The following release notes cover the most recent changes over the last 30 days. For a comprehensive list, see the individual product release note pages .
You can see the latest product updates for all of Google Cloud on the Google Cloud release notes page.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml
April 27, 2020
Cloud Composer- New versions of Cloud Composer images:
composer-1.10.2-airflow-1.10.2,composer-1.10.2-airflow-1.10.3andcomposer-1.10.2-airflow-1.10.6. The default iscomposer-1.10.2-airflow-1.10.3. Upgrade your Cloud SDK to use features in this release.
- Fixed an issue with the CloudSQL Proxy HealthCheck that caused the Proxy Pod to restart repeatedly.
- The fluentd spec for in-cluster build log exporting now correctly points to the production fluentd image from
cloud-airflow-releaser. This fix is required for Composer to correctly perform in-cluster builds for VPC SC configuration. - Adjusted ImageBuilder to fix PyPI package installation issues when using VPC SC.
- Fixed intermittent issues with
airflow-monitoringduring the initialization phase. - Fixed an issue that caused the Airflow scheduler and worker pods to take ~10 minutes to terminate.
- Fixed an issue with upgrading the image version and improved error handling during Composer environment upgrades.
- The oldest supported version of Composer is now
composer-1.6.0-airflow-x.x.x
The Logs Viewer (Preview) is now GA. To learn more, go to the Logs Viewer (Preview) Overview page.
April 25, 2020
DialogflowIn May 2020, the Facebook Messenger integration will be updated, and you may notice slight changes related to fulfillment.
To make sure that your Facebook Messenger bot keeps functioning normally, observe the following recommendations:
- To get the Facebook
sender.idvalue, use theoriginalDetectIntentRequest.payload.data.senderfield from the DialogflowWebhookRequestmessage. - To get the
sourcefield value, use theoriginalDetectIntentRequest.sourcefield from the DialogflowWebhookRequestmessage. - To send rich response messages from your webhook to the Facebook Messenger integration, use the
WebhookResponse.fulfillment_mesages[].payloadfield. - In your webhook logic, don’t rely on the fields that are not documented in the official Facebook Messenger API.
If you have any questions, reach out to your primary support channel.
April 24, 2020
AI Platform PredictionVisualization settings for AI Explanations are now available. You can customize how feature attributions are displayed for image data.
Learn more about visualizing explanations.
Private Google Access for on-premises hosts permits on-premises hosts to send traffic from any internal IP addresses, not just RFC 1918 addresses. This feature is now Generally Available.
April 23, 2020
Anthos Anthos Config ManagementAnthos Config Management images are now included in the Google-provided system images for Binary Authorization.
Policy Agent now allows configuration of namespaces that will bypass the admission controller. For more information, please see Excluding Namespaces from Policy Controller
You can now exempt Namespaces from Policy Controller enforcement
Earlier versions of Anthos Config Management relied on APIs that have been deprecated in Kubernetes v1.16. Anthos Config Management v1.3.1 is required to run on Kubernetes v1.16 and higher.
The Anthos Config Management Syncer pod now reports when it detects that it is fighting with another process over a resource.
Anthos Config Management no longer allows managing resources in unmanaged Namespaces.
If you define a CRD with an integer field that has min/max values, Anthos Config Management will be unable to update the CRD.
Anthos Config Management no longer overwrites undeclared labels and annotations on Namespaces.
This release includes several performance and memory improvements.
Preflight check in gkeadm for access to the Cloud Storage bucket that holds the admin workstation OVA.
Preflight check for internet access includes additional URL www.googleapis.com.
Preflight check for test VM DNS availability.
Preflight check for test VM NTP availability.
Preflight check for test VM F5 access.
Before downloading and creating VM templates from OVAs, GKE on-prem checks if the VM template already exists in vCenter.
Rename gkeadm’s automatically created service accounts.
OVA download displays download progress.
gkeadm prepopulates bundlepath in the seed config on the admin workstation.
Fix for Docker failed DNS resolution on admin workstation at startup.
Admin workstation provisioned by gkeadm uses thin disk provisioning.
Improved user cluster Istio ingress gateway reliability.
Ubuntu image is upgraded to include newest packages.
Update the vCenter credentials for your clusters using the preview command gkectl update credentials vsphere.
The gkeadm configuration file, admin-ws-config.yaml, accepts paths that are prefixed with ~/ for the Certificate Authority (CA) certificate.
Test VMs wait until the network is ready before starting preflight checks.
Improve the error message in preflight check failure for F5 BIG-IP.
Skip VIP check in preflight check in manual load balancing mode.
Upgraded Calico to version 3.8.8 to fix several security vulnerabilities.
Upgraded F5 BIG-IP Controller Docker image to version 1.14.0 to fix a security vulnerability.
Fixed gkeadm admin workstation gcloud proxy username and password configuration.
Fixed the bug that was preventing gkectl check-config from automatically using the proxy that you set in your configuration file when running the full set of preflight validation checks with any GKE on-prem download image.
Fixed an admin workstation upgrade failure when the upgrade process was unable to retrieve SSH keys, which would cause a Golang segmentation fault.
For customers with self-serve/online Cloud Billing accounts, you can now find your Cloud Billing documents in the Documents page of the Cloud Billing console. In the Documents page, you can find your monthly invoices or statements, as well as tax documents, if applicable to your account. Before this launch, the Documents page was only available to customers viewing invoiced Cloud Billing accounts, while self-serve/online accounts were limited to finding their Cloud Billing documents in the Transactions page. See the documentation for more details.
External HTTP(S) load balancers now support header-based routing and query parameter-based routing.
These features are available in General Availability.
April 22, 2020
BigQuery MLBigQuery ML now supports exporting BigQuery ML models to Cloud Storage and using them for online prediction. This feature is in beta. For more information, see Exporting models.
Budget alerts: new budget filters are now available. In addition to project and product filters, you can now scope your budgets and alerts for groups of subaccounts and resource labels. Budget alerts help you stay informed of how your spend is tracking against your budget so you can avoid billing surprises. (Note that these filters are not available in the Budgets API in this release.) See the documentation for more details.
Cloud Data Fusion version 6.1.2 is now available. This version includes several stability and performance improvements and new features.
- Added support for Field Level Lineage for Spark plugins and Streaming pipelines
- Added support for Spark 2.4
- Added an option to skip header in the files in delimited, CSV, TSV, and text formats
- Added an option for database source to replace the characters in the field names
Reduced preview startup by 60%. Also added limit to max concurrent preview runs (10 by default).
Fixed a bug that caused errors when Wrangler's parse-as-csv with header was used when reading multiple small files.
Fixed a bug that caused zombie processes when using the Remote Hadoop Provisioner.
Fixed a bug that caused DBSource plugin to fail in preview mode.
Fixed a race condition that caused a failure when running a Spark program.
April 21, 2020
Cloud TPUCloud TPUs and Cloud TPU Pods now support PyTorch 1.5 via the PyTorch/XLA integration. This integration makes it possible for PyTorch users to do everything they can do on GPUs on Cloud TPUs, while minimizing changes to the user experience. You can try out PyTorch on an 8-core Cloud TPU device for free via Google Colab, and you can use PyTorch on Cloud TPUs at a much larger scale on Google Cloud (all the way up to full Cloud TPU Pods).
See the PyTorch/XLA 1.5 Release Notes for a complete list of features included in this release.
April 20, 2020
App Engine flexible environment .NETApp Engine is now available in the us-west4 region (Las Vegas, NV)
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
- Updated Java SDK to Version 1.9.80
- Fixed deployment of cron.yaml file with retry_parameters configured
- Fixed class LocalTaskQueueTestConfig to support custom paths for queue.yaml files (public issue 138528920)
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
App Engine is now available in the us-west4 region (Las Vegas, NV).
Cloud Bigtable is now available in the us-west4 (Las Vegas) region.
Cloud KMS and Cloud EKM resources are available in the us-west4 region. Cloud HSM resources are not available in this region.
Cloud HSM resources are available in the global multi-regional ___location.
For information about which Cloud Locations are supported by Cloud KMS, Cloud HSM, and Cloud EKM, see the Cloud KMS regional locations.
Internal TCP/UDP Load Balancing with failover groups is available in General Availability.
The Cloud Profiler Node.js agent is now generally available. See Profiling Node.js applications for information on configuring your Node.js application.
The Cloud Profiler Node.js agent now supports release 12 of Node.js. See Profiling Node.js applications for information on configuring your Node.js application.
The Cloud Profiler Node.js agent no longer supports release 8 of Node.js.
Support for us-west4 region (Las Vegas).
Support for us-west4 region (Las Vegas).
Support for us-west4 region (Las Vegas).
Cloud Spanner regional instances can now be created in Las Vegas (us-west4).
Las Vegas region (us-west4) launched.
- New ___location for storing your data.
Cloud VPN is now available in region us-west4 (Las Vegas, Nevada, USA).
Pricing is available on the Cloud VPN pricing page.
Dataflow is now able to use workers in zones in the us-west4 region (Las Vegas).
Dataproc is now available in the us-west4 region (Las Vegas).
Support for us-west4 region (Las Vegas).
Beta launch of one-click integrations with two telephony partners:
Filestore is available in the us-west4 (Las Vegas) region. See Regions and zones.
Support for us-west4 region (Las Vegas).
Added new Memorystore for Redis region: Las Vegas (us-west4).
For auto mode VPC networks, added a new subnet 10.182.0.0/20 for the Las Vegas us-west4 region. For more information, see Auto mode IP ranges.
Packet Mirroring pricing will come into effect from June 20, 2020. There is no charge for Packet Mirroring until that time.
April 17, 2020
BigQuery MLBigQuery ML now supports Matrix Factorization models for recommendations, as a beta release. For more information, see The CREATE MODEL statement for Matrix Factorization.
Cloud CDN request logs now include a cacheId field, which captures the ___location and cache node the client connected to. A cacheId of LHR-1209ea83 indicates a client connected to an edge cache near London, with 1209ea83 representing the opaque ID of the cache instance their response was served from.
Location codes map to IATA codes. The cacheId field can be found within the jsonPayload object in each log entry.
Composer version 1.10.1 has been rolled back. If you created an environment with composer-1.10.1-airflow-*, you can retrieve and delete the environment, but not update it. We recommend that you delete the environment and create a new environment with the latest image version. Refer to the March 20, 2020 release notes for default version.
Cloud Spanner Backup and Restore is now generally available, enabling you to create backups of Cloud Spanner databases on demand, and restore them. For more information, see Backup and Restore.
Query Optimizer Versioning is now generally available, enabling you to select which version of the optimizer to use for your database, application or query. For more information, see Query optimizer.
Announcing the Beta release of Dataproc on Google Kubernetes Engine. Customers can now create Dataproc on GKE clusters to run Spark jobs on Kubernetes via the Dataproc jobs API.
April 16, 2020
BigQueryBigQuery Reservations is now Generally Available (GA). BigQuery Reservations allows you to purchase BigQuery slots to take advantage of BigQuery flat-rate pricing and allocate slots for workload management.
Around the end of April 2020, INFORMATION_SCHEMA (Beta) views for dataset metadata will
return metadata about all datasets in a region. Currently,
these views return metadata about all datasets in the project across all regions. This
upcoming change will also provide support for querying a specific
region's metadata (for example, region-us.INFORMATION_SCHEMA.SCHEMATA instead of INFORMATION_SCHEMA.SCHEMATA).
You can replicate this future behavior now by filtering
on the SCHEMATA view's LOCATION column (for example, LOCATION = 'US').
Discount sharing for committed use discounts is now available in beta. With discount sharing enabled, you can apply your purchased commitments across multiple projects within a single Cloud Billing account. Discount sharing helps you minimize the overhead of managing each of your commitments individually and provides increased flexibility so that you can use the compute options that best suit your needs, while also increasing cost predictability.
- For more information about enabling committed use discount sharing, see Turning on committed use discount sharing.
- For more information on the possible cost savings using committed use discount sharing, see Understanding discount sharing.
Cloud Billing console now has a Pricing report, providing a tabular view of the prices of Google’s cloud services SKUs, including Google Cloud, Google Maps Platform, and G Suite. You can select to view the SKUs with historical usage on the billing account or all Google Cloud SKUs. If you have a negotiated contract, the pricing table will include the list price, the contract price and the effective discount. You can also download the table to CSV for offline analysis. See the documentation for more details.
Added support for PDF and WORD FileTypes and PDF and WORD_DOCUMENT BytesTypes.
TD-47149: Cannot edit settings when importing Google Sheets.
You can now create private quotes for VM solutions (alpha).
Performance Dashboard is now available in General Availability.
April 15, 2020
Cloud CDNSigned Cookies are available in General Availability. Signed Cookies complement our existing Signed URLs functionality by allowing you to sign a URL prefix and issue a cookie to a client, avoiding the need to sign content on a per-URL basis when protecting media or other content cached by Cloud CDN. Support for authorizing a URL prefix is extended to Signed URLs as an alternative signing scheme.
Added support for Cloud Scheduler through gcp-types/cloudscheduler-v1:projects.locations.jobs.
You can now apply granular IAM Permissions to the Google APIs service account used by Deployment Manager, as we've removed the requirement for roles/editor being assigned to the service account.
Updates on Cloud Functions resources using gcp-types/cloudfunctions-v1 now retry on 429 errors.
GKE clusters and node pools will wait for maintenance to complete before attempting to apply any updates. Affected collections:
gcp-types/container-v1:projects.zones.clustersgcp-types/container-v1:projects.locations.clustersgcp-types/container-v1:projects.zones.clusters.nodePoolsgcp-types/container-v1:projects.locations.clusters.nodePoolsgcp-types/container-v1beta1:projects.zones.clustersgcp-types/container-v1beta1:projects.locations.clustersgcp-types/container-v1beta1:projects.zones.clusters.nodePoolsgcp-types/container-v1beta1:projects.locations.clusters.nodePools
Deployment Manager now acquires existing GKE cluster resources of type gcp-types/container-v1:projects.locations.clusters.
Added support for updating the following properties on gcp-types/container-v1:projects.zones.clusters and gcp-types/container-v1:projects.locations.clusters:
- binaryAuthorization
- databaseEncryption
- masterAuthorizedNetworksConfig
- autoscaling
- resourceUsageExportConfig
- verticalPodAutoscaling
Additionally, for gcp-types/container-v1beta1:projects.zones.clusters and gcp-types/container-v1beta1:projects.locations.clusters the following fields can also be updated:
- podSecurityPolicyConfig
- privateClusterConfig
- shieldedNodes
- workloadIdentityConfig
Deployment Manager now correctly updates autoscaling properties for resources of type gcp-types/container-v1:projects.locations.clusters.nodePools and gcp-types/container-v1beta1:projects.locations.clusters.nodePools.
Deployment Manager now correctly acquires Access Context Manager resources of type gcp-types/accesscontextmanager-v1:accessPolicies.accessLevels and gcp-types/accesscontextmanager-v1beta:accessPolicies.accessLevels if the resources already exist.
Added support for updating Cloud Pub/Sub subscriptions using gcp-types/pubsub-v1:projects.subscriptions.
Deployment Manager now correctly deletes Compute Engine forwarding rules of type compute.v1.forwardingRule, compute.beta.forwardingRule, gcp-types/compute-v1:forwardingRules and gcp-types/compute-beta:forwardingRules when the resource name does not match the forwarding rule name.
Performance improvements when handling large Swagger / OpenAPI specs when adding an API as a type provider.
Cloud External Key Manager (Cloud EKM) is generally available.
Cloud Dataflow SQL is now generally available. You can now run parameterized queries from the Dataflow SQL UI.
Image 1.5
Jupyter on Dataproc now supports exporting notebooks as PDFs.
Image 1.5
Presto now includes two default catalogs:
bigquerypointing to the datasets of the cluster's projectbigquery_public_datapointing to the public datasets
Image 1.3, 1.4 and 1.5
Added Component Gateway support for Datarpoc clusters secured with Kerberos.
New sub-minor versions of Dataproc images: 1.2.95-debian9, 1.3.55-debian9, 1.4.26-debian9, 1.3.55-debian10, 1.4.26-debian10, 1.5.1-debian10, 1.3.55-ubuntu18, 1.4.26-ubuntu18, 1.5.1-ubuntu18.
Image 1.5
Updated Presto to version 331.
Created cloud-sql-proxy log file for the Cloud SQL Proxy initialization action and for Dataproc clusters with Ranger that use Cloud SQL Proxy.
Image 1.3 and 1.4
Debian 10 images will become default images for 1.3 and 1.4 image tracks and Debian 9 images will not be released for these tracks anymore after June 30, 2020.
Images 1.4 and 1.5
SPARK-29080: Support R file extension case-insensitively when submitting Spark R jobs.
Image 1.3, 1.4 and 1.5
Fixed a bug where Jupyter was unable to read and write notebooks stored in Cloud Storage buckets with CMEK enabled.
Image 1.3, 1.4 and 1.5
HIVE-17275: Auto-merge fails on writes of UNION ALL output to ORC file with dynamic partitioning.
Google Cloud Armor support for CDN origins and hybrid origins is now available in General Availability.
A new document, Traffic Director features, is published.
April 14, 2020
BigQuery Data Transfer ServiceBigQuery Data Transfer Service now supports Google Merchant Center data transfers for best sellers data.
External HTTP(S) load balancers now support URL rewrites and redirects.
URL rewrites allow you to decouple the URLs that your external users use from those that your services use.
With URL redirects, you can redirect client requests from one URL to another URL.
These features are available in General Availability.
Added readiness probes to Config Connector pods
Document AI Beta released
The following beta features are available in API version v1beta2:
- Document processing: You can use the API to parse forms or tables from PDF, TIFF, or GIF documents.
- Regional support: The API now offers multi-regional support (
usandeu) for all features. Using a multi-region endpoint enables you to configure the API to store and process your data in the United States or European Union.
Invoice processing Beta
- Invoice processing is now available as a restricted feature. See Parsing invoices for more information.
Firewall Insights is now in Beta.
April 13, 2020
AI Platform PredictionThe pricing of Compute Engine (N1) machine types for online prediction in the us-central1 region has changed. vCPU resources now cost $0.031613 per vCPU hour and RAM now costs $0.004242 per GB hour.
Quotas for sockets have been removed. There is no longer a limit on the number of socket connections or the amount of data you can send and receive through a socket.
Quotas for sockets have been removed. There is no longer a limit on the number of socket connections or the amount of data you can send and receive through a socket.
Quotas for sockets have been removed. There is no longer a limit on the number of socket connections or the amount of data you can send and receive through a socket.
Quotas for sockets have been removed. There is no longer a limit on the number of socket connections or the amount of data you can send and receive through a socket.
Quotas for sockets have been removed. There is no longer a limit on the number of socket connections or the amount of data you can send and receive through a socket.
Quotas for sockets have been removed. There is no longer a limit on the number of socket connections or the amount of data you can send and receive through a socket.
Quotas for sockets have been removed. There is no longer a limit on the number of socket connections or the amount of data you can send and receive through a socket.
Quotas for sockets have been removed. There is no longer a limit on the number of socket connections or the amount of data your Java 8 app can send and receive through a socket.
Quotas for sockets have been removed. There is no longer a limit on the number of socket connections or the amount of data your PHP 5 app can send and receive through a socket.
Quotas for sockets have been removed. There is no longer a limit on the number of socket connections or the amount of data your Python 2 app can send and receive through a socket.
Added additional infoType detectors:
- IRELAND_PPSN
- IRELAND_PASSPORT
Event Threat Detection is now in general availability.
Update to rules language syntax. Adds support for the CEL 'has' macro so that Google Cloud Armor check for absence of a header in the 'request.headers' map.
April 11, 2020
Cloud VisionCMEK compliance
Vision API is now compliant with customer-managed encryption keys (CMEK). To learn more, vist the CMEK compliance page. Please note that Product Search is not CMEK compliant at this time.
April 10, 2020
Cloud ComposerPrivate IP Composer environments are now generally available (GA). See Configuring private IP to learn how to use this feature.
Support for Shared VPC networks is now generally available (GA).
Backend services documentation is updated through the Cloud Load Balancing doc set.
Add the CloudBuildTrigger resource
Add the SourceRepoRepository resource
miscellaneous bug fixes and improvements
The Organization Policy Service resource locations constraint has launched for general availability. This constraint allows you to define the ___location where your resources are created, providing important data ___location compliance tools. For more information, see the Restricting Resource Locations.
Security Health Analytics is now in general availability.
- Learn about the vulnerability findings provided by Security Health Analytics.
- Get started with Security Health Analytics.
April 09, 2020
AI Platform PredictionIf you deploy a model version for online prediction that uses runtime version 2.1 with a GPU, AI Platform Prediction now correctly uses TensorFlow 2.1.0 to serve predictions. Previously, AI Platform Prediction used TensorFlow 2.0.0 to serve predictions in this situation.
You can now specify virtual machine instances with the evaluator task type as part of your training cluster for distributed training jobs. Read more about evaluators in TensorFlow distributed training, see how to configure machine types for evaluators, and learn about using evaluators with custom containers.
The maximum running time for training jobs now defaults to seven days. If a training job is still running after this duration, AI Platform Training cancels the job.
Scheduling queries no longer requires the bigquery.transfers.update permission. The bigquery.jobs.create permission can now be used to schedule queries. See Scheduling queries for details.
TLS v1.3 is now enabled by default for all external HTTPS load balancers, SSL proxy load balancers, and Cloud CDN. Note that this change doesn't apply to internal HTTPS load balancers or Traffic Director.
TLS v1.3 supports modern ciphers with forward-secrecy as a baseline and, critically, reduces the number of round trips required to establish a TLS session, which directly improves performance seen by your end-users.
Clients that support TLS v1.3 include Chrome, Chromium-based browsers, and Android. These clients automatically negotiate TLS v1.3 without requiring any changes. Clients that do not support TLS v1.3 are unaffected.
TLS v1.3 is now enabled by default for all external HTTPS load balancers, SSL proxy load balancers, and Cloud CDN. Note that this change doesn't apply to internal HTTPS load balancers or Traffic Director.
TLS v1.3 supports modern ciphers with forward-secrecy as a baseline and, critically, reduces the number of round trips required to establish a TLS session, which directly improves performance seen by your end-users.
Clients that support TLS v1.3 include Chrome, Chromium-based browsers, and Android. These clients automatically negotiate TLS v1.3 without requiring any changes. Clients that do not support TLS v1.3 are unaffected.
Dataflow now provides beta support for Flex Templates.
Dataflow now provides beta support for Interactive Notebooks.
The beta version of the VPC accessible services feature is now available.
The VPC accessible services feature introduces the ability to limit the access of network endpoints inside your service perimeter to an explicit set of services.
To learn how to configure VPC accessible services for your perimeter, read about limiting access to services inside a perimeter.
The beta version of dry run mode for service perimeters is now available.
This release introduces a new method of configuring service perimeters: dry run mode. For more information, read about dry run mode.
April 08, 2020
AI Platform OptimizerAI Platform Optimizer is now available in beta.
AI Platform Optimizer is a black-box optimization service that helps you tune hyperparameters in complex machine learning models.
Visit the AI Platform Optimizer overview to learn more about how it works. To get started, try using AI Platform Optimizer to optimize a machine learning model or to optimize two functions at once.
Updated Python SDK to version 1.9.90
BigQuery materialized views are now available as a beta release. For more information, see Introduction to materialized views .
Added additional infoType detectors:
AZURE_AUTH_TOKENGCP_API_KEY
April 07, 2020
DataflowDataflow now supports Dataflow Shuffle, Streaming Engine, FlexRS, and the following regional endpoints in GA:
us-east4(Northern Virginia)europe-west2(London)europe-west3(Frankfurt)
April 06, 2020
AI Platform TrainingRuntime version 2.1 now includes scikit-learn 0.22.1 instead of scikit-learn 0.22.
Key Visualizer for Cloud Bigtable is now integrated into the Google Cloud Console. The following enhancements have been added:
- Eligibility has been simplified to a minimum of 30 GB of data per table.
- You can now specify the start and end time for a scan.
- Performance data is now more recent.
- Your performance data is retained for 14 days.
April 05, 2020
Cloud ComposerCloud Composer is now available in Salt Lake City (us-west3).
April 03, 2020
AI Platform TrainingYou can now use customer-managed encryption keys (CMEK) to protect data in your AI Platform Training jobs. This feature is available in beta.
To learn about the benefits and limitations of using CMEK, and to walk through configuring CMEK for a training job, read the guide to using CMEK with AI Platform Training.
Beta release of the Access Context Manager Bulk API.
The Access Context Manager Bulk API can be used for operations such as replacing all of your organization's access levels. For more information, see Making bulk changes to access levels.
Integration with VPC Service Controls is now in beta stage.
Integration with VPC Service Controls is now in beta stage.
Integration with VPC Service Controls is now in beta stage.
Integration with VPC Service Controls is now in beta stage.
Integration with VPC Service Controls is now in beta stage.
BigQuery export for org policies and access policies
You can now export org policies and access policies to BigQuery tables. See Exporting assets to BigQuery for more information.
Real-time asset monitoring for org policies and access policies
You can now subscribe to real-time notifications for changes to org policies and access policies. See Monitoring asset changes for more information.
As of this date, Cloud Talent Solution Job Search v2 is no longer available. Calls to v2 will result in error. The deprecation of v2 was first communicated in August 2018.
Added Presto and SparkR job type support to Dataproc Workflows.
Fixed an Auto Zone Placement bug that incorrectly returned INVALID_ARGUMENT errors as INTERNAL errors, and didn't propagate these error messages to the user.
Beta support for bulk changes to service perimeters.
Using the beta release of Access Context Manager's Bulk API, you can perform operations such as replacing all of your organization's service perimeters. For more information, see Making bulk changes to service perimeters.
April 02, 2020
Anthos GKE deployed on AWSInitial beta release of Anthos GKE on AWS
The release improves upon earlier releases with:
Improved reliability: User clusters are now deployed in a high availability (HA) fashion, where both control plane instances as well as node pools can be placed across multiple availability zones. AWS Auto Scaling groups are also now used for resiliency.
Improved security: Control plane instances for different user clusters are now isolated in separate security groups. Instance Metadata Service Version 2 (IMDSv2) is enabled to protect against SSRF attacks, and sensitive fields in EC2 metadata are now encrypted.
Easier to deploy: The installation process for the management layer has been simplified and performs additional validation checks. It uses Terraform modules for flexible integration into different AWS environments, and customers can now leverage existing security groups and IAM resources to secure clusters. Documentation has been improved and expanded.
Future-proof storage stack: We're now using the EBS CSI driver to manage all AWS EBS volumes. The legacy, in-tree Kubernetes EBS driver has been removed entirely, and all upcoming storage features, such as snapshots, will be provided using CSI.
Updated Kubernetes version: User clusters are now based on Kubernetes 1.15 and have passed open-source Kubernetes conformance tests.
BigQuery Reservations is now available in all BigQuery regions.
Fixed the ComputeInstance idempotency issue
April 01, 2020
Anthos GKE on-premWhen upgrading from version 1.2.2 to 1.3.0 by using the Bundle download in the alternate upgrade method, a timeout might occur that will cause your user cluster upgrade to fail. To avoid this issue, you must perform the full upgrade process that includes upgrading your admin workstation with the OVA file.
1.4.7-asm.0
Contains the same fixes as OSS Istio 1.4.7. See Announcing Istio 1.4.7 for more information.
When you use a service account key to access Google Cloud, your audit logs now identify the key that was used.
A beta version of the Cloud Spanner emulator is now available, enabling you to develop and test Cloud Spanner applications locally. For more information, see Using the Cloud Spanner Emulator.
Cloud TPU now supports TensorFlow version 1.15.2 Release Notes. No changes to the API or the official Cloud TPU supported models list has been introduced with this release.
Announcing the General Availability (GA) release of Dataproc Presto job type, which can be submitted to a cluster using the gcloud dataproc jobs submit presto command. Note: The Dataproc Presto Optional Component must be enabled when the cluster is created to submit a Presto job to the cluster.
If you sell Kubernetes apps on Google Cloud Marketplace, you can now configure your app to target clusters where at least one node has a GPU. When users deploy the app, only clusters with GPUs are shown as valid deployment targets.
Learn about modifying your app's schema.md to check for GPUs.
Read the overview of selling Kubernetes apps on Google Cloud Marketplace.
Beta stage support for the following integrations:
March 31, 2020
AI Platform NotebooksAI Platform Notebooks is now Generally Available. Some integrations with and specific features of AI Platform Notebooks are still in beta, such as Virtual Private Cloud Service Controls, Cloud Identity and Access Management (Cloud IAM) roles, and AI Platform Notebooks API.
INFORMATION_SCHEMA views for BigQuery reservations are now in public alpha.
The new Composer monitoring dashboard is now in beta.
Cloud Functions now supports Connecting to Cloud SQL at the General Availability release level.
- The Beta release introduced improved security when accessing Cloud SQL from functions via the
/cloudsqlfilesystem path. Most functions have been automatically upgraded. In some cases, you may see warning messages in Stackdriver logging to help you complete the required upgrade steps.
When using fulfillment, the WebhookResponse.payload field can now only be used for two cases:
- Custom data sent from your webhook service to a Dialogflow API caller.
- Google Assitant integration custom payload rich response messages.
For all other
custom payload rich response messages,
you should use the WebhookResponse.fulfillment_mesages[].payload field.
Google Cloud Armor integration with Cloud Security Command Center is generally available.
Beta stage integration with VPC Service Controls
Transfer service on-premises: Beta stage integration with VPC Service Controls
Beta stage support for the following integrations:
The following GA feature is available in the Video Intelligence API version v1:
Logo recognition: Detect, track, and recognize the presence of over 100,000 brands and logos in video content. Learn more
March 30, 2020
BigQueryScripting and stored procedures are now Generally Available.
If your Python templates use features that are only for Python 2.x, your templates will now continue to work until June 2020.
Learn about migrating your templates to Python 3.
You can now write time-series data for custom and Prometheus metrics at the rate of 1 data point every 10 seconds. This was previously limited to 1 point every minute.
Data for custom and Prometheus metrics is now retained for 24 months. Previously, the retention period was 6 weeks.
Cloud NAT monitoring is available in General Availability.
The Cloud Run revision details panel now surfaces build information if the Container Analysis API has been enabled and the container has been built with Cloud Build, as well as source repository information if the container has been built by a Cloud Build Trigger.
You can now use OpenTelemetry with Go and Node.js to instrument your applications running on GKE and Compute Engine.
Google Cloud Armor Service Level Agreement is released.
New migctl CLI for deploying Migrate for Anthos, creating and
operating migrations using a structured workflow and a migration processing cluster.
Introducing a unified migration workflow across all supported VM sources -- VMware, AWS EC2, Azure VMs and Compute Engine VMs.
Migrations are defined and operated using a Kubernetes CRD.
Automated generation of a suggested migration plan (specified in a CRD), CI/CD artifacts and deployment specs. The migration process now results in extracting and generating container and deployment artifacts, including a container image and a Dockerfile, extracted data in a persistent volume, deployment/statefulSet, PVC and PV specs in an auto-generated YAML file for easy workload deployment.
The Migrate for Anthos software runtime layer now offers a compatibility
feature for older Java versions that are not container aware by reflecting the
correct resource allocations in the container's /proc file system.
Migrate for Anthos v1.0 Marketplace deployment is now removed. Migrate for Anthos v1.3 allows installation in v1.0 compatibility mode where needed.
Preview features -- contact your Google Sales representative to enroll.
- Migrating Windows VMs with IIS ASP.NET web applications to Windows 2019 containers on GKE.
- Processing migrations in Anthos on-prem.
151505531, 150052607: In some cases, migration can be stuck with no progress. When running migctl migration status migration-name --verbose, you might see an event such as this:
could not find attached GCE PD
Workaround: Delete the migration using migctl migration delete and re-create it.
147211918: In some cases, migration from AWS or Azure as a source can be stuck with no progress. If this happens, run kubectl describe storageclass to view related events. You can also check the status of the matching Cloud Details in Migrate for Compute Engine.
146699220: When the source VM has a systemd service with a NICE config property, the service might not start when running in a container.
Workaround: Remove the NICE property in the source VM before the migration.
144896313: Migration of Security-Enhanced Linux (SELinux) is not supported.
149900626: Some file systems not listed in Compatible VM operating systems may fail to migrate. When running migctl migration logs migration-name, the logs in Cloud Logging may show a message such as:
failed to mount - exit status 32 - mount: /tmp/bootdir: unknown filesystem type 'LVM2\_member'.
152194161: Your migrated workload container fails when running a cluster with GKE nodes of type "COS". When you run the command kubectl logs [podname], you might see the following:
apparmor.go:385] Couldn't set label to lxc-container-default - write /proc/1/attr/current: no such file or directory
This is an indication that the required AppArmor profiles are not installed on the GKE nodes. To solve this, run migctl setup install --cos-runtime.
148334068: When Migrating a physical VM from on-premises connected via Migrate for Compute Engine, Migrate for Anthos attempts to optimize network utilization and discards (rather than stream) blocks that are not in use on the source VM file system. In some cases, this might cause VMware storage sessions to time out. For assistance, please contact support.
GKE on-prem preview: If a source was created with migctl source create using the wrong credentials, migrations will fail. Attempts to delete the migration with migctl migration delete may hang in a "Terminating" state, as in the following example:
ubuntu@gke-on-prem-admin-appliance-1:~/$ ./migctl migration list
NAME PROCESS STATE STATUS PROGRESS AGE
my-vm-01 generate-artifacts createSourceSnapshots TERMINATING [2/13]
Insights is now available in beta. See the documentation for details.
Service Directory is available in Beta.
March 29, 2020
Network Intelligence CenterPerformance Dashboard is now available in Beta.