Google Cloud release notes

Access levels now support checking the Storage encryption (allowedEncryptionStatuses), Require admin approval (requireAdminApproval) and Require corp owned device (requireCorpOwned) attributes of requests originating from mobile devices.

The ST_GEOGFROMGEOJSON and ST_GEOGFROMTEXT geographic functions support a new make_valid parameter. If set to TRUE, the function attempts to correct polygon issues when importing geography data.

The ST_GEOGFROMTEXT function also supports a new planar parameter. If set to TRUE, the function treats imported WKT geometries as having planar edges.

These new function parameters are in Beta.

Announcing the Alpha release of the Dataproc Persistent History Server, which provides a UI to view job history for jobs run on active and deleted Dataproc clusters.

For HTTP requests, the httpRequest.remoteIp and httpRequest.serverIp fields can include port information. For example 10.0.0.1:80.

In the Logs Explorer you can now download your logs in JSON and CSV to your computer, Google Drive, or view them in a new tab. To learn more, see Downloading logs.

Cloud Run is now available in the following regions:

• asia-east2 (Hong Kong)
• asia-northeast3 (Seoul, South Korea)
• asia-southeast2 (Jakarta)
• asia-south1 (Mumbai, India)
• europe-west2 (London, UK)
• europe-west3 (Frankfurt, Germany)
• europe-west6 (Zurich, Switzerland)
• southamerica-east1 (Sao Paulo, Brazil)

You can now purchase a custom domain via Cloud Domains using the Cloud Run user interface.

Memory-optimized M1 machine types are available in Frankfurt europe-west3-a,b,c. Memory-optimized M2 machine types are available in Frankfurt, europe-west3-a,b. See VM instance pricing for details.

Announcing the GA (General Availability) release of the Dataproc Ranger Optional Component and the Dataproc Solr Optional Component.

Pub/Sub message ordering is now available in GA.

Announcing the GA (General Availability) release of the Dataproc - Docker Optional Component and the Dataproc - Flink Optional Component.

Document AI Preview released

The following beta and preview features are available in API version v1beta3:

• General processors: Document OCR (Optical Character Recognition), form parser, and document splitter.
• Lending processors: W9, 1040, W2, 1099-MISC, and 1003 parsers, as well as lending document splitter & classifier.

Discount sharing for committed use discounts is now Generally Available. With discount sharing enabled, you can apply your purchased commitments across multiple projects within a single Cloud Billing account. Discount sharing helps you minimize the overhead of managing each of your commitments individually and provides increased flexibility so that you can use the compute options that best suit your needs, while also increasing cost predictability.

• For more information about enabling committed use discount sharing, see Turning on committed use discount sharing.
• For more information on the possible cost savings using committed use discount sharing, see Understanding discount sharing.

• Cloud Build logs from the tenant project are now published in the Composer logs. They are available under the log name build-log-webserver.
• Airflow DAG processor manager logs are now published in the Composer logs. They are available under the log name dag-processor-manager.
• If an update operation fails, links to the specific Cloud Build log will now be included in the error message.
• Compatibility with Domain Restricted sharing has been improved. Upgrading your environment to the newest version of Composer can now enable or disable its compatibility with Domain Restricted Sharing based on your organization policy.

You can now specify a minimum number of container instances to be kept warm and ready to serve requests, for services requiring reduced latency and fewer cold starts.

A new multi-region instance configuration is now available in North America - nam9 (North Virginia/Iowa/South Carolina/Oregon).

Support for 1500 MTU in VPC networks is now Generally available.

Support export sub-command in the config-connector CLI

Add support for the AccessContextManagerServicePerimeter resource

Add support for Folder-level IAM Audit Configs

Support for 1500 MTU in VPC networks is now available in General Availability.

Dynamic SQL is now generally available (GA). Dynamic SQL lets you generate and execute SQL statements dynamically at runtime. For more information, see EXECUTE IMMEDIATE.

BigQuery standard SQL now supports the following new functions. These functions are generally available (GA).

• ASCII
• CHR
• INITCAP
• INSTR
• LAST_DAY
• LEFT
• OCTET_LENGTH
• REGEXP_EXTRACT with 2 additional parameters (position and occurrence)
• REGEXP_INSTR
• REGEXP_SUBSTR
• RIGHT
• SOUNDEX
• TRANSLATE
• UNICODE

BigQuery now supports the following new statements. These statements are generally available (GA).

• CREATE EXTERNAL TABLE
• DROP EXTERNAL TABLE
• ALTER TABLE ADD COLUMN
• EXPORT DATA
• TRUNCATE TABLE

BigQuery standard SQL now supports DATE arithmetics operators.

The following INFORMATION_SCHEMA views are now generally available (GA).

• TABLES
• TABLE_OPTIONS
• COLUMNS
• COLUMN_FIELD_PATHS
• VIEWS
• ROUTINES
• ROUTINE_OPTIONS
• PARAMETERS
• SCHEMATA
• SCHEMATA_OPTIONS

BigQuery now supports Unicode table names. For more information, see Table naming.

Queries can now have duplicate column names.

Compute-optimized (C2) machine types are now available in the following regions and zones:

• Finland: europe-north1-a,b,c
• Seoul: asia-northeast3-a,b,c

See VM-instance-pricing for details.

Sign in with Apple is now supported.

1.4.10-asm.19 is now available

In runtimes that use buildpacks you can now configure aspects of your build by setting build configuration variables. See Using Environment Variables for more information. In Preview.

You can now control egress traffic from a service and route all outbound requests to your VPC network. This allows you to configure a static outbound IP address by leveraging Cloud NAT.

CHECK constraints is now generally available, allowing you to define a boolean expression on the columns of a table and require that all rows in the table satisfy the expression. For more information, see Creating and managing check constraints.

Generated columns support is now generally available, allowing you to define columns that are computed from other columns in a row. For more information, see Creating and managing generated columns.

Cloud Talent Solution has launched the v4 version of the API. Migrate to Cloud Talent Solution v4 by October 14, 2021 to continue using Cloud Talent Solution.

Obtaining the status of the latest transfer operation is in Preview.

GKE on AWS 1.5.0 supports volume snapshots.

You can now allocate 4 vCPUs to container instances of Cloud Run services.

Cloud SQL now offers "deny maintenance periods". With deny maintenance periods, you can prevent automatic maintenance from occurring during a specific time period. For example, the end-of-year holiday season is a time of peak load that requires heightened focus on infrastructure stability for many retail businesses. By setting a deny maintenance period from mid-October to mid-January, these businesses can prevent planned upgrades from Cloud SQL during their busiest time of year.

Cloud SQL for PostgreSQL now offers IAM database authentication to help you better monitor and manage access for users and service accounts to databases. This feature allows users and service accounts to use IAM credentials to log into PostgreSQL instances. To learn more about how IAM database authentication works, see the Overview of Cloud SQL IAM database authentication. To configure an instance, see Configuring instances for IAM database authentication. To create users or service accounts, see Creating and managing users that use IAM database authentication.

Cloud SQL now offers "deny maintenance periods". With deny maintenance periods, you can prevent automatic maintenance from occurring during a specific time period. For example, the end-of-year holiday season is a time of peak load that requires heightened focus on infrastructure stability for many retail businesses. By setting a deny maintenance period from mid-October to mid-January, these businesses can prevent planned upgrades from Cloud SQL during their busiest time of year.

Database auditing in Cloud SQL for PostgreSQL is available through the open-source pgAudit extension. Using this extension, you can selectively record and track SQL operations performed against a given database instance.

The pgAudit extension helps you configure many of the logs often required to comply with government, financial, and ISO certifications.

Cloud SQL now offers "deny maintenance periods". With deny maintenance periods, you can prevent automatic maintenance from occurring during a specific time period. For example, the end-of-year holiday season is a time of peak load that requires heightened focus on infrastructure stability for many retail businesses. By setting a deny maintenance period from mid-October to mid-January, these businesses can prevent planned upgrades from Cloud SQL during their busiest time of year.

N2 machine types are now available in the following four regions and zones:

• Las Vegas: us-west4-a,b,c
• Montréal: northamerica-northeast1-a,b,c
• Finland: europe-north1-a
• Hong Kong: asia-east2-a,b,c

For pricing details, see VM instance pricing.

You can now customize who receives notifications from GCP with Essential Contacts. This feature is available in preview. For more information, see Managing contacts for notifications.

When a container instance needs to be shut down, it now receives a SIGTERM signal. If handled, CPU is allocated for up to 10 seconds before the container is shut down.

Pub/Sub Lite is now available in GA.

The Consent Management API is available in beta.

External HTTP(S) Load Balancing is now supported for App Engine, Cloud Functions, and Cloud Run services. To configure this, you will need to use a new type of network endpoint group (NEG) called a Serverless NEG.

This feature is now available in General Availability.

The following updates to Cloud Spanner standard SQL are now available :

• Support for SELECT * REPLACE and SELECT * EXCEPT syntax.
• Documentation for Net functions.

Support for migrating Windows VM workloads has moved from the Beta stage to general availability.

This release adds full support for migrating Windows VM workloads to the Google Cloud Console, including the ability to create a Windows migration source. See Migrating a Windows VM for more.

Migrate for Anthos provides tools that you run on a Linux or Windows VM workload to determine the workload's fit for migration to a container. See Using the Linux discovery tool and Using the Windows discovery tool for more.

Custom Services Blocklist support added which lets you define a list of services to disable in a migrated container. See Custom Services Blocklist for more.

The image field value of the GenerateArtifactsFlow CRD defines the names and locations of two images created from a migrated VM. In previous releases, the names contained a predefined tag.

To ensure that the tag value is unique, the format of the tag has changed for this release to specify the timestamp of the migration.

You can also explicitly set the tag if you prefer to another value. See Setting the name of the container image for more.

When you deploy your migrated Windows containers to a cluster, you can now use a Group Managed Service Account (gMSA) to execute the container under a specific service account identity. See Configuring gMSA for more.

Event Threat Detection, a built-in service of Security Command Center Premium, now includes two new detectors to monitor your organization's BigQuery resources. The detectors identify data exfiltration - resources saved outside of your organization or attempts to access protected data.

Read more about available detectors in Event Threat Detection conceptual overview.

The Security Command Center API now includes a severity field for Findings. This feature is available using Security Command Center's v1p1beta1 API.

• Added the log entry labels version_id and instance_id to differentiate the logs of different Airflow web server instances.
• Airflow database upgrade logs are now published in the Composer logs under a separate log name.
• Cloud Storage syncing logs are now published together in the Composer logs under a separate log name. They can be separated based further on pod_id.

The Cloud Healthcare API offers single-region support in the southamerica-east1 (Osasco (São Paulo), Brazil) region.

The Cloud Healthcare API offers single-region support in the australia-southeast1 (Sydney, Australia) region.

Add support for the DataflowFlexTemplateJob resource

Add the transformNameMapping field to DataflowJob

Add the auditConfigs field to IAMPolicy

Add the loadBalancerType, datapathProvider, and notificationConfig fields to ContainerCluster

Add the artifacts and options fields to CloudBuildTrigger

Add support for the GRPC protocol for ComputeBackendService

Add logic to auto-trigger server-side apply metadata on resources on K8s clusters with server-side apply enabled (i.e. K8s 1.16+)

Authorized user-defined functions (UDFs) are now generally available (GA). Authorized UDFs let you share query results without giving access to the underlying tables. For more information, see Authorized UDFs.

The Cloud Console now lets you opt in to search and autocomplete powered by Data Catalog. This feature is in beta.

The ability to enable or disable Endpoint-Independent Mapping for your gateway is now available in Preview.

Cloud Run now supports request timeouts up to 60 minutes. However, timeouts greater than 15 minutes are a beta feature.

Added support for Redis AUTH to Memorystore for Redis.

Alerting is now available for Monitoring Query Language (MQL). For more information, see Alerting policies with MQL

You can use OS Login in VPC Service Controls. This feature is in Beta stage support.

Beta stage support for the following integration:

• OS Login

Workload identity (preview) lets you bind Kubernetes service accounts to AWS IAM accounts with specific permissions. Workload identity blocks unwanted access to cloud resources with AWS IAM permissions. With workload identity, you can assign different IAM roles to each workload. Fine grained permissions control allows you to follow the principle of least privilege. For more details, see Creating a user cluster with workload identity

You can now route traffic from the GKE on AWS management service and Connect through an HTTP/HTTPS proxy. For more details, see Using a proxy with GKE on AWS

Improved installation experience

• This version enables installation and upgrade by using any Google Cloud–authenticated service account. You no longer need to be on the allowlist to access GKE on AWS components..

• Additional preflight checks enforce enablement of required Google Cloud APIs. See Google Cloud requirements for more information.

N2D machine types are available in The Dalles, Oregon, in the us-west1-c zone. For more information, see the VM instance pricing page.

C2 machine types are now available in Sydney, Australia australia-southeast1-b. See the VM instance pricing page for details.

Added Cloud IAM support for ComputeImage.

BigQuery table-level access control is now generally available. For more information, see Introduction to table access controls .

N2D machine types are now available in all three zones of us-east1-b,c,d in Moncks Corner, South Carolina. See VM instance pricing for details.

Launched Dataproc integration with Compute Engine sole-tenant nodes, which allows users to create a cluster in a sole-tenant node group.

Added Cloud Console UI support for creating Redis instances with Shared VPC using private services access.

Dataflow now supports Flex Templates in GA.

Firestore now supports the not equals != and not-in query operators.

Time series models now let you change DATA_FREQUENCY from the default value (AUTO_FREQUENCY) when forecasting multiple time series using TIME_SERIES_ID_COL.

Improvements to Cloud CDN's request collapsing behavior: If your deployment serves large objects, these improvements reduce origin load during revalidation and cache fill. Live video workloads will see the largest benefit. For more information, see Support for byte range requests.

Cloud Profiler history view is available in beta. For more information, see Viewing historical trends.

Cloud Run now supports server-side HTTP and gRPC streaming.

You can now use a network tags parameter to add network tags to all worker VMs that execute a particular Dataflow job.

• In-cluster image build logs will now appear in Monitoring under separate log names build-log-*, instead of in the Composer Agent logs.
• You can now set or update machine types for the Airflow web server and Cloud SQL instance for any environment running a Composer version 1.7.2 or newer, regardless of Airflow version.

The NUMERIC data type is now generally available.

Tokyo+Osaka dual-region (asia1) launched.

• New location for storing your data.

N2D machine types are available in The Dalles, Oregon, the us-west1-b zone. For more information, see the VM instance pricing page.

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer.

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer.

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer.

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer.

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer.

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer.

You can use network ingress controls so your app only receives requests that are sent from your project's VPC or that are routed through the Cloud Load Balancing load balancer.

If you use Cloud Load Balancing, you can use network ingress controls so your app only receives requests that are routed through the load balancer.

If you use Cloud Load Balancing, you can use network ingress controls so your app only receives requests that are routed through the load balancer.

If you use Cloud Load Balancing, you can use network ingress controls so your app only receives requests that are routed through the load balancer.

If you use Cloud Load Balancing, you can use network ingress controls so your app only receives requests that are routed through the load balancer.

If you use Cloud Load Balancing, you can use network ingress controls so your app only receives requests that are routed through the load balancer.

If you use Cloud Load Balancing, you can use network ingress controls so your app only receives requests that are routed through the load balancer.

If you use Cloud Load Balancing, you can use network ingress controls so your app only receives requests that are routed through the load balancer.

If you use Cloud Load Balancing, you can use network ingress controls so your app only receives requests that are routed through the load balancer.

If you use Cloud Load Balancing, you can use network ingress controls so your app only receives requests that are routed through the load balancer.

If you use Cloud Load Balancing, you can use network ingress controls so your app only receives requests that are routed through the load balancer.

Filestore backups has launched to beta. Now you can back up your Filestore instances.

M56 release

• Bug fixes for TensorFlow 2.3 add-ons
• Fixes bug affecting BigQuery magic commands in some environments
• Adds a diagnostics tool for AI Platform Notebooks

Anthos 1.5.0 is now available.

Updated components:

• Anthos GKE on-prem release notes

Anthos Config Management now includes Config Connector v1.19.1.

Anthos Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: 15d56e3).

Binary Authorization can now be enabled through the Anthos Config Management Operator. See Setting up with Anthos Config Management for details.

Anthos GKE on-prem 1.5.0-gke.27 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.5.0-gke.27 clusters run on Kubernetes 1.17.9-gke.4400.

Improved upgrade and installation:

• Preflight checks are now blocking with v1 configs for installation and upgrades. Users can use --skip-preflight-check-blocking to unblock the operation.
• Added support for running gkeadm on macOS Catalina, v10.14.
• Enabled installation and upgrade by using any Google Cloud–authenticated service account. This removes the need for allowlisting.
• Improved security by adding support for using an external credential file in admin or user configuration. This enables customers to check in their cluster configuration files in source code repositories without exposing confidential credential information.

Improved HA and failure recovery:

• The user cluster control plane HA feature is now generally available.
• Added kubelet and Docker health monitoring and auto repair to the Node Problem Detector.
• Introduces Node Auto Repair feature in preview to continuously detect and repair unhealthy nodes. This feature is disabled by default (opt-in) in this release.

Improved support for Day-2 operations:

• The gkectl update cluster command is now generally available. Users can use it to change supported features in the user cluster configurations after cluster creation.
• The gkectl update credentials command for vSphere and F5 credentials is now generally available.
• Improves scalability with 20 user clusters per admin cluster, and 250 nodes, 7500 pods, 500 load balancing services (using Seesaw), and 250 load balancing services (using F5) per user cluster.
• Introduces vSphere CSI driver in preview.

Enhanced monitoring with Cloud Monitoring:

• Introduces out-of-the-box alerts for critical cluster metrics and events in preview.
• Out-of-the-box monitoring dashboards are automatically created during installation when Cloud Monitoring is enabled.
• Allows users to modify CPU or memory resource settings for Cloud Monitoring components.

MySQL 5.6.42 is upgraded to 5.6.47.

The Organization policy constraints for Direct Path disablement have launched into beta.