You can also configure a log-based alert so that a user can be notified of the backup's status.

Dialogflow CX now provides channel-specific responses.

Dialogflow CX now provides custom payload templates.

The Go 1.18 and Go 1.19 runtimes for App Engine standard environment are now generally available.

The Node.js 18 runtime for App Engine standard environment is now generally available.

Batch is available in the following regions:

• northamerica-northeast1 (Montréal)
• europe-west2 (London)

For more information, see Locations.

BigQuery ML support for multivariate time-series forecasting with the ARIMA_PLUS_XREG model is now available in preview. This feature lets you perform time-series forecasting with extra feature columns. For more information, see the ARIMA_PLUS_XREG sections in the end-to-end user journey and the multivariate time-series forecasting from Seattle air quality data tutorial.

Sparse input support in BigQuery ML model training is now generally available (GA). This feature improves model training for data whose values are mostly zero or empty. For additional examples, see the sparse features support in BigQuery blog.

Cloud CDN supports private origin authentication for Amazon Simple Storage Service (Amazon S3) and compatible object stores. This capability improves security by allowing only trusted connections to access the content on your private origins and preventing users from directly accessing it. This feature is supported in Preview.

Internal TCP/UDP load balancers can now be configured to handle private IPv6 traffic within your VPC. To enable this, you must configure your dual-stack subnet, backend VMs, health checks, and the forwarding rules to handle IPv6 traffic.

For details, see:

• Internal TCP/UDP Load Balancing overview

• Set up load balancer with dual-stack subnets

This feature is available in Preview.

Cloud SQL for MySQL now supports using the lower_case_table_names flag for MySQL 8.0. For more information, see Configure database flags.

You can now apply labels to Cloud Workstations resources. For more information, see Label resources and Customize workstation configurations. See also the labels field added to the following REST API resources: workstation clusters, workstation configurations, workstations, and the following RPC resources: location and workstations.v1beta.

You can now attach ephemeral and block devices backed by Local NVMe SSDs during GKE node pool creation, using the Ephemeral Storage Local SSD API and the Local NVMe SSD Block API respectively, with node version 1.25.3-gke.1800 or later.

Preview: When a managed instance group (MIG) repairs a failed or an unhealthy VM, you can apply the latest instance template and per-instance configuration to recreate the VM instead of applying the configuration originally used to create the VM. For more information, see Apply configuration updates during repairs.

Generally available: Migrate to Virtual Machines from an AWS source lets you migrate AWS EC2 instances to Compute Engine.

Anthos clusters on VMware 1.13.4-gke.19 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.4-gke.19 runs on Kubernetes 1.24.9-gke.100

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• VertexAI
  • aiplatform.googleapis.com/Featurestore
  • aiplatform.googleapis.com/Tensorboard
• Cloud Filestore
  • file.googleapis.com/Snapshot

Preview: You can now simulate host maintenance events on sole-tenant nodes.

For more information, see Simulate host maintenance events on sole-tenant nodes.

Browse search is generally available using Retail Search. Typically, browsing products using site navigation produces results that are all of equal relevance or sorted by best-selling items. Retail Search leverages AI to optimize how browse results are sorted by considering popularity, buyability, and personalization. See About text search and browse search with Retail Search.

You can use the Data Quality panel on the Retail console Data page to get an assessment of whether the data you have imported is sufficient to turn on automatic personalization. See Personalization.

The Page-level Optimization model is now generally available. Page-level Optimization extends Recommendations AI from optimizing for a single recommendation panel at a time to optimizing for an entire page with multiple panels. The Page-level Optimization model selects the contents for each panel and determines the panel order on your page. For more about this feature, see Page-level Optimization.

GA release of the new Proxy Editor

The new Proxy Editor simplifies the process of adding policies to an API proxy, configuring those policies, and then deploying the proxy. See Introducing the new Proxy Editor.

The validate_only and force parameters were added to the projects.locations.connectionProfiles resource in the Datastream API. To learn more, see the Datastream API reference documentation.

Cloud Scheduler trigger (Preview)

The Cloud Scheduler trigger lets you schedule your integration executions for defined time periods or regular intervals across multiple regions. Cloud Scheduler triggers leverage the Cloud Scheduler services to provide a fully managed enterprise-grade cron job scheduler within Apigee Integration.

For more information, see Cloud Scheduler trigger.

The ALTER CAPACITY SET OPTIONS statement and ALTER RESERVATION SET OPTIONS statement are now generally available (GA). Additionally, the CREATE CAPACITY, CREATE RESERVATION, and CREATE ASSIGNMENT statements now support the OPTIONS clause.

Multiple enhancements were made to the UDM Search capability, including the additions of search templates and shared searches. You can now do the following in UDM Search:

• Use Chronicle-provided pre-made search templates in Quick Searches and Search Manager
• Create, edit, and share searches in Search Manager (an enhancement to Saved Searches)
• Use reference lists in UDM searches

Cloud Functions has added support for a new runtime, Python 3.11, at the Preview release level.

Managed Service for Prometheus: Dashboards for exporter integrations are available and automatically installed when you configure the integration. You can also view static previews of dashboards without configuring the integration. For more information, see the exporter documentation at Set up commonly used exporters.

You can use striped import and striped export to reduce the time needed for BAK file operations and for other purposes. This feature is generally available.

A get_type function that returns a string indicating an argument's data type is available.

Specify an IP range with prefix /28 when creating a new instance

Previously, you could only specify an IP range with prefix /22 when creating an instance. This change makes it possible to specify /28 ranges as well as /22 ranges when creating an Apigee instance in the instance manager or the provisioning wizard.

The following generally available (GA) features have been added for sessions:

• In a session, temporary functions are now maintained until the session ends.

• In a session, statements that include the TEMP keyword can also include the OR REPLACE and IF NOT EXISTS keywords.

The US_MEDICARE_BENEFICIARY_ID_NUMBER and MEDICAL_RECORD_NUMBER infoType detectors are available in all regions.

For new Cloud SQL instances that have point-in-time recovery enabled or for existing instances that enable point-in-time recovery, Cloud SQL for PostgreSQL now stores write-ahead logs in Google Cloud Storage.

Before this release, write-ahead logs, which are used to perform point-in-time recovery, were stored on disk. Now, logs are stored in Google Cloud Storage in the same region as the instances.

All other existing instances that have point-in-time recovery enabled will continue to have their logs stored on disk. The change to storing logs in Google Cloud Storage will be made available at a later time.

Support for VPC Service Controls is now at General Availability. To learn more, see Set up a service perimeter using VPC Service Controls.

Preview: Use the Google Cloud console to rename VMs. For more information, see Rename a VM.

Display of a SQL workflow as a compiled graph in a workspace is available in Preview.

Allow users to set Project ACLs with conditions based on document schema ID or property name.

Windows Server 2022 OS image is generally available on GKE. You can now create Windows Node pools with Windows Server 2022 OS images using the command line. For more information, see Creating a cluster using Windows Server node pools.

Support for Cloud Tasks is now at General Availability. To learn more, see the Cloud Tasks documentation on setting up a service perimeter using VPC Service Controls.

Added support for DataCatalogPolicyTag resource. This resource has been auto-generated and is in alpha stability.

Added support for TagsTagKey resource. This resource has been auto-generated and is in alpha stability.

Added support for TagsTagValue resource. This resource has been auto-generated and is in alpha stability.

Added fields spec.configmanagement.oci and spec.mesh.controlPlane in GKEHubFeatureMembership.

Added field spec.skipAwaitRollout in OSConfigOSPolicyAssignment.

Added field spec.deletionPolicy in BigtableGCPolicy.

Added field spec.deletionProtection in BigtableTable.

Added field spec.cdnPolicy.cacheKeyPolicy.includeHttpHeaders in ComputeBackendService.

Added fields spec.privateIpAddressRef, spec.redundantInterfaceRef, spec.subnetworkRef in ComputeRouterInterface.

Added fields spec.recaptchaOptionsConfig, spec.rule.headerAction, spec.rule.preconfiguredWafConfig in ComputeSecurityPolicy.

Added fields spec.clusterAutoscaling.autoProvisioningDefaults.management, spec.clusterAutoscaling.autoProvisioningDefaults.shieldedInstanceConfig spec.clusterAutoscaling.autoProvisioningDefaults.upgradeSettings, spec.gatewayApiConfig, spec.masterAuthorizedNetworksConfig.gcpPublicCidrsAccessEnabled, spec.nodeConfig.loggingVariant, spec.nodeConfig.resourceLabels, spec.nodePoolDefaults.nodeConfigDefaults.loggingVariant, spec.privateClusterConfig.privateEndpointSubnetworkRef in ContainerCluster.

Added fields spec.networkConfig.enablePrivateNodes, spec.nodeConfig.loggingVariant, spec.nodeConfig.resourceLabels, spec.upgradeSettings.blueGreenSettings, spec.upgradeSettings.stategy in ContainerNodePool.

Added field spec.privateVisibilityConfig.gkeClustersRef in DNSManagedZone.

Added field spec.mesh.controlPlane in GKEHubFeatureMembership.

Added field spec.deletionPolicy in SQLDatabase.

Added fields spec.settings.connectorEnforcement, spec.settings.denyMaintenancePeriod, spec.settings.insightsConfig.queryPlansPerMinute in SQLInstance.

Added field spec.autoclass in StorageBucket.

Supported the regional spec.defaultRouteAction.requestMirrorPolicy.backendServiceRef, spec.defaultRouteAction.weightedBackendServices.backendServiceRef for the regional ComputeURLMap resources.

Extended faster reconciliation of resources with dependencies to support IAMPartialPolicy.

The Python 3.11 runtime for App Engine standard environment is now available in preview.

The SAP SuccessFactors Batch Source plugin is available in Preview. You can connect your data pipeline to an SAP SuccessFactors Source and a BigQuery Sink with this plugin in Cloud Data Fusion versions 6.5.1 and later.

The following new connectors are available in preview:

• HubSpot
• Magento
• Teradata

BigQuery ML support for image analytics with vision models is available in preview. Customers can import vision models to perform inference modeling with images to detect objects, perform optical character recognition (OCR), and more. To request access to these features, complete the BigQuery ML interest sign up form.

This new capability uses BigQuery object tables to access image data stored in GCS and predict results from machine learning models. You can now generate insights from structured and unstructured data with the following steps:

1. Create an object table to access images stored in GCS.
2. Import vision models in TensorFlow vision models such as ImageNet or ResNet 50, or import your own models to detect objects from images, to annotate photos, and to perform OCR.
3. Unify image data with structured data such as user activities or sales orders to train machine learning models. You can then use prediction results to extract insights from your data.

You can now run GPU-based workloads in GA in Autopilot clusters that use GKE version 1.24.2-gke.1800 and later.

Preview stage support for the following integration:

• Policy Troubleshooter

Support for an Application Integration connector is available in Preview.

BigQuery ML integration with Vertex AI Model Registry is now generally available. With this integration, you can now use the following capabilities:

• Register and monitor BigQuery ML models with Vertex AI Model Registry
• Deploy BigQuery ML models directly from Vertex AI Model Registry to Vertex Deployment endpoints
• Use Vertex AI to compare and track evaluation metrics.
• Explainable AI for BigQuery ML models, including built-in XAI, inside Vertex AI
• The seamless integration between BigQuery ML and Vertex AI lets you use Vertex AI for MLOps.

Key features include:

• Model versioning for models registered with Vertex AI Model Registry
• Revision alias for different model versions, and User specified model ID
• List the models by type (custom model, BigQuery ML, AutoML)
• BigQuery ML models can be registered with Vertex AI Model Registry to help you explore, manage, and govern your BigQuery ML models
• Ability to deploy BigQuery ML models to Vertex AI end points
• BigQuery ML models deployed on Vertex AI endpoints can use MLOps features such as model monitoring

Starting in version 2023-01-03-00_RC00, the Google-provided Dataflow templates support ES6 syntax for JavaScript user-defined functions (UDFs). This change is backwards-compatible. ES5 syntax and existing user-defined functions are still supported.

When you run Google-provided templates using the latest version, your jobs are upgraded automatically on restart. If you want to keep running an earlier version of a template, when you run the template, specify version 2022-12-15-00_RC00 or earlier.

The rule signature 942550-sqli, which covers the vulnerability in which malicious attackers can bypass WAF by appending JSON syntax to SQL injection payloads, is now available. For more information, see the WAF rules overview.

Users can now customize email, BigQuery, and webhook-based notifications using notifier templates. To learn more, see Configure SMTP notifications, Configure BigQuery notifications, and Configure HTTP notifications.

Dialogflow CX now supports the MATCH system function.

Test without publishing an integration

You can now test your integration without the need to publish or create a new integration version. Testing an integration lets you experiment with the integration input variable values, and helps in identifying any faults in the integration connection flow before you finalize and publish the integration.

For more information, see Test and publish integrations.

The following new connectors are available in preview:

Connectors for Google services

• Cloud Storage

Connectors for other applications

1. Box
2. Couchbase
3. FTP
4. IBM MQ
5. Kintone
6. MailChimp
7. Neo4J
8. Redshift
9. SAP HANA
10. SAP Netweaver Gateway
11. SendGrid
12. Shopify
13. SingleStore
14. Snowflake
15. Streak
16. Stripe
17. TaxJar
18. Trello

The Lineage tab in the table properties page lets you track how your data moves and transforms through BigQuery. This feature is now in preview.

The new Cloud Spanner Kafka connector publishes change streams records to Kafka for application integration and event triggering. For more information, see Build change streams connections to Kafka.

Generally available: N2 VMs with 64 or more vCPUs now support up to 4 GB/s (read) and 3 GB/s (write) throughput per instance with Extreme persistent disks (pd-extreme). Previously the maximum was 2.2 GB/s per instance.

Dual-stack clusters in GKE are now generally available. Dual-stack networking is supported on both Standard and Autopilot clusters. To learn more, see Use an IPv4/IPv6 dual-stack network to create a dual-stack cluster.

Recommendations AI now provides the On-sale model. The On-sale model is a personalized promotions-based model that can recommend on-sale products. You can use this model type to encourage users to purchase discounted items.

For more information about the On-sale model, see the About recommendation models documentation. For how to create this model, see Create recommendation models.

The userName attribute was added to the Finding object of the Security Command Center API.

The value of the userName attribute depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it be an application login username.

For more information, see the Security Command Center API documentation for the Finding object.

Text-to-Speech now offers these new voices. See the supported voices page for a complete list of voices and audio samples.

1. cloud-ml-IN-Wavenet-C
2. cloud-ml-IN-Wavenet-D

Note these voices are bilingual with en-IN.

Text-to-Speech now offers these new news reading voices. See the supported voices page for a complete list of voices and audio samples.

1. cloud-es-US-News-D
2. cloud-es-US-News-E
3. cloud-es-US-News-F
4. cloud-es-US-News-G
5. cloud-en-AU-News-E
6. cloud-en-AU-News-F
7. cloud-en-AU-News-G
8. cloud-en-GB-News-G
9. cloud-en-GB-News-H
10. cloud-en-GB-News-I
11. cloud-en-GB-News-J
12. cloud-en-GB-News-K
13. cloud-en-GB-News-L
14. cloud-en-GB-News-M

Anthos clusters on VMware 1.14.0-gke.430 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.0-gke.430 runs on Kubernetes 1.25.5-gke.100.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

• Support for user cluster creation with Controlplane V2 enabled is now generally available. For more details on how to create a user cluster with this model, see Create a user cluster with Controlplane V2.
• Preview: You can now roll back node pools to a previous working version if you detect an issue in the new version after a cluster upgrade. For more information, see Rolling back a node pool after an upgrade.
• Preview: The following private registry updates are now available:
  • Support for private registry credentials using prepared Secrets is now available as a preview feature. A new privateRegistry field has been added in the Secrets configuration file.
  • Added a new privateRegistry section in the user cluster configuration file. You can use different private registry credentials for the user cluster and admin cluster. You can also use a different private registry address for user clusters with Controlplane V2 enabled.
  • You can also update private registry credentials for an admin cluster or user cluster with the gkectl update credentials command. For more information, see Update private registry credentials.
• Cluster names are now included in kubeconfig files when creating a new admin cluster or user cluster. If you are upgrading your existing cluster to 1.14.0 or higher, the existing kubeconfig file is updated with the cluster name.
• cluster-health-controller is now integrated with health-check-exporter to emit metrics based on the periodic health check results, making it easy to monitor and detect cluster health problems.
• GA: The node pool update policy is generally available. With this feature, you can configure the value of maximumConcurrentNodePoolUpdate in the user cluster configuration file to 1. This will configure the maximum number of additional nodes spawned during cluster upgrade or update, which can potentially avoid two issues — resource quota limit issue and PDB deadlock issue. For more information, see Configure node pool update policy.
• Support for vSphere cluster/host/network/datastore folders is generally available. You can use folders to group objects of the same type for easier management. For more information, see Specify vSphere folders in cluster configuration and the relevant sections in the admin cluster and user cluster configuration files.
• Added a feature enabling cluster administrators to configure RBAC policies based on Azure Active Directory (AD) groups. Group information for users belonging to more than 200 groups can now be retrieved.

The option to update a Serverless VPC Access connector is now available in preview. This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available in preview. This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available in preview. This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available in preview. This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available in preview. This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available in preview. This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available in preview. This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

The option to update a Serverless VPC Access connector is now available in preview. This feature allows you to edit the machine (instance) type, as well as the minimum and maximum number of instances.

Cloud SQL for MySQL now supports minor version 8.0.31. To upgrade your existing instance to the new version, see Upgrade the database minor version.

You can now enable NCCL Fast Socket on your multi-GPU workloads. NCCL Fast Socket is a transport layer plugin designed to improve NVIDIA Collective Communication Library (NCCL) performance on Google Cloud. To enable NCCL Fast Socket, you must be using a GKE Standard cluster with control plane version 1.25.2-gke.1700 or later. For more information, see Improve workload efficiency using NCCL Fast Socket.

Anthos clusters on VMware 1.12.4-gke.42 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.12.4-gke.42 runs on Kubernetes 1.23.13-gke.1700.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

Cloud SQL for MySQL now supports using the lower_case_table_names flag for MySQL 8.0. For more information, see Configure database flags.

Preview stage support for the following integration:

• Video Stitcher API

Vertex AI TensorFlow Profiler

Vertex AI TensorFlow Profiler is generally available GA. You can use TensorFlow Profiler to debug model training performance for your custom training jobs.

For details, see Profile model training performance using Profiler.

Vertex AI Matching Engine

Vertex AI Matching Engine now offers General Availability support for updating your indices using Streaming Update, which is real-time indexing for the Approximate Nearest Neighbor (ANN) service.

Vertex AI Feature Store streaming ingestion is now generally available (GA).

Preview: You can use geo-location objects in firewall policy rules to filter external IPv4 and external IPv6 traffic based on specific geographic locations or regions.

Preview: You can use Threat Intelligence for firewall policy rules to secure your network by allowing or blocking traffic based on threat intelligence data.

Preview: You can use address groups to combine multiple IP addresses and IP ranges into a single named logical unit. You can then use this unit across multiple rules in the same or different firewall policies. 

Preview: You can use fully qualified domain name (FQDN) objects in firewall policy rules to filter incoming or outgoing traffic from specific domain names.

Release 1.13.3

Anthos clusters on bare metal 1.13.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.3 runs on Kubernetes 1.24.

View your Cloud SQL costs in Billing export to BigQuery

You can now view your granular Cloud SQL instance cost data in the Cloud Billing Detailed cost export. Use the resource.global_name field in the export to view and filter your Cloud SQL instance data.

Cloud Logging now supports the following regions:

• US

• EU

For more information, see Data regionality for Cloud Logging.

You can now use the ALTER INDEX statement to add columns into an index or drop non-key columns. For more information, see Alter an index.

The Document AI OCR Processor has the following new features:

• The OCR Processor now supports extracting embedded text from digital PDFs in public preview. A fallback to the optical OCR model is automatically triggered to extract text in the regions when the PDF being processed contains non-digital text. To opt into this feature, set process_options.ocr_config.enable_native_pdf_parsing=true in your API request to the OCR Processor.

• Added advanced versioning support to the Document AI OCR, which enables OCR users to pin to a historical model version. When enabled, OCR outputs are guaranteed to be consistent and virtually frozen, with zero behavioral drifts. To enable advanced versioning, select the release candidate version pretrained-ocr-v1.2-2022-11-10 in your Document AI console.

Support for the australia-southeast2 (Melbourne) region.

Support for the australia-southeast2 (Melbourne) region.

Managed Microsoft AD supports applying Microsoft security baselines on your Managed Microsoft AD VMs. For more information, see Microsoft security baselines.

Managed Microsoft AD has added a set of new event IDs to audit logs that you can export for a domain. For the updated list of event IDs, see Exported event IDs.

Pub/Sub Lite now supports export subscriptions. You can use an export subscription to export Pub/Sub Lite messages to a destination Pub/Sub topic. This feature is generally available (GA).

Storage Transfer Service now offers Preview support for tracking progress of a Transfer Job using Cloud Monitoring, allowing you to monitor the number of objects and amount of data copied by Storage Transfer Service in near real-time.

See Monitor transfer jobs for details.

The ITAR compliance regime is now generally available.

Automatic IAM database authentication for Cloud SQL for MySQL is now available. To get started using automatic IAM database authentication, see Cloud SQL IAM database authentication.

MySQL 5.7.38 has been upgraded to 5.7.39. For more information, see MySQL 5.7 release notes.

The image import tool now supports importing RHEL 9 images to Google Cloud.

Dataflow now supports regional placement for workers.

Dataplex BigLake integration is now available in Preview. Dataplex BigLake integration allows upgrading a Cloud Storage bucket to managed, creating BigLake tables instead of external tables. This allows the manual application of column-level, row-level, and table-level policies.

Dialogflow CX now supports flow export to diagram in the draw.io XML format.

Advanced network DDoS protection is now Generally Available for network load balancers, protocol forwarding, and VMs with public IP addresses. Metering and billing of Managed Protection Plus protected resources and the data processing fee for the endpoint covered by advanced Network DDoS protection will begin on Jan 31, 2023. For more information, see Configure advanced DDoS protection and the Cloud armor pricing page.

Global external HTTP(S) load balancer is now supported with the GKE Gateway controller in Preview. You can now configure GKE clusters with control plane version 1.24 or later in Rapid channel to use a global external HTTP(S) load balancer to expose web services to the Internet, in a single cluster or multi-cluster architecture. You can benefit from many advanced traffic management capabilities offered by the new generation of Google Cloud global external HTTP(S) load balancers natively in GKE by using the Kubernetes Gateway API and specifying a new Gateway class. To see the difference between Gateway classes compatible with our GKE Gateway controller, see here.

Event Threat Detection, a built-in service of Security Command Center, launched the Initial Access: Dormant Service Account Action rule to Preview. This rule detects events where a dormant user-managed service account triggered an action. For more information, see Event Threat Detection rules.

A new series of enhancements for handling locality load balancing in proxyless mesh deployments is now available in GA. These enhancements let you do the following:

• Create and use a list of preferred load-balancing policies. With this feature, if your first preferred policy can't be used by a particular client, gRPC falls back to the next policy on the list.

• Use a custom load-balancing policy that you created and deployed with gRPC. As part of a related gRPC enhancement, a new set of APIs lets you capture metrics about query cost and server utilization. You can use these APIs to fine-tune your custom policy.

For more information about using these features, see Locality load balancing.

This release of Anthos attached clusters supports AKS and EKS cluster versions 1.21, 1.22, 1.23, 1.24 and 1.25.

This generation of Anthos attached clusters further streamlines the process of attaching your cluster to the Google Cloud infrastructure.

This release supports logging and monitoring of your cluster's status with full log examination through Google's Cloud Logging UI.

This release supports migration of your existing EKS and AKS clusters from the previous generation Anthos attached clusters product.

You can now dynamically update AWS node pool security groups. To do so your API role must have the ec2:ModifyInstanceAttribute and ec2:DescribeInstances permissions.

You can now dynamically updating AWS node pool tags. To do so, your API role must have the autoscaling:CreateOrUpdateTags, autoscaling:DeleteTags, ec2:CreateTags, ec2:DeleteTags, and ec2:DescribeLaunchTemplates permissions.

Elastic File System (EFS) dynamic provisioning is now available in GA for clusters at version 1.25 or later. To use this feature, you must add the following permissions to the control plane role:

• ec2:DescribeAvailabilityZones
• elasticfilesystem:DescribeAccessPoints
• elasticfilesystem:DescribeFileSystems
• elasticfilesystem:DescribeMountTargets
• elasticfilesystem:CreateAccessPoint
• elasticfilesystem:DeleteAccessPoint

You can now upload workload metrics using Google Managed Service for Prometheus with managed collection to Cloud Monarch. This has been upgraded from a preview feature to GA.

You can now enable and update CloudWatch metrics collection on AWS node pool's auto scaling group. To use this feature your API role must have the autoscaling:EnableMetricsCollection and autoscaling:DisableMetricsCollection permissions.

Added a new token manager (gke-token-manager) to generate tokens for control plane components. This eliminates a control-plane component dependency on kube-apiserver, removes the need for RBAC in token generation, and permits logging to begin earlier in the startup cycle.

As a preview feature, Google Cloud Monitoring can now ingest a set of control plane metrics from kube-apiserver, kube-scheduler, kube-controller manager and etcd.

Administrators can grant AWS cluster access to all members of a Google Group by granting the required RBAC permission to the group. For details, see Set up the Connect gateway with Google Groups.

You can now upload workload metrics using Google Managed Service for Prometheus with managed collection to Cloud Monarch. This has been upgraded from a preview feature to GA.

Azure ActiveDirectory is now supported in GA, letting cluster admins configure RBAC policies based on Azure AD groups for authorization in clusters and supporting retrieval of groups information for users belonging who belong to more than 200 groups.

Added a new token manager (gke-token-manager) to generate tokens for control plane components. This eliminates a control-plane component dependency on kube-apiserver, removes the need for RBAC in token generation, and permits logging to begin earlier in the startup cycle.

As a preview feature, Google Cloud Monitoring can now ingest a set of control plane metrics from kube-apiserver, kube-scheduler, kube-controller manager and etcd.

Administrators can grant Azure cluster access to all members of a Google Group by granting the required RBAC permission to the group. For details, see Set up the Connect gateway with Google Groups.

Anthos clusters on VMware 1.13.3-gke.26 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.3-gke.26 runs on Kubernetes 1.24.7-gke.1700.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

Preview: Batch supports VPC Service Controls, which lets you create perimeters that protect the resources and data of Google Cloud services that you explicitly specify. For more information about using VPC Service Controls with Batch, see Supported products and limitations.

You can now access and query Cloud SQL data over a private connection. This feature is generally available (GA).

You can now view a list of certificates managed by Certificate Manager in your project in the Cloud Console. You can also view detailed information about each certificate. For instructions, see Manage Certificates.

Load Balancing SSL certificates, previously available in the "Certificates" tab on the "Load Balancing" page, are now also available in the Certificate Manager page in the "Classic Certificates" tab.

Cloud Data Fusion integrates with Data Catalog for asset level lineage in Preview.

You can now allow other Google Cloud services, such as BigQuery, to access data in Cloud SQL for MySQL and make queries against this data over a private connection. For more information, see Create instances.

You can now allow other Google Cloud services, such as BigQuery, to access data in Cloud SQL for PostgreSQL and make queries against this data over a private connection. For more information, see Create instances.

M102 Release

• TensorFlow 2.11 is now available.
• PyTorch 1.13 is now available.
• Regular security patches and package upgrades.

M102 Release

• TensorFlow 2.11 is now available.
• PyTorch 1.13 is now available.
• Added support for Jupyter[Lab] Language Server Protocol.
• Regular security patches and package upgrades.

Eventarc support for creating triggers for direct events from the following sources is available in Preview:

• API Gateway
• Apigee Registry
• BeyondCorp
• Certificate Manager
• Cloud Data Fusion
• Cloud Functions
• Cloud Memorystore for Memcached
• Database Migration
• Datastream
• Eventarc
• Workflows

The ability to join a Windows VM automatically to a Managed Microsoft AD domain is available in Preview.

Event Threat Detection, a built-in service of Security Command Center, launched the following rules to Preview.

• Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity
• Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access
• Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity
• Privilege Escalation: Anomalous Service Account Impersonator for Data Access

These rules detect the unusual impersonation or delegation of a service account, as recorded in either the Admin Activity or Data Access audit logs. For more information, see Event Threat Detection rules.

Storage Transfer Service now offers GA Support for transferring data between file systems, including on-premises file systems and Filestore instances. This allows you to use the Transfer Service API, gcloud command line tool, or the Cloud console to migrate data from a self-managed file system to Filestore; accelerate data transfer from an on-premise file system to a cloud file system; or move data between on-premises systems.

You can also transfer specific files or objects using a manifest for file system to file system transfers.

TensorFlow Enterprise 2.11 is now available. Note that this TensorFlow Enterprise version does not include Long Term Version Support.

Preview stage support for the following integrations:

• Batch

M102 Release

The M102 release of Vertex AI Workbench includes the following:

• TensorFlow 2.11 is now available.
• PyTorch 1.13 is now available.
• Regular security patches and package upgrades.

A workflow's source and details can now be updated independently through the Cloud Console using the Source and Details tabs for quicker editing.

Release 1.12.6

Anthos clusters on bare metal 1.12.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.6 runs on Kubernetes 1.23.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Transcoder
  • transcoder.googleapis.com/Job
  • transcoder.googleapis.com/JobTemplate

Zonal Cloud DNS zones are now available in GA.

You can create private DNS zones that are scoped only to a Google Cloud zone.

Configuring Cloud DNS scopes is now available in GA.

Cloud Data Fusion is available in the following regions:

• us-east5
• us-south1

For more information, see Locations and Pricing.

You can disable noisy or otherwise unnecessary threat IDs by using the --threat-exceptions flag when you create or update your Cloud IDS endpoint. IDS Threat Exceptions is now Generally Available. For more information, see the Cloud IDS overview

You can now use the Observability tab on the Kubernetes Engine Workloads page to see the five workloads consuming the most of a resource. For more information, see View cluster and workload observability metrics.

Cloud Router supports Multiprotocol BGP (MP-BGP) and can exchange IPv6 prefixes over IPv4 BGP sessions. Cloud Router supports IPv6 prefix advertisement for VPC networks with dual-stack subnets. You can enable IPv6 prefix exchange over IPv4 BGP sessions that are created for HA VPN tunnels. This feature is generally available.

Cloud Spanner now offers the Cloud Spanner change streams to Pub/Sub Dataflow template, which streams Cloud Spanner data change records and writes them into Pub/Sub topics.

You can now create a custom instance configuration and add optional read-only replicas to your custom instance configurations to scale reads and support low latency stale reads. For more information, see Regional and multi-region configurations.

Cloud VPN supports dual-stack HA VPN gateways that allow both IPv4 and IPv6 traffic. By using Multiprotocol BGP (MP-BGP) sessions in Cloud Router, HA VPN can connect your peer networks to VPC networks with dual-stack subnets. This feature is generally available.

Cloud DNS for GKE (cluster scope) is now Generally Available. You can now configure GKE clusters with control plane version 1.24.7-gke.800, 1.25.3-gke.700 or later to use Cloud DNS as the DNS provider for in-cluster name resolution, and replace the existing DNS service based on kube-dns.

GKE Autopilot clusters may now migrate the cluster's datapath provider to Dataplane V2. Migration is triggered during a control plane upgrade (see version requirements below). The migration is complete once all nodes running the legacy datapath have been recreated. Node pools created after the control plane upgrade will be created using Dataplane V2.

• For clusters running 1.24 without Dataplane V2, upgrading to 1.24.7-gke.300 or a higher 1.24 version will begin the migration to Dataplane V2.

• For clusters running 1.25 without Dataplane V2, upgrading to 1.25.3-gke.200 or a higher 1.25 version will begin the migration to Dataplane V2.

To determine whether you are in the process of migrating the datapath, run:

gcloud container clusters describe <CLUSTER> --region <REGION> --project <PROJECT> --format="value(networkConfig.datapathProvider)"

Clusters migrating to Dataplane V2 will have the datapath provider field of the cluster set to MIGRATE_TO_ADVANCED_DATAPATH.

Clusters that have migrated to Dataplane V2 will have the datapath provider field of the cluster set to ADVANCED_DATAPATH.

General Availability: VPC Peering supports the exchange of IPv6 routes between peered VPC networks.

You can now launch clusters with the following Kubernetes versions:

• 1.23.13-gke.2000
• 1.24.7-gke.2000
• 1.25.3-gke.1900

Release 1.14.0

Anthos clusters on bare metal 1.14.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.0 runs on Kubernetes 1.25.

Improved cluster lifecycle functionalities:

• Upgraded from Kubernetes version 1.24 to 1.25.

• Enabled customers to run the latest health and preflight checks by running the command bmctl check cluster –check-image-version=latest. Setting the check-image-version flag to 'latest' ensures that clusters are examined for more recent issues, including issues discovered after a release.

• Preview: Added support of Control group v2 (cgroup v2).

• GA: Added automatic reservation of CPU and memory resources on cluster nodes so that system daemons have the resources they require.

• Optimized the consumption of resources by components such as cluster-operator, cap-manager, preflight-check operator, and lifecycle-controllers-manager.

• GA: Enabled automatic and periodic health checks on all clusters.

Networking:

• Preview: Added support for turning on kube-proxy-free mode for cluster objects. WARNING: This operation is not reversible. Once enabled, it cannot be disabled.

• Changed behavior of Dataplane V2 so that it drops a packet if no service backends are available. Previously, the packet was passed to the kernel stack.

• Enabled automatic API rate limit adjustments in Dataplane V2.

Observability:

• Added severity level to container logs.

• Enabled collection of uptime and other Kubernetes resource metrics from the kubelet summary API.

• Enabled Stackdriver log forwarder in the bootstrap cluster. This log forwarder publishes bootstrap container logs to Cloud Logging.

Security and Identity:

• GA: Added feature enabling cluster administrators to configure RBAC policies based on Azure Active Directory (AD) groups. Groups information for users belonging to more than 200 groups can now be retrieved.

• GA: Added secure computing mode (seccomp) support. Running containers with a seccomp profile improves the security of a cluster because it restricts the system calls that containers are allowed to make to the kernel.

• Added annotation in the cluster configuration file which allows customers to disable the kubelet read-only port. After disabling the read-only port, customers have to change their cluster configurations so that workloads use the kubelet secure port.

VM Runtime:

• GA: Added support for guest OS booting of UEFI. Previously, only BIOS was supported.

• Preview: Enabled Terraform scripting to create VMs on an Anthos cluster. For more information, including usage instructions, an input reference, and examples, see the terraform-google-anthos-vm GitHub repository.

• Preview: Add support for non-uniform memory access (NUMA) awareness. When enabled, all communication within the VM is local to the NUMA node, thus avoiding the performance cost of data transactions with remote memory locations.

• Preview: Enabled multicast traffic for VMs.

• Added Anthos VM Runtime preflight checks to validate hardware accelerator configuration.

• Enabled configuration of storage's volume mode (block or filesystem) and access modes, such as RWO and RWX.

• Enabled means to configure the storage class of a scratch space. A scratch space is sometimes required when importing or uploading a VM disk image.

• Added support for configuring cloud-init, using virtctl.

• Enabled ability to disable auto-installation of the guest agent binary. After the initial guest agent installation, yoiu can set the autoInstallGuestAgent flag to false so that the binary doesn't mount in subsequent restarts.

• Enabled the support of multiple network interfaces, by default, for all clusters.

• Improved security for creating a VM with kubectl virt create. If an initial password is specified, it is now stored in a secret and not as a VM annotation.

• Reduced the permissions of the network controller.

• Changed default to always use Asynchronous IO mode (AIO) in order to reduce QEMU memory pressure.

• Added VM creation and disk provisioning times to Prometheus metrics.

• Added support for the Tesla T4 GPU.

• Enabled reset of GPU card to its original status when GPU functionality is disabled.

• Enabled ability to disable Anthos VM Runtime when it's in the enabling state and custom resource definitions haven't yet been installed.

• Added the following command, which allows you to display the VM screen: kubectll virt vnc --screenshot VM_NAME.

• Fixed the IP address update for Windows guest VMs.

• Resolved the MacVTap interface creation failure which occurred when the name of the interface was too long.

• Fixed attaching VM disk using SATA driver.

• Fixed issue so that setting disableCDIUploadProxyVIP to true correctly disables the cdi-uploadproxy service.

• Fixed issue so that specifying a PersistentVolumeClaim (PVC) with an empty underlying PersistentVolume (PV) correctly creates the underlying empty disk format (raw or qcow2).

• Enforced VM names to follow the standard RFC1123 format.

• Fixed issue so that ISO image is correctly imported from a Cloud Storage bucket.

• Fixed benign crash looping of the NVIDIA device plugin and the Multi-Instance GPU (MIG) manager when all GPU cards are allocated to a VM.

• Fixed issue so that virt-launcher Pod can be created when advanced compute is enabled.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

You can now use any configured service account in your Cloud project as the app-level default service account, while creating and updating your App Engine applications.

Data lineage is available in Preview in Cloud Composer 2.

Data lineage is a Dataplex feature that lets you track how data moves through your systems: where it comes from, where it is passed to, and what transformations are applied to it.

Database Migration Service now supports high availability (HA) instances for MySQL and PostgreSQL database migrations. To find out how to configure connectivity for a high availability instance, click here. To learn how to configure a high availability instance when creating a migration job, click here.

The cloudfunctions.googleapis.com/v2 API now supports reading 1st gen functions, using the get and list methods. Function responses contain an Environment field that differentiates between 1st and 2nd gen functions.

You can use the filter field to restrict the response to only 2nd gen functions, for example: filter=environment="GEN_2".

Note that 1st gen functions in europe-west5 can't be read from the v2 API as the region is not available yet in 2nd gen.

If you are using an older version of gcloud, the gcloud functions list command may show 1st gen functions twice. Updating to a newer version of gcloud should fix this.

You can use the new Map view on the VM Instances dashboard to visualize the health of the resources in your fleet. Using the map, you can group VMs by resource labels, like "instance group" or "zone", and color the VMs by the value of a metric, like CPU utilization, to highlight hotspots and anomalies in your fleet.

The Cloud SQL System insights dashboard now shows additional metrics and an events timeline. You can also use the Auto refresh function to keep the dashboard up to date.

Generally available: NVIDIA® T4 GPUs are now available in the following region and zones:

• Hong Kong, APAC: asia-east2-a,c

For more information about using GPUs on Compute Engine, see GPU platforms.

Added support for DataCatalogTaxonomy resource. This resource has been auto-generated and is in alpha stability.

Added spec.maxTimeTravelHours to BigQueryDataset.

Added spec.build.step.script to CloudBuildTrigger.

Added spec.sourceDiskRef and status.sourceDiskId to ComputeDisk.

Added spec.rules to ComputeRouterNAT.

Added spec.clusterAutoscaling.autoProvisioningDefaults.diskSize to ContainerCluster.

Added status.member to IAMServiceAccount.

Added spec.settings.timeZone to SQLInstance.

Compact placement policy is now generally available. Set up a compact placement policy to specify that nodes within the node pool should be placed in closer physical proximity to each other within a zone. Having nodes closer to each other can reduce network latency between nodes, which can be useful for tightly-coupled batch workloads.

Reserving static regional internal IPv6 addresses is available in Preview.

The AlloyDB index advisor helps you optimize your databases by observing the queries your databases handle, and then recommending new indexes based on these observations.

Support for moving a Cloud Spanner instance is now generally available. You can request to move your Spanner instance from any instance configuration to any other instance configuration, including between regional and multi-region configurations. For more information, see Move an instance.

An update to Spanner change streams provides two new data capture types for change records:

• NEW_VALUES mode captures only new values in non-key columns, and no old values. Keys are always captured.
• NEW_ROW mode captures the full new row, including columns that are not included in updates. No old values are captured.

Note that existing change streams remain set to OLD_AND_NEW_VALUES.

Dataplex auto data quality (AutoDQ) is now available in Preview. Dataplex auto data quality helps data users build trust in their data with a turnkey and automated product that encapsulates the entire process of data quality.

Dataplex data profiling is now available in Preview. Dataplex data profiling helps data users build deeper understanding about their data by identifying common data characteristics. Dataplex utilizes this information to recommend the data quality rules as well.

Dialogflow CX now supports interaction logging export to BigQuery.

Dialogflow CX added sentiment analysis support in the following regions for English (en), French (fr), Italian (it), German (de), and Spanish (es) languages:

• asia-southeast1
• europe-west1
• europe-west2
• europe-west3
• northamerica-northeast1

The Form Parser now supports Generic Entity Extraction in Public Preview, covering the following entity types:

• email: email address
• phone: phone number
• url: website URLs
• date_time: partial or full date/time/period
• address: full address or street address in a single line
• person: partial or full name of a person
• organization: full name of an organization
• quantity: a number specifying quantity or percentage
• price: a number specifying monetary amount
• id: a number specifying identity
• page_number: a number specifying page number

The Form Parser has the following feature enhancements:

• The Form Parser key-value pair (entity and checkbox) extraction and table extraction now support 200+ languages that are supported by the underlying multi-language OCR model. This language expansion is in Public Preview, with key-value pair internationalization backed by quality benchmarks in selected languages such as Simplified Chinese, Traditional Chinese, Japanese, and Korean.

• Table extraction in Form Parser is now powered by an enhanced vision-based table parsing model.

These enhanced features are automatically enabled for Form Parser processor version pretrained-parser-v2.0-2022-11-10 and all future versions. Note that this is a Release Candidate version, which is subject to further changes before graduating to the Stable version.

Release 1.12.5

Anthos clusters on bare metal 1.12.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.5 runs on Kubernetes 1.23.

Operating systems updates for Bare Metal Solution servers–The following OS is now supported on general-purpose servers:

• Red Hat Enterprise Linux (RHEL) 8.4

Other formatting revisions have been added to the Bare Metal Solution operating systems page and the SAP HANA on Bare Metal Solution operating systems page to make them easier to use.

More options are now available when you create and manage repricing configurations for your customers. This includes the option to add one override per SKU group (currently only Google Marketplace and Maps groups) to provide further discounts or markups for your customers.

A snapshot of product SKUs for each SKU group can be downloaded as a CSV from the partner Sales Console. Use this feature for greater control and transparency of partner program discounts. Visit the rebilling overview to learn more about this feature.

Rebilling data exported to BigQuery now includes the columns: CustomerRepricingConfigName, ChannelPartnerRepricingName, and Tags. The first full month with this data will be Jan, 2023. For more information see the Rebilling Table Schema and sample export queries.

Tags are attached to resources and support inheritance, centralized management, nomenclature standardization, and policy engine integration. For Cloud Billing, Tags help map costs across your organization. In cost reporting, you can query on Tags to perform Cost Management tasks like chargebacks, audits, and other cost allocations.

The Key Usage dashboard in the Google Cloud console and the new KMS Inventory REST API are now in Preview.

For more information about the Key Usage dashboard, see View key usage.

For more information about the KMS Inventory REST API, see KMS Inventory API.

For example curl commands using the KMS Inventory REST API, see View key usage and View keys by project.

Healthcheck probes are now at general availability (GA).

Added the dataproc.googleapis.com/job/state metric to track the status of Dataproc Jobs states (such as, RUNNING or PENDING). This metric is collected by default and is not chargeable to customers.

Dataproc job IDs are now queryable and viewable from MQL(Monitoring Query Language), and the metric can be used for long-running job monitoring and alerting.

M101 Release

• TensorFlow patch version upgrades:
  • From 2.8.3 to 2.8.4.
  • From 2.9.2 to 2.9.3.
  • From 2.10.0 to 2.10.1.
• TensorFlow 1.15 Deep Learning Containers images are now deprecated.
• Regular security patches and package upgrades.

M101 Release

• TensorFlow patch version upgrades:
  • From 2.8.3 to 2.8.4.
  • From 2.9.2 to 2.9.3.
  • From 2.10.0 to 2.10.1.
• TensorFlow 1.15 Deep Learning VM images are now deprecated.
• Regular security patches and package upgrades.

Storage Transfer Service offers Preview support for event-driven transfers - serverless, real-time replication from AWS S3 to Cloud Storage, and between Cloud Storage buckets. With this new capability, you can accelerate your event-driven analytics pipeline, enable automatic replication across Cloud Storage buckets, create a backup copy of data in a different region or project, or perform live migration.

Learn more about Event-driven transfers.

M101 Release

The M101 release of Vertex AI Workbench includes the following:

• TensorFlow patch version upgrades:
  • From 2.8.3 to 2.8.4.
  • From 2.9.2 to 2.9.3.
  • From 2.10.0 to 2.10.1.
• TensorFlow 1.15 on Vertex AI Workbench is now deprecated.
• Added *.notebooks.cloud.google.com as part of the domains required for users to access Notebooks API. Removed *.datalab.cloud.google.com.
• Regular security patches and package upgrades.

A list.prepend function is available to support creating a copy of a list with a new element added to the beginning.

AlloyDB cross-region replication replicates your primary cluster's data and resources. It makes the data and resources available in different regions, allowing disaster recovery in the event of an outage in the primary region.

The constraint template library includes a new template: K8sBlockAllIngress. For reference see Constraint template library.

The constraint template library includes a new template: K8sBlockCreationWithDefaultServiceAccount. For reference see Constraint template library.

The constraint template library includes a new template: K8sBlockObjectsOfType. For reference see Constraint template library.

The constraint template library includes a new template: K8sEnforceCloudArmorBackendConfig. For reference see Constraint template library.

The constraint template library includes a new template: K8sEnforceConfigManagement. For reference see Constraint template library.

The constraint template library includes a new template: K8sRequireDaemonsets. For reference see Constraint template library.

The constraint template library includes a new template: K8sRequireDefaultDenyEgressPolicy. For reference see Constraint template library.

The constraint template library includes a new template: K8sRequireValidRangesForNetworks. For reference see Constraint template library.

The constraint template library includes a new template: K8sRestrictRbacSubjects. For reference see Constraint template library.

The following enhancements are made to Config Sync metrics:

• Enhanced the histogram distribution bounds for the parser_duration_seconds and apply_duration_seconds metrics to support longer durations.
• Enhanced the last_sync_timestamp metric to prevent timeseries with empty commits.
• Added a new label called controller into the apply_operations metric to track whether the operation is from the applier or the remediator.
• Support the errorclass label of the reconciler_errors metric correctly.

For more details, see Monitor Config Sync.

Added resource tags to all Config Sync metrics to identify the source component. For more information, see Config Sync Metric Tags.

Anthos clusters on VMware 1.11.6-gke.18 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.6-gke.18 runs on Kubernetes 1.22.15-gke.3300.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

GA release of Simplified Onboarding for Apigee X (Pay-as-you-go) in the Google Cloud console.

With this release, new Apigee customers using Pay-as-you-go pricing can quickly configure Apigee using a simplified onboarding flow accessible from the Google Cloud console.

• The new onboarding UI provides stepped navigation consistent with other products available in the console.
• Apigee X (Pay-as-you-go) provisioning is simplified but remains flexible. Default settings are provided, with the option to customize as needed.
• Improved contextual help streamlines decision-making during onboarding.

See Before you begin and Get started in the Cloud Console for more details on provisioning Apigee X with Pay-as-you-go pricing from the Google Cloud console.

The demo query guide helps you query a public dataset from Google Trends and is now in preview.

The following changes were made to UDM Search. You can now do the following:

• Use enhanced filtering to include Bottom 30 values in addition to Top 30 values for each UDM Field in search results
• Use 'field[key] = value' exact match to search the 'additional' and 'labels' fields
• Pin fields (using the push pin icon) in Quick Filter to save them as a favorite. They will appear at the top of the Quick Filters list
• Save column layouts and load them
• Escape special characters by using backslashes and double-quotes

Cloud Bigtable now lets you restore from a backup to a different project. This feature is generally available (GA). To learn more, see Bigtable backups.

The ability to configure deletion protection for a Cloud Bigtable table is now generally available (GA). This setting prevents deletion of the table, its column families, and the instance containing the table. See Modify deletion protection for instructions.

Preview: Get estimated costs in the Google Cloud console

You can now estimate the cost of Compute Engine and Cloud Storage workloads in the Google Cloud console. The Cost Estimation tool provides estimates that also include any custom contract prices on your Cloud Billing account. These cost estimates can help you make more informed business decisions.

Learn about estimating costs in the Google Cloud console.

Generally available: You can merge your active hardware resource commitments into one larger commitment to track and manage them as a single entity. You can now also merge your commitments by using the Google Cloud Console. For more information, see Merging commitments.

Invoice Parser and Expense Parser are now available in the following single-region locations:

• australia-southeast1 (Sydney)
• northamerica-northeast1 (Montréal)

AutoProvision service will return an operation ID for immediate completed operations.

Enable operation service for Document AI Warehouse v1 service.

Partially supports Google AIP-160 syntax (https://google.aip.dev/160) in search query. Search query now supports literals, logical operators, negation operators, comparison operators, and functions.

VPC Service Controls for Document AI Warehouse are publicly supported.

In order to support new features in the future, Google Cloud VMware Engine will convert the resource names for private clouds to a standardized format that is more consistent with Google Cloud. Specifically, this resource name translation will make minor changes to the names of resources in your project, such as:

• Changing capital letters to lowercase
• Changing white space to hyphens

Resource name translation is currently optional, but existing private clouds must perform a resource name translation in order to access the gcloud CLI or VMware Engine API. Resource name translation will be required after September 2023.

For more information on resource name translation, see Resource Name Translation.

Performance Dashboard now shows latency metrics between VMs and Internet endpoints:

• In the Project performance view, Performance Dashboard shows latency between VMs across all Google Cloud regions and Internet endpoints.
• In the Google Cloud performance view, Performance Dashboard shows latency metrics for regions where you have VM instances and the Internet locations communicating with the VMs.

The Malicious URL Observed detector of Container Threat Detection, a built-in service of Security Command Center Premium, is now generally available.

The detector checks URLs observed in arguments passed by executables against known phishing and malware URLs to determine if they are malicious.

You can see the full details of the detector's findings only if you upgrade to the refreshed findings display in the Security Command Center dashboard.

For more information, see the following pages:

• Container Threat Detection overview
• Findings Workflow Improvements

Sensitive Actions Service, a built-in service of Security Command Center Premium, is now generally available.

Sensitive Actions Service detects when actions are taken in your Google Cloud organization, folders, and projects that could be damaging to your business if they were to be taken by a malicious actor.

For more information, see Sensitive Actions Service overview.

You can now enable the email verification feature of MFA from the Google Cloud console. For instructions, see Configure Multi-factor authentication.

The Go 1.18 and Go 1.19 runtimes for App Engine standard environment are now available in Preview.

The Node.js 18 runtime for App Engine standard environment is now available in Preview.

BeyondCorp Enterprise integration with Microsoft Intune is generally available (GA).

With this integration, you can collect real-time information about the devices in your organization using Microsoft Intune, and use this information to manage your devices and control access to your organizational resources using BeyondCorp Enterprise.

You can now retrieve information about a Cloud Bigtable query to help you evaluate the query's performance. This feature is generally available (GA). For more information, see Get query stats.

Cloud Data Fusion is available in the following region:

• me-west1

For more information, see Locations and Pricing.

Preview: You can now query asset metadata via the Cloud Asset Inventory API or the Cloud console, without needing to export the data to a BigQuery table first. This feature is available as a preview for Security Command Center Premium customers.

• Documentation
• Go to Cloud Asset Inventory query in the Cloud console

(Cloud Composer 2) Environment snapshots and Scheduled snapshots are now generally available (GA) for Cloud Composer 2 versions 2.1.1 and later.

Scheduled snapshots provide additional support for running disaster recovery scenarios.

Cloud Data Fusion version 6.8.0 is in Preview. This release is in parallel with the CDAP 6.8.0 release.

Features in 6.8.0:

• Replication from Oracle to BigQuery using Datastream is generally available (GA).

• Cloud Data Fusion supports BigQuery batch source pushdown.

• Cloud Data Fusion supports AND triggers. You can create OR and AND triggers. Previously, all triggers were OR triggers.

Cloud Run support for a new second generation execution environment is now at generally availability (GA).

Cloud Run support for network file systems such as NFS, NDB, 9P, CIFS/Samba, and Ceph, as well as Cloud Filestore and Cloud Storage FUSE, is now at general availability (GA.)

On the Error Reporting page, use the new resource filter to filter error groups by resource type. For more information, see Filter errors.

Support for refactoring applications running on JBoss Enterprise Application Platform or WildFly application platform to containers, which lets you deploy the application as containers on GKE, GKE Autopilot clusters, Anthos clusters, and Cloud Run, released for Public Preview. See Migrate JBoss Servers.

Support for refactoring Apache 2 Linux based applications to containers, which lets you deploy Apache 2 application components as containers on GKE, GKE Autopilot clusters, Anthos clusters, and Cloud Run, released for Public Preview. See Migrate Apache 2 Servers.

Enhanced control on the verbosity of backend logs. You can now use the migctl logging set-verbosity <verbosity> command, where verbosity 0 corresponds to info logs only and verbosity 1 shows debug logs. See migctl reference.

A new suite of client-side metrics for the Cloud Bigtable client for Java is generally available (GA) in versions 2.16.0 and later. To learn more about using the new monitoring metrics for performance optimization and troubleshooting, see the Client-side metrics overview.

(Cloud Composer 2) The Composer Local Development CLI tool is now available to help streamline testing and developing using local Airflow environments with Composer 2.

Cloud DNS per resource IAM permissions are available in GA.

Currently, health check probes for hybrid NEGs originate from Google's centralized health checking mechanism. If you cannot allow traffic that originates from the Google health check ranges to reach your hybrid endpoints and would prefer to have the health check probes originate from your own private IP addresses instead, speak to your Google account representative to get your project allowlisted for distributed Envoy health checks.

This feature is available in General availability for allowlisted projects only.

New SQL syntax, RETURNING in the PostgreSQL dialect and THEN RETURN in Google Standard SQL, selects and returns data from rows that were just updated as part of a DML statement. This is especially useful for getting values from default or generated columns and can reduce latency over equivalent multi-statement transactions. The preview supports the Java, JDBC, Python, and Go Spanner clients as well as PostgreSQL drivers that connect through PGAdapter.

Dataproc Metastore administrator interface is available in preview.

The administrator interface provides you with a centralized tool to inspect and manage the metadata stored in your Dataproc Metastore service.

You can now set the minimum observation period for the IAM recommender to 30 or 60 days instead of the default period of 90 days. For more information, see Configure role recommendation generation. This feature is available in Preview.

The kernelRootkit attribute was added to the Finding object of the Security Command Center API.

The kernelRootkit attribute contains information about a kernel rootkit that triggered a finding, including the following:

• Name of the rootkit, if available.
• Whether unexpected modifications were made to the kernel's code, read-only data memory, or certain important kernel data structures.

For more information, see the Security Command Center API documentation for the Finding object.

The Pipeline Templates feature is now generally available (GA). The Your Templates tab is supported by Artifact Registry and allows you to publish and curate pipeline and component templatess. For documentation, refer to Create, upload, and use a pipeline template.

(New environments only) Creating Cloud Composer 2 environments no longer depends on the constraints/compute.requireOsLogin organization policy setting.

(Cloud Composer 2) Cloud Composer 2 environments now include the composer-user-workloads namespace that you can use to run user-defined workloads.

The number of concurrent database restore operations per instance that Cloud Spanner supports has increased from five to ten. For more information, see Backup and restore limits.

Preview: Confidential Space is designed to let parties share sensitive data with a mutually agreed upon workload, while they retain confidentiality and ownership of that data. Such data might include personally identifiable information (PII), protected health information (PHI), intellectual property, cryptographic secrets, and more. Confidential Space helps create isolation so that data is only visible to the workload and the original owners of the data.

Eventarc support for customer-managed encryption keys (CMEK) is generally available (GA).

Event Threat Detection, a built-in service of Security Command Center, launched the Initial Access: Database Superuser Writes to User Tables rule to General Availability. This rule detects events where a Cloud SQL superuser (postgres for PostgreSQL servers or root for MySQL users) writes to non-system tables. For more information, see Event Threat Detection rules.

The AlloyDB Clusters page of the Google Cloud console displays summary cards and a resource table that provide an overview on the overall health of your databases. This helps you monitor the real-time performance of your database fleet.

BigQuery now supports querying Apache Iceberg tables that are created by open source engines. This feature is in preview.

Google Cloud Platform Plugins version 0.20.4 is generally available (GA) in Cloud Data Fusion versions 6.7.1 and 6.7.2. This version includes Dataplex Source and Sink plugins in GA. For more information, see the CDAP Hub release log.

Google Cloud Platform Plugins version 0.19.3 is generally available (GA) in Cloud Data Fusion version 6.6.0. This version includes Dataplex Source and Sink plugins in GA. For more information, see the CDAP Hub release log.

The NEW_ZEALAND_IRD_NUMBER infoType detector is available in all regions.

The VAT_NUMBER infoType detector is available in all regions. Currently, this detector identifies VAT numbers from France, Germany, Hungary, Indonesia, Italy, and the Netherlands.

For more information about all built-in infoTypes, see InfoType detector reference.

Dataplex Source and Sink plugins are generally available (GA) in Cloud Data Fusion for ingesting and processing data.

Error Reporting is a Virtual Private Cloud (VPC) supported service.

The Agent Assist Smart Reply feature now supports French (Canada) in addition to English (United states). See the language support page for details.

Users can generate Supply chain Levels for Software Artifacts (SLSA) build provenance information for standalone Java and Python packages when they upload artifacts to Artifact Registry using new fields available in the Cloud Build config file. This feature is in public preview. For more information, see Build and test Java applications and Build and test Python applications.

AutoML image model updates

AutoML image classification and object detection now support a higher-accuracy model type. This model is available in Preview.

For information about how to train a model using the higher accuracy model type, see Begin AutoML model training.

Batch prediction is currently not supported for this model type.

Cloud Logging for Vertex AI Pipelines is now generally available (GA). For more information, see View pipeline job logs.

Three new rate limiting keys are now Generally Available:

• HTTP-PATH
• SNI
• REGION-CODE

For more information about using rate limiting keys, see the Rate limiting overview.

Kubernetes control plane logs are now Generally Available. You can now configure GKE clusters with control plane version 1.22.0 or later to export to Cloud Logging logs emitted by the Kubernetes API server, Scheduler, and Controller Manager.

These logs are stored in Cloud Logging and can be queried in the Cloud Logging Log Explorer or Cloud Logging API. These logs can also be sent to Google Cloud Storage, BigQuery, or Pub/Sub using the Log Router.

You can now use deprecation insights to identify clusters on versions 1.23 and earlier that use Docker-based node images, which are unsupported on GKE version 1.24 and later.

BigQuery now supports the following features when you load data:

• ASCII control characters for CSV files.
• Reference file with the expected table schema for creating external tables with Avro, ORC, and Parquet files.

These features are generally available (GA).

View granular cost data from Cloud Run instances in Cloud Billing exports to BigQuery

You can now view granular Cloud Run cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your Cloud Run instances.

Review the schema of the Detailed cost data export.

View granular cost data from Cloud Function instances in Cloud Billing exports to BigQuery

You can now view granular Cloud Function cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your Cloud Function instances.

Review the schema of the Detailed cost data export.

Preview: VMware Engine private clouds support the addition of a Trusted Platform Module (TPM) 2.0 virtual cryptoprocessor to a virtual machine.

For details about this feature, see About Virtual Trusted Platform Module.