Google Cloud release notes

The following release notes cover the most recent changes over the last 30 days. For a comprehensive list, see the individual product release note pages .

You can see the latest product updates for all of Google Cloud on the Google Cloud release notes page.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

January 07, 2021

VPC Service Controls

General availability for the following integration:

January 06, 2021

AI Platform (Unified) Cloud Data Loss Prevention

Hybrid Jobs are now available for inspecting external data sources.

Config Connector

Config Connector version 1.34.0 is now available.

Added support for IAM Member References. This allows users to create an IAMPolicyMember that references another resource as the IAM member (e.g. IAMServiceAccount, LoggingLogSink). For more information, see the memberFrom field in the IAMPolicyMember reference documentation. Support for IAM Member References is added only to IAMPolicyMember, not IAMPolicy.

Added support for the GameServicesRealm resource.

Added IAM support for ComputeDisk.

Added cacheMode, clientTtl, defaultTtl, maxTtl, negativeCaching, negativeCachingPolicy, serveWhileStale, and customResponseHeaders fields to ComputeBackendBucket.

Added customTimeBefore, daysSinceCustomTime, daysSinceNoncurrentTime, and noncurrentTimeBefore fields to StorageBucket.

Allow for IAMPolicy, IAMPolicyMember, and IAMAuditConfig to reference resources in other namespaces.

Added support for UpdateFailed, DeleteFailed, DependencyNotFound, and DependencyNotReady events to IAMPolicy, IAMPoicyMember, IAMAuditConfig.

Allow for Project and Folder resources to be migrated across folders and organizations by updating the folder-id/organization-id annotation. Only folder-to-folder or organization-to-organization migrations are allowed; folder-to-organization migrations or vice versa are not yet supported.

January 05, 2021

Cloud Composer

In an upcoming Cloud Composer version release, DAG Serialization will be enabled by default when creating new Cloud Composer environments.

Traffic Director

Traffic Director now supports TCP-based services in Preview. This brings service discovery, global load balancing, failover and many other Traffic Director capabilities to your non-HTTP services. See the setup guide to get started and the target proxies documentation for helpful background information.

December 23, 2020

Cloud Monitoring

Alerting is now Generally Available for Monitoring Query Language (MQL). For more information, see Alerting policies with MQL.

December 22, 2020

Filestore

IP-based access control is now generally available.

December 21, 2020

BigQuery

BigQuery standard SQL now supports the BigNumeric data type for high-precision computations. The BigNumeric data type is in Preview.

Cloud SQL for PostgreSQL

IAM database authentication for Cloud SQL for PostgreSQL is now generally available. To get started using IAM database authentication, see the Overview of Cloud SQL IAM database authentication.

December 18, 2020

Cloud Run

Cloud Run now allows you to restrict ingress of your Cloud Run services.

You can now allocate up to 8GiB of memory to your Cloud Run services.

December 17, 2020

AI Platform (Unified)

AI Platform (Unified) now stores and processes your data only in the region you specify for most features. Learn more.

Anthos GKE on AWS

GKE on AWS 1.6.0-gke.3 is now available.

GKE on AWS 1.6.0-gke.3 clusters run the following Kubernetes versions:

  • 1.16.15-gke.5300
  • 1.17.9-gke.6400
  • 1.18.10-gke.900

To upgrade your clusters, perform the following steps:

  1. Upgrade your Management service to 1.6.0-gke.1.
  2. Upgrade your user clusters to a supported Kubernetes version.

GKE on AWS now supports Kubernetes 1.18.

The Kubernetes 1.18 version includes CoreDNS 1.7.1 and Cluster Autoscaler 1.18.

GKE on AWS now supports mounting AWS Elastic File System file systems without having to install a driver.

You can now specify an AWS KMS alias in your anthos-gke.yaml instead of a KMS ARN.

You can now use custom DNS hostnames in your VPC by setting enableDnsHostnames to false

Cluster state synchronizations between the management service and S3 now use HTTPS.

Cloud Billing

Start using the Reports page and Cost Table in the Cloud Console for product-level cost details or subaccounts

Beginning with your January 2021 invoice or statement (available in February 2021), to simplify the format, we are removing all cost details from your invoice and statement documents, including product-level costs and costs by subaccounts (for Resellers). To view all of the cost details on your invoice or statement, in the Cloud Console, access the downloadable Cost Table report. The Cost Table report includes the product-level cost and cost by subaccounts (for Resellers), along with additional details you may need, such as costs by projects, services, SKU IDs, and labels. You can also analyze your usage costs using the Reports page.

For guidance on using these reports, see:

Cloud SQL for MySQL

In Cloud SQL for MySQL, parallel replication is generally available for improving replication performance.

Cloud SQL for PostgreSQL

Cloud SQL has expanded support for PostgreSQL extensions. Three additional PostgreSQL extensions are now available:

  • dblink
  • ip4r
  • prefix

For additional information, see PostgreSQL extensions.

The following PostgreSQL minor versions have been upgraded:

  • PostgreSQL 9.6.18 is upgraded to 9.6.19.
  • PostgreSQL 10.13 is upgraded to 10.14.
  • PostgreSQL 11.8 is upgraded to 11.9.
  • PostgreSQL 12.3 is upgraded to 12.4.
Cloud Spanner

A new multi-region instance configuration is now available in Europe - eur6 (Netherlands/Frankfurt/Zurich).

A new multi-region instance configuration is now available in North America - nam12 (Iowa/Northern Virginia/Oregon/Oklahoma).

Compute Engine

The m1-node-96-1433 sole-tenant node type is now Generally Available.

Dataproc

New sub-minor versions of Dataproc images: 1.3.79-debian10, 1.3.79-ubuntu18, 1.4.50-debian10, 1.4.50-ubuntu18, 1.5.25-centos8, 1.5.25-debian10, 1.5.25-ubuntu18, 2.0.0-RC21-debian10, and 2.0.0-RC21-ubuntu18.

Image 2.0 preview:

Changed the default value of Spark SQL property spark.sql.autoBroadcastJoinThreshold to 0.75% of executor memory.

Fixed SPARK-32436: Initialize numNonEmptyBlocks in HighlyCompressedMapStatus.readExternal

Image 1.4-1.5:

Fixed a NullPointerException in a primary worker shuffle when the BypassMergeSortShuffleWriter is used when some output partitions are empty.

Images 1.5-2.0 preview:

Fixed ZOOKEEPER-1936: Server exits when unable to create data directory due to race condition.

Fixed a bug where Dataproc agent logs had separate entries for exception stack trace in StackDriver.

Identity and Access Management

You can now attach service accounts to resources in other projects. This feature is available in Preview.

Memorystore for Redis

Added support for TLS encryption on Memorystore for Redis.

December 16, 2020

AI Platform Deep Learning Containers

Added TensorFlow 2.4 Deep Learning Containers images.

AI Platform Deep Learning VM Image

M60 release

  • Added TensorFlow 2.4 Deep Learning VM Images
AI Platform Prediction

You can now configure AI Platform Prediction to automatically scale prediction nodes for model versions that use GPUs for online prediction.

Previously, you could only configure manual scaling for model versions that use GPUs. Now, you can choose between automatic and manual scaling.

Using automatic scaling with GPUs is available in preview.

Anthos Service Mesh

1.8.1-asm.5 is now available.

Multi-cluster support for GKE on-prem Beta

Anthos Service Mesh now supports multi-cluster meshes when running on GKE on-prem. For more information, see Add clusters to Anthos Service Mesh on-prem.

New flags for the install_asm script

The install_asm script was enhanced to provide you with more granular control over the changes that the script makes on your project and GKE on Google Cloud cluster. For more information, see the Enablement flags section in the documentation for the script.

Third-party add-ons removed from all profiles

The Prometheus, Grafana, and Kiali add-ons were removed from all Anthos Service Mesh profiles. For information on why the add-ons were removed, see Reworking our Addon Integrations. Installation of these third-party add-ons was removed from the 1.8 IstioOperator API, which means that they can't be installed with the istioctl install command. For information on installing a demo version of the add-ons, see Integrating with third-party add-ons.

Note that by default, metrics are still exported to Prometheus in the asm-multicloud profile. You can optionally enable metrics export to Prometheus in the asm-gcp-multiproject profile.

Anthos Service Mesh 1.8 isn't supported on Anthos attached clusters and GKE on AWS

Anthos Service Mesh 1.8 currently isn't supported on Anthos attached clusters (Microsoft AKS and Amazon EKS) and GKE on AWS (Amazon EC2). Anthos Service Mesh 1.7 and 1.6 are supported for these environments. For more information, see the following guides:

Reduced permissions required for installation

The permissions required for installation have been scaled back. Testing has shown that the Project Editor role can be replaced with more granular roles. For the complete list, see Permissions required to install Anthos Service Mesh.

BigQuery Data Transfer Service

BigQuery Data Transfer Service is now fully integrated with VPC Service Controls, and can be protected using a service perimeter. Please refer to VPC-SC supported products page for more info.

Cloud Billing

Recommendations for Compute Engine committed use discounts are now Generally Available. Recommendations provide you opportunities to optimize your compute costs by analyzing your VM spending trends and recommending committed use discount contracts. For understanding and purchasing committed use discount recommendations, see the documentation.

Cloud Composer

Preview: A new Logs tab has been added to the Environment details page.

Cloud Logging

Logs regionalization is now generally available. You can set the region in which you want to store your logs data. For information about this feature, refer to the Regionalization documentation.

Cloud Monitoring

The dashboard editor that lets you create and edit all dashboard widget types, including gauges, scorecards, and text boxes, is now Generally Available. With this editor, you can quickly configure dashboard widgets by using Basic Mode, you can access all aggregation options with Advanced Mode, and you can use Monitoring Query Language when you select MQL Mode. When you set the dashboard layout to mosaic mode, you can resize and reposition widgets. For more information, see Custom dashboards.

Cloud NAT

The ability to enable or disable Endpoint-Independent Mapping for your gateway is available in General Availability.

Cloud Run

You can now build and deploy source code to Cloud Run using a single command: gcloud beta run deploy --source .

Cloud SQL for PostgreSQL

Cloud SQL for PostgreSQL now supports the effective_cache_size flag.

Cloud Tasks

The relationship between your queues and your App Engine app has changed. If your queues only manage tasks with HTTP Targets, you no longer need to have an enabled App Engine app. For more information, see Managing the Cloud Tasks queue transition.

Compute Engine

Compute-optimized (C2) machines are now available in Montréal, in all three zones , northamerica-northeast1-a,b,c. For pricing, see VM instance pricing.

Google Cloud Armor

Google Cloud Armor Managed Protection Plus tier is now available in public preview.

Virtual Private Cloud

Access to Google APIs and services using Private Service Connect is now available in Preview.

DNS peering for private services access is now available in General Availability.

December 15, 2020

Cloud Build

Users can now create manual triggers to run builds at a specified time. To learn more about how to schedule your builds, see Scheduling your build.

Compute Engine

Preview: Accelerator-optimized (A2) machine types are now available in the following three regions:

  • Iowa, North America: us-central1-a,c
  • Netherlands, Europe: europe-west4-a,b
  • Singapore, APAC: asia-southeast1-c

Preview: NVIDIA® A100 GPUs are now available in the following three regions:

  • Iowa, North America: us-central1-a,c
  • Netherlands, Europe: europe-west4-a,b

  • Singapore, APAC: asia-southeast1-c

    For more information, see GPUs on Compute Engine.

Dataproc

Announcing the Beta release of the Dataproc cluster Stop/Start.

Announcing the General Availability (GA) release of the Dataproc Workflow Timeout feature, which allows users to set a timeout on their graph of jobs and automatically cancel their workflow after a specified period.

Dialogflow

GA (general availability) launch of Dialogflow CX.

CX Regionalization expanded to multiple regions globally.

CX Analytics for agent activity statistics.

CX Prebuilt agents for common agent use cases.

CX Customer-managed encryption keys (CMEK) to manage your own Dialogflow data encryption keys.

CX Security settings to control data redaction and data retention.

CX DTMF input for telephony partner integrations.

CX Parameter redaction to redact end-user parameter data from logs.

Google Cloud Armor

Third-party named IP address lists are now in general availability. Note that when Google Cloud Armor Managed Protection Plus tier is in general availability, your ability to use third-party named IP address lists will be affected by which Managed Protection tier your projects are in.

The following new WAF rules have been added in general availability:

  • Method enforcement
  • Scanner detection
  • Protocol attack
  • PHP injection attack
  • Session fixation
Virtual Private Cloud

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in Preview. This feature presently only works with individual VM instances, not with instance templates or managed instance groups.

December 14, 2020

Cloud Bigtable

Key Visualizer diagnostic messages are visible to all Cloud Bigtable customers. Review the message descriptions to learn how diagnostic messages can help you troubleshoot your Cloud Bigtable tables.

Cloud Billing

Cloud Billing Reports page now allows you to save your report views.

The Cloud Billing Reports in the Google Cloud Console allows you to view and visualize your Google Cloud spend over time. You can filter and break down your usage by different dimensions, including: time range, projects, products, SKUs, labels, and subaccounts. Prior to this update, if you wanted to save your filter settings, your only options were to bookmark or make a copy of your report's URL. To offer a better user experience, you can now save your custom report views and access your saved views.

For information on the saved views feature, refer to Saving and sharing report views in the Cloud Billing documentation.

Cloud CDN

Cache modes, TTL overrides and custom response headers are now supported on backend buckets and backend services, and are now Generally Available.

Cache modes allow Cloud CDN to automatically cache static content types, including web assets like CSS, JavaScript and fonts, as well as image and video content.

TTL overrides support fine-tuning how long Cloud CDN caches your responses, and custom response headers introduce a new {cdn_cache_status} variable that is populated with the cache status response.

The Google Terraform provider also supports these latest Cloud CDN features, including cache modes, TTL overrides, and custom response headers. Refer the documentation for compute_backend_bucket and compute_backend_service for how to configure and use the new features with Terraform.

Cloud Composer
  • New versions of Cloud Composer images: composer-1.13.3-airflow-1.10.9, composer-1.13.3-airflow-1.10.10, and composer-1.13.3-airflow-1.10.12. The default is composer-1.13.3-airflow-1.10.10. Upgrade your Cloud SDK to use features in this release.
  • Composer will now fail faster when the network settings in Private IP environments prohibit the download of publicly stored Python packages.
  • Composer Agent error messages are now more descriptive.
  • Composer will now check whether the Artifact Registry API is enabled during updates (if it is required).
Cloud Run

Cloud Run container instances can now process up to 250 concurrent requests, see Configuring maximum concurrency. The default is still 80.

Cloud TPU

Cloud TPU now supports Shared VPC

Shared VPC allows an organization to connect resources from multiple projects to a common VPC network to communicate with each other securely and efficiently using internal IPs from that network. This release enables connecting to Cloud TPU Nodes from Shared VPC networks.

Cloud Vision

OCR On-Prem General Availability (GA) release

OCR On-Prem is now generally available for approved customers. OCR On-Prem enables easy integration of Google image text recognition technologies into your on-premises solution.

For more information, refer to the product documentation. Approved customers can also view the marketplace entry .

Dataproc Metastore

The public Preview release of Dataproc Metastore is now available.

Legacy Dataproc Metastore services created during private Preview (prior to December 14, 2020 at 12:00 PM Pacific Standard Time) will be automatically deleted on January 29, 2021.

The Thrift endpoints of legacy services will continue to function normally, but certain pre-existing functionality such as metadata imports will cease to work. Furthermore, new features (including those announced on December 14, 2020) and bugfixes will not be available to legacy services.

To ensure you receive the newest features, patches, and stability, we strongly recommend you recreate legacy Dataproc Metastore services. Since the new metadata export feature is not available for legacy services, if you need help migrating metadata from a legacy service, the Dataproc Metastore team will be happy to assist you with a manual migration.

Please contact dataproc-metastore-support@google.com with any questions or to request help migrating metadata.

Google Cloud VMware Engine

All new VMware Engine private clouds now deploy with VMware vSphere version 7.0 and NSX-T version 3.0. Existing private clouds will be upgraded to vSphere version 7.0 and NSX-T version 3.0 over a period of time in December 2020 and January 2021.

See Service announcements for more details on the contents of this upgrade.

Increased maximum number of nodes in a private cloud cluster to 32. This change applies to new clusters. Existing clusters can be expanded up to 32 nodes after the upgrade to vSphere 7.0 version.

When VMware Engine replaces a failed node, node customizations now transfer from the failed node to the replacement node. Customizations include vSphere labels, vSphere custom attributes, vSphere tags, and any affinity and anti-affinity rules.

VMware Engine now advertises routes learned from a VPC to your VMware Engine private cloud network, and advertises routes learned from your private cloud to a VPC. This allows network communication between Google Cloud resources and private cloud resources.

Identity and Access Management

You can now use Cloud Monitoring to check when your service accounts and service account keys were used. This feature is generally available.

VPC Service Controls

Preview support for the following integration: