Google Cloud release notes

Batch is available in the following regions:

• asia-east2 (Hong Kong)
• europe-central2 (Warsaw)
• us-south1 (Dallas)
• us-west2 (Los Angeles)
• us-west3 (Salt Lake City)
• us-west4 (Las Vegas)

For more information, see Locations.

Features supported in this release include:

• Blockchain Node Engine is a fully-managed service for dedicated blockchain nodes.
• Ethereum support:
  • Execution and consensus clients
  • Full and Archive nodes
  • JSON-RPC and WebSocket endpoints.
• With a single operation, Blockchain Node Engine provisions a new node with the specified configuration (network, region, client, node type), bootstrap it from a known-good snapshot, sync it with the blockchain, and ensure its availability.
• Google Cloud Armor always enabled.

See:

• What is Blockchain Node Engine?
• Get started
• Create a blockchain node
• Using blockchain nodes
• APIs and reference

You can now configure CMEK and a default storage location for individual folders, in addition to organizations. For more information, see Configure default settings for organizations and folders and Configure CMEK for Cloud Logging.

Generally available: Accelerator-optimized (G2) machine types with attached NVIDIA® L4 GPUs are generally available in the following regions and zones:

• Singapore, APAC: asia-southeast1-b
• Netherlands, Europe: europe-west4-a,b,c
• Iowa, North America: us-central1-a,b
• South Carolina, North America: us-east1-b,d
• Virginia, North America: us-east4-a
• Oregon, North America: us-west1-a,b

Support for IPv6 static routes with the following next hops is available in Preview:

• next-hop-gateway
• next-hop-instance

The SAP Ariba Batch Source plugin is generally available (GA). You can connect your data pipeline to an SAP Ariba Source and a BigQuery Sink with this plugin in Cloud Data Fusion versions 6.5.1 and later.

The SAP SuccessFactors Batch Source plugin is GA. You can connect your data pipeline to an SAP SuccessFactors Source and a BigQuery Sink with this plugin in Cloud Data Fusion versions 6.5.1 and later.

The rollout of the following minor versions, extension versions, and plugin versions is currently underway:

Minor versions

• 10.22 is upgraded to 10.23.
• 11.17 is upgraded to 11.19.
• 12.12 is upgraded to 12.14.
• 13.8 is upgraded to 13.10.
• 14.5 is upgraded to 14.7.

Extension and plugin versions

• pg_cron is upgraded from 1.4.1 to 1.5.
• pg_partman is upgraded from 4.7.0 to 4.7.3.
• postgresql-hll is upgraded from 2.16 to 2.17.
• pg_repack is upgraded from 1.4.7 to 1.4.8.
• wal2json is upgraded from 2.4 to 2.5.
• pg_hint_plan is upgraded, as follows:
  • from 1.3.7 to 1.3.8 (for PostgreSQL versions 11-13)
  • from 1.4.0 to 1.4.1 (for PostgreSQL version 14)
  • from 1.4.0 to 1.5.0 (for PostgreSQL version 15)

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20230530.01_00. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Continuous backup and recovery is generally available (GA).

Anthos clusters on VMware 1.15.1-gke.40 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.15.1-gke.40 runs on Kubernetes 1.26.2-gke.1001.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.

Release 1.13.8

Anthos clusters on bare metal 1.13.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.8 runs on Kubernetes 1.24.

For Node.js runtimes version 18 and version 20 (preview), you can use the Pnpm package manager to configure dependencies for Node.js runtimes. Learn how to configure your runtime.

You can use the Pnpm package manager to configure dependencies for Node.js runtimes. Learn how to configure your runtime.

You can use the Pnpm package manager to configure dependencies for Node.js runtimes. Learn how to configure your runtime.

Agones on GKE users will get recommendations and insights if they did not install the Agones controller on dedicated nodes.

Vertex Prediction

You can now specify a multi-region BigQuery table as the input or output to a batch prediction request.

Release 1.15.1

Anthos clusters on bare metal 1.15.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.15.1 runs on Kubernetes 1.26.

Preview: In a managed instance group (MIG), you can set metadata and labels for all VMs in the group without the need to create a new instance template. For more information, see Override instance template properties with an all-instances configuration.

The image import tool now supports importing CentOS Stream 9 and CentOS Stream 8 images to Google Cloud.

Data sampling is now generally available (GA). Data sampling lets you observe the data at each step of a pipeline. For more information, see Use data sampling to observe pipeline data.

Dataproc Metastore gRPC endpoints are generally available (GA).

Metadata federation support for BigQuery and BigLake is generally available (GA).

Cross-Cloud Interconnect is now generally available. You can use a Cross-Cloud Interconnect connection to peer your Google Virtual Private Cloud (VPC) network with your network that's hosted by a supported cloud service provider. You can also use Cross-Cloud Interconnect VLAN attachments as part of a site-to-site data transfer strategy.

For example, after you configure a VLAN attachment for your Cross-Cloud Interconnect connection, you can create a Network Connectivity Center spoke to represent the attachment. If the spoke has site-to-site data transfer enabled, you can then transfer data between your remote cloud network and your other external sites. Other external sites can include your on-premises network or your network in other clouds.

For information about the cloud service providers that Cross-Cloud Interconnect supports, see the Cross-Cloud Interconnect overview. For information about site-to-site data transfer, see the Site-to-site data transfer overview.

Site-to-site data transfer is supported only in certain locations.

The advanced traffic management using flexible pattern matching capability with Global External HTTP(S) Load Balancer is now Generally Available.

(Cloud Composer 2) The number of web server workers is now set dynamically based on available web server CPU and memory. This change improves Airflow web server performance and scalability by allowing it to handle more users.

• These workers are internal to the gunicorn web server and are not related to workers that run tasks.

• The new value is applied to the [webserver]workers Airflow configuration option when you change the environment's configuration. To use a different value, override this Airflow configuration option.

• The number of web server workers is clamped between 2 and 12 workers and is calculated as the minimum of (web_server_CPU * 2) + 1 and web_server_memory * 1.1.

The global external HTTP(S) load balancer now supports advanced traffic management using flexible pattern matching. This allows you to use wildcards anywhere in your path matcher. You can use this to customize origin routing for different types of traffic, request and response behaviors, and caching policies. In addition, you can now use results from your pattern matching to rewrite the path that is sent to the origin.

For details, see URL maps overview: Wildcards and pattern matching operators in path templates for route rules.

This capability is available in General availability.

Cloud NAT support for Standard Tier egress is available in Preview.

Observability for Google Kubernetes Engine: The Observability tab for each of your GKE clusters now includes metrics for ephemeral storage. For more information, see View observability metrics.

Adds MAX_THREE_PER_COMPANY DiversificationLevel option.

Resource AlloyDBBackup(v1alpha1):

• Added spec.encryptionConfig field.

• Added status.encryptionInfo field.

Resource AlloyDBCluster(v1alpha1):

• Added spec.encryptionConfig field.

• Added spec.automatedBackupPolicy.encryptionConfig field.

• Added status.encryptionInfo field.

Resource BigQueryJob(v1beta1):

• Added spec.load.parquetOptions field.

Resource CertificateManagerCertificate(v1alpha1):

• Added spec.location field.

Resource CloudBuildTrigger(v1beta1):

• Added spec.build.step.items.allowExitCodes field.

• Added spec.build.step.items.allowFailure field.

• Added spec.gitFileSource.repositoryRef field.

• Added spec.sourceToBuild.repositoryRef field.

Resource ComputeBackendService(v1beta1):

• Added spec.cdnPolicy.bypassCacheOnRequestHeaders field.

Resource ComputeDisk(v1beta1):

• Added spec.asyncPrimaryDisk.diskRef field.

Resource ComputeForwardingRule(v1beta1):

• Added spec.allowPscGlobalAccess field.

• Added spec.sourceIpRanges field.

• Added status.baseForwardingRule field.

Resource ComputeNetworkPeering(v1beta1):

• Added spec.stackType field.

Resource ComputeResourcePolicy(v1beta1):

• Added spec.diskConsistencyGroupPolicy field.

Resource ComputeRouterPeer(v1beta1):

• Added spec.enableIpv6 field.

• Added spec.ipv6NexthopAddress field.

• Added spec.peerIpv6NexthopAddress field.

Resource ContainerCluster(v1beta1):

• Added spec.addonsConfig.gcsFuseCsiDriverConfig field.

Resource VertexAIEndpoint(v1alpha1):

• Added spec.region field.

Resource WorkflowsWorkflow(v1alpha1):

• Added spec.cryptoKeyName field.

Resource WorkstationsWorkstationCluster(v1alpha1):

• Added status.resourceConditions field.

• Restructured status.conditions field to be consistent with status.conditions field of any Config Connector kind.

The Observability tab for each of your GKE clusters now includes metrics for ephemeral storage. For more information, see View observability metrics.

Image batch processing now available as a Preview feature

Vertex AI Vision now offers batch image processing as a Preview feature. This new processing mode lets you provide a Cloud Storage path with image files as input and Cloud Storage path to store output batch processing results.

For more information, see the image batch processing documentation.

Python SDK now available

A new Python SDK is now available for Vertex AI Vision. For more information, see the following documentation pages:

• Set up a project and a development environment
• Use the Face Blur model with the Python SDK

General Availibility: You can use the private.googleapis.com and restricted.googleapis.com virtual IP addresses (VIPs) to access Google APIs and services with IPv6 addresses. For more information, see the following pages:

• Use the VIPs from VMs with internal IPv6 addresses
• Use the VIPs from VMs with external IPv6 addresses
• Use the VIPs from on-premises hosts with IPv6 addresses
• Use the VIPs with VPC Service Controls

Private Service Connect backends support using an external regional TCP proxy load balancer to access published services. This feature is available in Preview.

Added a new field spec.helm.deployNamespace in the RootSync API to support specifying which namespace to deploy the rendered chart. For more information, see RootSync and RepoSync fields.

The constraint template library includes a new template: K8sHorizontalPodAutoscaler. For reference, see the Constraint template library.

The BigQuery partitioning and clustering recommender is now in preview. The recommender analyzes your BigQuery tables to identify partitioning or clustering opportunities for potential cost savings. You can view partition or cluster recommendations through the BigQuery UI or recommender API. You can also apply recommendations directly to your BigQuery tables.

Generally available: NVIDIA A100 80GB GPUs are now available in the following additional regions and zones:

• Netherlands, Europe: europe-west4-a
• Singapore, APAC: asia-southeast1-c

For more information about using GPUs on Compute Engine, see GPU platforms.

CCAI Platform now supports Agent Assist Session Summarization. This feature automatically provides a summary of the conversation transcript at the end of a chat or phone call. The summary includes brief overview of the conversation, key discussion points and resolutions or solutions agreed upon. For more information, see the Agent Assist voice or Agent Assist chat documentation.

Release 1.14.5

Anthos clusters on bare metal 1.14.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.5 runs on Kubernetes 1.25.

Chronicle has updated Rules Engine's YARA-L 2.0 language to support more functionality for handling arrays.

• A new arrays.length() function has been added. This function returns the number of elements in a repeated field. For more information, see YARA-L 2.0 language syntax.

• You can now perform array indexing on repeated fields using bracket notation. This lets you access an element of a repeated field at a specific index. For more information, see YARA-L 2.0 language syntax.

Cloud Load Balancing introduces the external regional TCP proxy load balancer. This is an Envoy proxy-based regional layer 4 load balancer that enables you to run and scale your TCP service traffic in a single region behind an external regional IP address. External regional TCP proxy load balancer will load-balance external TCP traffic from the internet to backends in the same region.

For details, see the External Regional TCP Proxy Load Balancing overview

To set up an external regional TCP proxy load balancer, see the following pages:

• Instance group backends

• Zonal NEG backends

• Hybrid connectivity NEG backends

This capability is in General Availability.

PostgreSQL version 15 is now generally available. To start using PostgreSQL 15, see Create instances.

Cloud Spanner lets you use a generated column in the primary key.

Cloud Spanner database deletion protection is now available in Preview. You can enable database deletion protection to prevent the accidental deletion of databases. For more information, see Prevent accidental database deletion.

New tasks for Google Cloud services

The following new integration tasks are available in preview:

• AI Platform - Prediction
• Cloud KMS - encrypt
• Cloud KMS - decrypt
• Dataflow - Create Job
• Drive - List
• Doc AI - Batch Process
• Doc AI - Process
• Doc AI - Operation
• Firestore - Batch Get
• Firestore - Batch Write
• Firestore - Document Get
• Language - Annotate Text
• Language - Classify Text
• Sheets - Append
• Sheets - Batch Get
• Sheets - Get
• Translate - Document
• Translate - Text
• Workflows - Execute

New tasks for Google Cloud services

The following new integration tasks are available in preview:

• AI Platform - Prediction
• Cloud KMS - encrypt
• Cloud KMS - decrypt
• Dataflow - Create Job
• Drive - List
• Doc AI - Batch Process
• Doc AI - Process
• Doc AI - Operation
• Firestore - Batch Get
• Firestore - Batch Write
• Firestore - Document Get
• Language - Annotate Text
• Language - Classify Text
• Sheets - Append
• Sheets - Batch Get
• Sheets - Get
• Translate - Document
• Translate - Text
• Workflows - Execute

Support for the asia-south2 (Delhi) region.

Support for the asia-south2 (Delhi) region.

Reserving static regional external IPv6 addresses is available in General Availability.

Reserving static regional internal IPv6 addresses is available in General Availability.

Internal ranges are available in Preview. Internal ranges let you allocate blocks of private IP addresses in VPC networks and specify how those addresses can be used.

Support for IPv6 extension headers is available in Preview.

Error catcher trigger

The Error Catcher trigger lets you invoke an error catcher that is defined or customized to handle the failure of an identified trigger, task, or edge condition in your integration.

For more information, see Error catcher trigger.

Return task

The Return task lets you customize the error messages corresponding to the HTTP response codes that are returned during an integration execution failure.

For more information, see Return task.

Node.js 20 is now available in preview. Note that Node.js 20 enters long-term support (LTS) in October and is the Node.js "Current" version until that time. We encourage you to explore the new features and benefits included in this release to evaluate their potential impact on your applications. For more information, see the Node.js 20 announcement .

Support for Google-managed encryption keys

Application Integration now uses Google-managed encryption keys as the default method of data encryption for your provisioned regions. You can optionally modify your encryption method with customer-managed encryption keys (CMEK).

For more information, see Encryption methods.

Error catcher trigger

The Error Catcher trigger lets you invoke an error catcher that is defined or customized to handle the failure of an identified trigger, task, or edge condition in your integration.

For more information, see Error catcher trigger.

Return task

The Return task lets you customize the error messages corresponding to the HTTP response codes that are returned during an integration execution failure.

For more information, see Return task.

The COUNTRY_DEMOGRAPHIC infoType detector, which identifies when countries are used for place of birth, residency, or citizenship, is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The Key Usage dashboard in the Google Cloud console and the new KMS Inventory REST API are now generally available.

For more information about the Key Usage dashboard, see View key usage.

For more information about the KMS Inventory REST API, see KMS Inventory API.

For example curl commands using the KMS Inventory REST API, see View key usage and View keys by project.

You can now use SQL JOIN and UNION operators in queries on the Log Analytics page. For more information, see Combine data from multiple sources.

Cloud SQL for MySQL now supports minor version 8.0.33. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Cloud Spanner automatically increases the degree of parallelism on a query when the instance size allows. For more information on parallel execution of queries, see Life of a Spanner Query.

Generally available: General purpose C3 VMs are now generally available in the following regions:

• Council Bluffs, Iowa, North America : us-central1
• Moncks Corner, South Carolina, North America: us-east1
• Ashburn, Virginia, North America: us-east4
• St. Ghislain, Belgium, Europe: europe-west1
• Eemshaven, Netherlands, Europe : europe-west4
• Jurong West, Singapore, APAC: asia-southeast1

Added noexec, nodev, nosuid to /etc/resolv.conf bind mount. It fixes EPERM errors when running a pod in UserNS in COS.

Cloud EKM support for Filestore is now generally available.

The C3 machine family is generally available for GKE Standard clusters running on version 1.22 and later. You can select this family by using the --machine-type flag when creating a cluster or node pool.

The following features are not supported for this machine family:

• Node auto-provisioning.
• Confidential GKE nodes.
• Local SSD.
• Standard persistent disks (pd-standard).

For more information, refer to the C3 machine series documentation.

Secure Web Proxy is generally available (GA).

EXTERNAL_QUERY SQL pushdown optimizes data retrieval from external sources like Cloud SQL or Cloud Spanner databases. Transferring less data reduces execution time and cost. SQL pushdown encompasses both column pruning (SELECT clauses) and filter pushdowns (WHERE clauses). SQL pushdown applies to SELECT * FROM T queries, a significant percentage of all federated queries. Not all data types are supported for filter pushdowns. This feature is generally available (GA).

Cloud Composer API for Highly resilient environments is available. Cloud Console UI, gcloud CLI commands, and Terraform support for this feature will be gradually rolled out in the upcoming days.

Splitting Celery logs into stdout/stderr (#30485) is now possible with the [logging]celery_stdout_stderr_separation Airflow configuration option. The default value for this option is False.

Cloud SQL for MySQL has launched two database flags that impact the Cloud SQL SLA: innodb_flush_log_at_trx_commit and sync_binlog. For more information about these flags, see supported flags.

The following extensions, views, utilities, and flags are generally available:

Extensions

• postgresql_anonymizer: mask or replace personally identifiable information (PII) or sensitive data from a PostgreSQL database.
• pgtt: create, manage and use Oracle-style global temporary tables.
• rdkit: compare, manipulate, and identify molecular structures.

Views and utilities

• pg_authid: access this catalog table that contains hashed passwords and other properties for all database roles.
• pg_dumpall: extract all PostgreSQL databases of a cluster into a single script file.

Flags

• log_line_prefix: generate a printf-style string at the beginning of each line of a PostgreSQL log file.

The rollout of the following minor versions, extension versions, and plugin versions is currently underway:

Minor versions

• 10.21 is upgraded to 10.22.
• 11.16 is upgraded to 11.17.
• 12.11 is upgraded to 12.12.
• 13.7 is upgraded to 13.8.
• 14.4 is upgraded to 14.5.

Extension and plugin versions

• plv8 is upgraded from 3.1.2 to 3.1.4.
• wal2json is upgraded from 2.3 to 2.4.
• pgTAP is upgraded from 1.1.0 to 1.2.0.
• PostGIS is upgraded from 3.1.4 to 3.1.7.
• pg_partman is upgraded from 4.5.1 to 4.7.0.
• pg_wait_sampling is upgraded from 1.1.3 to 1.1.4.
• pg_hint_plan is upgraded from 1.3.7 to 1.4.
• pglogical is upgraded from 2.4.1 to 2.4.2.

This rollout also introduces the following:

• PostGIS GDAL driver support
• LZ4 TOAST compression for PostgreSQL versions 14 and later

Romanization and transliteration are now in Preview.

Preview: You can now use the discard-local-ssd=false flag to preserve the contents of a single attached Local SSD disk when suspending or stopping a VM. For more information, see the Local SSD Documentation.

The following features have been introduced in this release of Distributed Cloud Edge:

• Survivability mode. Distributed Cloud Edge now allows you to create clusters with the Kubernetes control plane running locally on your Distributed Cloud Edge hardware. This improves the reliability of Distributed Cloud Edge when your connection to Google Cloud is intermittent. This is a Public Preview feature. For more information, see Distributed Cloud Edge survivability mode.

• Symcloud Storage integration. You can now integrate Distributed Cloud Edge with Rakuten Symcloud Storage, a third-party storage abstraction solution that allows Pods to access local storage on different Distributed Cloud Edge nodes. This is a Public Preview feature. For more information, see Configure Distributed Cloud Edge for Symcloud Storage.

• Enhanced rNDC security. Distributed Cloud Edge has replaced the bond0 interface with the gdcenet0 interface that allows you to use the physical management network interface card for your application workloads while maintaining complete separation from Distributed Cloud Edge control and management traffic. You must manually reconfigure any existing network resources that reference the bond0 interface to use the gdcenet0 interface. For more information, see Upgrade CustomNetworkInterfaceConfig resources from Distributed Cloud Edge 1.3.0 to 1.4.0 and Upgrade NetworkAttachmentDefinition resources to Distributed Cloud Edge 1.4.0.

• Cloud Router reuse for VPN connections. When creating a VPN connection, Distributed Cloud Edge now automatically reuses any Cloud Router resource it has automatically created for a VPN connection. You can also specify a custom Cloud Router resource when creating a VPN connection. Existing VPN connections are not affected. For more information, see Manage VPN connections.

You can now sort your query results by using the sort menu next to a column name. This feature is in preview.

• Dataplex auto data quality (AutoDQ) and data profiling can be used on any BigQuery tables, including tables that aren't part of a Dataplex lake. You don't need to create a Dataplex lake to run Dataplex AutoDQ and data profiling.
• Dataplex AutoDQ and data profiling support BigQuery views, BigLake tables, and BigQuery external tables.
• Dataplex AutoDQ and data profiling support sampling your data to reduce time and cost.

--properties=dataproc:componentgateway.ha.enabled=truecan now be used to enable component gateway and knox along with SHS UI in HA mode.

Pause report updates. You can pause updates to minimize the number of data requests made while building and editing your report. While the report is paused, changes made to the report's data settings are placed on hold until you resume updates. Pausing report updates can potentially save on query costs because Looker Studio only requests the data needed to meet the report configuration as of the time you resumed updates.

Network Analyzer is now integrated with the Transparency and Control Center. Google Cloud users can now use this feature to opt out of analysis. For more information, see Opting out of data processing.

Vertex Prediction

You can now co-host models on the same VM from the Google Cloud Console. Previously, this capability was available only from the REST API. For more information, see Share resources across deployments.

Private Service Connect service connectivity automation is available in Preview. Service connectivity automation lets service producers automate deployment and service connectivity to eligible managed services on behalf of consumers.

The AlloyDB FORCE_APPLY update policy is available in Preview. Use this policy to modify database flags and apply updates faster (within 1-2 minutes) to an instance.

Preview: Integrate a job into a workflow using the Batch API connector for Workflows.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• BigqueryMigration
  • bigquerymigration.googleapis.com/MigrationWorkflow

Allocating up to 32 GiB of memory and up to 8 CPU to your Cloud Run services is now at general availability (GA).

Managed Microsoft AD is available in the following regions:

• europe-west12 (Turin)
• me-central1 (Doha)

For more information, see Deploy domain controllers in additional regions.

Global access for Private Service Connect endpoints for published services is available in General Availability. When global access is configured, clients in any region can send traffic to Private Service Connect endpoints.

Support for a Batch API connector is available in Preview.

You can now restrict new deployments by product generation (1st gen or 2nd gen). This feature is at the General Availability release level.

The Cloud SQL Proxy Operator is now generally available. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

The Cloud SQL Proxy Operator is now generally available. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

The Cloud SQL Proxy Operator is now generally available. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

The image import tool now supports importing Rocky Linux 9 images to Google Cloud.

SIP URI Directory - Call Routing: With this release, you can now use the SIP Directory to configure SIP call routing and transfers in IVR queue settings. You can use this functionality to route incoming calls to appropriate destinations based on IVR menu selections or queue routing rules. You can set it up so that a customer calling a support line, for example, can select a department or agent from the IVR menu based on their inquiry. See the SIP URI documentation for details.

Security insights for container images are now available on the release details page.

VMware Aria Operations for Logs is now certified for Google Cloud VMware Engine. You can use VMware Aria Operations for Logs to collect and manage logs from VMware Engine and on-prem environments into a centralized solution.

VMware Aria Operations for Logs with VMware Engine enables more operational visibility and intelligent analytics for both troubleshooting and auditing purposes, making it easier for you to manage and operate your VMware Engine environment. See the VMware blog announcement for more information.

Vertex AI custom training now supports deep integration with Vertex AI Experiments. You can submit training jobs with autologging enabled to automatically log parameters and model performance metrics. For more information, see Run training job with experiment tracking

The scheduler API for Vertex AI Pipelines is now available in Preview. You can schedule recurring pipeline runs in Vertex AI by specifying a frequency, start time (optional), and end time (optional). For more information, see Schedule a pipeline run with scheduler API.

Anthos clusters on VMware 1.13.8-gke.42 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.8-gke.42 runs on Kubernetes 1.24.11-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.

The PHP 8.2 runtime for App Engine standard environment is now generally available.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory) and Feed API.

• AI Platform
  • aiplatform.googleapis.com/NasJob

Cloud Functions has added support for a new runtime, PHP 8.2, at the General Availability release level. PHP 8.2 adds significant new functionality over PHP 8.1 and uses Ubuntu 22.04 for its base O/S image.

Cloud Functions now supports 2nd gen Firestore triggers through Eventarc at the Preview release level.

You can now customize the time range of your queries in the Log Analytics page by using the time-range selector. There are several time range options, such as preset times, custom start and end times, and relative time ranges. For more information, see Filter by time.

Version 2.31.0 of the Ops Agent introduces preview support for an OpenTelemetry Protocol (OTLP) receiver. You can use this receiver to collect custom metrics and traces from applications written by using OpenTelemetry SDKs. For more information, see Collect OTLP metrics and traces.

You can now use the point-in-time-recovery (PITR) feature and read replicas on the same primary instance. For more information, see Point-in-time Recovery.

Version 2.31.0 of the Ops Agent introduces preview support for an OpenTelemetry Protocol (OTLP) receiver. You can use this receiver to collect custom traces and metrics from applications written by using OpenTelemetry SDKs. For more information, see Collect OTLP traces.

Generally available: The local SSD quota per machine family (LOCAL_SSD_TOTAL_GB_PER_VM_FAMILY) is generally available. Use the quota metric compute.googleapis.com/local_ssd_total_storage_per_vm_family instead of compute.googleapis.com/local_ssd_total_storage to view the quota usage and limits for local SSD in your project. For more information, see View and manage local SSD quota per machine family.

BigQuery subscriptions now support the NUMERIC and BIGNUMERIC data types. For more information, see Schema compatibility.

The AlloyDB admin API now includes user-management methods. These let you use the gcloud command-line tool to manage the user roles of your AlloyDB clusters, in addition to the PostgreSQL functions already supported.

.NET 6 is now generally available. This version requires you to specify an operating system version in your app.yaml file. Learn more.

You can now deploy sidecar containers to your Cloud Run service. (In Preview.)

You can now configure in-memory volumes for your Cloud Run containers. (In Preview.)

Unified Session Types: The new session type variable, Session Type V2, is now available. This update introduces a range of new fields, variables, and columns that will provide you with access to valuable additional information such as the ability to distinguish between Inbound SMS, Outbound SMS, and Outbound SMS via API. For more information, see the session type terminology documentation.

To take advantage of the new fields and variables, you will need to update your scripts, code, automation triggers, and any third-party integrations. The legacy components will no longer be updated with new functionality and will be deprecated on October 6, 2023.

Holiday hours: With Holiday Hours, you now have the ability to create and manage your own set of holidays with complete control over the holiday name, time, and dates. Additionally, you can group your holidays together for easier management. See the holiday hours documentation for details.

Campaign Management: Outbound Number: Outbound Number is a new feature for the Outbound Dialer that allows you to specify which outbound number to use when dialing out for each contact. With this new feature, you can rotate outbound phone numbers to have more control over the outbound phone numbers you use to make your outbound calls. For more information, see the Outbound Number documentation.

The g2-standard machine family with NVIDIA L4 is generally available for node pools in clusters running GKE version 1.22 and later. To select the machine family, use the --machine-type flag in your create command.

The storage per cluster limit has increased to 32 TiB.

This release includes new Permissions Pre-check functionality and UI messaging, which is available when provisioning Apigee with Pay-as-you-go pricing in the Google Cloud console. With the release of this feature, users are alerted when any permissions required to complete the provisioning operations are missing. The missing permissions and the steps to resolve are now identified in the UI messaging.

Ruby 3.2 is now generally available. This version requires you to specify an operating system version in your app.yaml file. Learn more.

Object tables are now generally available (GA).

Object tables are read-only tables containing metadata for unstructured data stored in Cloud Storage. They enable you to analyze and perform inference on images, audio files, documents and other file types by using BigQuery ML and BigQuery remote functions. Object tables extend the data security and governance best practices currently applied to structured data to unstructured data as well.

The GA release includes the following new and updated functions:

• ML.DECODE_IMAGE: Decodes image data so that it can be interpreted by the ML.PREDICT function.
• ML.CONVERT_COLOR_SPACE: Converts images with an RGB color space to a different color space.
• ML.CONVERT_IMAGE_TYPE: Converts the data type of the pixel values in an image.
• ML.RESIZE_IMAGE: Resizes images.
• ML.DISTANCE: Computes the distance between two vectors.
• ML.LP_NORM: Computes the Lᵖ norm for a vector, where ᵖ is the degree.

You can now create manual triggers, webhook triggers, or Pub/Sub triggers using Cloud Build repositories (2nd gen). This feature is available at the preview release stage. To learn more, see the Repositories overview page.

Custom audit logging for Cloud Storage is now available in Preview.

• JSON API requests now support user-defined headers that are prefixed with x-goog-custom-audit-.
• Cloud Audit Logs can subsequently include these headers as part of your request's audit log entry.

Datastream now supports backfill for PostgreSQL tables of any size. For more information, click here.

reCAPTCHA Enterprise Fraud Prevention is generally available.

You can use reCAPTCHA Enterprise Fraud Prevention to protect payment transactions against attacks such as carding, stolen instrument fraud, and account takeover payment fraud. For more information, see Protect payment transactions with Fraud Prevention.

The columnar engine now supports columns with json and jsonb data types.

The Cloud Router custom learned routes feature is in Preview. This feature lets you configure a Border Gateway Protocol (BGP) session to include learned routes that you manually specify. Cloud Router then behaves as if it learned the routes from the BGP peer.

Custom learned routes can be helpful if you want to avoid the limitations of static routes. For example:

• Static routes can't detect a loss of reachability in the next hop of a route. In contrast, custom learned routes can detect a loss of reachability, and they react accordingly to avoid dropping traffic without notification.

• Static routes do not support using HA VPN tunnels or Cloud Interconnect VLAN attachments as next hops. Custom learned routes do.

For more information, see Custom learned routes.

Cloud Run integrations (Preview) are now available in asia-east1, europe-west4, us-east1, and us-west1.

This release includes support for the following features:

• API and gcloud CLI support for the me-west1 region (Tel Aviv, Israel, Middle East).
• API support for GPUs is available in preview.
• Terraform support is available in preview.
• Posit Workbench (including RStudio Pro) integration is available in preview.
• BeyondCorp Enterprise integration for the Cloud Workstations API is available in preview.

Customers who do not have the oem_jar license feature enabled can now access the set_smtp_settings API endpoint.

The Looker IDE will now display an error when incompatible types are being compared in Liquid statements.

The Source column in the Admin > Queries panel now correctly displays the API version for queries that are initiated from the Looker API.

Cookieless embed API endpoints are now marked as stable.

When the filter definition for matches_filter is empty, 1=1 will be added to the WHERE clause so that there are no SQL errors and the query can run. This functionality mirrors the is equal to [empty] standard filter option.

When the Advanced Vis Config Labs feature is enabled, any user who has either the Looker Admin role or the can_override_vis_config permission can access the Advanced Visualization editor. This editor lets users modify HighCharts visualizations by exposing certain JSON parameters of the visualization to enable deep customization. These customizations will not dynamically interact with data.

Generative AI Support for Vertex AI

Generative AI Support for Vertex AI is now available in (Preview). With this feature launch, you can leverage the Vertex AI PaLM API to generate AI models that you can test, tune, and deploy in your AI-powered applications.

Features and models in this release include:

• PaLM 2 for Text: text-bison@001
• PaLM 2 for Chat: chat-bison@001
• Embedding for Text: textembedding-gecko@001
• Generative AI Studio for Language
• Tuning for PaLM 2
• Vertex AI SDK v1.25, which includes new features such as TextGenerationModel(text-bison@001), ChatModel(chat-bison@001), TextEmbeddingModel(textembedding-gecko@001)

You can interact with the generative AI features on Vertex AI by using Generative AI Studio in the Google Cloud console, the Vertex AI API, and the Vertex AI SDK for Python.

• Learn more about Generative AI Support for Vertex AI
• See an Introduction to Generative AI Studio
• Get started with a Generative AI Studio quickstart

Vertex AI Model Garden

The Vertex AI Model Garden is now available in (Preview). The Model Garden is a platform that helps you discover, test, customize, and deploy Vertex AI and select OSS models. These models range from tunable to task-specific - all available on the Model Garden page in the Google Cloud console.

• To get started, see Explore AI models and APIs in Model Garden.

Cloud logs support for Connectors tasks

You can now view the execution logs of a failed Connectors task in Apigee Integration.

For more information, see Execution Logs.

Cloud logs support for Connectors tasks

You can now view the execution logs of a failed Connectors task in Application Integration.

For more information, see Execution Logs.

You can now view BI Engine Top Tables Cached Bytes, BI Engine Query Fallback Count, and Query Execution Count as dashboard metrics for BigQuery. This feature is now generally available (GA).

EXTERNAL_QUERY SQL pushdown optimizes data retrieval from external sources like Cloud SQL or Cloud Spanner databases. Transferring less data reduces execution time and cost. SQL pushdown encompasses both column pruning (SELECT clauses) and filter pushdowns (WHERE clauses). SQL pushdown applies to SELECT * FROM T queries, a significant percentage of all federated queries. Pushdowns have limitations, for example not all data types are supported for filter pushdowns. This feature is generally available (GA).

You can now restrict the creation of Cloud Build builds, triggers, and repositories to a particular location using an Organization Policy Service constraint. This feature is generally available. To learn more, see Restricting Resource Locations.

Cloud Run services can now connect to Firebase Hosting for custom domains and CDN capabilities, using Integrations (Preview).

Support for logging the processing duration of your Cloud Spanner read and write requests is now available in Cloud Audit Logs. For more information, see Processing duration.

Resource ComputeFirewallPolicyRule(v1beta1):

• Added spec.match.destAddressGroups field.
• Added spec.match.destFqdns field.
• Added spec.match.destRegionCodes field.
• Added spec.match.destThreatIntelligences field.
• Added spec.match.srcAddressGroups field.
• Added spec.match.srcFqdns field.
• Added spec.match.srcRegionCodes field.
• Added spec.match.srcThreatIntelligences field.

Resource IAMWorkforcePoolProvider(v1beta1):

• Added spec.oidc.webSsoConfig field.

Added kernel support for nftables.

M108 update

This update of the M108 release includes the following:

• The following Deep Learning Containers images are now available:
  • Tensorflow 2.12 CPU with CUDA 11.8 and Python 3.10 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-cpu.2-12.py310:latest)
  • Tensorflow 2.12 GPU with CUDA 11.8 and Python 3.10 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-gpu.2-12.py310:latest)

M108 update

This update of the M108 release includes the following:

• The following Deep Learning VM images are now available:
  • Tensorflow 2.12 CPU with CUDA 11.8 and Python 3.10 (tf-2-12-cpu-debian-11-py310)
  • Tensorflow 2.12 GPU with CUDA 11.8 and Python 3.10 (tf-2-12-gpu-debian-11-py310)

Now in GA for both GKE Standard and Autopilot clusters with GKE version 1.26 and later, you can add more IPv4 secondary Pod ranges to a new or existing cluster with the --additional-pod-ipv4-ranges flag. To learn more, see Adding Pod IP addresses.

Vertex AI Prediction

You can now use G2 accelerator-optimized machine types to serve predictions. Each G2 machine has a fixed number of NVIDIA L4 GPUs attached.

The AlloyDB index advisor is now generally available (GA).

Differential privacy is now in preview and includes four differential privacy aggregate functions that can be used to anonymize data: AVG, COUNT, SUM, and PERCENTILE_CONT. To learn more, see the following topics:

• Use differential privacy
• Differential privacy clause
• Differentially private aggregate functions
• Extending differential privacy

INFORMATION_SCHEMA.MATERIALIZED_VIEW view and enhanced job statistics now let you monitor materialized view usage and refresh jobs. This feature is in preview.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Network Connectivity
  • networkconnectivity.googleapis.com/PolicyBasedRoutes
• Workflows
  • workflows.googleapis.com/Workflow
• Database Migration Service
  • datamigration.googleapis.com/ConnectionProfile

Cloud Functions now supports the Node.js 20 runtime at the Preview release level.

Administrator interface is generally available (GA). The GA release adds support for altering Hive table properties.

When you create or amend a prepay private offer with the committed use discounts (CUDs) pricing model, you can choose whether unused commitment expires or rolls over between installments of the offer. You can also choose to add one-time credits that you sponsor to specific installments. For more information, visit Set up your offer's pricing.

Firebase App Check is available in Preview.

AlloyDB Omni version alloydb-omni-0.2.0-preview-postgresql-14.4 is available. This version reduces the memory requirement of AlloyDB Omni to 2 GB of RAM, and applies various bug fixes and query performance improvements.

The Node.js 20 runtime for App Engine standard environment is now available in preview. Note that Node.js 20 enters long-term support (LTS) in October and is the Node.js "Current" version until that time. We encourage you to explore the new features and benefits included in this release to evaluate their potential impact on your applications. For more information, see the Node.js 20 announcement .

The INSERT INTO SELECT statement now lets you filter data from files in Amazon S3 and Azure Blob Storage and append it into BigQuery tables. This feature is in preview.

Cloud Workstations makes the following machine types available:

• n1-standard-64
• n1-standard-96

For more information, see Available machine types, REST workstationConfigs, or RPC google.cloud.workstations.v1beta GceInstance.

You can now perform deployment verification in the same cluster where your application is running (GKE and Anthos only).

• You can now view, update, and delete attached clusters via the Google Cloud console. For details, see the how-to guides for EKS and AKS.
• Starting with 1.26 clusters, customers can configure access to clusters for Google groups rather than access per user. For details, see Connect to your EKS attached cluster or Connect to your AKS attached cluster.
• Enabled sending Kubernetes resource metadata to Google Cloud Platform, improving both the user interface and cluster metrics. For the metadata to be ingested properly, customers need to enable the Config Monitoring for Ops API. (This feature is available for 1.25.0-gke.3 and 1.26.0-gke.1).

The constraint template library includes a new template: K8sContainerEphemeralStorageLimit. For reference, see the Constraint template library.

The constraint template library includes a new template: K8sDisallowedRepos. For reference, see the Constraint template library.

The constraint template library includes a new template: K8sRestrictNfsUrls. For reference, see the Constraint template library.

Added new metric labels: commit and type. These tags make it easier to detect when an error has been resolved. If you have a custom otel-collector ConfigMap, you should update it to filter out these tags for the Kubernetes exporter. For more information, see Config Sync Metric Labels.

Added a --name flag to nomos status to support filtering status by RootSync or RepoSync names. For more information, see nomos status flags

• Updated OS image to Ubuntu 22.04. cgroupv2 is now used as the default control group configuration.

  • Ubuntu 22.04 uses cgroupv2 by default. We recommend that you check if any of your applications access the cgroup filesystem. If they do, they must be updated to use cgroupv2.

• Improved monitoring by exporting metrics for control plane components.

• Enabled sending Kubernetes resource metadata to Google Cloud Platform, improving both the user interface and cluster metrics. For the metadata to be ingested properly, customers need to enable the Config Monitoring for Ops API.

• Enabled kubelet graceful node shutdown. Non-system Pods are given 15 seconds to terminate, after which system Pods (with the system-cluster-critical or system-node-critical priority classes) have 15 seconds to gracefully terminate.

• Newly-created clusters now use etcd v3.4.21 for improved stability. Existing clusters of previous versions were already using etcd v3.5.x and will not be downgraded to v3.4.21 during cluster upgrade; these clusters will instead use v3.5.6.

• Clusters now have per-node-pool subnet security group rules instead of VPC-wide rules:

  • Previously, the control plane allowed inbound traffic from the entire primary IP range of the VPC on ports TCP/443 and TCP/8123, which are used by node pools.
  • Now, the control plane narrows the allowed inbound traffic to each IP range of the node pool subnets on ports TCP/443 and TCP/8123; multiple node pools can share one subnet.
  • This change supports node pools running outside of the VPC's primary IP range and improves the security of the control plane.
  • If you relied on the VPC-wide security group rule for allowing traffic from outside of the cluster (e.g. from a bastion host for kubectl), then as part of the upgrade you should create a security group, add a VPC-wide rule to it, and attach the security group to the control plane (via the AwsCluster.controlPlane.securityGroupIds field).

• Preview: Enabled node auto repair. This feature continuously monitors the health of each node in a node pool. Please contact your account team to opt into the preview.

• Preview: Added support for AWS spot instance node pools. Spot instance node pools are pools of Amazon EC2 Spot Instances that are available on AWS at a lower cost.

• GA: Enabled node pool creation with ARM-based (Graviton) instance types.

• Updated OS image to Ubuntu 22.04. cgroupv2 is now used as the default control group configuration.

  • Ubuntu 22.04 uses cgroupv2 by default. We recommend that you check if any of your applications access the cgroup filesystem. If they do, they must be updated to use cgroupv2.

• Improved monitoring by exporting metrics for control plane components.

• Enabled sending Kubernetes resource metadata to Google Cloud Platform, improving both the user interface and cluster metrics. For the metadata to be ingested properly, customers need to enable the Config Monitoring for Ops API.

• Newly-created clusters now use etcd v3.4.21 for improved stability. Existing clusters of previous versions were already using etcd v3.5.x and will not be downgraded to v3.4.21 during cluster upgrade; these clusters will instead use v3.5.6.

• Preview: Enabled node auto repair. This feature continuously monitors the health of each node in a node pool. Please contact your account team to opt into the preview.

You can now use configuration YAML files to transform SQL code when you translate SQL queries from your source database. Configuration YAML files can be used with the batch SQL translator, the interactive SQL translator, and the batch translation Python client. This feature is now in preview.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Org Policies
  • orgpolicy.googleapis.com/CustomConstraint
• Service Directory
  • servicedirectory.googleapis.com/Endpoint
  • servicedirectory.googleapis.com/Service

The discovery service can now generate the following observation finding types in Security Command Center:

• Data sensitivity
• Data risk

These findings provide the calculated sensitivity and data risk levels of the BigQuery tables that you profile. Use this information to inform your response plans when you investigate vulnerabilities and threats involving BigQuery tables.

For more information, see Publish data profiles to Security Command Center.

Dataform release configurations are available. Release configurations let you configure execution environments, for example, staging and production.

Dataform workflow configurations are available. Workflow configurations let you execute SQL workflows on a schedule.

M108 release

• Miscellaneous software updates.

M108 release

• The image name common-container-experimental was changed to common-container. The related image family name wasn't changed.
• Miscellaneous software updates.

M108 release

The M108 release of Vertex AI Workbench user-managed notebooks includes the following:

• Miscellaneous software updates.

Users can now see how reCAPTCHA Enterprise works on the Google Cloud console. For more information, see Test reCAPTCHA Enterprise in a demo website.

The table clones feature of BigQuery is now generally available (GA).

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Compute
  • compute.googleapis.com/PublicDelegatedPrefix
• AI Platform
  • aiplatform.googleapis.com/NasJob

CPU allocation recommender now automatically recommends CPU allocation changes based on traffic received by your Cloud Run service over the past month. (In Preview)

Dialogflow CX now provides the ADD_DATE system function.

Anthos clusters on VMware 1.15.0-gke.581 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.15.0-gke.581 runs on Kubernetes 1.26.2-gke.1001.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.

• Preview: Support for vSphere 8.0

• Preview: Support for VM-Host affinity for user cluster node pools

• Preview: Support for High availability control plane for admin clusters

• Preview: Support for system metrics collection using Google Cloud Managed Service for Prometheus

• Preview: You can now filter application logs by namespace, Pod labels and content regex.

• Preview: Support for storage policy in user clusters

• Preview: You can now use gkectl diagnose snapshot --upload=true to upload a snapshot. And gkectl helps generate the Cloud Storage bucket with the format gs://anthos-snapshot[uuid]/vmware/$snapshot-name.

• GA: Support for upgrade and rollback of node pool version

• GA: gkectl get-config is a new command that locally generates cluster configuration files from an existing admin or user cluster.

• GA: Support for multi-line parsing of Go and Java logs

• GA: Support for manual load balancing in user clusters that enable ControlplaneV2

• GA: Support for update of private registry credentials

• GA: Metrics and logs in the bootstrap cluster are now uploaded to Google Cloud through Google Cloud's operations suite to provide better observability on admin cluster operations.

• GA: vSphere CSI is now enabled for Windows node pools.

• Fully managed Cloud Monitoring Integration dashboards. The new Integration Dashboard is automatically installed. You cannot make changes to the following dashboards, because they are fully managed by Google. However, you can make a copy of a dashboard and customize the copied version:

  • Anthos Cluster Control Plane Uptime
  • Anthos Cluster Node Status
  • Anthos Cluster Pod Status
  • Anthos Cluster Utilization Metering
  • Anthos Cluster on VMware VM Status

Database Migration Service now supports faster migrations from PostgreSQL source databases to a destination Cloud SQL for PostgreSQL instance. The feature improves the performance of migrating data and constraints (including primary keys, foreign keys, and indexes).

Observability for Google Kubernetes Engine: You can now enable GKE control plane metrics from the Observability tab for your GKE cluster. You can also preview the available charts and metrics before you enable the metrics. For more information, see Configuring collection of control plane metrics.

Fast migration for Cloud SQL is now available. This feature improves the performance of data migrations from an external source to a destination Cloud SQL instance.

You can now disable simultaneous multithreading (SMT) while creating or editing instances and read replicas. This might reduce your SQL Server licensing fees. To understand the impact of disabling SMT on your instance's performance, we recommend that you perform load testing on your instance.

Cloud Spanner now supports new query capabilities for PostgreSQL dialect databases:

• Set operations (such as UNION and INTERSECT) with ORDER BY, LIMIT, or OFFSET, or in subqueries
• Parameterized LIMIT and OFFSET operations
• Statement hints for configuring the query optimizer (such as optimizer_version and optimizer_statistics_package)

Cloud Spanner sampled query plans are now available in Preview. You can view samples of historic query plans and compare the performance of a query over time. For more information, see Sampled query plans.

The managed Cloud Storage FUSE CSI driver for GKE is now available in Preview in GKE versions 1.26.3 and later. You can use this driver to consume Cloud Storage buckets for GKE workloads.

The managed Cloud Storage FUSE CSI driver for GKE is now available in Preview in GKE versions 1.26.3 and later. You can use this driver to consume Cloud Storage buckets for GKE workloads.

Anthos clusters on VMware 1.14.4-gke.54 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.4-gke.54 runs on Kubernetes 1.25.8-gke.1500.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

Apigee Integrations is now available in the following locations:

• Melbourne (australia-southeast2)
• Finland (europe-north1)
• Paris (europe-west9)
• Madrid (europe-southwest1)
• Doha (me-central1)
• Tel Aviv (me-west1)

For more information about the supported locations, see Apigee Integration supported regions.

Application Integration is now available in the following locations:

• Melbourne (australia-southeast2)
• Finland (europe-north1)
• Paris (europe-west9)
• Madrid (europe-southwest1)
• Doha (me-central1)
• Tel Aviv (me-west1)

For more information about the supported locations, see Application Integration locations.

You can now add descriptions to the columns of a view. To do this, use the CREATE VIEW or ALTER COLUMN DDL statements. This feature is in preview.

If you use query queues, then you can set the interactive and batch queue timeouts in your default configuration. This feature is in preview.

UDM Search Pivot Table

The UDM Search Pivot Table enables you to further analyze your UDM search results, giving you the following capabilities:

• Group search results by up to five UDM fields.
• Perform aggregations (sum, count, count distinct, average, stddev, min, and max) on up to to five values within the UDM fields (for example, domains, users, and products).
• Sort results of the pivot table (ascending, descending)

This feature is being enabled for global customers in a phased manner and is expected to fully roll out over the next month.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

The Cloud Workflows service agent has the ability to consume quota and billing for a project through the serviceusage.services.use permission. This allows workflows to count quota and apply billing to the correct project when making calls to other Google APIs.

Several updates to Migrate to Virtual Machines:

• Migrate to Virtual Machines is now available in regions europe-west12 and me-central1. For more information, see Migrate to Virtual Machines locations.
• Migrate to Virtual Machines now supports VMWare 8.0.
• Preview: Migrate to Virtual Machines introduces a new field, Estimated cut-over time, that gives an estimate of the time it takes to complete a cut-over job for a VM once the cut-over is triggered. This field is populated only for an active VM that has completed a few replication cycles.

.NET 6 is now available in preview. This version requires you to specify an operating system version in your app.yaml file. Learn more.

You can now specify version "1.20" in the runtime_version setting of your app.yaml file. Learn more.

Backup and DR agent is enhanced to support RHEL for SAP 8.6 operating system version. See Support matrix.

Importing a domain from Google Domains to Cloud Domains is available in GA.

General Availability: You can specify the source IP ranges for egress firewall rules and the destination IP ranges for ingress firewall rules.

Two new multi-region instance configurations are now available in North America: nam14 (Northern Virginia/Montréal/South Carolina) and nam15 (Dallas/Northern Virginia/Iowa).

The number of indexes per table that Cloud Spanner supports increased from 32 to 128. For more information, see Quotas & limits.

Release 1.15.0

Anthos clusters on bare metal 1.15.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.15.0 runs on Kubernetes 1.26.

Cluster lifecycle:

• Upgraded from Kubernetes version 1.25 to version 1.26.
• GA: Set in-place upgrade (without bootstrap cluster) as the default upgrade method for self-managed clusters.
• GA: Added support for configuring worker node pools for parallel node upgrades to significantly reduce upgrade times. Added a minimumAvailableNodes field to specify a minimum number of nodes to keep available for workloads throughout the upgrade.
• Preview: Added support for parallel upgrades of worker node pools.
• Added support for Red Hat Enterprise Linux (RHEL) version 8.7.
• Added support for Ubuntu 22.04 LTS.
• GA: Added support for increasing the number of IP addresses for Services after cluster creation. For more information, see Increase service network range.
• Preview: Added ability to configure kubelet image pull settings for node pools. For more information, see Configure kubelet image pull settings.
• Streamlined the snapshot uploading and sharing process.
• GA: Added support of Control group v2 (cgroup v2).
• Preview: Added a separate instance of etcd for the etcd-events object.
• Updated cert-manager to version 1.17.2.
• Updated automated API enablement when you run bmctl create config with the --enable-apis flag. The following APIs are added to the enablement list:
  • Enable storage.googleapis.com as a required API.
  • Enable gkeonprem.googleapis.com as a recommended API.
• Added a new field status.failures to the NodePool custom resource to aggregate failures across machines in the NodePool.
• Added a new condition type PreflightCheckSuccessful to the NodePool custom resource. This condition type summarizes the preflight check status across machines in the NodePool.

Networking:

• Added support for ClusterDNS to specify order for upstreamNameServers with an orderPolicy. Allowed values for orderPolicy are random, round_robin, or sequential. The default value is random.

Observability:

• Added support for filtering application logs. This feature can reduce application logging billing and network traffic from the cluster to Cloud Logging. For more information, see Filter application logs.

• GA: Fully managed Cloud Monitoring Integration dashboards:

  • In the next Anthos release (version 1.16), the following dashboards in Cloud Monitoring Sample Library are unavailable:
    • Anthos cluster control plane uptime
    • Anthos cluster node status
    • Anthos cluster pod status
    • Anthos utilization metering
    • GKE on-prem node status
    • GKE on-prem control plane uptime
    • GKE on-prem pod status
    • GKE on-prem vSphere vm health status
  • In the next Anthos release (version 1.16), the following customized dashboards aren't created when you create a new cluster:
    • Anthos cluster control plane uptime
    • Anthos cluster pod status
    • Anthos cluster node status
    • Anthos cluster VM status
  • An added Anthos integration page is available from the Cloud Monitoring Integration page. The Anthos integration includes descriptions and previews for the predefined Anthos dashboards:
    • Anthos Cluster Control Plane Uptime
    • Anthos Cluster Node Status
    • Anthos Cluster Pod Status
    • Anthos Cluster KubeVirt VM Status
    • Anthos Cluster Utilization Metering

  For more information, see Use predefined dashboards.

• Preview: Added support for system metrics when you use Google Cloud Managed Service for Prometheus.

Security and Identity:

• Preview: Added support for Binary Authorization, a service on Google Cloud that provides software supply-chain security for container-based applications. For more information, see Binary Authorization for Anthos clusters overview.
• Preview: Added support for VPC Service Controls, which provides additional security for your clusters to help mitigate the risk of data exfiltration.
• Improved security by disabling port 10255, the kubelet read-only port, by default. For more information, see Disable kubelet read-only port in Hardening your cluster's security.

Ruby 3.2 is now available in preview. This version requires you to specify an operating system version in your app.yaml file. Learn more.

The Search API is now available in the App Engine legacy bundled services for second-generation runtimes. Access this legacy bundled service through the App Engine services SDK for Go 1.12+.

The Search API is now available in the App Engine legacy bundled services for second-generation runtimes. Access this legacy bundled service through the App Engine API JAR.

The Search API is now available in the App Engine legacy bundled services for second-generation runtimes. Access this legacy bundled service through the App Engine services SDK for Python 3.

Backup and DR Service now supports archive snapshots for Compute Engine instance backups.

Simplified experience for updating backup/recovery appliances from the management console.

Backup and DR agent is enhanced to support RHEL 8.6, RHEL 8.7, and RHEL 9.0 operating system version. See Support matrix.

Backup and DR agent is enhanced to support Oracle Enterprise Linux 8.7 and 9.0 operating system version. See Support matrix.

JSON data type mapping is now available for Cloud Spanner federated queries. This feature is generally available (GA).

Campaign Management: You now have the option to add a Unique ID column to your campaign management CSV upload. This ID can be any identifier of your choice, such as a CRM identifier or a SKU. This field allows you to associate your CRM data with each dialer call, providing a comprehensive view of your call data. You can view the Unique ID data in Standard Reporting Campaign reports. For more information see the campaign management documentation.

Voice Virtual Agents now has the ability to transfer a call to a specific phone number or SIP endpoint, ensuring that the consumer is connected to the appropriate person or department. For more information, see the Virtual Agents custom payload documentation.

Custom CRM Virtual Agent transcripts: We have updated our Custom CRM to allow Virtual Agent transcripts to be sent to your external storage. To enable this, go to Developer Settings > External Storage and select Call Transcripts (currently only supported for Agent Assist and Virtual Agent transcripts). The transcripts will be sent to your external storage. This feature allows the team managing your virtual agent(s) to review and analyze the conversations your virtual agents are having with your consumers, identifying areas for improvement and helping you evolve your virtual agent(s). In addition, VA transcripts can help businesses comply with regulatory requirements by maintaining a secure record of all consumer interactions.

For more information on Custom CRM see the Custom CRM documentation.

New Manager API calls endpoint fields: We have added additional data to the /manager/api/v1/calls endpoint to provide more options for reviewing and analyzing campaign call status data. New fields include Machine Detected and Skipped information.

New Manager API endpoints: The following new endpoints have been added to access more data related to outbound dialer campaigns:

/manager/api/v1/outbound_dialer/campaigns

/manager/api/v1/outbound_dialer/campaigns/:campaign_id

/manager/api/v1/outbound_dialer/campaigns/:campaign_id/contacts

Added support for L4 GPU in cos-gpu-installer and fix cached driver installation for prebuilt driver modules.

Enabled INET_DIAG_DESTROY kernel configuration.

BigLake and non-BigLake external tables now support Cloud Storage custom dual-regions. This feature is generally available (GA).

You can now configure Cloud Build to continue executing a build even if specified steps fail. This feature is generally available. To learn more, see the allowFailure and allowExitCodes topics in Build configuration file schema.

Cloud Data Fusion version 6.8.2 is generally available (GA). This release is in parallel with the CDAP 6.8.2 release.

Version 2.31.0 of the Ops Agent introduces built-in support for log rotation. For more information, see Configure log rotation in the Ops Agent.

Version 2.31.0 of the Ops Agent introduces built-in support for log rotation. For more information, see Configure log rotation in the Ops Agent.

Added support for manual installation in GKE Autopilot.

Resource ArtifactRegistryRepository(v1beta1):

• Added spec.dockerConfig field.

Resource BigQueryDataset(v1beta1):

• Added spec.defaultCollation field.
• Added spec.isCaseInsensitive field.

Resource ComputeInstance(v1beta1):

• Added spec.scratchDisk.items.size field.

Resource ComputeInstanceTemplate(v1beta1):

• Added status.selfLinkUnique field.

Resource ComputeNetwork(v1beta1):

• Added spec.networkFirewallPolicyEnforcementOrder field.

Resource ComputeVPNGateway(v1beta1):

• Added spec.stackType field.

Resource ContainerCluster(v1beta1):

• Added spec.ipAllocationPolicy.podCidrOverprovisionConfig field.
• Added spec.ipAllocationPolicy.stackType field.
• Added spec.nodeConfig.advancedMachineFeatures field.
• Added spec.nodeConfig.ephemeralStorageLocalSsdConfig field.
• Added spec.nodeConfig.localNvmeSsdBlockConfig field.

Resource ContainerNodePool(v1beta1):

• Added spec.networkConfig.podCidrOverprovisionConfig field.
• Added spec.nodeConfig.advancedMachineFeatures field.
• Added spec.nodeConfig.ephemeralStorageLocalSsdConfig field.
• Added spec.nodeConfig.localNvmeSsdBlockConfig field.

Resource PrivateCACAPool(v1beta1):

• Added spec.issuancePolicy.baselineValues.caOptions.zeroMaxIssuerPathLength field.

Resource PrivateCACertificateAuthority(v1beta1):

• Added spec.config.x509Config.caOptions.zeroMaxIssuerPathLength field.

Resource StorageTransferJob(v1beta1):

• Added spec.transferSpec.objectConditions.lastModifiedBefore field.
• Added spec.transferSpec.objectConditions.lastModifiedSince field.

Added 136 v1alpha1 Google Cloud resource CRDs. See Install instructions for more information.

Dialogflow CX now supports intent import/export and training phrase import.

Google Cloud Armor now supports rate limiting based on multiple keys in General Availability. For more information, see Apply rate limiting.

Event Threat Detection, a built-in service of Security Command Center, launched the following new rules to Preview.

• Persistence: Impersonation Role Granted For Dormant Service Account
• Privilege Escalation: Dormant Service Account Granted Sensitive Role

The Persistence: Impersonation Role Granted For Dormant Service Account rule detects events where a principal is granted permissions to impersonate a dormant user-managed service account.

The Privilege Escalation: Dormant Service Account Granted Sensitive Role rule detects events where a dormant user-managed service account was granted one or more sensitive IAM roles.

For more information, see Event Threat Detection rules.

Release 1.13.7

Anthos clusters on bare metal 1.13.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.7 runs on Kubernetes 1.24.

Dynamic data masking has been updated to allow masking on RECORD columns that have been set to REPEATED mode. Previously, querying such columns when data masking had been applied would return internal errors. This feature is generally available (GA).

You can now install and configure Chronicle forwarder for Windows on Docker. This Docker installation provides better security through isolation and the container distribution mechanism can be private and separate for Google Cloud and customers. This release also includes the following updates:

• The forwarder signing key will be rotated every 6 months for security. You must update the Chronicle forwarder for Windows on Docker image every 6 months.

• The minimum batch size for forwarder is now increased to 200KB for better performance.

• Data compression is now enabled by default. It reduces the network bandwidth consumption by 80%.

• Hot config loading is now supported and applies configuration changes within 5 minutes without the need to restart the forwarder.

• Automatic buffering handles spikes in incoming traffic by efficiently using available memory on the host system. This feature is optional.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

• Speech
  • speech.googleapis.com/Config
  • speech.googleapis.com/Recognizer
• Networkservices
  • networkservices.googleapis.com/EdgeCacheKeyset
  • networkservices.googleapis.com/EdgeCacheOrigin
  • networkservices.googleapis.com/EdgeCacheService

(Cloud Composer 2) Airflow 2.5.1 is available in Cloud Composer images.

The Observability tab on the VM instances page for Compute Engine has been enhanced. Disk and Network sections with additional charts have been added. The Integrations > Detected section lets you navigate to the dashboards for the third-party integrations, like Apache or NGINX, that you have configured. The page also includes a set of Recommended Alerts for setting up pre-configured alerting policies for CPU, memory, and disk utilization and for host errors.

In the Google Cloud console, the Observability tab on the VM instances page for Compute Engine has been enhanced. Disk and Network sections with additional charts have been added. The Integrations > Detected section lets you navigate to the dashboards for the third-party integrations that you have configured, like Apache or NGINX. The page also includes a set of recommended alerts for setting up pre-configured alerting policies for CPU, memory, and disk utilization and for host errors.

Queue-level wrap-up settings: You can now customize wrap-up times for different queues, to ensure that agents have adequate time to complete their tasks without compromising service level agreements or taking another call/chat before they are ready. This is particularly useful for queues that handle escalations or complex issues, which may require more time to handle. See the Queue and Menu Setup documentation for details.

Custom CRM background screen pop for embedded adapters: We have improved the screen pop capability for our Custom CRM to better support embedded adapters. We now provide a way to do a CRM screen pop in the background, allowing for a smoother experience when using embedded adapters. For details, see the Custom CRM documentation.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

Launched the following features to improve the usability of the Document AI Workbench Custom Document Extractor (CDE):

• CDE now supports an additional 42 global languages.
• CDE lets you import processor versions across projects and processors to easily manage development and production environments.
• CDE can automatically label documents in a dataset by using a deployed processor version to help you quickly prepare training data.

Document AI Workbench Custom Document Extractor (CDE) has also made the following enhancements:

• The asynchronous prediction API can now extract data from documents up to 200 pages long.
• Improved the accuracy of extracting checkboxes.

VMware Engine adds a VPC Service Controls guided opt-in and policy export that enables you to attach VMware Engine services to a new or existing VPC Service Controls perimeter. For more information, see VPC Service Controls.

Added support for Committed use discounts for Memorystore.

Added support for Committed use discounts for Memorystore.

Storage Transfer Service now publishes the IP ranges from which it makes requests to your AWS or Azure storage resources when performing a transfer. This allows you to restrict your resources by IP, and still allow Storage Transfer Service access.

For details, see the IP restrictions section of the following documents:

• Configure access to a source: Amazon S3
• Configure access to a source: Microsoft Azure Storage

Three metrics tracking node health are available in Preview. These can help you monitor the activity of individual read pool nodes, and investigate and troubleshoot issues with read pool queries.

The BigQuery Data Transfer Service for Google Ads supports the new Google Ads API. The Google Ads connector supports PMax and Discovery campaigns, a limit of 8000 leaf accounts per transfer, the --table_filter flag, and backwards compatibility. This feature is now generally available (GA).

You can now set up a unified Google Cloud Billing exports for multiple Partner Sales Console accounts. This helps you export billing data directly to a single dataset for analysis.

The tables in the rebilling dataset support partitioning by Cloud Billing accounts, so you can still view data for specific Cloud Billing accounts independently without impact to query latency/costs.

Learn how to export your rebilling data to BigQuery.

You can now create regional Persistent Disk volumes when creating a new VM either directly, or through instance templates. For more information, see Create a VM instance with additional non-boot disks or Create a new instance template.

Autoscaler recommendation reasoning details are available now in Cloud Logging logs.

Filestore is now available in Doha (me-central1 region).

Filestore is now available in Turin (europe-west12 region).

count() queries are now supported at the General Availability level.

count() queries are now supported at the General Availability level.

The Service dashboard now displays telemetry from external mesh services that have a canonical service label in the regular release channel. See Defining a Canonical Service for more information.

The MARITAL_STATUS infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The Cloud Healthcare API offers single-region support in the northamerica-northeast2 (Toronto, Canada) region.

Cloud Workstations makes the following machine types available:

• n1-standard-2
• n1-standard-8
• n1-standard-16
• n1-standard-32
• n2-standard-2
• n2-standard-4

For more information, see Available machine types, REST workstationConfigs, or RPC google.cloud.workstations.v1beta GceInstance.

Dataflow ML now supports the Automatic Model Refresh feature, which lets you update your machine learning model without stopping your Apache Beam pipeline.

This release contains a new Advanced API Security Detected Traffic view, which displays information about API traffic originating from detected bots. This information was previously displayed in the Abuse metrics section of the Security scores view.

The FedRAMP Moderate compliance regime now supports the following products. See Supported products for more information:

• Access Approval
• Cloud Asset Inventory
• GKE Hub
• Traffic Director

The following compliance regimes now support the list of products below:

• Australia Regions with Assured Support
• Canada Regions and Support
• Canada Protected B
• Israel Regions and Support
• US Regions and Support

The following products are now supported. See supported products for more information:

• Artifact Registry
• Cloud Bigtable
• Cloud DNS
• Cloud HSM
• Cloud Interconnect
• Cloud Key Management Service (KMS)
• Cloud Load Balancing
• Cloud Monitoring
• Cloud NAT
• Cloud Router
• Cloud Run
• Cloud VPN
• Firestore
• Identity and Access Management (IAM)
• Identity-Aware Proxy (IAP)
• Network Connectivity Center
• Pub/Sub
• Virtual Private Cloud
• VPC Service Controls

Cloud Run integrations (Preview) are now available in europe-west1.

Preview:

• The HPC Rocky Linux 8 image is now available for HPC workloads.
• The HPC VM Images now support Intel MPI 2021 with tools to easily installing the Intel MPI 2021 library, the net and psm3 libfabric providers.
• The HPC VM Images now support OpenMPI. For more details, see Open MPI best practice guides.

New Service limit (quota) recommender is now available in Preview. The recommendations help you identify resources that may be approaching their quota limits.

Private Service Connect backends support using an internal regional TCP proxy load balancer to access published services. This feature is available in Preview.

Release 1.14.4

Anthos clusters on bare metal 1.14.4 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.4 runs on Kubernetes 1.25.

Updates to preferred tables for existing BI engine reservations now take up to ten seconds to propagate, down from five minutes. This feature is generally available (GA).

Certificate Manager now supports Mutual TLS (mTLS) authentication. This is a public preview feature. For more information, see Trust configs.

Chronicle released the following additional data enrichment and precomputed analytic capabilities that can provide additional context during an investigation:

• Enriched entities with WHOIS data.
• Enriched entities with VirusTotal relationship data.
• Enriched events with VirusTotal file metadata.
• Data from Google Cloud Threat Intelligence curated threat feeds.
• Precomputed first-seen and last-seen occurrence for domains, IP addresses, and file hashes (SHA256, SHA1, MD5).
• Precomputed first-seen occurrence for assets and users.

For more information, see the following documents:

• How Chronicle enriches event and entity data
• Use context-enriched data in UDM Search
• Use context-enriched data in rules

Cloud SQL for MySQL now supports 40+ new database flags. See supported flags for more information.

Added the skip_ingested_documents flag in the Cloud Storage Ingest Pipelines to skip ingested documents.