Google Cloud release notes

M77 release

TensorFlow Enterprise 2.6.0 is now available and includes Long Term Version Support.

M77 release

TensorFlow Enterprise 2.6.0 is now available and includes Long Term Version Support.

Dialogflow CX GA (generally available) launch of Experiments to compare the performance of flow versions to a control version while handling live traffic.

Event Threat Detection, a built-in service of Security Command Center Premium, has launched new detectors to protect your Google Workspace domains in general availability. The detectors identify suspicious activities in member accounts and your Admin Console, including leaked passwords, attempted account breaches, settings changes, and possible government-backed attacks. For more information, see Event Threat Detection overview.

Container Threat Detection, a built-in service of Security Command Center Premium, has launched a new detector, Malicious Script Executed, in general availability. The detector uses natural language processing to evaluate bash scripts and determine if they are malicious. For more information, see Container Threat Detection overview

Security Command Center findings now include two new attributes that provide additional information about the type of finding and the activity that triggered it. The attributes include the following:

• Indicator: displayed as indicator. This is an indicator of compromise (IoC), or artifact, observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.
• Finding Class: displayed as findingClass. Indicates the type of finding. The following list includes finding classes and their descriptions:
  • Threat: unwanted or malicious activity
  • Vulnerability: a potential weakness in software that increases risk to the confidentiality, integrity, and availability of your resources
  • Misconfiguration: a potential weakness in a resource's configuration that increases risk
  • Observation: a security observation provided for informational purposes

To learn more about findings, see the Findings tab in Using the Security Command Center dashboard.

The use of private worker pools is now available for building your functions.

General availability for the following integration:

• Cloud DNS

You can use TPU Pods for training. This feature is available in Preview.

Anthos clusters on VMware 1.7.3-gke.2 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.7.3-gke.2 runs on Kubernetes 1.19.12-gke.1100.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.8, 1.7, and 1.6.

Users can now build repositories from GitHub Enterprise, including on-premises instances. For more information, see Creating GitHub Enterprise triggers.

When you create a line chart on a dashboard, you can now specify whether the selected metric is charted against the left Y-axis or the right Y-axis. This feature lets you display different metrics with different scales on the same chart. For an API example, see Dashboard with an XyChart and a threshold.

The Cloud SQL Admin API v1 is now generally available. It is and will continue to be compatible with the v1beta4 version. There is no requirement to migrate from v1beta4 to the v1 Admin API.

The Cloud SQL Admin API v1 is now generally available. It is and will continue to be compatible with the v1beta4 version. There is no requirement to migrate from v1beta4 to the v1 Admin API.

The Cloud SQL Admin API v1 is now generally available. It is and will continue to be compatible with the v1beta4 version. There is no requirement to migrate from v1beta4 to the v1 Admin API.

The principal component analysis (PCA) model is now available for preview. For more information, see CREATE MODEL statement for PCA models and the PCA details in the end-to-end user journey.

Preview: You can now use the Slurm-GCP workload manager to create clusters that are based on the HPC virtual machine (VM) image and comply to the Intel Select Solution for Simulation and Modeling criteria. For more information, see Creating Intel Select Solution HPC clusters.

Anthos clusters on VMware 1.6.4-gke.7 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.6.4-gke.7 runs on Kubernetes 1.18.20-gke.2900.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.8, 1.7, and 1.6.

Users can now configure triggers to use a particular service account. To learn more, see Configuring user-specified service accounts.

When upgrading your environment to a new version, you can now check if PyPI packages installed in your environment have any conflicts with preinstalled packages in the new Cloud Composer image.

A new UI for creating alerting policies is available in Preview. This interface offers fine-grained control over the selection of the metrics used in alerting conditions. See Managing Alerting Policies for more information.

GKE Multi Cluster Ingress is now available through standalone per-Pod pricing in addition to Anthos licensing for all GKE release channels.

BigQuery now supports the ALTER COLUMN SET DATA TYPE data definition language (DDL) statement. This feature is generally available (GA).

BigQuery now supports the following data definition language (DDL) statement:

• CREATE TABLE LIKE
• CREATE TABLE COPY

This feature is generally available (GA).

Cloud Bigtable is now available in the northamerica-northeast2 (Toronto) region.

The following new region is now available: northamerica-northeast2.

Support for northamerica-northeast2-a,b,c (Toronto) region.

Support for northamerica-northeast2-a,b,c (Toronto) region.

Support for northamerica-northeast2-a,b,c (Toronto) region.

Added support for changing instance configuration (Preview).

Toronto region (northamerica-northeast2) launched.

• New location for storing your data.

Cloud VPN is now available in region northamerica-northeast2 (Toronto, Canada).

Pricing is available on the Cloud VPN pricing page.

Toronto, Ontario, Canada northamerica-northeast2-a,b,c region has launched with E2, N2, N1 virtual machine (VM) instances in all three zones. See VM instance pricing for details.

Disks, snapshots, and images are available in Toronto, Ontario, Canada northamerica-northeast2 in all three zones. See Disks and image pricing for details.

Generally available: You can update the descriptions of your managed instance groups by using the API or gcloud tool.

Dataflow is now able to use workers, Dataflow Shuffle, Streaming Engine, FlexRS, and regional endpoints in zones in Toronto (northamerica-northeast2).

Dataproc is now available in the northamerica-northeast2 region (Toronto).

Filestore is available in the northamerica-northeast2 (Toronto) region. See Regions and zones.

Added new Memorystore for Memcached region: Toronto (northamerica-northeast2).

Added new Memorystore for Redis region: Toronto (northamerica-northeast2).

Pub/Sub Lite is now available in northamerica-northeast2 (Toronto).

For auto mode VPC networks, added a new subnet 10.188.0.0/20 for the Toronto northamerica-northeast2 region. For more information, see Auto mode IP ranges.

This release includes the new ListProvisionableCloudIdentityTypes method.

ListProvisionableCloudIdentityTypes returns the Google Workspace customer types you can create for a given domain, and shows if they require a transfer.

You can now use Puppet to install and manage the Google Cloud operations suite agents across your fleet of Linux and Windows VMs. For more information, refer to the Puppet Integration documentation.

The API to manage the metrics scope of a Google Cloud project is now in Preview. For more information, see Manage metrics scopes with the API.

You can now use Puppet to install and manage the Google Cloud operations suite agents across your fleet of Linux and Windows VMs. For more information, refer to the Puppet Integration documentation.

Cloud NAT rules is available in Preview. NAT rules let you create access rules that define how Cloud NAT is used to connect to the internet. NAT rules support source NAT based on destination address.

Preview: You can now share reservations of Compute Engine zonal resources between multiple projects. Learn about shared reservations and creating a shared reservation.

Added support for MonitoringMetricDescriptor resource.

CloudBuildTrigger: added webhookConfig and pubsubConfig options for triggers.

Added a list of resources which have service-generated resource IDs.

Added limited support for the cnrm.cloud.google.com/state-into-spec annotation, which allows merge and absent values to merge GCP state into the spec field or not, respectively.

Currently only supported for BigQueryDataset.

M76 Release

• Added the Vertex SDK for Python.
• Regular package refreshment and bug fixes.

M76 Release

• Added the Vertex SDK for Python.
• Regular package refreshment and bug fixes.

Filestore now has a new Enterprise tier, which allows you to create 1-10 TiB regional instances that can scale up and down with your storage needs.

Filestore now supports private services access, which allows you to create instances on a Shared VPC network in service projects.

You can now use Activity Analyzer to see when your service accounts and keys were last used to call a Google API. This feature is in Preview.

Enabled cross region access for Memorystore for Redis.

Cloud Logging now lets you control access to individual log entry fields using field-level access control. To learn more, see Field-level access control.

Added WALKING and CYCLING as commute options in the CommuteFilter.

Dataproc Metastore backups and restores support cross-service restoration of metadata.

Automated assessment and migration of your existing CF foundation.

[PREVIEW] NFS broker automatically configures NFS mounts on your cluster for Apps to bind to.

[PREVIEW] Schedule Tasks to run at recurring intervals specified using the unix-cron format.

[PREVIEW] Support for Anthos clusters on VMware via the Early Access program.

General availability for the following integration:

• Filestore

Release 1.8.2

Anthos clusters on bare metal 1.8.2 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.8.2 runs on Kubernetes 1.20.

Features:

• Preview: Added capability to rotate cluster certificate authorities (CAs) for user clusters. For instructions on using the bmctl cluster credentials command to rotate cluster CAs, see Rotate user cluster certificate authority.

• Preview: Added support for AppArmor with Anthos clusters on bare metal. You don't need to disable AppArmor on Ubuntu as a prerequisite for installation. When you create new 1.8.2 clusters or upgrade clusters to version 1.8.2, you can enable AppArmor either before or after you upgrade.

Airflow 2.1.1 is available in Cloud Composer images.

Cloud EKM now supports Artifact Registry, Logs Router in Cloud Logging, and Cloud Spanner. For more information, see Cloud External Key Manager.

Cloud Monitoring now provides a new predefined dashboard called External HTTP(S) Load Balancers. The new dashboard provides powerful visualizations to help you understand and troubleshoot connectivity issues on your external HTTP(S) load balancers.

For details, see HTTP(S) Load Balancing logging and monitoring.

• Cloud SQL for PostgreSQL now supports the following flags:
  • tcp_keepalives_count
  • tcp_keepalives_idle
  • tcp_keepalives_interval

For more information about these flags, see the Cloud SQL for PostgreSQL flags documentation.

The Wide-and-Deep model is now available for preview. 'DNN_LINEAR_COMBINED_CLASSIFIER' and 'DNN_LINEAR_COMBINED_REGRESSOR' create Wide-and-Deep Classifier and Regressor models, respectively.

You can use the Reduction Server algorithm (Preview) to increase throughput and reduce latency during distributed custom training.

Publishing services and accessing published services using Private Service Connect is now available in General Availability.

A list.concat function has been added to support adding an element to a list.

BigQuery now supports the INTERVAL type, which represents a duration or an amount of time. This type is in Preview.

Explainable artificial intelligence (XAI) helps you understand the results that your predictive machine-learning model generates for classification and regression tasks by defining how each feature in a row of data contributed to the predicted result. This feature is now available for preview.

Cloud Build private pools are now generally available. Private pools offer regionalization and greater customization over the build environment, including the ability to access resources in a private network with support for VPC Service Controls. For more information, see Private pools overview.

When you make an internal TCP/UDP load balancer the next hop of a static route, the route can now have network tags.

In addition, you now have two different ways to specify the next hop:

• Forwarding rule's name and the load balancer's region
• Internal IP address of the forwarding rule

For more information, see the following pages:

• Internal TCP/UDP load balancers as next hops
• Creating the static routes that define the load balancers as the next hops

Cloud Run VPC Service Controls are now at General Availability (GA).

Committed use discounts are now at General Availability (GA).

The following organization policies are now at General Availability (GA): Cloud Run Allowed ingress settings and Allowed VPC egress settings.

Recommender now generates lateral movement insights, which identify roles that allow a service account in one project to impersonate a service account in another project. You can manage lateral movement insights using the gcloud command-line tool or the Recommender REST API. This feature is available in Preview.

The Organization Policy constraints Allowed ingress settings and Allowed VPC egress settings for Cloud Run have launched into general availability.

Support for Cloud Run is now at General Availability (GA).

The following features are generally available (GA):

• Access Transparency for Vertex AI
• Using a custom service account for custom training and prediction
• Using VPC Service Controls with Vertex AI
• Setting up VPC Network Peering with Vertex AI and using private IP for custom training (Using private IP for prediction and vector matching with Matching Engine remains in preview.)

DML query jobs now return statistics about the number of rows that were inserted, deleted, or updated. For more information, see DmlStats in the Job resource type. In addition, DML statistics are now available in the INFORMATION_SCHEMA.JOBS_BY_* views. This feature is generally available (GA).

Time series models now support holiday effects for weekly time series, in addition to the daily time series that was previously supported. This feature is now generally available (GA).

The new External HTTP(S) Load Balancers dashboard in Monitoring provides powerful visualizations to help you understand and troubleshoot connectivity issues on your external load balancers.

Cloud Run container instances can now process up to 1,000 concurrent requests, see Setting maximum concurrency. The default is still 80.

• The following PostgreSQL minor versions and extension versions are now available. If you use maintenance windows, you might not yet have these versions. In this case, you will see the new versions once your maintenance update occurs. To find your maintenance window or manage maintenance updates, see Finding and setting maintenance windows.
  • 9.6.21 is upgraded to 9.6.22.
  • 10.16 is upgraded to 10.17.
  • 11.11 is upgraded to 11.12.
  • 12.6 is upgraded to 12.7.
  • 13.2 is upgraded to 13.3.
• pglogical extension is upgraded to 2.3.4.
• PostGIS extension is upgraded to 3.0.3 for all PostgreSQL major versions.

Storage Transfer Service now offers Public Preview support for managing on-premises transfer via API. Customers can use RESTful APIs to automate their on-prem to Cloud transfer workflow.

For more information, see Managing Transfer for on-premises jobs.

Artifact Registry now supports Cloud External Key Manager (Cloud EKM) when using customer-managed encryption keys.

You can now use Cloud External Key Manager keys for organization-level Log Router CMEK. For more information, see Enabling customer-managed encryption keys for Log Router.

Connectivity Tests now includes a feature that verifies connectivity to and from Google-managed services, such as Google Kubernetes Engine (GKE) control planes or Cloud SQL instances. The Connectivity Tests configuration analysis can now run a test and provide an overall reachability result for Google-managed services. For more information, see Connectivity Tests overview.

Platform logs are now supported by Cloud Logging.

Anthos clusters on VMware 1.8.1-gke.7 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.1-gke.7 runs on Kubernetes v1.20.8-gke.1500.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.8, 1.7, and 1.6.

Cloud Composer environments with Airflow 2 can run more than one Airflow scheduler. This feature brings Airflow HA scheduler to Cloud Composer environments.

Cloud Run for Anthos is now available as a separate experience from the managed Cloud Run product in the Google Cloud Console.

The new Cloud Run for Anthos page provides you a product specific experience for all your Cloud Run for Anthos services.

Learn more

Preview: You can use the Help Assistant in the Google Cloud Console to find answers to questions about Compute Engine.

Added support for GKEHubFeatureMembership resource.

Added spec.projectRef to ServiceUsageService.

Added the following output-only fields:

• BigQueryJob: query.destinationEncryptionConfiguration.kmsKeyVersion, load.destinationEncryptionConfiguration.kmsKeyVersion, and copy.destinationEncryptionConfiguration.kmsKeyVersion.
• BigQueryTable: encryptionConfiguration.kmsKeyVersion.

Added advancedMachineFeatures to ComputeInstance.

Dataflow now supports custom containers in GA.

Avro based imports and exports are generally available (GA).

A C++ client library for IAM is now available. The client library supports the IAM API and the Service Account Credentials API.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.

Time to live (TTL) is now available in public preview. This feature lets database administrators periodically delete unneeded data from Cloud Spanner tables, and so decrease storage and backup costs and potentially increase query performance. To use this feature, a database owner defines a row deletion policy on a table schema.

Google Groups for RBAC is now generally available.

Cloud Run is now covered by FedRAMP Moderate

Granular instance sizing is now available in public preview. Historically, the most granular unit for provisioning compute capacity on Spanner has been the node. To provide more granular control, we are introducing Processing Units (PUs); one Spanner node is equal to 1,000 PUs. You can now provision in batches of 100 PUs, and get a proportionate amount of compute and storage resources. Learn more.

gcloud alpha storage commands are now available.

• These commands provide faster uploading and downloading performance over the gsutil command line tool.

Added support for Maintenance Windows for Memorystore for Redis.

ETags for optimistic concurrency control are generally available (GA) in Secret Manager.

Private endpoints for online prediction are now available in preview. After you set up VPC Network Peering with Vertex AI, you can create private endpoints for low-latency online prediction within your private network.

Additionally, the documentation for VPC Network Peering with custom training has moved. The general instructions for setting up VPC Network Peering with Vertex AI are available at the original link, https://cloud.google.com/vertex-ai/docs/general/vpc-peering. The documentation for custom training is now available here: Using private IP with custom training.

External IPv6 addresses for VM instances is now available in General Availability in supported regions.

You can now use an interactive shell to inspect your training container while it runs. The interactive shell can be helpful for monitoring and debugging training jobs.

This feature is available in preview.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

BigQuery now supports workload management data control language (DCL) statements:

• CREATE CAPACITY
• CREATE RESERVATION
• CREATE ASSIGNMENT
• DROP CAPACITY
• DROP RESERVATION
• DROP ASSIGNMENT

This feature is generally available GA.

BigQuery now supports the following SQL query operators:

• PIVOT operator
• UNPIVOT operator

This feature is generally available (GA).

BigQuery standard SQL now supports the CONTAINS_SUBSTR function. This feature is generally available (GA).

The end-to-end user journey for BigQuery ML documents an overview of the complete machine-learning flow for each available model including feature preprocessing, model creation, hyperparameter tuning, inference, evaluation, model export, etc.

Key Visualizer for Cloud Spanner is now available. Key Visualizer is an interactive monitoring tool to analyze usage patterns in Spanner databases. It reveals trends and outliers in important performance and resource metrics.

Private Catalog launches improvements for using Terraform, including updating solutions, noting version highlights, and updating deployments. Learn more

The Pub/Sub Lite Python client library is now GA.

Security Health Analytics, a built-in service of Security Command Center, has launched a new detector, DATASET_CMEK_DISABLED, in general availability. The detector, available to Security Command Center Premium customers, detects BigQuery datasets that are not encrypted using customer-managed encryption keys (CMEK). For more information, see the DATASET_SCANNER table in Vulnerabilities findings.

Event Threat Detection, a built-in service of Security Command Center Premium, has launched a public preview of new detectors to protect your Google Workspace domains. The detectors identify suspicious activities in member accounts and your Admin Console, including leaked passwords, attempted account breaches, settings changes, and possible government-backed attacks. For more information, see Event Threat Detection overview.

You can now use an interactive shell to inspect your custom training container while it runs. The interactive shell can be helpful for monitoring and debugging training.

This feature is available in preview.

This feature has been moved to a future release. It is not currently available.

Added DATA_READ and DATA_WRITE Data Access audit logs. See Firestore in Datastore mode audit logging information. This feature is available in Preview.

This feature has been moved to a future release. It is not currently available.

Added DATA_READ and DATA_WRITE Data Access audit logs. See Firestore audit logging information. This feature is available in Preview.

M75 Release

• Enhanced environment configurations so it is easier to install additional frameworks in CUDA containers.

M75 Release

• Improved the clarity of error messages for custom container users.

Traffic Director can now use internet NEGs of the type INTERNET_FQDN_PORT to route traffic to private services that are reachable using hybrid connectivity, including named on-premises, multi-cloud, and internet services. For full details, see Traffic Director with internet network endpoint groups.

Airflow 2.0.2 is available in Cloud Composer images.

You can now use the gcloud beta ai custom-jobs create command to build a Docker image based on local training code, push the image to Container Registry, and create a CustomJob resource.

The VM instances page has a new Processes tab in Preview. This tab adds charts for process metrics to the charts provided by the existing CPU, Memory, Disk, and Network tabs.

Preview: Access the Compute Engine API using Cloud Client Libraries built on our latest client library model. An updated client library is now available in the following language:

• Go

For more information, see Compute Engine client libraries.

Preview: The Observability tab on Compute Engine's VM instance details page includes a new category for process metrics. You can use the new charts and reports to troubleshoot the behavior of processes running on your VMs.

Added support for ComputeInstanceGroupManager resource (Issue #314).

Added support for BinaryAuthorizationPolicy resource.

Added cluster.kmsKeyRef field to BigtableInstance.

Added expire, rotation, topics, and ttl fields to SecretManagerSecret (Issue #471).

Added timestamp to log messages.

Aggregated the cnrm-admin ClusterRole to the admin and edit ClusterRoles, and aggregated the cnrm-viewer ClusterRole to view ClusterRole. See Aggregated ClusterRoles for details (Issue #486).

Transcoder v1 API is now available. See the migration guide for information on how to update your job templates to the new version.

You can now install the Logging and Monitoring agents on multiple VMs from the Inventory tab on the Cloud Monitoring VM Instances page. You can select multiple VMs in your fleet for agent installation. The page generates the necessary installation command and provides a link to Cloud Shell, where you can run the command.

You can now install the Logging and Monitoring agents on multiple VMs from the Inventory tab on the Cloud Monitoring VM Instances page. You can select multiple VMs in your fleet for agent installation. The page generates the necessary installation command and provides a link to Cloud Shell, where you can run the command.

List object V2 for the XML API^Preview launched.

• List object V2 provides improved interoperability with Amazon S3 tools and libraries.

Cloud Trace announces that the OpenTelemetry library for Java is now generally available. For information about configuring your Java application to use Open Telemetry, see Java and OpenTelemetry.

Backing up and restoring service metadata are generally available (GA).

Anthos clusters on VMware 1.8.0-gke.25 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.0-gke.25 runs on Kubernetes v1.20.5-gke.1301.

IAM database authentication for Cloud SQL for MySQL is now generally available. To get started using IAM database authentication, see Cloud SQL IAM database authentication.

The NUMERIC data type is now supported as a valid key column type, so you can now use NUMERIC type columns when specifying primary keys, foreign keys, and secondary indexes.

The Pub/Sub Lite Go client library is now GA.

You can now containerize and run your training code locally by using the new gcloud beta ai custom-jobs local-run command. This feature is available in preview.

BigQuery now supports materialized views without aggregation and materialized views with inner join. This feature is in Preview.

Cloud Functions now logs pending queue requests abort error messages.

External TCP/UDP Network Load Balancing now allows you to configure a connection tracking policy. A connection tracking policy introduces the following new properties to let you customize your load balancer's connection tracking behavior:

• Tracking mode
• Connection persistence on unhealthy backends

To learn about how connection tracking works, see Backend selection and connection tracking.

To learn how to configure a connection tracking policy, see Configure a connection tracking policy.

This feature is available in Preview.

The Share link feature for queries in the Logs Explorer now lets you choose whether to include an absolute time range or a relative time range. With an absolute time range, the query includes static time values for the results, so the query always returns the same results. With a relative time range, you can set a value like "last 1 hour", and the results change as time passes.

Preview: Cloud Logging now supports alerts based on matching the content of your logs. When triggered, a log-based alert notifies you that a match has appeared in your logs and opens an incident in Cloud Monitoring. You can create log-based alerts by using the Logs Explorer or the Monitoring API. For more information, see Monitoring your logs and Using log-based alerts.

Preview: Cloud Logging now supports alerts based on matching the content of your logs. When triggered, a log-based alert notifies you that a match has appeared in your logs and opens an incident in Cloud Monitoring. You can create log-based alerts by using the Logs Explorer or the Monitoring API. For more information, see Monitoring your logs and Using log-based alerts.

Added NetworkServicesEndpointPolicy support

• In Debian 10 GPU images, updated NVIDIA drivers to 460.73.01 and CUDA to 11.0.3.
• Added support for controlling the Cloud Storage backup synchronization time and reducing the output of synchronization.
• Preinstalled the table of contents extension in JupyterLab.
• Added fastai 2.4 to the PyTorch 1.9 GPU image.

The Cloud Healthcare API offers single-region support in the europe-west3 (Frankfurt) region.

The Cloud Healthcare API offers single-region support in the asia-northeast3 (Seoul) region.

The Cloud Healthcare API offers single-region support in the asia-south1 (Mumbai) region.

Release 1.8.1

Anthos clusters on bare metal release 1.8.1 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos on bare metal 1.8.1 runs on Kubernetes 1.20.

You can now display summaries of single-condition alerting policies on a custom dashboard. A policy summary includes a display of the monitored time series, the threshold, and chips that show the number of open incidents and whether the policy is disabled. For more information about Alert charts, see the following pages:

• Managing dashboards by API
• Adding an alerting policy to a dashboard by using the Cloud Console.

In Dialogflow CX, you can now use the Search feature (Preview launch) to search, filter, and access the core resources within an agent.

In Dialogflow CX, you can now use the sys.long-utterance built-in event to handle user queries exceeding the maximum length (256 characters).

Human in the Loop (HITL) now supports priority queues for each processor, based on the urgency of each document. For more information, see HITL.

Config Management is now available on GKE. Config Management provides you with the following benefits:

• You can now use Policy Controller. Policy Controller enables the enforcement of fully programmable policies for your clusters. To learn more, see Policy Controller overview.
• You can now install Config Sync using the Cloud Console or the gcloud command line tool. To learn more, see Installing Config Sync.

Connectivity to Google-managed services is now generally available in Network Topology. Google Cloud users can use Network Topology to audit their networking configuration and troubleshoot networking issues related to the different Google services in use.

General availability for the following integration:

• Certificate Authority Service

Config Sync now supports accessing Cloud Source Repositories through a Google service account when Workload Identity is enabled in your cluster. To learn more, see Granting Config Sync read-only access to Git.

Config Management is now available on GKE. Config Management enables you to use Policy Controller. GKE users can also now install Config Sync using the Cloud Console or by using the gcloud command-line tool. To learn more, see Installing Config Sync.

You can now configure your cluster with the same settings used by another cluster by using gcloud fetch-for-apply. To learn more, see Configuring Config Sync.

Config Sync cluster selectors support CustomResourceDefinitions.

nomos status shows resource level status when MultiRepo is enabled.

You can now launch Kubernetes 1.20 clusters.

Workload identity to authenticate to Google Cloud services from your user clusters is now available. Using workload identity is supported on user clusters running version 1.20 and higher.

You can now update the security groups associated with user clusters and node pools. For more information, see Updating a user cluster

You can now modify proxy settings on a running cluster. For more information, see Changing Cluster Proxy Settings

Asset Namespaces

The asset namespaces feature enables you to classify categories of assets sharing a common network environment, or namespace, and then perform searches for those assets within the Chronicle user interface based on that namespace. See also the Linux Forwarder documentation for information on how to configure the Forwarder to add namespaces to your security data before it is ingested into your Chronicle account.

Public access prevention^Preview launched.

• Enforcing public access prevention prevents data in your organization or project from being accidentally exposed to the public.

Cloud Translation - Advanced (v3) support for a regional EU endpoint is now in Preview. For more information, see Specify a regional endpoint.

Preview: You can now configure N2D VMs with up to 100 Gbps of network bandwidth.

This feature is ideal for network-intensive distributed workloads.

Learn more about higher bandwidth configurations, the regions and zones where these machines are available, and the post preview pricing for this new feature.

Secret Manager now offers a limited number of free resources as part of the Google Cloud Free program.

For more details on free resources, see Secret Manager pricing.

Transfer service for on-premises data support for delete from source is now Generally Available. For more information, see Data consistency details.

Storage Transfer Service offers Preview for Integration with AWS Security Token Service. Security conscious customers can now use Storage Transfer Service to perform transfers from AWS S3 without passing any security credentials. This release will alleviate the security burden associated with passing long-term AWS S3 credentials, which have to be rotated or explicitly revoked when they are no longer needed. Refer Amazon Web Services (AWS) S3 Federated Identity credentials when setting up access to your data source.

Anthos Service Mesh user authentication is now generally available (GA). This feature lets you use existing Identity Providers (IDP) for user authentication and access control to your workloads. For more information, see Configuring Anthos Service Mesh user authentication.

New features include:

• Private clusters with private IPs
• gcloud alpha container azure clusters and node-pools support
• Application-layer secrets encryption
• Choice of volume type, size, and customer-managed encryption keys
• Cluster Autoscaler

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.

Downloading Events

You can download large numbers of the events associated with each threat detection as a CSV file, enabling you to search across a broad set of the data stored in your Chronicle account to hunt for security issues.

Cloud Logging lets you copy logs from a Cloud Logging bucket to a Cloud Storage bucket. To learn more, see Copying log entries.

The Monitoring dashboards page in the Cloud Console now includes a collection of sample dashboards. The sample dashboards provide support for many common applications. You can preview, install, and then customize these dashboards. For more information, see Installing sample dashboards.

Cloud Run is now available in the following region:

• asia-south2 (Delhi, India)

Cloud SQL for MySQL now offers stored procedures that you can execute on your instances. You can use stored procedures to add or drop secondary indexes on read replicas. See Cloud SQL stored procedures.

Cloud Spanner now supports Cloud External Key Manager (Cloud EKM) when using customer-managed encryption keys. Cloud EKM also provides Key Access Justification to give you more visibility into key access requests.

GPU support on Dataflow is now in General Availability.

The Dialogflow ES API now provides methods for managing versions and environments.

Google Cloud Armor now supports parsing of the JSON content of POST bodies when preconfigured WAF rules are evaluated. JSON parsing must be enabled on a per-security-policy basis. In addition, you can enable verbose request logging to provide more details about why a particular rule was triggered. These features are Generally Available.

Pub/Sub message schemas are now GA.

Secret Manager now has a guide for rotating secrets and binding a secret version to your application.

To learn more, see Rotation of secrets.

Deleting a private services access connection now also removes configurations created by the service producer, if Google is the service producer (for example, Cloud SQL). The improved deletion process simplifies administration if you delete a private services access connection, but later want to recreate it. This feature is now available in General Availability.

BigQuery now supports multi-statement transactions. These allow you to perform mutating operations, such as inserting or deleting rows, on one or more tables, and either commit or roll back the changes atomically. This feature is in Preview.

Cloud Bigtable is now available in the asia-south2 (Delhi) region.

Summary bar now available in the Cost Table report

To provide additional flexibility when analyzing your data in the cost table report, we've added the summary bar as another analysis tool.

When you select a subset of rows in your cost table, a floating summary bar opens and shows you the total gross costs, credits, the percentage of savings, and the total net costs, summarized for the selected rows. The summary bar is available for both the nested and flat table views.

For more information about using the summary bar on the Cost table report, see View and download the cost details of your invoice or statement.

Cloud SQL for MySQL now supports the innodb_flush_log_at_trx_commit flag.

Support for asia-south2 (Delhi) region.

Support for asia-south2 (Delhi) region.

Support for asia-south2 (Delhi) region.

Delhi region (asia-south2) launched.

• New location for storing your data.

Cloud VPN is now available in region asia-south2 (Delhi, India).

Pricing is available on the Cloud VPN pricing page.

Preview: You can now autoscale both regional and zonal managed instance groups based on a Cloud Monitoring metric that provides an aggregated value for the group. You can also apply filters to group metrics to further scope the scaling signal. For more information, see Scaling based on Cloud Monitoring metrics.

Delhi, India asia-south2-a,b,c region has launched with E2, N2, N1, and C2 virtual machine (VM) instances in all three zones. See VM instance pricing for details.

Dataflow is now able to use workers, Dataflow Shuffle, Streaming Engine, FlexRS, and regional endpoints in zones in Delhi (asia-south2).

Dataproc is now available in the asia-south2 region (Delhi).

Filestore is available in the europe-central2 (Warsaw) region. See Regions and zones.

Kf Cloud Service Broker for Google Cloud for Google managed services.

Added new Memorystore for Memcached region: Delhi (asia-south2).

Added new Cloud Memorystore for Redis region: Delhi (asia-south2)

Enhanced runtime support added which lets you deploy containers to GKE Autopilot clusters and to Cloud Run, and simplifies the process of deploying containers to Anthos clusters on AWS that use workload identity. This feature is in preview.

See Enhanced runtime for more.

Added support for the preview release of the fit assessment tool that is intended to eventually replace the existing Linux discovery tool. The new fit assessment tool provides you with:

• Ability to get the inventory information about VMware VMs through direct connection to vCenter.
• Enhanced HTML output that makes it easier to view the assessment results.
• New collection script, mfit_linux_collect.sh, and new assessment tool, mfit.

See Using the fit assessment tool for more.

Secret Manager is now available in asia-south2 (Delhi). See Secret Manager locations for more information.

Secret Manager now has a guide for using Cloud Asset Inventory to identify and audit secrets.

To learn more, see Analyze secrets with Cloud Asset Inventory.

You can now use VPC Service Controls with Traffic Director. You can add projects to service perimeters that protect resources and services (like Traffic Director) from requests that originate outside the perimeter. To learn more about VPC Service Controls, see the VPC Service Controls Overview.

General availability for the following integration:

• Traffic Director

This note is incorrect; see entry for July 5, 2021

For auto mode VPC networks, added a new subnet 10.190.0.0/20 for the Delhi asia-south2 region. For more information, see Auto mode IP ranges.

Anthos clusters on VMware 1.8.0-gke.21 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.8.0-gke.21 runs on Kubernetes v1.20.5-gke.1301.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.8, 1.7, and 1.6.

Platform enhancements:

• Preview: Cluster autoscaling is now available in preview. With cluster autoscaling, you can horizontally scale node pools in proportion to workload demand. When demand is high, the cluster autoscaler adds nodes to the node pool. When demand is low, the cluster autoscaler removes nodes from the node pool, scaling back down to a minimum size that you designate. Cluster autoscaling can increase the availability of your workloads while controlling costs.

• Preview: User cluster control-plane node and admin cluster add-on node auto sizing are now available in preview. The features can be enabled separately in user cluster or admin cluster configurations. When you enable user cluster control-plane node auto sizing, user cluster control-plane nodes are automatically resized in proportion to the number of node pool nodes in the given user cluster. When you enable admin cluster add-on node auto sizing, admin cluster add-on nodes are automatically resized in proportion to the number nodes in the admin cluster.

• Preview: Windows Server container support for Anthos clusters on VMware is now available in preview. This allows you to modernize and run your Windows-based apps more efficiently in your data centers without having to go through risky application rewrites. You can use Windows containers alongside Linux containers for your container workloads. The same experience and benefits that you have come to enjoy with Anthos clusters on VMware using Linux--application portability, consolidation, cost savings, and agility--can now be applied to Windows Server applications also.

• Preview: Admin cluster backup is now available in preview. With this feature enabled, admin cluster backups are automatically performed before and after user and admin cluster creation, update, and upgrade. A new gkectl backup admin command performs manual backup. Upon admin cluster storage failure, you can restore the admin cluster from a backup with the gkectl repair admin-cluster --restore-from-backup command.

Security enhancements:

• The Ubuntu node image is qualified with the CIS (Center for Internet Security) L1/L2 Server Benchmark.

• Generally available: Workload identity support is now generally available. For more information, see Fleet workload identity. The connect-agent service account key is no longer required during installation. The connect agent uses workload identity to authenticate to Google Cloud instead of an exported Google Cloud service account key.

• You can now use gkectl to rotate system root CA certificates for user clusters.

• You can now use gkectl to update vCenter CA certificates for both admin clusters and user clusters.

• Preview: You can enable Secrets encryption with internally generated keys instead of a hardware security model (HSM). This feature will be enabled by default in a future release.

Network feature enhancements:

Preview: Egress NAT gateway is now available in preview. To be able to access off-cluster workloads, traffic originating within the cluster that is related to specific flows must have deterministic source IP addresses. Egress NAT gateway gives you fine-grained control over which traffic gets a deterministic source IP address, and then provides that address. The Egress NAT Gateway functionality is built on top of Dataplane V2.

Storage enhancements:

• The Anthos vSphere CSI driver now supports both offline and online volume expansion for dynamically and statically created block volumes only.

  • Offline volume expansion is available in vSphere 7.0 and later. Online expansion is available in vSphere 7.0u2 and later.

  • The vSphere CSI driver StorageClass standard-rwo, which is installed in user clusters automatically, sets allowVolumeExpansion to true by default for newly created clusters running on vSphere 7.0 or later. You can use both online and offline expansion for volumes using this StorageClass.

• The volume snapshot feature now supports v1 versions of VolumeSnapshot, VolumeSnapshotContent, and VolumeSnapshotClass objects. The v1beta1 versions are deprecated and will soon stop being served.

Simplify day-2 operations:

• You can now use Anthos Identity Service (AIS) and OpenID Connect (OIDC) for authentication to admin clusters in addition to user clusters.

• Preview: Anthos Identity Service can now resolve groups with Okta as identity provider. This allows administrators to write RBAC policy with Okta groups.

• Preview: Anthos Identity service now supports LDAP authentication methods in addition to OIDC. You can use AIS with Microsoft Active Directory without the need for provisioning Active Directory Federation Services.

• The Anthos metadata agent replaces the original metadata agent to collect and send Anthos metadata to Google Cloud Platform, so that Google Cloud Platform can use this metadata to build a better user interface for Anthos clusters. You must 1) enable the Config Monitoring for Ops API in your logging-monitoring project, 2) grant the Ops Config Monitoring Resource Metadata Writer role to your logging-monitoring service account, and 3) add opsconfigmonitoring.googleapis.com to your proxy allowlist (if applicable).

• You can use gkectl diagnose snapshot --upload-to [GCS_BUCKET] --service-account-key-file [SA_KEY_FILE] to automatically upload snapshots to a Google Cloud Storage (GCS) bucket. The provided service account must have the roles/storage.admin IAM role enabled.

BigQuery now supports access management data control language (DCL) statements and corresponding views:

• GRANT
• REVOKE
• INFORMATION_SCHEMA.OBJECT_PRIVILEGES view

GRANT and REVOKE statements are generally available (GA). OBJECT_PRIVILEGES table is available in Preview.

BigQuery now supports the following casting features:

• PARSE_BIGNUMERIC
• PARSE_NUMERIC
• Format clause for CAST available for the following data types:
  • String type
  • Date type
  • Datetime type
  • Time type
  • Timestamp type
  • Numeric types
  • Bytes type
• Numeric type INT64 aliases (INT, SMALLINT, INTEGER, BIGINT, TINYINT, BYTEINT)
• ST_GEOGFROM

These features are generally available (GA).

BigQuery now supports the ALTER COLUMN SET OPTIONS data definition language (DDL) statement. This feature is generally available (GA).

Table functions are now available in Preview. These user-defined functions, commonly known as table-valued functions (TVFs), return a table value.

The Google Trends dataset is now available in Preview and available in the Google Cloud Marketplace.

Audit logging, Cloud Logging, and Cloud Monitoring for the BigQuery Data Transfer Service are now generally available (GA).

Detection Engine API

The VerifyRule method has been added to the Detection Engine API. This method verifies that a rule is a valid YARA-L 2.0 rule without creating a new rule or evaluating it over data.

Cloud Functions is now available in the following region:

asia-east1 (Taiwan)

See Cloud Functions Locations for details.

Cloud Monitoring is launching a new Observability tab on Compute Engine's VM instance details page. This tab replaces the Monitoring tab. The enhanced Observability tab provides access to logs and greater visibility into CPU, disk, and network metrics.

Integration of SQL Server with Managed Service for Microsoft Active Directory is generally available.

This provides capabilities for authentication, authorization, and more.

Joining an instance to a managed Active Directory domain enables you to log in to your SQL Server instances using Windows Authentication. Additionally, you can integrate with your on-premises AD domains by establishing a trust with the Managed Service for Microsoft Active Directory.

Generally available: Compute Engine's VM instance details page has a new Observability tab, which replaces the Monitoring tab. The enhanced Observability tab provides access to logs and greater visibility into CPU, disk, and network metrics.

General-purpose N2D VMs are now available in us-west4-b Las Vegas, NV. See VM instance pricing for details.

Dataflow snapshots are now available in GA.

Dialogflow CX now supports the asia-south1 (Mumbai) region.

In GKE node version 1.21.1-gke.2200 and later, Containerd is available as a runtime for Windows Server LTSC and SAC node images. Containerd is the recommended container runtime for GKE. For more information, see Node images.

The Speech-to-Text now supports multi-region endpoints as a GA feature. See the multi-region endpoints documentation for more information.

BigQuery table snapshots are now in Preview. A table snapshot is a low-cost, read-only copy of a table's data as it was at a particular time. For more information, see Introduction to table snapshots.

Cloud Run is now available in the following region:

• australia-southeast2 (Melbourne)

Dataproc Metastore performs a Hive metadata schema validation when importing metadata into a service.

• For SQL dump, it verifies the tables in the SQL dump file.
• For Avro import, it verifies the Avro file names.
• Both approaches ensure that all tables exist in the import source.

If the verification fails, the operation fails with INVALID_ARGUMENT code and an error message describing which table is missing.

New System functions are now available in Dialogflow CX.

You can now secure your Filestore instances using a VPC service perimeter. For details, see Securing instances with a service perimeter.

You can now use NVIDIA A100 GPUs and several accelerator-optimized (A2) machine types for training. You must use A100 GPUs and A2 machine types together. Learn about their pricing.

Syntax for updating list values and map values is now supported.

Anthos Policy Controller now supports the ability for users to mutate resources as a preview feature. For more information see Mutating resources.

Anthos Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: f6c2fe8).

1.10.2-asm.2 is now available.

This patch release contains the same bug fixes that are in Istio 1.10.2. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

• Upgrading on GKE using the install_asm script
• Upgrading on Anthos clusters on VMware

Anthos clusters on-premises support Mesh CA.

New installations of Anthos Service Mesh 1.10x on Anthos clusters on VMWare and bare metal support the Anthos Service Mesh certificate authority (Mesh CA). For details on the installation, see Installing Anthos Service Mesh on-premises.

When you install Anthos Service Mesh on-premises with Mesh CA, this enables Cloud Monitoring and Cloud Logging by default. Additionally, you can use Cloud Trace (which you enable separately) as needed for troubleshooting.

Google-managed control plane release channels are available.

Anthos Service Mesh releases updates often, to deliver security updates, fix known issues, and introduce new features. Release channels offer you the ability to balance between stability and the feature set of the Anthos Service Mesh version. Google automatically manages the version and upgrade cadence for each release channel. To learn more, see the following:

• 1.9x Google-managed control plane

• 1.10x Google-managed control plane

Migrating to Mesh CA from Istio CA with little or no downtime.

Migrating to Anthos Service Mesh certificate authority (Mesh CA) from Istio CA (also known as Citadel) requires migrating the root of trust. Prior to Anthos Service Mesh 1.10, if you wanted to migrate from Istio on to Anthos Service Mesh with Mesh CA, you needed to schedule downtime because Anthos Service Mesh was not able to load multiple root certificates, which interrupted mutual TLS (mTLS) traffic during the migration.

With Anthos Service Mesh 1.10 and higher, you can install a new in-cluster control plane with an option that distributes the Mesh CA root of trust to all proxies. After switching to the new control plane and restarting workloads, all proxies are configured with both the Istio CA and Mesh CA root of trust. Next, you install a new in-cluster control plane that has Mesh CA enabled. As you switch workloads over to the new control plane, mTLS traffic isn't interrupt. For details, see Migrating to Mesh CA.

New resource types are now available.

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Managed Service For Microsoft Active Directory
  • managedservices.googapis.com/Domain

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Secret Manager (Newly added real-time feed support)
  • secretmanager.googleapis.com/Secret
  • secretmanager.googleapis.com/SecretVersion

Cloud SQL for SQL Server now supports SQL Server 2019. The default version continues to be SQL Server 2017 Standard. See Database versions and version policies.

Preview: Use patch alerting to monitor the patch jobs running in your environment. For more information, see Monitoring patch jobs.

Added support for the following resources:

• MonitoringDashboard
• GKEHubFeature
• IAMPartialPolicy
• NetworkSecurityAuthorizationPolicy
• BinaryAuthorizationAttestor

Versions of included products

• Anthos Config Management v1.8.0, release notes
• Config Connector v1.52.0, release notes

Config Controller can be used to deploy a landing zone blueprint.

Internal load balancer subsetting for GKE is now generally available in GKE versions 1.18.19-gke.1400 and later.

Console Table Management for Cloud Bigtable is now generally available. You can now use the Google Cloud Console to create, edit, and delete Cloud Bigtable tables, column families, and garbage collection policies.

Preview: You can now replicate data continuously and in real time from operational data stores in Oracle into BigQuery using the Oracle (by Datastream) plugin. The plugin is available in Cloud Data Fusion version 6.4.0 or later.

Cloud Router now supports the following:

• Enabling and disabling BGP sessions
• Updating the BGP keepalive interval

Cloud SQL storage limits are now increased to support up to 64 TB. See Cloud SQL storage limits for more information.

The following MySQL minor versions have been upgraded:

• MySQL 5.6.50 is upgraded to 5.6.51
• MySQL 5.7.32 is upgraded to 5.7.33

Cloud SQL storage limits are now increased to support up to 64 TB. See Cloud SQL storage limits for more information.

Cloud SQL storage limits are now increased to support up to 64 TB. See Cloud SQL storage limits for more information.

Best practices are now available for the Compute Engine API.

Added new Memorystore for Memcached region: Melbourne (australia-southeast2).

BigQuery Data Transfer Service now supports Google Merchant Center data transfers for local inventories and regional inventories.

BigQuery ML is releasing the following features for preview:

• The ML.DETECT_ANOMALIES function is now available. This function provides anomaly detection for BigQuery ML. The function runs against time-series data using ARIMA_PLUS models. The function runs against independent and identically distributed (IID) random variables data using AUTOENCODER and KMEANS models.
• The AUTOENCODER model type is now available for CREATE MODEL statements. This is a TensorFlow-based, deep-learning model that supports sparse data representations, and is commonly used in ML tasks such as feature embedding, unsupervised anomaly detection, and non-linear dimensionality reduction. The ML.PREDICT function can use previously built AUTOENCODER models to reduce the dimensionality of query results.
• Hyperparameter tuning is now available and can be used to improve model performance by searching for the optimal hyperparameters when training ML models using CREATE MODEL statements. View the BigQuery ML Hypertuning tutorial to learn how to improve model performance by 40%.

External HTTP(S) Load Balancing and Cloud CDN now support HTTP/3. HTTP/3 is based on the IETF QUIC transport protocol. Compared to HTTP/2, it reduces request latency, improves throughput, and mitigates head-of-line blocking. HTTP/3 is already supported on most major web browsers.

To learn how to enable HTTP/3 on your external HTTP(S) load balancer, visit the documentation.

External HTTP(S) Load Balancing and Cloud CDN now support HTTP/3. HTTP/3 is based on the IETF QUIC transport protocol. Compared to HTTP/2, it reduces request latency, improves throughput, and mitigates head-of-line blocking. HTTP/3 is already supported on most major web browsers.

To learn how to enable HTTP/3 on your external HTTP(S) load balancer, visit the documentation.

Symmetric hashing for internal TCP/UDP load balancers as next hops—When load balancing to multiple NICs on the backends, you no longer need to use source network address translation (SNAT). SNAT isn't required because Google Cloud uses symmetric hashing. This means that when packets belong to the same flow, Google Cloud calculates the same hash. In other words, the hash doesn't change when the source IP address:port is swapped with the destination IP address:port.

This feature is in General Availability.

Cloud Run support for WebSockets, HTTP/2, and gRPC streaming are now at general availability (GA).

Dataflow is now able to use workers, Dataflow Shuffle, Streaming Engine, FlexRS, and regional endpoints in zones in Melbourne (australia-southeast2).

M73 Release

• Upgraded TensorFlow Enterprise 2.1.3 to 2.1.4.
• Upgraded TensorFlow Enterprise 2.3.2 to 2.3.3.
• Miscellaneous bug fixes and updates.

M73 Release

• Upgraded TensorFlow Enterprise 2.1.3 to 2.1.4.
• Upgraded TensorFlow Enterprise 2.3.2 to 2.3.3.
• Disabled automatic updates for Ubuntu to be in line with the behavior in Debian images.
• Miscellaneous bug fixes and updates.

General availability for the following integration:

• Identity-Aware Proxy for TCP forwarding

Cloud Data Loss Prevention is supported by Access Approval in Preview stage.

Cloud External Key Manager is supported by Access Approval in Preview stage.

Cloud HSM is supported by Access Approval in Preview stage.

Release 1.8.0

Anthos clusters on bare metal release 1.8.0 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.8.0 runs on Kubernetes 1.20.

Extended installation support:

• Provided support to use containerd as the container runtime as GA for Anthos clusters on bare metal release 1.8.0. Cluster upgrades to 1.8.0 are blocked for 1.7.x clusters that are configured to use the preview containerd capability. For more information, see Upgrading 1.7.x clusters that use containerd in Known Issues.
• Preview: Improved virtual machine (VM) management capability. Anthos VM Runtime uses KubeVirt to orchestrate VMs on clusters, allowing you to work with your VM-based apps and workloads in a uniform development environment. Anthos VM Runtime has worked with Anthos clusters on bare metal as a preview feature since November 2020 and we have continued to enhance its capability. For more information, see Working with VM-based workloads.
• Added edge profile support for standalone clusters. The edge profile is recommended for edge devices with limited resources. Add profile: edge to the cluster config file when you create a standalone cluster to produce a cluster that has significantly reduced system resource requirements. The edge profile is only available for standalone clusters, it is ignored for other cluster types. For more information, see Creating standalone clusters.
• Added support to specify provider ID for Nodes (controlPlane.nodePoolSpec.nodes.providerID) to support deploying on OpenStack using Load Balancing as a Service (LBaaS) resources. For more information, see Configure your clusters to use OpenStack.
• Preview: Added support for installing Anthos clusters on bare metal, using your own registry service, instead of gcr.io. For instructions and additional information, see Installing Anthos Bare Metal using registry mirror.

Improved upgrade:

• Enabled support for upgrading non-SELinux clusters to SELinux. For more information, see Enable SELinux in Upgrading Anthos clusters on bare metal.
• Cluster upgrades are not blocked by excessive Node draining durations. During a cluster upgrade, if the draining process takes longer than 20 minutes for any specific Node, the upgrade process will carry on without waiting for draining to complete.

Updated user cluster lifecycle management:

• Added bmctl improvements for resetting user cluster and adding additional preflight checks to confirm machine and network readiness for cluster creation:

Enhanced monitoring and logging:

• Preview: Added Cloud Audit Logging capability, which enables audit logs to be written to Cloud Audit Logs in your Google project. Audit logs are useful for investigating suspicious API requests and for collecting statistics. For more information, see Enable Audit Logging.

Introduced new networking capabilities in preview:

• Preview: Added multi-NIC capability to provide additional interfaces to your Pods.
• Preview: Added egress NAT gateway capability to provide persistent, deterministic routing for the egress traffic from your clusters. For more information, see Configure an egress NAT gateway for external communication.
• Preview: Added option for BGP bundled load balancer for Layer-3 (L3) topologies. This feature can be used with user clusters and admin clusters.

Enhanced security:

• Workload Identity is GA. The Connect Agent Service Account Key is no longer required during installation. Connect Agent uses Workload Identity to authenticate to GCP instead of an exported GCP Service Account Key.

Expanded support for newer versions of operating systems:

• Added support for installing Anthos clusters on bare metal on Red Hat Enterprise Linux (RHEL) 8.4, and CentOS 8.4

Row-level security on table data is now generally available in BigQuery.

Uppercase Alerts

For Chronicle customers who are also Uppercase customers, Uppercase alerts are now displayed on the Enterprise Insights page. Uppercase alerts are derived from both Google's internal threat detection infrastructure and research provided by Uppercase security analysts.

You can view these alerts in Uppercase Alert view. This view also enables you to provide feedback that can be shared with your own security team and with Uppercase.

You can also use the Uppercase API to retrieve alerts from your Chronicle account.

Cloud Bigtable is now available in the australia-southeast2 (Melbourne) region.

Several fields related to verifying end-to-end data integrity for cryptographic operations are generally available (GA).

Support for australia-southeast2 (Melbourne) region.

Support for australia-southeast2 (Melbourne) region.

A preview enables you to use replication in Cloud SQL for SQL Server. Additionally, the preview enables you to make cross-region replicas.

You can use replication to scale the use of data in a database without degrading performance. Other reasons include migrating or maintaining data duplicates between regions.

For more information, see Replication in Cloud SQL.

Support for australia-southeast2 (Melbourne) region.

Melbourne region (australia-southeast2) launched.

• New location for storing your data.

Cloud VPN is now available in region australia-southeast2 (Melbourne, Australia).

Pricing is available on the Cloud VPN pricing page.

Melbourne, Australia australia-southeast2-a,b,c has launched with E2, N2, N1, and M1 machines. M1 machines are only available in zones b and c.

See VM instance pricing for details.

Added support for NetworkSecurityClientTLSPolicy

Added support for NetworkSecurityServerTLSPolicy

Added support for strong hierarchal references to several resources:

• Add spec.projectRef to DataprocAutoScalingPolicy
• Add spec.projectRef to DataprocCluster
• Add spec.projectRef to DataprocWorkflowTemplate
• Add spec.projectRef to MonitoringGroup

Dataproc is now available in the australia-southeast2 region (Melbourne).

Added new Memorystore for Redis region: Melbourne (australia-southeast2).

Secret Manager is now available in australia-southeast2 (Melbourne). See Secret Manager locations for more information.

For auto mode VPC networks, added a new subnet 10.192.0.0/20 for the Melbourne australia-southeast2 region. For more information, see Auto mode IP ranges.

Generally available: You can now create application consistent snapshots of disks attached to Linux VMs. For more information, see Creating Linux application consistent snapshots.

Support for Compute Reservations. Notebooks API allows the use of Compute Reservations during instance creation.

Storage Transfer Service offers Preview support for transferring data from Azure ADLS Gen 2 to Cloud Storage.

Cloud Composer is now available in Warsaw (europe-central2).

Query Insights is now supported for read replicas.

You can now customize E2 shared-core machine types. Shared-core machine types provide a fractional vCPU with the ability to burst to 2 vCPU for a short period of time.

• E2 shared-core machine types support predefined platforms with Intel or AMD EPYC Rome processors.

• The custom memory range is:

  • 1 to 2 GB for micro machines
  • 1 to 4 GB for small machines
  • 1 to 8 GB for medium machines

E2 shared-core custom machine pricing is the same as E2 custom machine pricing. E2 machines are available in all regions and zones.

Create a custom E2 shared-core machine using gcloud or the API.

Memory-optimized M2 machine types are now available in Belgium, europe-west1-b,c. See VM instance pricing for details.

M72 Release

• Added PyTorch 1.9 and PyTorch/XLA 1.9 containers.

M72 Release

• Added PyTorch 1.9 and PyTorch/XLA 1.9 images.

Added autoscale policies that can automatically expand or shrink a cluster in your private cloud based on factors like CPU utilization or storage capacity thresholds. All clusters begin with a default autoscale policy that adds a node based on a storage capacity threshold.

For details about this feature, see Autoscale policies.

Preview: vSAN data encryption for data at rest now uses keys generated by Cloud Key Management Service for all new private clouds.

For details about this feature, see Configuring vSAN encryption for your private cloud.

Text-to-Speech now offers voices in the following new languages. See the supported voices page for a complete list of voices and audio samples.

• ms-MY (Malay, Malaysia)
• nl-BE (Dutch, Belgium)

New resource types are now available.

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Google Kubernetes Engine
  • apps.k8s.io/Deployment
  • apps.k8s.io/ReplicaSet
  • batch.k8s.io/Job
• Hub
  • gkehub.googleapis.com/Membership
• API Gateway
  • apigateway.googleapis.com/Api
  • apigateway.googleapis.com/ApiConfig
  • apigateway.googleapis.com/Gateway
• Document AI
  • documentai.googleapis.com/HumanReviewConfig
  • documentai.googleapis.com/LabelerPool
  • documentai.googleapis.com/Processor
• Vertex AI
  • aiplatform.googleapis.com/BatchPredictionJob
  • aiplatform.googleapis.com/CustomJob
  • aiplatform.googleapis.com/DataLabelingJob
  • aiplatform.googleapis.com/Dataset
  • aiplatform.googleapis.com/Endpoint
  • aiplatform.googleapis.com/HyperparameterTuningJob
  • aiplatform.googleapis.com/Model
  • aiplatform.googleapis.com/SpecialistPool
  • aiplatform.googleapis.com/TrainingPipeline

The SAP accelerator for the order to cash process is now available. It provides sample pipelines that you can use to build your end-to-end order to cash process and analytics with Cloud Data Fusion, BigQuery, and Looker. The accelerator is a sample implementation of the SAP Table Batch Source plugin, which enables bulk data integration from SAP applications with Cloud Data Fusion. The accelerator is available in Cloud Data Fusion environments running in version 6.3.0 and above.

Cloud Tasks is now available in us-west1, asia-east1, and asia-southeast1.

Google-managed control plane is now a generally available (GA) feature. This feature lets you move from managing Istiod in your clusters to configuring the control plane as a service. Google will manage the availability, scalability and security of the control plane.

In addition, it offers these new features:

• Support for CNI
• Support for private clusters with a public IP address/endpoint access for the control plane
• Support for private clusters with Master Authorized Network (MAN)

Using the Google-managed control plane also simplifies multi-cluster mesh configuration and reduces the Kubernetes Engine privileges needed to install Anthos Service Mesh. For more information see Configuring the Google-managed control plane.

The SQL mathematical functions EXP, LN, LOG, LOG10 and SQRT now directly support NUMERIC data as input. You no longer need to cast NUMERIC data to FLOAT64 data before passing it as input to these functions.

Support for Identity and Access Management custom roles.

Support for Identity and Access Management custom roles.

Kf Operator to manage Kf installation.

Added Operator diagnostics to kf doctor.

Allow target command to take arg instead of flag.

Bring your own IP (BYOIP) is now available in General Availability.