Google Cloud release notes

Filestore now supports access over VPN. With this new capability, you can mount Filestore file shares on an on-premises client, as well as clients on a remote VPC. To learn how to set up a VPN connection with Cloud VPN, see Creating an HA VPN gateway to a Peer VPN gateway.

BigQuery column-level security is now generally available. Policy tags can be replicated across locations. For more information, see Introduction to BigQuery column-level security.

You can now use security keys as a 2-step verification method when connecting to VMs using OS Login. For more information, see Setting up OS Login with 2-step verification.

Preview release

AI Platform (Unified) is now available in Preview.

For more information, see the product documentation.

Anthos GKE on-prem 1.5.2-gke.3 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.5.2-gke.3 clusters run on Kubernetes 1.17.9-gke.4400.

GKE Data Plane V2 Preview is now available.

• GKE Data Plane V2 is a new programmable data path that enables Google to offer new network security features like Network Policy Logging and Node Network Policy.

Binary Authorization for GKE on-prem 0.2.1 is now available.

• Binary Authorization for GKE on-prem 0.2.1 adds a proxy side cache that caches AdmissionReview responses. This can improve the reliability of the webhook.

A new dashboard editor is available in Preview. The new editor lets you create and edit all dashboard widget types, including gauges, scorecards, and text boxes. With mosaic-mode, you can resize and reposition widgets. The configuration tabs - Basic, Advanced, MQL - let you choose how you want to configure your widgets. For more information, see Custom dashboards.

GA: Collect diagnostic information from Windows Server VMs.

N2D machine types are now available in us-west1-a, The Dalles, Oregon. See VM instance pricing for pricing details.

General availability support for the following integration:

• Artifact Registry

You can now use the Share link button in the Logs Explorer to create and share a shortened URL of your current query. For more information, see Using the Logs Explorer.

Anthos Service Mesh, Mesh CA and the Anthos Service Mesh dashboards in Google Cloud Console are now available for any GKE customer and do not require the purchase of Anthos. See pricing for details.

There are slight changes to the behavior of Google Cloud Console for customers who use Anthos Service Mesh without an Anthos subscription. See details here.

Added a shell script to automate Anthos Service Mesh installation and migration from Istio and the Istio on GKE add-on. For details, see the following guides:

• 1.6: Installation and migration on GKE

• 1.7: Installation, migration, and upgrades on GKE

IAM Conditions now provides resource attributes for Pub/Sub Lite. You can use these resource attributes to grant access to a subset of your Pub/Sub Lite subscriptions and topics.

Migrations from the 1.6 version of the add-on to Anthos Service Mesh 1.7 or 1.6 using a Google-provided script is available. For details see Upgrading to Istio 1.6 with Operator

Traffic Director now supports multi-environment deployments. The hybrid connectivity network endpoint group (NEG) is in General Availability. The documentation includes an overview of the feature and a tutorial, Network edge services for multi-environment (on-premises, multi-cloud) deployments.

The following regional endpoints are now generally available for online prediction, in addition to the regional endpoints that were already available:

• us-east1-ml.googleapis.com
• us-east4-ml.googleapis.com
• us-west1-ml.googleapis.com
• northamerica-northeast1-ml.googleapis.com
• europe-west1-ml.googleapis.com
• europe-west2-ml.googleapis.com
• europe-west3-ml.googleapis.com
• asia-northeast1-ml.googleapis.com
• asia-southeast1-ml.googleapis.com
• australia-southeast1-ml.googleapis.com

On some of these regional endpoints, you can use GPUs to accelerate prediction. Learn which types of GPUs are available on which regional endpoints.

Pricing for online prediction varies between regional endpoints. Read about the pricing for each regional endpoint.

Cost table report now includes invoice header information and project-level taxes.

The cost table report presents a detailed, tabular view of your monthly costs for a given invoice or statement. The cost table has been updated to include invoice or statement header information that is viewable in the cost table page as well as downloadable to CSV.

Additionally, the cost table report now breaks out your tax costs by each project. Prior to this update, your tax costs were listed at the end of the cost table as a row for each type of tax incurred, aggregated for the whole invoice or statement. To view the details of your tax costs, in the cost table, look for rows with a Cost type: Tax and SKU description: description and percentage of tax (for example, PST/QST/RST (9.975%) or State sales tax (4.71%)).

For information on using the cost table report to view and analyze the details of your invoice or statement, refer to the Cost table reports documentation.

Cloud Build now enables you to create triggers that you can invoke manually through the Cloud Console. To learn how to create and run manual triggers, see Creating manual triggers.

Compute-optimized (C2) machine types are now available in Hong Kong, asia-east2, in all three zones. For pricing information, see VM instance pricing.

Data Catalog is now available in Singapore (asia-southeast1).

Dataflow now supports Interactive Notebooks in GA.

The following methods have been added to update or view the storage information for your DICOM data: * projects.locations.datasets.storageOptions.setBlobStorageSettings sets the storage class for all instances in a study. * projects.locations.datasets.storageOptions.getStorageInfo displays the storage details for the instances in a DICOM store.

External TCP/UDP Network Load Balancing is now supported with backend services. Compared to the target pool backend, a backend service gives you more fine-grained control over your load balancer, including access to features such as connection draining, failover policies, and support for managed instance groups as backends.

Network load balancers with a backend service can also use health checks that match the traffic (TCP, SSL, HTTP, HTTPS, or HTTP/2) they are distributing.

To get started, see:

• Network Load Balancing with backend services
• Setting up a network load balancer with a backend service
• Transitioning a network load balancer from a target pool to a backend service

This feature is available in Preview.

Added support for the MonitoringAlertPolicy resource.

Added maintenancePolicy field to ComputeNodeGroup.

Added exclusions field to LoggingLogSink.

Added authEnabled field to RedisInstance.

Added interface field to ComputeDisk.

Added mtu field to ComputeNetwork.

Added privateIpv6GoogleAccess field to ComputeSubnetwork.

Added confidentialNodes field to ContainerCluster.

Added skipInitialVersionCreation field to KMSCryptoKey.

The Cloud Billing Budgets API v1 is now available.

• Learn about the Cloud Billing Budgets REST API.
• Review examples of using the Billing Budgets REST API.
• Learn about the Cloud Billing Budgets API client libraries.

• Airflow 1.10.12 is now available for Cloud Composer.
• The GKE release channel is set to STABLE for new and upgraded Composer environments.

A new multi-region instance configuration is now available in North America - nam8 (Los Angeles/Oregon/Salt Lake City).

Identify resources like persistent disks, IP addresses, and custom disk images that aren't in use. Viewing and applying idle resources recommendations can help reduce unused resources and reduce your Compute Engine bill. This feature is Generally available.

Compute-optimized (C2) machine types are now available in Sydney, Australia, australia-southeast1-c. For pricing details, see VM instance pricing.

Storage Transfer Service support for specifying an end time to scheduling transfer jobs is in Preview.

By using the new gcloud command and API for live tailing, you can now stream your logs in real time as your applications write them to the Cloud Logging API. To learn more, see Live tailing log entries.

Field descriptions now document immutability.

DataflowJob labels are now mutable.

The Cloud Healthcare API offers single-region support in the europe-west6 (Zurich, Switzerland) region.

Enhancements to the VM Details page. A new Event Timeline shows important events as bars on a timeline. Hovering over any event bar displays summary information about the event and provides a link to the Incident Details page for the event.

PostgreSQL version 13 is now generally available. To start using PostgreSQL 13, see Creating instances.

Dataflow now supports Dataflow Shuffle, Streaming Engine, FlexRS, and the following regional endpoints in GA:

• us-west2 (Los Angeles)
• southamerica-east1 (São Paulo)
• europe-west6 (Zurich)
• asia-south1 (Mumbai)

Users can now build containers without a Dockerfile or a Cloud Build config file using Cloud Native Buildpacks.

Dialogflow CX now supports the same languages as Dialogflow ES.

Preview support for the following integration:

• Transfer Appliance

1.7.3-asm.6 is now available

Anthos Service Mesh 1.7 is compatible with and has the feature set of Istio 1.7, subject to the list of Anthos Service Mesh supported features.

Added support for on-premises secure key management, provided by Thales Luna HSM 7+ and Hashicorp Vault.

Added a shell script to automate Anthos Service Mesh installation and migration from Istio 1.6. See the installation guide for details.

Added revision label support to sidecar injection for greater control over various scenarios, such as canary upgrades and more.

Anthos 1.4.4 is now available.

Updated components:

• Anthos GKE on-prem release notes
• Anthos Config Management release notes

Anthos 1.3.5 is now available.

Updated components:

• Anthos GKE on-prem release notes
• Anthos Config Management release notes

You can now use Private Google Access to provision images for your GKE on AWS environment. For more information, see spec.ubuntuRepositoryMirror in the AWSManagementService resource.

Anthos GKE on-prem 1.4.4-gke.1 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.4.4-gke.1 clusters run on Kubernetes 1.16.11-gke.11.

Anthos GKE on-prem 1.3.5-gke.2 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.3.5-gke.2 clusters run on Kubernetes 1.15.12-gke.6400.

You can now configure cache modes, cache TTLs and set custom response headers in the Cloud Console, in addition to the existing gcloud and REST API support.

Secret Manager support for Customer-Managed Encryption Keys (CMEK) is available to all customers via public preview.

Learn more at Enabling CMEK in Secret Manager.

• More detailed error messages are now provided for errors during Python package installation.

In Cloud SQL for MySQL, 80 supported flags that previously were in beta are now generally available.

Added a dataproc:dataproc.cooperative.multi-tenancy.user.mapping cluster property which takes a list of comma-separated user-to-service account mappings. If a cluster is created with this property set, when a user submits a job, the cluster will attempt to impersonate the corresponding service account when accessing Cloud Storage through the Cloud Storage connector. This feature requires Cloud Storage connector version 2.1.4 or higher.

Anthos Config Management now includes the ability to sync from multiple Git repositories. This is a preview feature. To learn more, see Syncing from multiple repositories.

The following updates for Cloud Spanner SQL are now available:

• Ability to convert between BYTES and base32-encoded strings using FROM_BASE32 and TO_BASE32 functions.

• Support for ARRAY_IS_DISTINCT.

NVIDIA® V100 GPUs are now available in the following additional regions and zones:

• South Carolina, North America: us-east1-c

For information about using V100 GPUs on Compute Engine, see GPUs on Compute Engine.

You can use VM Manager in VPC Service Controls. This feature is available in beta.

Document AI Preview released

The following beta and preview features are available in API version v1beta3:

• Procure-to-pay processors: Invoice parser and receipt parser.

Beta stage support for the following integration:

• VM Manager

• Added PyTorch 1.6 CUDA 11 environments that support A100 GPU accelerators. This special PyTorch build provides another option to add to our A100-compatible TensorFlow Enterprise builds.

Organization policy constraints for Cloud Interconnect is now available in General Availability.

You can now create sinks from within the Logs Explorer and Logs Router pages. To learn more, see Exporting logs with the Google Cloud Console.

Organization policy constraints for Cloud NAT is available in General Availability.

Add spec.requestProjectPolicy field to ConfigConnectorContext CRD

You can now start import and export operations from the Google Cloud Console.

M58 release

• Added PyTorch 1.6 CUDA 11 images that support A100 GPU accelerators. This special PyTorch build provides another option to add to our A100-compatible TensorFlow Enterprise builds.
• Added the PyTorch/XLA package.
• Added the Swift for TensorFlow framework.
• Added the Ubuntu 18.04 OS.

You can now use use a custom container to customize how you serve predictions. To try using a custom container, read the new tutorial on serving predictions from a PyTorch model.

This feature is in preview.

Read a new document about using custom service accounts with custom containers or custom prediction routines.

This feature is in beta.

BigQuery standard SQL now supports the SUBSTRING function. This function is generally available (GA).

Cloud CDN can now cache more response codes, including common error codes such as 404 (Not Found), 301 (Permanent Redirect), 302 (Temporary Redirect), and many others.

If you are sending valid cache directives from your origin, you do not need to make any changes to benefit from this.

You can also set (and override) per-status code TTLs by configuring negative caching as of gcloud SDK 316.0.0.

A new configuration field enable_full_index, has been added for HL7v2 stores. This field enables indexing for all HL7v2 message fields so that you can search on any message field using a new generic filter.

Enhancements to the pre-configured Compute Engine VM Instances dashboard. The inventory table now includes a Logging Agent Status column, and the Logging agent can be installed by using a UI workflow from the table.

N2D Machine types are now available in London, europe-west2-a,b. See VM instance pricing for details.

N2D Machine types are now available in Eemshaven, Netherlands, europe-west4-a. See VM instance pricing for details.

Anthos 1.5.1 is now available.

Updated components:

• Anthos GKE on-prem release notes

Anthos GKE on-prem 1.5.1-gke.8 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.5.1-gke.8 clusters run on Kubernetes 1.17.9-gke.4400.

Binary Authorization for GKE on-prem Preview is now available:

• Binary Authorization for GKE on-prem extends centralized Binary Authorization enforcement policies to GKE on-prem user clusters.
• Set up Binary Authorization for GKE on-prem

This release enables customers to generate credential configuration templates by using the gkectl create-config credential command.

Published the best practices for how to set up GKE on-prem components for high availability and how to recover from disasters.

Published the best practices for creating, configuring, and operating GKE on-prem clusters at large scale.

• The following Composer environment database metrics are now available in Cloud Monitoring: CPU usage, CPU cores, CPU utilization, memory usage, memory quota, memory utilization, disk usage, disk quota, disk utilization.

Cloud Run services can now be triggered using Eventarc (available in public preview)

A new multi-region instance configuration is now available in North America - nam7 (Iowa/North Virginia/Oklahoma).

Access levels now support checking the Storage encryption (allowedEncryptionStatuses), Require admin approval (requireAdminApproval) and Require corp owned device (requireCorpOwned) attributes of requests originating from mobile devices.

The ST_GEOGFROMGEOJSON and ST_GEOGFROMTEXT geographic functions support a new make_valid parameter. If set to TRUE, the function attempts to correct polygon issues when importing geography data.

The ST_GEOGFROMTEXT function also supports a new planar parameter. If set to TRUE, the function treats imported WKT geometries as having planar edges.

These new function parameters are in Beta.

Announcing the Alpha release of the Dataproc Persistent History Server, which provides a UI to view job history for jobs run on active and deleted Dataproc clusters.

Cloud SQL for MySQL supports binary logging on read replicas for MySQL versions 5.7 and 8.0.

Added support for externally referencing billing account and organizations in IAMPolicyMember

Added LoggingLogSink resource for creating log sinks at project, folder, and organization scopes

Added ResourceManagerPolicy resource for setting organization policy at project, folder, and organization scopes

For HTTP requests, the httpRequest.remoteIp and httpRequest.serverIp fields can include port information. For example 10.0.0.1:80.