Google Cloud release notes

The BigQuery migration assessment is now available for Apache Hive in preview. You can use this feature to assess the complexity of migrating data from your Apache Hive data warehouse to BigQuery.

Support for Customer Managed Encryption Keys (CMEK) is now available for Cloud Tasks. To learn more, see the documentation on using CMEK with Cloud Tasks.

For documents with many fields that don't require indexing, you can now add collection-level index exemptions on all fields in a collection group. To learn more, see Add a collection-level exemption. This feature is generally available (GA).

Container Threat Detection, a built-in service of Security Command Center Premium, has launched a new detector, Unexpected Child Shell, in Preview.

The detector monitors all process executions and generates a finding if a process that does not normally invoke shells spawns a shell process.

For more information, see Container Threat Detection detectors.

Service Extensions callouts are available for Google Cloud Application Load Balancers, excluding Classic.

By using this feature, you can direct your load balancers to make gRPC calls to user-managed or partner-hosted applications from within the Cloud Load Balancing data processing path. These applications can then apply various policies or functions, such as header or payload manipulation, security screening, or custom logging on the traffic before returning the traffic to the load balancer for further processing.

For details, see the following topics in the Service Extensions documentation:

• Cloud Load Balancing extensions overview
• Configure a callout extension

Service Extensions is in Preview.

You can now view error groups on your custom dashboards. This feature is GA. For information when using the Cloud Console, see Display logs and errors on a custom dashboard. For information about using the API, see Dashboard with an ErrorReportingPanel widget.

Cloud SQL supports InnoDB page compression for MySQL 5.7 and MySQL 8.0 and later.

You can now import transaction log backups. This can help you reduce downtime when migrating to Cloud SQL using backups.

Query Optimizer version 6 is generally available, and is the default optimizer version.

Generally available: c3d-standard, c3d-highmem, c3d-highcpu, and c3d-standard-lssd machine types for general-purpose C3D VMs are generally available.

ssh_authentication_config and service_account fields are available in the google_dataform_repository Dataform Terraform resource.

You can now view error groups on your custom dashboards. This feature is GA. For information when using the Cloud Console, see Display logs and errors on a custom dashboard. For information about using the API, see Dashboard with an ErrorReportingPanel widget.

The sum() and average() aggregation functions are now available.

Service Extensions callouts are available for Google Cloud Application Load Balancers, excluding Classic.

With the introduction of this feature, users instruct load balancers to forward traffic from within the Cloud Load Balancing data processing path through gRPC to user-managed or partner-hosted applications. These applications can apply various policies or functions, such as header or payload manipulation, security screening, or custom logging on the traffic before returning the traffic to the load balancer for further processing.

For details, see Cloud Load Balancing extensions overview.

New Vertex AI Vector Search Console

Vector Search has launched a console experience in Google Cloud for creating and deploying indexes, now available in Preview. From the console, you can create indexes, and create public or VPC endpoints for your indexes, and deploy. For more information, see Manage indexes.

Python 3.12 is now available in preview.

Python 3.12 is now available in preview.

You can now use DLP functions to support encryption and decryption between BigQuery and DLP, using AES-SIV. This feature is in preview.

Airflow 2.6.3 is available in Cloud Composer images.

Dataproc Metastore now supports multi-regional configurations.

Filestore enterprise singleshare backups for GKE are now generally available.

Filestore Enterprise now supports backups on GKE, allowing you to make reliable copies of your data to be stored for later use. To trigger backups on Filestore Enterprise, use Kubernetes volume snapshots. Backups are currently not supported for Filestore Enterprise instances with multishares enabled.

Public preview: Pub/Sub BigQuery subscriptions now support BigQuery change data capture.

The Long Audio Synthesis API now supports the following languages: English, Spanish, French, German, Japanese, Hindi, Italian, Korean, Portuguese, Thai, Vietnamese, Danish, Filipino.

Generally available: C3 VMs support Compute Engine flexible committed use discounts (CUDs).

Compute Engine flexible CUDs allow you to commit to a minimum hourly spend amount and use vCPUs and/or memory in any of the projects within your Cloud Billing account, across any region, and belonging to any eligible machine types. Learn more about Compute Engine Flexible CUDs and how to purchase flexible commitments.

Preview: You can now use workforce identity federation with OS Login.

Formatting of Dataform core and JavaScript code is available.

Starting in GKE 1.28.1-gke.1066000, two new TPU usage metrics are available: TensorCore utilization and Memory Bandwidth utilization.

Vertex AI Search: Customer-managed encryption key integration for the EU

Customer-managed encryption keys (CMEK) is available in the EU as an allowlisted preview feature.

If you store your data in an EU multi-region data store, you can provide your own encryption key to protect your data at rest.

For information, see Customer-managed encryption keys.

The following geography functions are now generally available (GA):

• ST_LINESUBSTRING: Gets a segment of a single linestring at a specific starting and ending fraction.
• ST_HAUSDORFFDISTANCE: Gets the discrete Hausdorff distance between two geometries.

New searchable fields are now available.

The following searchable fields are now publicly available through the resource search API (SearchAllResources).

• effectiveTagKeys
• effectiveTagValues
• effectiveTagValueIds

The following search result fields are now publicly available through the resource search API (SearchAllResources).

• tags
• effectiveTags

The Node.js and Python client libraries now have parallelized upload and download options, improving their performance.

• Both client libraries have improved bulk uploads, bulk downloads, large object uploads, and large object downloads.

Preview: The following metrics are now available to help you monitor your Persistent Disk and Hyperdisk volume performance:

• Average I/O latency (compute.googleapis.com/instance/disk/average_io_latency)

• Average I/O queue depth (compute.googleapis.com/instance/disk/average_io_queue_depth)

To learn more about these metrics and how to view them, see Review disk metrics.

Dialogflow CX generative feedback now supports more languages.

Dialogflow CX launched generative playbooks with restricted access.

Dialogflow CX spelling correction now supports all regions, but is limited to five languages.

You can now transfer data from Amazon S3 via your CloudFront domain. Learn more.

Users can now set an IP range size and starting IP address for private connections in Bitbucket Data Center using the peeredNetworkIpRange. This feature is generally available. To learn more, see Build repositories in Bitbucket Data Center in a private network.

Cloud Functions (2nd gen) now supports Shared VPC ingress at the General Availability release level. Shared VPC traffic is now considered "internal" for functions that are connected to the Shared VPC network.

Shared VPC ingress is now at general availability (GA). Shared VPC traffic is now considered "internal" for Cloud Run services that are connected to the Shared VPC network.

Cloud Spanner has made improvements that provide higher throughput for instances located in select Spanner regional and multi-region instance configurations. These improvements are available without additional cost or any configuration changes. For more information, see Performance improvements.

Colab Enterprise is now generally available (GA). Colab Enterprise combines the popular collaborative features of Colaboratory with the security and compliance capabilities of Google Cloud. Colab Enterprise includes:

• Sharing and collaborating functionality, with IAM access control.
• Google-managed compute and runtime provisioning, with configurable runtime templates.
• Integrations with Vertex AI and BigQuery.
• Inline code completion with Duet AI (Preview) assistance.
• End-user credential authentication for running your notebook code.
• Idle shutdown for runtimes (Experimental).

To get started, see Introduction to Colab Enterprise or create a notebook and start coding.

Generally available: You can configure stateful IP addresses in a managed instance group. Stateful IP addresses are preserved when VM instances in the group are repaired, updated, and re-created. For more information, see Configuring stateful IP addresses in MIGs.

The Get embed URL option from a dashboard, a Look, or an Explore can now generate a signed embed URL.

Embedded Looks now support themes, so the Get embed URL dialog now shows a theme selector for Looks.

The manage_project_connections_restricted permission lets users edit a subset of settings for new and existing connections.

The New Schedules Page Labs feature updates the interface of the Admin settings - Schedules page.

Public preview is now available for the Open SQL Interface. The Open SQL Interface allows access to Looker models and Explores for applications (such as Tableau) that use JDBC to connect to data sources. For Looker (original) instances, enable the SQL Interface Experimental Labs feature on the Looker instance. (Only Looker-hosted instances support this Labs feature.) For Looker (Google Cloud core) instances, fill out the Looker SQL Interface Pre-GA Agreement interest form. The Google team will enable your instance for the SQL Interface feature.

Preview: Migrate to Virtual Machines now supports migrating VMs to the C3, H3, and M3 machine types. These machine types support non-volatile memory express (NVMe) and Google Virtual NIC (gVNIC). Before you migrate your VMs to any of these machine types, ensure that source VMs support NVMe and gVNIC. For more information on different machine types that support NVMe and gVNIC, go to the Machine series comparison section, click Choose VM properties to compare, and select Disk interface type and Network interfaces.

The following new data transformer functions are available:

• Manifest XML - Converts the specified input JSON object into an XML string.

• Parse XML - Parses the specified input XML string into a JSON object.

IAM Conditions for fine-grained access

IAM Conditions lets you define and enforce conditional, attribute-based access control for Google Cloud resources, including Application Integration resources. For more information, see Add IAM conditions.

You can now view the detailed summary of an integration from the Integration designer. For more information, see View integration details.

The following new data transformer functions are available:

• Manifest XML - Converts the specified input JSON object into an XML string.

• Parse XML - Parses the specified input XML string into a JSON object.

IAM Conditions for fine-grained access

IAM Conditions lets you define and enforce conditional, attribute-based access control for Google Cloud resources, including Application Integration resources. For more information, see Add IAM conditions.

You can now view the detailed summary of an integration from the Integration designer. For more information, see View integration details.

While creating a custom parser, you can use the preview option to view the UDM output. In the preview, you can use the statedump filter plugin to validate the internal state of a parser. For more information, see Validate data using statedump plugin.

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• MachineImage for Compute Engine
  • compute.googleapis.com/MachineImage

MACsec for Cloud Interconnect is now generally available.

M112 release

• Miscellaneous bug fixes and improvements.

M112 release

• CUDA 12.1 VM images are available with the following image names:
• common-cu121-debian-11-py310
• common-cu121-ubuntu-2004-py310
• Miscellaneous bug fixes and improvements.

Generally Available: Migrate to Virtual Machines from an Azure source lets you migrate VM instances running on Azure to Google Cloud Compute Engine.

M112 release

The M112 release of Vertex AI Workbench user-managed notebooks includes the following:

• Miscellaneous bug fixes and improvements.

The BeyondCorp Enterprise Policy Remediator is in Preview. You can use the Policy Remediator to provide users with actionable steps that they can take to remediate access denied issues.

For more information, see Remediate denied access with the Policy Remediator.

Queries now support additional ways to work with grouping sets, which include:

• GROUP BY GROUPING SETS clause (new): Produce aggregated data for one or more grouping sets.
• GROUP BY CUBE clause (new): Produce aggregated data for all grouping set permutations.
• GROUP BY ROLLUP clause (update): You can now include groupable items sets in this clause.
• GROUPING function (new): Check if a groupable value in the GROUP BY clause is aggregated.

This feature is in preview.

Adding descriptions to the columns of a view is now generally available (GA). Use the CREATE VIEW or ALTER COLUMN DDL statements to add descriptions.

Cloud Spanner batch write is now available in Preview. You can use Spanner batch write to commit multiple mutations non-atomically in a single request with low latency. For more information, see Modify data using batch write.

Cloud Spanner Vertex AI integration now supports Vertex AI Generative AI text embeddings and the text-bison model. For more information, see Get Vertex AI text embeddings.

Generally available: H3 VMs, designed for compute-intensive high performance computing (HPC) workloads, are now generally available. For more information, see H3 machine series.

If you are using a third generation machine series (for example, C3), GKE configures Local SSD volumes as the local ephemeral storage by default. You no longer need to specify the --ephemeral-storage-local-ssd flag when provisioning clusters or node pools. When you configure Local SSD volumes as raw block storage with the --local-nvme-ssd-block flag, specifying the count value is now optional.

Cloud IDS threat detections available in Security Command Center

Threats that are detected by Cloud IDS, a Google Cloud intrusion detection service, are now included in the findings that are issued by the Event Threat Detection service of Security Command Center. This feature is available in Preview.

For more information, see:

• Cloud IDS in Event Threat Detection rules
• Cloud IDS overview

'ta mount' and 'ta unmount' are command line tools offering the user the ability to mount their own NFS or CIFS shares onto the appliance.

Learn more about how to mount to an appliance.

Public Preview of Advanced API Security Actions

Advanced API Security's new Security Actions feature lets you create security actions that define how Apigee handles detected traffic. You can create the following security actions:

• Deny actions, which deny requests that meet specified conditions, for example, originating at an IP address that has been identified as a source of abuse.

• Flag actions, which let requests pass through, but add headers to requests to identify them as suspicious.

• Allow actions, which are used to override deny actions in specific cases when the request is trusted.

Added support to restore PostgreSQL database backup images to an alternate location. Learn more.

Backup and DR agent is enhanced to support Rocky Linux 8.7 operating system version. See support matrix.

Backup and DR agent now supports Rocky Linux 8.7 on Oracle 19c database. See support matrix.

Backup and DR agent now supports RHEL 8.4 on Oracle 21c database. See support matrix.

Cloud Bigtable instance, cluster, and table metadata is automatically synced to Data Catalog, a feature of Dataplex, for improved data discovery and governance. This feature is generally available (GA).

The Cloud Healthcare API offers multi-region support in the Europe (eu) region.

Generally available: NVIDIA L4 GPUs are now available in the following additional regions and zones:

• APAC
  • Seoul, South Korea (asia-northeast3-b)
• Europe
  • St. Ghislain, Belgium (europe-west1-b)
  • Frankfurt, Germany (europe-west3-b)
• North America
  • Council Bluffs, Iowa: (us-central1-c)
  • Las Vegas, Nevada (us-west4-a,c)

For more information about using GPUs on Compute Engine, see GPU platforms.

Batch is available in the following regions:

• australia-southeast2 (Melbourne)
• europe-west8 (Milan)
• europe-west12 (Turin)
• me-west1 (Tel Aviv)
• northamerica-northeast2 (Toronto)
• southamerica-east1 (São Paulo)
• us-east5 (Columbus)

For more information, see Locations.

The BigQuery migration assessment is now available for Snowflake in preview. You can use this feature to assess the complexity of migrating data from your Snowflake data warehouse to BigQuery.

Certificate Authority Service is now available in the following region:

• me-central2

For more information, see Certificate Authority Service locations.

Cloud Composer 2 is now available in Milan (europe-west8), Berlin (europe-west10), and Turin (europe-west12).

Ops Agent version 2.42.0 introduces support for Compute Engine Arm VMs that are running Ubuntu 22.04 LTS (Jammy Jellyfish). For more information, see Support for Compute Engine Arm VMs.

Cloud Spanner sampled query plans are now available in GA. You can view samples of historic query plans and compare the performance of a query over time. For more information, see Sampled query plans.

Ray on Vertex AI is now available in Preview

Ray is an open-source framework for scaling AI and Python applications. Ray provides the infrastructure to perform distributed computing and parallel processing for your machine learning workflow.

You can now create Ray clusters and develop your Ray applications on Vertex AI. This feature is in Preview. For more information, see Ray on Vertex AI overview.

You can now copy tables across regions. This feature is now in preview.

Generally available: NVIDIA L4 GPUs are now available in the following additional regions and zones:

• Singapore(asia-southeast1-a)

For more information about using GPUs on Compute Engine, see GPU platforms.

Model tuning for the textembedding-gecko model is now available in Preview

You can now use supervised fine-tuning to tune the textembedding-gecko model. This feature is in (Preview). For more information, see Tune text embeddings.

Vertex AI Prediction

You can now use C3 machine types to serve predictions.

The following Google Cloud Blockchain Analytics datasets are now available in Preview and available through the Public Datasets Program and Analytics Hub:

• Google Cloud's Tron Mainnet data

• Google Cloud's Optimism Mainnet data

• Google Cloud's Avalanche Contract Chain data

• Google Cloud's Fantom Opera data

• Google Cloud's Ethereum Mainnet data

• Google Cloud's Arbitrum One Chain data

• Google Cloud's Cronos Mainnet Chain data

The Chronicle SIEM user interface has a new top-level navigation to help you access the most commonly used Chronicle SIEM features. It works much the same as the navigation for Chronicle Security Operations. The new navigation menu expands from the left side of the screen, replacing the 9-dot icon at the top right. It is designed to make it easier to find information and resources and to help you work more efficiently. The Chronicle homepage can be accessed by clicking the Chronicle logo at the top left of the page. Reference lists can now be found within the Search page or the Rules Editor page.

Oozie to Airflow tool version 2.0 is available. The new version of the tool supports Airflow 2.

Oozie to Airflow tool converts Apache Oozie workflows into Apache Airflow DAGs. For more information, see the project's page in PyPI and the oozie-to-airflow repository on GitHub.

Retail Search: Facet controls

You can create facet controls that apply to search and browse operations. These help you control facets values without editing your catalog and set the ranking of facet keys.

Numerical facets have been improved: intervals are calculated but they can also be customized.

The facet controls are:

• Ignore facet values
• Replace facet values
• Set numerical intervals
• Remove facets
• Force return facets

For more information, see Facets for search.

You can now use Bare Metal Solution's self-service functionality to order your resources after executing a one-time Order Form. This feature is generally available (GA). For more information, see Order Bare Metal Solution resources.

BigQuery native integration in Looker Studio enables monitoring features for Looker Studio queries, improves query performance, and supports many BigQuery features. This feature is in preview.

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Identity and Access Management
  • iam.googleapis.com/PolicyV2

You can now import your Grafana dashboards into Cloud Monitoring. For more information, see Import Grafana dashboards into Cloud Monitoring.

You can now configure notifications for Google Chat spaces. For more information, see Create and manage notification channels.

If you use the latest preconfigured base images for JetBrains IDEs, the .vmoptions and .properties files persist across workstations. For more information, see Customize JetBrains IDE vmoptions and properties.

Dialogflow CX speech adaptation can now be configured manually.

Support root folder filtering

Filestore enterprise tier backups are now generally available.

GKE now delivers insights and recommendations if users have installed webhooks that intercept system resources or webhooks that have no available endpoints. To learn more, see Ensure control plane stability when using webhooks.

Private Service Connect service connectivity automation is available in General Availability. Service connectivity automation lets service producers automate deployment and service connectivity to eligible managed services on behalf of consumers.

Private Service Connect backends with published service targets can be added to global external TCP proxy Network Load Balancers. This feature is available in Preview.

Access Approval supports Vertex AI Search in the Preview stage.

Access Transparency supports Vertex AI Search in the Preview stage. For the complete list of services that Access Transparency supports, see Supported services.

Release 1.14.9

Anthos clusters on bare metal 1.14.9 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.9 runs on Kubernetes 1.25.

New attributes for Pay-as-you-go pricing are generally available (GA).

Apigee updated its Pay-as-you-go pricing model, making it possible for customers to onboard at a significantly reduced initial cost and right-size their ongoing expenses to usage.

To learn more about the updated Pay-as-you-go pricing experience, see Pay-as-you-go (updated attributes) pricing overview.

Standard and extensible API proxies are generally available (GA).

Standard and extensible API proxies are generally available for use with Apigee organizations.

For more information about standard and extensible API proxies, see API proxy types.

HTTPModifier and ReadPropertySet policies and templating support for message elements are generally available (GA).

The HTTPModifier policy can change an existing request or response message and provides a subset of the functionality already available in the AssignMessage policy. See HTTPModifier policy.

The ReadPropertySet policy reads property sets and populates flow variables with the results. See ReadPropertySet policy.

HTTPModifier and ReadPropertySet are standard policies. Proxies built exclusively with standard policies are called standard proxies and can be deployed to any environment type. See Pay-as-you-go (updated attributes) pricing overview.

With this release, template support for message elements is also generally available. See URL templating.

New environment types are generally available (GA).

With this release, Apigee introduces three distinct environments that have access to varying degrees of Apigee capabilities and costs: Base, Intermediate, and Comprehensive.

For more information, see Apigee Pay-as-you-go environment types.

Apigee API Analytics add-on for Pay-as-you-go organizations is generally available (GA).

With this release, Apigee API Analytics is available as a paid add-on capability for Pay-as-you-go organizations. The add-on can be enabled in any Apigee Intermediate or Comprehensive environment. For more information, see Manage the Apigee API Analytics add-on.

One click provisioning for Apigee Pay-as-you-go organizations is generally available (GA).

Simplify your onboarding experience with one click provisioning for new Pay-as-you-go organizations, using smart default configurations. To learn more, see Provision Apigee with one click.

Updated pricing attributes in Subscription plans are available.

To get started with subscription plans that include new pricing attributes (consistent with Pay-as-you-go pricing), contact your Google Cloud sales specialist.

For more information, see Apigee Subscription 2024 entitlements. Apigee hybrid is not available in the new subscription plan at this time.

As a BigQuery administrator, to monitor your organization's slots utilization and BigQuery jobs' performance over time, use can now use administrative query inspector. This feature is now generally available.

Airflow triggerer is now generally available (GA).

Cloud Load Balancing introduces the global external Proxy Network Load Balancer. The global external Proxy Network Load Balancer is implemented on globally distributed GFEs and supports advanced traffic management capabilities. This load balancer can be configured to handle either TCP or SSL traffic by using either a target TCP proxy or a target SSL proxy respectively. Global external proxy Network Load Balancers support backends such as instance groups, hybrid NEGs, and Private Service Connect NEGs.

Load balancers that are already deployed in the classic mode are renamed as classic Proxy Network Load Balancer in the console.

For details, see the External proxy Network Load Balancer overview.

To set up a global external Proxy Network Load Balancer, see the following pages:

• Instance group backends with SSL
• Instance group backends with TCP

This capability is in Preview.

With the launch of global external Proxy Network Load Balancer, we now support three deployment modes with the external Proxy Network Load Balancer—classic (General Availability), Regional (General Availability) and global (Preview). No changes have been made to the API.

For details, see the External proxy Network Load Balancer overview.

Typically with HTTPS communication, the authentication works only one way: the client verifies the identity of the server. For applications that require the load balancer to authenticate the identity of clients that connect to it, both a global external Application Load Balancer and a global external Application Load Balancer (classic) support mutual TLS (mTLS).

With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store that the load balancer uses to validate the client certificate's chain of trust.

For details, see the following:

• Mutual TLS authentication
• Set up mutual TLS with signed certificates
• Set up mutual TLS with a private CA
• Set up mutual TLS for a global external Application Load Balancer (classic)
• Set up mutual TLS for a global external Application Load Balancer

This capability is in General Availability.

Added MutatingWebhookConfigurationCustomization and ValidatingWebhookConfigurationCustomization to support the customization on webhook timeouts.

Added value validation for resource requests and limits in the customizable ControllerResource and NamespacedControllerResource CRDs.

Promoted CertificateManagerCertificate, CertificateManagerCertificateMap, CertificateManagerCertificateMapEntry and CertificateManagerDNSAuthorization from v1alpha1 to v1beta1.

Promoted RunService from alpha stability to stable stability.

• Renamed field spec.template.containerConcurrency to spec.template.maxInstanceRequestConcurrency.
• Fixed the IAM support by removing the support of "IAM conditions" on this resource.
• Removed field status.resourceGeneration.

Resource BigQueryTable(v1beta1):

• Added spec.tableConstraints field.
• Added spec.materializedView.allowNonIncrementalDefinition field.

Resource ComputeInstance(v1beta1):

• Added spec.networkInterface.items.internalIpv6PrefixLength field.
• Added spec.networkInterface.items.ipv6Address field.

Resource ComputeInstanceTemplate(v1beta1):

• Added spec.networkInterface.items.internalIpv6PrefixLength field.
• Added spec.networkInterface.items.ipv6Address field.

Resource ContainerCluster(v1beta1):

• Added spec.enableFqdnNetworkPolicy field.
• Added spec.nodeConfig.confidentialNodes field.

Resource ContainerNodePool(v1beta1):

• Added spec.nodeConfig.confidentialNodes field.

Resource DialogflowCXFlow(v1alpha1):

• Added spec.eventHandlers.items.triggerFulfillment.conditionalCases field.
• Added spec.eventHandlers.items.triggerFulfillment.setParameterActions field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.channel field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.conversationSuccess field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.liveAgentHandoff field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.outputAudioText field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.payload field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.playAudio field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.telephonyTransferCall field.
• Added spec.transitionRoutes.items.triggerFulfillment.conditionalCases field.
• Added spec.transitionRoutes.items.triggerFulfillment.setParameterActions field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.channel field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.conversationSuccess field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.liveAgentHandoff field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.outputAudioText field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.payload field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.playAudio field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.telephonyTransferCall field.

Resource DialogflowCXPage(v1alpha1):

• Added spec.entryFulfillment.conditionalCases field.
• Added spec.entryFulfillment.setParameterActions field.
• Added spec.entryFulfillment.messages.items.channel field.
• Added spec.entryFulfillment.messages.items.conversationSuccess field.
• Added spec.entryFulfillment.messages.items.liveAgentHandoff field.
• Added spec.entryFulfillment.messages.items.outputAudioText field.
• Added spec.entryFulfillment.messages.items.payload field.
• Added spec.entryFulfillment.messages.items.playAudio field.
• Added spec.entryFulfillment.messages.items.telephonyTransferCall field.
• Added spec.eventHandlers.items.triggerFulfillment.conditionalCases field.
• Added spec.eventHandlers.items.triggerFulfillment.setParameterActions field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.channel field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.conversationSuccess field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.liveAgentHandoff field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.outputAudioText field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.payload field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.playAudio field.
• Added spec.eventHandlers.items.triggerFulfillment.messages.items.telephonyTransferCall field.
• Added spec.form.parameters.items.defaultValue field.
• Added spec.form.parameters.items.fillBehavior.repromptEventHandlers field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.conditionalCases field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.setParameterActions field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.channel field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.conversationSuccess field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.liveAgentHandoff field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.outputAudioText field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.payload field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.playAudio field.
• Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.telephonyTransferCall field.
• Added spec.transitionRoutes.items.triggerFulfillment.conditionalCases field.
• Added spec.transitionRoutes.items.triggerFulfillment.setParameterActions field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.channel field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.conversationSuccess field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.liveAgentHandoff field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.outputAudioText field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.payload field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.playAudio field.
• Added spec.transitionRoutes.items.triggerFulfillment.messages.items.telephonyTransferCall field.

Resource RunJob(v1beta1):

• spec.template.template.volumes[].secret.items[].mode is now optional.

Resource SecretManagerSecret(v1beta1):

• Added spec.replication.auto field.

Resource SecretManagerSecretVersion(v1beta1):

• Added spec.deletionPolicy field.

Resource VertexAIIndexEndpoint(v1alpha1):

• Added spec.publicEndpointEnabled field.
• Added status.publicEndpointDomainName field.

Dataplex is available in the following regions:

• Delhi (asia-south2)
• Melbourne (australia-southeast2)
• Toronto (northamerica-northeast2)

For more information, see Locations and Pricing.

Dialogflow CX launched two new integrations in preview:

• Google Chat
• Slack

containsOnly() function released to General Availability.

You can now use the containsOnly() function to query findings with an array-type attribute or subfield that only contains values that match the specified filter, and no other values.

For more information, see The containsOnly function.

Vertex AI Search (Enterprise Search): Customer-managed encryption key integration

Customer-managed encryption keys (CMEK) is available as an allowlisted preview feature.

If you store your data in a US multi-region data store, you can provide your own encryption key to protect your data at rest.

For information, see Customer-managed encryption keys.

Vertex AI Search (Enterprise Search): Search tuning

Search tuning is available as an allowlisted preview feature. You provide additional training data in the form of query and segment pairs. We use this data to tune the model for your app.

For information, see Improve search results with search tuning.

Vertex AI Search (Enterprise Search): Data location

Vertex AI Search may be configured for data location pursuant to the "Data Location" section of the Service Specific Terms.

For information about data residency in Vertex AI Search, see Enterprise Search locations.

Vertex AI Search (Enterprise Search): Support for Access Transparency

Access Transparency supports Vertex AI Search in preview.

For more information, see Enable Access Transparency in Enterprise Search.

Vertex AI Search (Enterprise Search): Citations for search with follow-ups

Citations indicate from which search results specific sentences in the summary are taken.

For more information, see Configure the summary.

Vertex AI Search (Enterprise Search): Ignore adversarial queries and non-summary seeking queries for search with follow-ups

Ignore adversarial queries can stop generation of summaries that are unsafe or violate policy.

Non-summary seeking queries stop generation of summaries that aren't helpful for some queries.

For more information, see Configure the summary.

Vertex AI Search (Enterprise Search): Additional languages supported

Search, snippets, and other features are now supported in the following languages:

• Arabic
• Chinese (Simplified)
• Greek
• Hebrew
• Japanese
• Korean
• Polish
• Russian

See Languages.

Private Service Connect backends support using an external regional TCP proxy load balancer or an internal regional TCP proxy load balancer to access published services. These features are available in General Availability.

The IL2 compliance program is now generally available. For a list of IL2-compliant Google Cloud products, see the Supported products page.

The following BigQuery ML point-in-time lookup functions are now in preview. These functions let you specify a point-in-time cutoff when retrieving features for training a model or running inference, in order to avoid data leakage.

• Use the ML.FEATURES_AT_TIME function to use the same point-in-time cutoff for all entities when retrieving features.
• Use the ML.ENTITY_FEATURES_AT_TIME function to retrieve features from multiple points in time for multiple entities.

You can now use IAM conditions to control access to BigQuery resources. This feature is in preview.

Certificate Manager supports Mutual TLS (mTLS) authentication. This feature is generally available (GA).

The following pg_wait_sampling and rdkit flags are generally available:

pg_wait_sampling flags

• cloudsql.enable_pg_wait_sampling: enable the pg_wait_sampling extension for Cloud SQL for PostgreSQL instances.
• pg_wait_sampling.history_size: set the size of the in-memory ring buffer for history sampling, in terms of the number of samples.
• pg_wait_sampling.history_period: set the time interval for history sampling, in milliseconds.
• pg_wait_sampling.profile_period: set the time interval for profile sampling for wait events, in milliseconds.
• pg_wait_sampling.profile_pid: specify whether the wait profile that accumulates samples for each process and waits event is collected for each process or for all processes.
• pg_wait_sampling.profile_queries: specify whether the wait profile is collected for each query or for all queries.

rdkit flags

• rdkit.tanimoto_threshold: set the threshold value for the Tanimoto similarity operator.
• rdkit.dice_threshold: set the threshold value for the Dice similarity operator.
• rdkit.do_chiral_sss: specify whether stereochemistry is used in substructure matching.
• rdkit.do_enhanced_stereo_sss: specify whether enhanced stereo is used in substructure matching.
• rdkit.sss_fp_size: set the size of the fingerprint used for substructure screening, in bits.
• rdkit.morgan_fp_size: set the size of morgan fingerprints, in bits.
• rdkit.featmorgan_fp_size: set the size of featmorgan fingerprints, in bits.
• rdkit.layered_fp_size: set the size of layered fingerprints, in bits.
• rdkit.rdkit_fp_size: set the size of rdkit fingerprints, in bits.
• rdkit.hashed_torsion_fp_size: set the size of topological torsion bit vector fingerprints, in bits.
• rdkit.hashed_atompair_fp_size: set the size of atom pair bit vector fingerprints, in bits.
• rdkit.reaction_sss_fp_size: set the size of the structural chemical reaction fingerprint, in bits.
• rdkit.reaction_difference_fp_size: set the size of the difference chemical reaction fingerprint, in bits.
• rdkit.reaction_sss_fp_type: specify the type of structural chemical reaction fingerprint.
• rdkit.reaction_difference_fp_type: specify the type of difference chemical reaction fingerprint.
• rdkit.ignore_reaction_agents: specify whether agents of a chemical reaction are taken into account.
• rdkit.agent_FP_bit_ratio: specify the weight of the impact of agents contained in a chemical reaction fingerprint.
• rdkit.move_unmmapped_reactants_to_agents: specify whether unmapped reactant agents of a chemical reaction are taken into account.
• rdkit.threshold_unmapped_reactant_atoms: set the ratio of allowed unmapped reactant atoms.
• rdkit.init_reaction: specify whether the reaction is ready for use.
• rdkit.difference_FP_weight_agents: specify the weight factor for agents compared to reactants and products in reaction difference fingerprints.
• rdkit.difference_FP_weight_nonagents: specify the weight factor for reactants and products compared to agents in reaction difference fingerprints.
• rdkit.avalon_fp_size: set the size of avalon fingerprints, in bits.

SAP HANA Fast Restart enabled using Terraform

SAP HANA Fast Restart is enabled when you deploy SAP HANA on Google Cloud using the sap_hana or sap_hana_ha Terraform module, version 202309280828 or later. The fast restart option is enabled through the enable_fast_restart Terraform argument, which by default is set to true.

For more information, see the deployment guide for your SAP HANA scenario.

Public preview of Advanced API Security Alerting

Advanced API Security's new alerting feature lets you create alerts for events related to API security using Google Cloud Monitoring, such as changes to your security scores or incidents involving detected API abuse. You can configure alerts to send you notifications by email or other channels when these events occur, so you can take action to counteract them.

If you need to re-enable deployments for Java 8 apps past the legacy runtime end of support date (starting January 30, 2024), you can define a new organization policy with constraints/appengine.runtimeDeploymentExemption. This policy constraint can be used before the end of support date. Learn more about enabling deployments for runtimes reaching end of support.

If you need to re-enable deployments for PHP 5.5 apps during the legacy runtime end of support period (starting January 30, 2024), you can define a new organization policy with constraints/appengine.runtimeDeploymentExemption. This policy constraint can be used before the end of support date. Learn more about enabling deployments for runtimes reaching end of support.

If you need to re-enable deployments for Python 2.7 apps during the legacy runtime end of support period (starting January 30, 2024), you can define a new organization policy with constraints/appengine.runtimeDeploymentExemption. This policy constraint can be used before the end of support date. Learn more about enabling deployments for runtimes reaching end of support.

Release Notes 6.2.35

GA - 8th October

Risk Score and Severity added

Two new information fields have been added to the Alert Details widget which appears in the Alert overview tab. These are Risk score and Severity. These values will only be populated when using the Google Chronicle SIEM connector.

Export/Import for Advanced Reports (using Looker) now supported both in the platform and using new APIs.

This enables customers to create reports on their staging environment and then import the template without the data into their production environment.

In the platform, the import is at the top of the Reports queue while the export icon is inside the actual report itself. The report file is in yaml format.

New APIs are as follows:
/api/external/v1/looker/report/import

/api/external/v1/looker/export/{report_id}

You can use fully qualified domain name (FQDN) objects in firewall policy rules to filter incoming or outgoing traffic from specific domain names. This feature is available in General Availability.

Long running jobs greater than 1 hour are at general availability (GA).

New Appliance setup experience is released. Users can use the Google Cloud console to fully set up permissions for the appliance and receive the credentials.

Regional external HTTP(S), internal HTTP(S), and the regional internal TCP proxy load balancers now use distributed Envoy health checks instead of Google's centralized health checking mechanism. Envoy health check probes originate from the proxy-only subnet associated with the load balancer.

For more details, see the Hybrid NEG documentation: Distributed Envoy health checks.

This feature is available in General availability.

Cloud SQL supports the preview version of the enable-high-availability recommender. This service proactively generates recommendations that help you bring your important instances within SLA by providing data redundancy. This might be helpful during a zonal outage or when an instance runs out of memory. For more information, see Improve instance reliability by enabling high availability.

Cloud SQL supports the preview version of the enable-high-availability recommender. This service proactively generates recommendations that help you bring your important instances within SLA by providing data redundancy. This might be helpful during a zonal outage or when an instance runs out of memory. For more information, see Improve instance reliability by enabling high availability.

Cloud SQL supports the preview version of the enable-high-availability recommender. This service proactively generates recommendations that help you bring your important instances within SLA by providing data redundancy. This might be helpful during a zonal outage or when an instance runs out of memory. For more information, see Improve instance reliability by enabling high availability.

You can now control the mounting behavior of Cloud Storage FUSE by using a configuration file instead of global options.

Preview: c3d-standard, c3d-highmem, c3d-highcpu, and c3d-standard-lssd virtual machines are available in the following regions:

• Council Bluffs, Iowa, North America, us-central1
• Moncks Corner, South Carolina, North America, us-east1
• Ashburn, Virginia, North America , us-east4
• St. Ghislain, Belgium, Europe, europe-west1
• Eemshaven, Netherlands, Europe, europe-west4
• Jurong West, Singapore, Asia, asia-southeast1

See the General purpose machines document for details.

Preview: Migrate to Virtual Machines lets you migrate the disks of source virtual machine (VM) instances to Persistent Disk volumes on Google Cloud with the following options:

• Migrate the Persistent Disk volumes without attaching them to a VM instance
• Create a new VM instance and attach the migrated Persistent Disk volumes to it

Advisory Notifications lets you opt in to or out of optional notification types. For more information, see Opt in to or out of notifications.

Release 1.15.5

Anthos clusters on bare metal 1.15.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.15.5 runs on Kubernetes 1.26.

This release includes a new Overview page for Apigee API Management in the Google Cloud console.

From the Overview page, you can:

• Get started as a new Apigee user
• Test your Apigee runtime
• View key resource usage metrics
• Explore Apigee API management features

For more information, see UI overview.

Materialized views over BigLake metadata cache-enabled tables can reference structured data stored in Cloud Storage. These materialized views function like materialized views over BigQuery-managed storage tables, including the benefits of automatic refresh and smart tuning. This feature is now generally available (GA).

Authorized stored procedures are now generally available (GA). This feature lets you share stored procedures with users or groups without giving them direct access to the underlying tables.

All Cloud SQL for MySQL Enterprise Plus edition instances now support up to 35 days of retained transaction logs for point-in-time recovery.

The rollout of the following minor version is currently underway:

MySQL 5.7.42 is upgraded to MySQL 5.7.43. For more information, see MySQL 5.7 Release Notes.

If you use a maintenance window, then the updates to the minor versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks. The new maintenance version is [MySQL version].R20230909.02_00. The details of the security fixes applied as part of this release will be published in the MySQL maintenance changelog.

To learn how to check your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Mobile release 2.2

• iOS and Android SDK content cards: You can use content cards to deliver specific messages to end-users during virtual agent chats. Content cards have customizable components including titles, text, carousel messages, banners, and much more. You can also embed a link that the end-user accesses when they click on the card. For example, if you have a list of restaurant options, you might create a content card for each one with a deep link that brings the user to the restaurant's website when they click.

• iOS SDK, improved accessibility: The mobile iOS SDK now fulfills the following Web Content Accessibility Guidelines (WCAG) criteria for improved accessibility:

  • Identify Input Purpose: Ensure that each input field is programmatically determinable, allowing users to autofill inputs.
  • Identify Purpose: Ensure that the purpose of many elements on a page can be programmatically determined, making it easier for agents to extract and present the purpose to users using different modalities.
  • Parsing: Ensure that there are no major code errors that affect accessibility so that agents can accurately interpret and parse content using assistive technologies.
  • Name, Role, Value: Ensure that assistive technologies can gather information about, activate (or set), and keep up to date on the status of user interface controls in the content.
  • Status Messages: Ensure that users of assistive technologies are notified when content is updated dynamically without receiving visual focus.

• Mobile bug fixes:

  • Fixed an intermittent issue where quick reply buttons could be pressed outside their boundaries.
  • Fixed an issue where a virtual agent's avatar icon sometimes was not displayed alongside their message.

ServiceNow enhanced capabilities: This release brings new capabilities to the ServiceNow integration, including support for:

• Default User: Reduced admin permission requirements.
• More flexible field mapping and property assignment configuration options.
• Support for new CRM features:
  • Surveys
  • Agent Status inheritance
  • Custom Callback number
  • Improved support for OAuth authentication, for example now including admin tokens.

Assign virtual agent transfers to the top-level queue: You can now assign a virtual agent to transfer to a top-level queue. The virtual agent will navigate consumers through any active sub and leaf queue options. If a top-level queue has no available leaf queues or is incorrectly configured, the IVR fallback will redirect the caller to the previous queue (if human agents are available) or provide an error message before disconnecting (if the top-level queue has no available agents).To enable this feature:

• Enter the top-level queue ID in the Dialogflow destination (you can find parent queue IDs in the Virtual Agent queue menu settings).
• Ensure all sub and leaf queues are active.

Chat API suite: A new set of APIs are now available that allow you to customize your chat experience. As a part of this feature, webhooks are available for receiving notifications about events that occur during the chat interaction. You can enable and manage them in Developer Settings > Webhooks. The new chat endpoints allow you to:

• Create a chat, send and receive plain text messages, and end the chat with both agents and virtual agents.
• Exchange messages with media attachments such as pictures, videos, and documents.

Apps API: Change agent status: Two new endpoints are now available to manage agent statuses:

• GET /apps/api/v1/agent_statuses: Retrieve current agent statuses.
• POST /apps/api/v1/agent_statuses: Update/change an agent status.

These endpoints allow you to modify agent statuses. You can change an agent's status from Available to any custom status and vice versa. Attempting to change an agent's status to a system status, such as In-Call, will result in an error. Similarly, attempting to change an agent's status from any system status will prompt an error message. These endpoints support bulk status updates, allowing you to update statuses for an entire team or selected agents simultaneously.

NICE QM integration: CCAI Platform now supports an out-of-the-box data export for NICE QM. You can enable this feature in Developer Settings > Session Data Export > NICE Integration. The following information is required to enable the NICE QM data export:

• NICE API Endpoint
• API Authentication credentials

After the integration is enabled, you can enable session data related to IVR call events and agent login/logout events in your NICE integration.

Missed chat / Unresponsive status (while in-chat): Improved handling of agent statuses when a session cast to an agent fails due to network issues.

• When a chat/call is cast to an agent but fails due to network or permission issues, the agent's next status will be moved to Unresponsive regardless of the status they're currently in.
• If a call/chat is cast to an agent but the agent fails to pick up, the agent's next status will be moved to Missed Chat status regardless of the status they're currently in.

ANI retention management: You can now enable ANI storage by contacting Support.

Permission for access to call recording/chat transcript files: A new role permission allows you to define whether users can have access to call recordings and/or chat transcripts when they are stored in external storage and without a CRM. When inactive, users won't be able to access these files from either the Completed Calls or Chats monitoring pages or associated downloadable reports. Shared links to these files fall under the same permissions.

Disable Whatsapp for CCAI Platform: The Whatsapp flag for CCAI Platform is disabled until we have OEM compatibility for Whatsapp.

CRM record autoload: A new setting is available to automatically update the CRM when an agent navigates between multiple active chats. This eliminates the need for the agent to manually search and load the corresponding CRM record each time they switch between chats. To enable this setting, go to Settings > Chat > Global Settings > Global Chat Settings and select the following checkbox: Automatically load CRM Record when switching between chat tabs.

POST events, chat message events: Two new events added to the existing agent chat adapter events:

• Chat Inbound Message: Event indicating that a new consumer message was received; includes the message content.
• Chat Outbound Message: Event indicating that a new agent message was sent; includes the message content.

Restrict international calling by area code, short code, phone number: The international calling configuration now includes the option to limit calls by area code, short code, and phone number. You can extend this configuration to a specific agent or have it applied as a rule to all agents.

MS Dynamics, object type Contact: You can now populate different fields on a "Case" object, when a "Contact" Object Type is used. The default action within MS Dynamics is to fill in the customer information only when a Case is created. This updated setting allows the contact field to be populated with the customer information from a Contact object at the same time. To enable this feature navigate to Developer Settings to access your MS Dynamics configuration. In the Account Lookup settings, select Contact under Object Type.

Call settings, post-call session transfers: You can now set up a cold transfer to a virtual agent at the end of a call. This configuration allows you to set up an automated workflow, such as a post-call survey. To enable this feature, go to Settings > Call Settings and toggle the Post-call session transfers to ON.

New permissions added to historical reports: You can now limit access to assigned teams only or assigned queues only. For example, if you apply the assigned teams only permission option, only data for agents on that user's team(s) will be downloaded. There is also a new permission that allows Admins to manage who has access to the Session Data report, in addition the assigned team only permission.

Dialogflow CX now provides the call companion feature in preview, which provides a mobile-based user interface that supplements a phone call with an agent.

Add the doc_ai_document_type and doc_ai_document_path fields to the Pipeline API Cloud Function request.

Support "store_document_metadata_only" boolean flag in the Pipeline API Cloud Function response.

Support for europe-west9 (Paris), me-central1 (Doha), and me-west1 (Tel Aviv).

Support for europe-west9 (Paris), me-central1 (Doha), and me-west1 (Tel Aviv).

Vertex AI Workbench instances are now generally available (GA). Vertex AI Workbench instances combine features from managed notebooks and user-managed notebooks to provide a robust data science solution. Supported features include:

• Idle timeout
• BigQuery and Cloud Storage integrations
• End-user and service account authentication
• VPC Service Controls
• Customer managed encryption keys (CMEK) and Cloud External Key Manager (Cloud EKM)
• Health status monitoring
• Scheduled notebook runs
• Dataproc integration

To get started, see Introduction to Vertex AI Workbench instances.

Vertex AI - Predict task

Starting with this release, Apigee Integration provides the Vertex AI - Predict task that lets you perform online predictions on your ML models.

Vertex AI - Predict task

Starting with this release, Application Integration provides the Vertex AI - Predict task that lets you perform online predictions on your ML models.

The CJIS compliance program now supports the following products. See Supported products for more information:

• Cloud Run
• Cloud Identity
• Google Workspace Admin Console

You can now view the pod for your Bare Metal Solution servers, networks, volumes, and NFS Shares. This feature is generally available (GA).

Preview: Compute Engine API now enforces the Filtered list cost overhead quota, which limits the number of resources to be filtered out from server-side *.list and *.aggregatedList methods.

The quota is charged against the following metrics:

• Global: compute.googleapis.com/filtered_list_cost_overhead
• Regional: compute.googleapis.com/filtered_list_cost_overhead_per_region

For more information, see Rate quotas and best practices for list filtering.

Preview: You can now view the organization-wide patch status dashboard and OS policy compliance reports by using VM Manager.

Tag key and value short names can now have a maximum length of 256 characters. For more information, see Tags overview.

Vertex AI Search (Enterprise Search): Third-party data connectors

You can set up your Vertex AI Search data stores to sync with data from Jira, Confluence, or Salesforce.

This feature is in private preview. To try this feature, contact your Google account team to find out if you qualify.

For more about setting up a connection to third-party data, see Create an Enterprise Search data store.

AlloyDB now offers basic instances, which are primary instances containing only one node, in one zone. Basic instances provide a lower-cost alternative to highly available instances, and are appropriate for use in non-production environments that don't require high availability.

Database server compatibility with PostgreSQL version 15 is now available in Preview. You can create a cluster with PostgreSQL 15 compatibility.

Release 1.16.1

Anthos clusters on bare metal 1.16.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.16 runs on Kubernetes 1.27.

Cloud Run integrations (Preview) are now available in the following regions:

• asia-northeast1
• asia-northeast2
• asia-south1
• asia-southeast2
• australia-southeast1
• europe-central2
• europe-north1
• europe-west2
• europe-west3
• northamerica-northeast1
• southamerica-east1
• us-east4
• us-west2
• us-west3

The rollout of the oracle_fdw extension, version 1.2 is underway. This extension provides a foreign data wrapper for accessing Oracle databases easily and efficiently. For more information, see Configure PostgreSQL extensions.

The rollout of the following minor versions, extension versions, and plugin versions is underway:

Minor versions

• 11.19 is upgraded to 11.21.
• 12.14 is upgraded to 12.16.
• 13.10 is upgraded to 13.12.
• 14.7 is upgraded to 14.9.
• 15.2 is upgraded to 15.4.

Extension and plugin versions

• orafce is upgraded from 3.24.4 to 3.25.1.
• pglogical is upgraded from 2.4.2 to 2.4.3.
• pgvector is upgraded from 0.4.2 to 0.5.0.
• PostGIS is upgraded from 3.2.3 to 3.2.5.

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20230830.01_00. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Generally available: Instance templates are available as both regional and global resources. To reduce cross-region dependency or to achieve data residency, use a regional instance template to create virtual machines (VM), managed instance groups (MIG), or reservations. For more information, see Regional and global instance templates.

Generally available: Autohealing in managed instance groups (MIG) supports regional health checks. To reduce cross-region dependency or to achieve data residency, use a regional health check. For more information, see Set up an application health check and autohealing.

Launched Document AI Enterprise Document OCR v2.0 and OCR add ons in Preview.

Enterprise Document OCR launched a Release Candidate, pretrained-ocr-v2.0-2023-06-02, which includes:

• Upgraded OCR model, optimized for various document use cases.
• Visual-element detector for boxed characters, which can increase quality up to 10% for documents with text boxes.

For more details, see the documentation, including the user guide.

OCR add ons are available from the Enterprise Document OCR processor when using pretrained-ocr-v2.0-2023-06-02. These include:

• Checkbox extraction: Detects and extracts status (marked/unmarked) in the Enterprise Document OCR response.
• Math OCR: Identifies, recognizes, and extracts formulas from documents in LaTeX output format.
• Font-style detection: Identifies word-level font properties, including type, style, handwriting, weight, and color.

For more details, see the documentation.

The Observability dashboards on the GKE Clusters List, Cluster Details, and Workload List pages are now customizable. Additionally, the Cluster Details dashboards can be customized across the entire project, or per-cluster for specific use cases.

Secret Manager is now available in the following region:

• me-central2

For more information, see Secret Manager locations.

Attack path simulations support additional resources

The attack path simulation feature that generates attack exposure scores and attack paths for your high-value resources now supports the following additional Google Cloud resources:

• aiplatform.googleapis.com/Dataset
• aiplatform.googleapis.com/Featurestore
• aiplatform.googleapis.com/MetadataStore
• aiplatform.googleapis.com/Model
• aiplatform.googleapis.com/TrainingPipeline
• container.googleapis.com/Cluster

For more information, see Resource types supported in high-value resource sets.

Manually refresh your web pages

Call the recrawlUris method to manually refresh specific web pages in a data store with Advanced website indexing turned on. You can check the status of the recrawl operation by polling the operations.get method.

See Manually refresh your web pages.

GA release of the Apigee UI in Cloud console

This is the GA release of the Apigee UI in Cloud console, a new version of the Apigee UI that is integrated with the Google Cloud console. The new UI makes it easier to use Apigee, while also performing related tasks in the Cloud console.

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Cloud Tasks

  • cloudtasks.googleapis.com/Queue

• Organization Policy

  • orgpolicy.googleapis.com/CustomConstraint

Cloud Bigtable is available in the me-central2 (Dammam) region. For more information, see Bigtable locations.

Sensitive Data Protection is available in me-central2 (Dammam). For more information, see Sensitive Data Protection locations.

The following new region is now available: me-central2.

Support for me-central2 (Dammam) region.

Support for me-central2 (Dammam) region.

Support for me-central2 (Dammam) region.

You can create Cloud Spanner regional instances in Dammam, Saudi Arabia (me-central2).

Cloud Storage is now available in Dammam, Saudi Arabia (me-central2 region).

Cloud VPN is now available in region me-central2 (Dammam, Saudi Arabia).

Pricing is available on the Cloud VPN pricing page.

Generally available: Dammam, Kingdom of Saudi Arabia, Middle East me-central2-a,b,c has launched with E2, N2, N2D, and T2D VMs in all three zones. See the Dammam region access document to learn more.

Data Catalog is available in the me-central2 (Dammam) region.

For more information, see Regions.

Dataflow is now available in Dammam, Saudi Arabia (me-central2).

Dataproc is now available in the me-central2 region (Dammam, Saudi Arabia).

Dialogflow CX intent import/export and training phrase import/export are now generally available.

The me-central2 region in Dammam, Saudi Arabia is now available.

Added new Memorystore for Memcached region: Dammam (me-central2).

The Version Upgrade feature is now Generally Available on Memorystore for Memcached.

Added new Memorystore for Redis region: Dammam (me-central2).

Pub/Sub is now available in Dammam, Saudi Arabia (me-central2).

Messages written to a dead letter topic configured for a BigQuery subscription contain an attribute with the reason the message could not be written to BigQuery. For more information, see Handle message failures.

For auto mode VPC networks, added a new subnet 10.216.0.0/20 for the Dammam me-central2 region. For more information, see Auto mode IP ranges.

Access Approval supports Cloud Monitoring in the Preview stage.

This release includes improvements to the Create Environment experience in the Apigee UI in the Cloud console.

With this release, users can create a new environment, attach the environment to an Apigee instance, and assign the environment to an environment group within the same creation flow.

In addition, users can edit or remove environment group assignments from the environment detail page in the Apigee UI, simplifying management of their Apigee implementation.

For more information, see Working with environments.

The BigQuery Data Transfer Service now supports transfers from Search Ads 360 using the new Search Ads 360 reporting API. This feature is in preview. Customers with existing Search Ads 360 transfers should migrate their workflows to be compatible with the new Search Ads 360. The BigQuery Data Transfer Service will stop its support for the old Search Ads 360 reporting API on May 31st, 2024.

Database Migration Service now supports customer-managed encryption keys (CMEK) that are externally managed with Cloud External Key Manager. For more details on CMEK support for each migration scenario, see CMEK integrations.

You can now save charts generated from a Log Analytics SQL query to a custom dashboard. For more information, see Save a chart to a custom dashboard.

Cloud Run Operators are available in Cloud Composer.

Preview: Snapshot settings are centralized configuration parameters for all snapshots in a project. You can use snapshot settings to customize the default storage location for all future snapshots in your project. By enabling you to do this, snapshot settings remove the need for you to manually specify a storage location during each individual snapshot creation.

Learn more about snapshot settings and how to set the default storage location for a project using snapshot settings.

The backlog metrics of subscriptions with filtering enabled only include messages that match the filter. The change is being rolled out in a phased manner.

Access Approval supports Access Context Manager in the Preview stage.

Maintenance operations on highly available primary instances now occur with less than one second of downtime for most workloads.

The ability to analyze a project for compliance before migrating it to an Assured Workloads folder is now generally available. See the Migrate a workload page for more information.

The CJIS compliance program now supports the following products. See Supported products for more information:

• Cloud Composer
• Cloud Dataflow
• Cloud DNS
• Cloud HSM
• Cloud Logging
• Cloud NAT
• Cloud Router
• Cloud SQL
• Network Connectivity Center

The IL5 compliance program now supports the following products. See Supported products for more information:

• Cloud Logging
• Dataflow
• Google Kubernetes Engine

Certificate Authority Service now supports data residency.

Cloud KMS is available in the following region:

• me-central2

For more information, see Cloud KMS locations.

Manifest files are now available in Storage Insights. A manifest file is generated when an inventory report is split into shards. You can use the manifest file to easily locate the shards you want to download.

Generally available: The Red Hat Knowledgebase provides you with access to articles, solutions, product documentation, and community discussions for Red Hat products.

You can now access the Red Hat Knowledgebase by using single-sign-on (SSO) through the Google Cloud console from your Red Hat Enterprise Linux (RHEL) VMs. For more information, see Access Red Hat Knowledgebase.

Dialogflow CX has added the FILTER system function.

Dialogflow CX flow export now exports flows recursively.

Event Threat Detection, a built-in service of Security Command Center, released a new rule, Initial Access: Leaked Service Account Key Used, to General Availability.

For more information, see Event Threat Detection rules.

Vertex AI Search (Enterprise Search): Languages for summarization

Summarization is supported in the following languages in addition to English:

• German (de-DE)
• Spanish (es-ES)
• Italian (it-IT)
• French (fr-FR)
• Dutch (nl-NL)
• Portuguese (pt-BR)
• Swedish (sv-SE)

See Languages.

Vertex AI Search (Enterprise Search): Adjacent segments for preview with allowlist

When getting extractive segments, you can also get up to 3 segments from immediately before and after the relevant segment. Adjacent segments can add context and accuracy to the relevant segment. Turning on adjacent segments can increase latency.

Adjacent segments is in preview with allowlist. Contact your Google account team to try out adjacent segments.

See Extractive segments.

Vertex AI Search (Enterprise Search): Customizable summaries for preview with allowlist

When you request summaries, you can customize them by providing natural-language instructions. You can request customizations such as such as the length and level of detail, style of output (such as "simple"), language of output, focus of answer, and format (such as tables, bullets, and XML).

Customizable summaries are in preview with allowlist. Contact your Google account team if you're interested in trying this feature.

See Get customizable summaries.

Go 1.21 is now generally available.

You can now view the status of your server activity in the Google Cloud console. it informs you if there's an issue with your Bare Metal Solution infrastructure. This feature is generally available (GA).

Observability for storage volumes is generally available (GA).

You can now change the type of a Chronicle reference list. For more details, see reference lists.

You can now create and manage forwarder configurations using the Chronicle user interface and also through the Chronicle Forwarder Management API.

The Cloud CDN private origin authentication capability for Amazon Simple Storage Service (Amazon S3) and compatible object stores is now Generally Available.

Ops Agent version 2.40.0 introduces support for Compute Engine Arm VMs that are running RHEL 9 or Rocky Linux 9. For more information, see Support for Compute Engine Arm VMs.

Generally available: You can create C3-standard VMs with Local SSD attached using new machine types, for example c3-standard-44-lssd. For more information, see Choosing a valid number of Local SSDs.

Dataflow now supports the Tau T2A Arm machine series as a worker machine type. This feature is generally available (GA). For more information, see Use Arm VMs on Dataflow.

M111 release

• PyTorch 2.0 container images now include PyTorch XLA 2.0.
• Miscellaneous software updates.

M111 release

• PyTorch 2.0 images now include PyTorch XLA 2.0.
• Miscellaneous software updates.

Preview: Migrate to Virtual Machines from an Azure source is now open to all users. Migrate to Virtual Machines from an Azure source lets you migrate Azure VM instances to Compute Engine.

M111 release

The M111 release of Vertex AI Workbench instances includes the following:

• Miscellaneous software updates.

The M111 release of Vertex AI Workbench user-managed notebooks includes the following:

• PyTorch 2.0 user-managed notebooks instances now include PyTorch XLA 2.0.
• Miscellaneous software updates.

The M111 release of Vertex AI Workbench managed notebooks includes the following:

• Miscellaneous software updates.

Policy-based routing is available in General Availability. You can select a next hop based on more than a packet's destination IP address. You can match traffic by protocol and source IP address as well.

AlloyDB now lets you use and manage data-encryption keys residing outside of Google Cloud using Cloud External Key Manager.

Artifact Registry now supports HTTP access to Apt repositories. For more information, see Configure HTTP access to an Apt repository.

You can now create a federated dataset in BigQuery that federates to an existing database in AWS Glue. This feature is in preview.

You can now create definer's rights views in Cloud Spanner. A definer's rights view adds additional security functionality by providing different privileges on the view and the underlying schema objects. Users with access to a definer's rights view can see and query its contents even if they don't have access to the view's underlying schema objects. For more information, see About views.

You can now configure IAM workforce identity federation using the Google Cloud console. To learn more, see the configuration guides for Azure AD, Okta, or other OIDC and SAML 2.0 providers. The feature is in Preview.

The create_dashboard_render_task now takes in an optional theme property to specify the theme to apply to the rendered dashboard.

For SFTP and S3 destinations, the timestamp in the filename of the scheduled delivery will respect the Delivery time zone.

When the Email Allowlist for Scheduled Content Labs feature is enabled, admin users can use the looker_internal_email_domain_allowlist user attribute to define email allowlist domains at a group level.

When the Advanced Granular Permissions Labs feature is enabled, admin users can use six new permissions to delegate management of user attributes, groups, roles, private labels, themes, and embed settings to non-admin users.

When you set up SAML authentication, merging users from OIDC into SAML is now supported.

The AND/OR Filters in Explores Labs feature is now enabled by default. When this feature is enabled, Looker Explores contain a new experience for creating and editing filters with AND/OR filter logic without the need to create custom filter expressions.

Administrators can set a data retention policy (Preview) on a project, on a new portal, or both. For more information, see Configure data retention policy.

The array subscript operator now returns a value in an array directly by index. Previously, only offset and ordinal were available. This feature is generally available (GA).

The struct subscript operator has been added. With this operator, you can access a STRUCT field by index, offset, or ordinal. This feature is generally available (GA).

Cloud Composer 2 is now available in Doha (me-central1).

You can now use node auto-provisioning for TPU slices. With this feature, Standard clusters with GKE version 1.28 and later provision TPU node pools and multi-host TPU accelerators automatically to ensure the capacity required to schedule AI/ML workloads. To learn more, see Configuring TPU node auto-provisioning.

The following resource types are now publicly available through the Search APIs (SearchAllResources, SearchAllIamPolicies).

• Financial Services
  • financialservices.googleapis.com/Instance
• Discovery Engine
  • discoveryengine.googleapis.com/Collection
  • discoveryengine.googleapis.com/DataStore

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

• Speaker ID
  • speakerid.googleapis.com/Settings

You can now choose not to specify the number of nodes when creating a Cloud Bigtable cluster using the gcloud CLI. This configuration lets Bigtable automatically calculate the number of nodes based on your data footprint and optimize for 50% storage utilization. To learn more, see Create an instance. This feature is generally available (GA).

Query Optimizer version 6 is generally available. Version 5 remains the default optimizer version in production.

Validate the resource locations for all Document Warehouse API requests.

The Google Cloud console now supports a usage dashboard for each database.

Security Command Center now supports CIS Google Cloud Computing Foundations Benchmark v2.0.0.

The support for v2.0.0 includes the following new vulnerability detector:

• Load balancer logging disabled

For more information, see the following:

• Detectors and compliance
• CIS Google Cloud Foundation 2.0.0

Datastream now supports SSL/TLS encryption for Oracle sources. For more information, see the Datastream API reference documentation.

Access Approval supports Firebase Security Rules in the Preview stage.

When creating an AlloyDB cluster, you can now specify an IP range for private services access. This is optional; if you do not specify an IP range, then AlloyDB selects one for you.

Go 1.21 is now generally available.

Dataproc Auto zone placement for clusters is now available in the Google Cloud console by selecting the "Any" option for the cluster zone.

Vertex AI Prediction

You can now use A2 Ultra machines to serve predictions in us-central1, us-east4, europe-west4, and asia-southeast1. Each A2 Ultra machine has a fixed number of NVIDIA A100 80GB GPUs attached.

Vertex AI Search (Enterprise Search): Page numbers for extractive segments

Page numbers can be returned with extractive segments. Page numbers indicate where an answer was extracted from in a document.

For more about extractive segments, see Get snippets and extracted content.

Access Transparency logs are enhanced with an eventID that signifies the incident that resulted in the access by Google personnel. For example, a support case that results in several accesses from the support and engineering teams in order to resolve the case. Accesses related to the same support case share the same eventID in Access Transparency logs.

For more information about this field, see Log field descriptions.

Preview: You can view the following when using Capacity Planner:

• The 50th and 75th percentile usage and forecast of your VMs.

• The historical usage of your VMs up to 2 years in the past.

• The usage and forecast of all machine families in a project.

For more information, see About Capacity Planner.

Preview: You can generate gcloud CLI commands to create future reservation requests of Compute Engine zonal resources based on the actual or forecasted usage of your VMs. Future reservations are useful to secure capacity up to 1 year in advance for forecasted spikes.

For more information, see Reserve capacity from actual or forecasted usage.

Users can now use manual triggers, webhook triggers, and Pub/Sub triggers to build Bitbucket Server and Bitbucket Data Center repositories through Cloud Build repositories (1st gen). This feature is generally available. To learn more, see Build repositories from Bitbucket Server and Build repositories from Bitbucket Data Center.

Maintenance windows configuration is now generally available (GA).

Cloud Data Fusion version 6.9.2 is generally available (GA). This release is in parallel with the CDAP 6.9.2 release.

Features in Cloud Data Fusion 6.9.2:

• Editing deployed batch pipelines is generally available (GA).
• Using Pub/Sub sources in streaming data pipelines is GA.
• Wrangler Filter Pushdown is GA.
• Pushdown for window aggregations is GA.

Ops Agent version 2.39.0 introduces support for Compute Engine Arm VMs that are running Ubuntu 20.04 LTS (Focal Fossa). For more information, see Support for Compute Engine Arm VMs.

Enabled trusted IMA certificate loading from /etc/ima/pubkey.x509.

Enabled trusted IMA certificate loading from /etc/ima/pubkey.x509.

Service account delegation for workflow execution is now available. You can configure service account delegation for whole repositories, or for individual workflow configurations.

The following features have been introduced in this release of Distributed Cloud Edge:

• Bastion host support. Distributed Cloud Edge now allows you to set up one or more bastion host virtual machines. The bastion host feature allows Google support engineers to connect to your Distributed Cloud Edge deployment and work with you to diagnose and resolve issues. For more information, see Configure a bastion host. This is a preview-level feature.

• Selectable cluster software versions. You now have the option to create a cluster running a specific version of Distributed Cloud Edge software, starting with version 1.5.0. For more information, see Create and manage clusters. This is a preview-level feature.

• Container image registry access over secondary networks. Distributed Cloud Edge now allows you to specify the network interface in the spec.containerRuntimeDNSConfig field of the NodeSystemConfigUpdate resource. This allows you to specify a container image registry IP/domain pair for a network interface other than the primary. For more information, see NodeSystemConfigUpdate resource. This is a preview-level feature.

• CMEK support for local control plane nodes. You can now configure Cloud KMS integration for storage on nodes running local control planes for Distributed Cloud Edge clusters. For more information, see Enable support for customer-managed encryption keys (CMEK) for local storage.

1.27.0-gke.1

• Added Binary Authorization support which is a deploy-time security control that ensures only trusted container images are deployed. With Binary Authorization, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process. For details about how to enable Binary Authorization on your clusters, see How to enable Binary Authorization.

• Added the authorization.admin_groups field. This allows users to specify Google groups as cluster-admins through the management plane.

• Enabled gzip compression for fluent-bit's ingestion of logs into Cloud Logging. This improves the efficiency of log transfer for both the control plane and workloads.

• Added proxy support for attaching AKS/EKS clusters. For details, see Connect to your EKS cluster and Connect to your AKS cluster.

1.27

• Preview: Enabled surge updates. Surge updates allow you to configure the speed and disruption of node pool updates. Please contact your account team to opt into the preview.

• GA: Added support for AWS spot instance node pools. Creating AWS spot node pools is now GA. Spot instance node pools are pools of Amazon EC2 Spot Instances that are available on AWS at a lower cost.

• GA: Enabled node auto repair. This feature continuously monitors the health of each node in a node pool.

• Added Binary Authorization support which is a deploy-time security control that ensures only trusted container images are deployed. With Binary Authorization, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process. For details about how to enable Binary Authorization on your clusters, see How to enable Binary Authorization.

• Added support for a new admin-groups flag in the create and update APIs. This flag allows customers to quickly and easily authenticate listed groups as cluster administrators, eliminating the need to manually create and apply RBAC policies.

• Added an ignore_errors option to the delete API to handle cases where accidentally deleted IAM roles or manual removal of resources prevent the deletion of clusters or node pools. By appending ?ignore_errors=true to the DELETE request URL, users can now forcibly remove clusters or node pools. However, this approach might result in orphaned resources in AWS or Azure, requiring manual cleanup.

• Upgraded the snapshot-controller and csi-snapshot-validation-webhook to v6.2.2. This new version introduces an important change to the API. Specifically, the VolumeSnapshot, VolumeSnapshotContents, and VolumeSnapshotClass v1beta1 APIs are no longer available.

• Disabled the unauthenticated kubelet read-only port 10255. Once a node pool is upgraded to version 1.27, workloads running on it will no longer be able to connect to port 10255.

• Enabled gzip compression for fluent-bit's ingestion of logs into Cloud Logging. This improves the efficiency of log transfer for both the control plane and workloads.

• Optimized audit-proxy's audit Logging ingestion by enabling gzip compression.

• Improved security by adding file-integrity checks and fingerprint validation for Google-managed binary artifacts downloaded from Cloud Storage.

• Added support for automatic periodic defragmentation of etcd and etcd-events on the control plane. This feature reduces unnecessary disk storage and helps to prevent etcd and the control plane from becoming unavailable due to disk storage issues.

• Changed the metrics names for Kubernetes resource metrics to use a metrics prefix of kubernetes.io/anthos/ rather than kubernetes.io/. For details refer to the metrics reference documentation.

• Changed default etcd version to v3.4.21 on new clusters for improved stability. Existing clusters upgraded to this version will use etcd v3.5.6.

• Improved node resource management by reserving resources for the kubelet. While this feature is crucial for preventing Out of Memory (OOM) errors by ensuring system and Kubernetes processes have the resources they need, it may lead to workload disruptions. The reservation of resources for the kubelet may affect the available resources for Pods, potentially affecting the capacity of smaller nodes to handle existing workloads. Customers should verify that smaller nodes can still support their workloads with this new feature activated.

  • The reserved memory percentages are as follows:
    • 255 MiB for machines with less than 1GB of memory
    • 25% of the first 4GB of memory
    • 20% of the next 4GB
    • 10% of the next 8GB
    • 6% of the next 112GB
    • 2% of any memory above 128GB
  • The reserved CPU percentages are as follows:
    • 6% of the first core
    • 1% of the next core
    • 0.5% of the next 2 cores
    • 0.25% of any cores above 4 cores

1.25

Expanded the list of metrics collected from node pools to include gke-metrics-agent, cilium-agent, cilium-operator, coredns, fluentbit-gke, kubelet, and konnectivity-agent.

1.27

• GA: Enabled node auto repair. This feature continuously monitors the health of each node in a node pool. Added support for a new admin-groups flag in the create and update APIs. This flag allows customers to quickly and easily authenticate listed groups as cluster administrators, eliminating the need to manually create and apply RBAC policies.

• Upgraded the snapshot-controller and csi-snapshot-validation-webhook to v6.2.2. This new version introduces an important change to the API. Specifically, the VolumeSnapshot, VolumeSnapshotContents, and VolumeSnapshotClass v1beta1 APIs are no longer available.

• Disabled the unauthenticated kubelet read-only port 10255. Once a node pool is upgraded to version 1.27, workloads running on it will no longer be able to connect to port 10255.

• Enabled gzip compression for fluent-bit's ingestion of logs into Cloud Logging. This improves the efficiency of log transfer for both the control plane and workloads.

• Optimized audit-proxy's audit logging ingestion by enabling gzip compression.

• Improved security by adding file-integrity checks and fingerprint validation for Google-managed binary artifacts downloaded from Cloud Storage.

• Added support for automatic periodic defragmentation of etcd and etcd-events on the control plane. This feature reduces unnecessary disk storage and helps to prevent etcd and the control plane from becoming unavailable due to disk storage issues.

• Changed the metrics names for Kubernetes resource metrics to use a metrics prefix of kubernetes.io/anthos/ rather than kubernetes.io/. For details refer to the metrics reference documentation.

• Changed default etcd version to v3.4.21 on new clusters for improved stability. Existing clusters upgraded to this version will use etcd v3.5.6.

• Improved node resource management by reserving resources for the kubelet. While this feature is crucial for preventing Out of Memory (OOM) errors by ensuring system and Kubernetes processes have the resources they need, it may lead to workload disruptions. The reservation of resources for the kubelet may affect the available resources for Pods, potentially affecting the capacity of smaller nodes to handle existing workloads. Customers should verify that smaller nodes can still support their workloads with this new feature activated.

  • The reserved memory percentages are as follows:
    • 255 MiB for machines with less than 1GB of memory
    • 25% of the first 4GB of memory
    • 20% of the next 4GB
    • 10% of the next 8GB
    • 6% of the next 112GB
    • 2% of any memory above 128GB
  • The reserved CPU percentages are as follows:
    • 6% of the first core
    • 1% of the next core
    • 0.5% of the next 2 cores
    • 0.25% of any cores above 4 cores

1.25

Expanded the list of metrics collected from node pools to include gke-metrics-agent, cilium-agent, cilium-operator, coredns, fluentbit-gke, kubelet, and konnectivity-agent.

Application Integration Quick setup (GA)

Application Integration Quick setup is now generally available in all the supported Google Cloud locations.

Quick setup is a single-click operation that automatically provisions Application Integration with the default configurations needed to get you started with the product.

For more information, see Set up Application Integration.

Cloud Load Balancing is introducing new advanced cost, latency, and resiliency optimizations for your global external Application Load Balancer. These include the following capabilities:

• You can use a service load balancing policy to customize the parameters that influence how traffic is distributed within the backends associated with a backend service (for example, load balancing algorithm and auto-capacity draining).
• You can designate specific backends as preferred backends.

For details, see Advanced load balancing optimizations.

A Cloud Spanner multi-region instance configuration is now available in Asia - asia2 (Mumbai/Delhi/Singapore).

Added name validation for the customizable ControllerResource CRDs.

• Added support for CloudIOTDeviceRegistry (v1alpha1) resource.

Added support for ComputeRegionSSLPolicy (v1alpha1) resource.

Added support for VertexAIIndexEndpoint (v1alpha1) resource.

Resource AlloyDBCluster(v1alpha1):

• Added spec.continuousBackupConfig field.
• Added spec.restoreBackupSource field.
• Added spec.restoreContinuousBackupSource field.
• Added status.continuousBackupInfo field.

Resource ArtifactRegistryRepository(v1beta1):

• Added spec.cleanupPolicies field.
• Added spec.cleanupPolicyDryRun field.

Resource BigQueryTable(v1beta1):

• Added spec.maxStaleness field.
• Added spec.externalDataConfiguration.fileSetSpecType field.

Resource CloudBuildTrigger(v1beta1):

• Added spec.gitFileSource.bitbucketServerConfigRef field.
• Added spec.sourceToBuild.bitbucketServerConfigRef field.

Resource CloudFunctions2Function(v1alpha1):

• Added spec.kmsKeyName field.

Resource ComputeAddress(v1beta1):

• Added spec.ipv6EndpointType field.

Resource ComputeBackendService(v1beta1):

• Added spec.securityPolicy field.
• Added spec.connectionTrackingPolicy.enableStrongAffinity field.

Resource ComputeInstance(v1beta1):

• Added spec.networkInterface.items.ipv6AccessConfig.items.name field.
• Added spec.scheduling.localSsdRecoveryTimeout field.

Resource ComputeInstanceTemplate(v1beta1):

• Added spec.disk.items.provisionedIops field.
• Added spec.networkInterface.items.ipv6AccessConfig.items.name field.
• Added spec.scheduling.localSsdRecoveryTimeout field.

Resource ComputeSecurityPolicy(v1beta1):

• Added spec.advancedOptionsConfig.userIpRequestHeaders field.

Resource ComputeTargetInstance(v1beta1):

• Added spec.securityPolicyRef field.

Resource ComputeTargetPool(v1beta1):

• Added spec.securityPolicyRef field.

Resource ContainerCluster(v1beta1):

• Added spec.allowNetAdmin field.
• Added spec.enableK8sBetaApis field.
• Added spec.enableMultiNetworking field.
• Added spec.ipAllocationPolicy.additionalPodRangesConfig field.
• Added spec.monitoringConfig.advancedDatapathObservabilityConfig field.
• Added spec.nodeConfig.hostMaintenancePolicy field.

Resource ContainerNodePool(v1beta1):

• Added spec.networkConfig.additionalNodeNetworkConfigs field.
• Added spec.networkConfig.additionalPodNetworkConfigs field.
• Added spec.nodeConfig.hostMaintenancePolicy field.
• Added spec.placementPolicy.policyNameRef field.

Resource DNSManagedZone(v1beta1):

• Removed spec.privateVisibilityConfig.required field.

Resource EventarcTrigger(v1beta1):

• Added spec.eventDataContentType field.

Resource FirebaseAndroidApp(v1alpha1):

• Added spec.apiKeyId field.

Resource FirebaseWebApp(v1alpha1):

• Added spec.apiKeyId field.

Resource HealthcareFHIRStore(v1alpha1):

• Added spec.defaultSearchHandlingStrict field.
• Added spec.notificationConfigs.items.sendPreviousResourceOnDelete field.
• Added spec.streamConfigs.items.bigqueryDestination.schemaConfig.lastUpdatedPartitionConfig field.

Resource IAMWorkforcePoolProvider(v1beta1):

• Added spec.oidc.clientSecret field.
• Added spec.oidc.jwksJson field.
• Added spec.oidc.webSsoConfig.additionalScopes field.
• Added status.oidc field.

Resource MonitoringAlertPolicy(v1beta1):

• Added spec.conditions.items.conditionPrometheusQueryLanguage field.

Resource PubSubSubscription(v1beta1):

• Added spec.cloudStorageConfig field.
• Added spec.pushConfig.noWrapper field.

Resource RunJob(v1beta1):

• Added status.createTime field.
• Added status.creator field.
• Added status.deleteTime field.
• Added status.expireTime field.
• Added status.lastModifier field.
• Added status.updateTime field.

Resource SecretManagerSecret(v1beta1):

• Added spec.annotations field.
• Added spec.versionAliases field.

Resource SpannerDatabase(v1beta1):

• Added spec.enableDropProtection field.

Resource SQLInstance(v1beta1):

• Added spec.settings.ipConfiguration.pscConfig field.
• Added status.dnsName field.
• Added status.pscServiceAttachmentLink field.

Resource WorkstationsWorkstationCluster(v1alpha1):

• Added spec.privateClusterConfig.allowedProjects field.

The following Dataflow templates are generally available (GA):

• BigQuery to Bigtable
• Pub/Sub to Splunk

Organizational policy for restricting remote repositories is available.

Looker (Google Cloud core) now supports the following regions:

• asia-southeast1 (Singapore)
• australia-southeast1 (Sydney)
• europe-west2 (London)
• europe-west3 (Frankfurt)
• me-west1 (Tel Aviv)
• us-east4 (Northern Virginia)

The following resource types are now publicly available through the Search APIs (SearchAllResources, SearchAllIamPolicies).

• IAM

  • iam.googleapis.com/PolicyV2

• Anthos Multi-Cloud (previously GKE Multi-Cloud)

  • gkemulticloud.googleapis.com/AwsCluster
  • gkemulticloud.googleapis.com/AzureCluster
  • gkemulticloud.googleapis.com/AzureClient
  • gkemulticloud.googleapis.com/AwsNodePool
  • gkemulticloud.googleapis.com/AttachedCluster
  • gkemulticloud.googleapis.com/AzureNodePool

Troubleshooting errors with Duet AI assistance is now available in Preview.