Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list, see the individual product release note pages .
You can see the latest product updates for all of Google Cloud on the Google Cloud release notes page.
To get the latest product updates delivered to you, add the URL of this page to your feed readeropen_in_new, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml
Cloud Interconnect
feature
Cloud Interconnect support for GRE traffic is available in Preview. For more information, see the Cloud Interconnect overview.
Cloud VPN
feature
Cloud VPN support for GRE traffic is available in Preview. For more information, see the Cloud VPN overview.
Compute Engine
feature
Generally Available: NVIDIA® A100 GPUs are now available in the following three regions:
  • Iowa, North America: us-central1-a,b,c
  • Netherlands, Europe: europe-west4-a,b
  • Singapore, APAC: asia-southeast1-c
    For more information, see GPUs on Compute Engine.
feature
Generally Available: Accelerator-optimized (A2) machine types are now available in the following three regions:
  • Iowa, North America: us-central1-a,b,c
  • Netherlands, Europe: europe-west4-a,b
  • Singapore, APAC: asia-southeast1-c
feature
N2D machine types are now available in Frankfurt, europe-west3-c and Hong Kong, asia-east2-a. See VM instance pricing for pricing details.
feature
N2 machine types are now available in Zurich, europe-west6 in all three zones. See VM instance pricing for details.
C2 machine types are now available in Salt Lake City, us-west3 in all three zones. See VM instance pricing for details.
Memory-optimized machine types are now available in Tokyo, asia-northeast1 in all zones. See VM instance pricing for details.
Dataproc
announcement
changed
New sub-minor versions of Dataproc images: 1.3.87-debian10, 1.3.87-ubuntu18, 1.4.58-debian10, 1.4.58-ubuntu18, 1.5.33-centos8, 1.5.33-debian10, 1.5.33-ubuntu18, 2.0.6-centos8, 2.0.6-debian10, and 2.0.6-ubuntu18.
changed
Image 2.0: Upgraded Spark to version 3.1.1
Identity and Access Management
changed
Tags are now generally available. You can attach tags to resources, then use the tags to manage access to your resources.
Resource Manager
feature
The Organization Policy Service v2 API has launched into general availability.
feature
Tags have been launched into general availability. For more information, see the Tags overview.
AI Platform (Unified) Speech-to-Text
feature
Speech-to-Text has launched the Model Adaptation feature. You can now create custom classes and build phrase sets to improve your transcription results.
Cloud Logging
changed
Suggested queries is now generally available (GA). To learn more, go to Suggested queries.
Config Connector
announcement
Config Connector version 1.42.0 is now available.
changed
Increase resource limits of webhook, recorder and deletiondefender workloads
On upgrade, ensure that your cluster has sufficient CPU/Memory to allocate if you have seen Pod Unschedulable errors
changed
Added operation field into ContainerNodePool
fixed
Ensure that CLI will not terminate on particular problematic resources when on-error is set with ignore or continue
fixed
Miscellaneous bug fixes
SAP on Google Cloud
announcement
The Google Storage Backint agent for SAP HANA has been updated to version 1.0.8. You can now upload backups to Cloud Storage faster using the Backint agent parallel upload function.
For more information, see Parallel uploads.
App Engine standard environment Java
changed
  • Updated Java SDK to version 1.9.87.
  • Upgraded to Jetty 9.4.38 to fix CVE-2020-27223.
App Engine standard environment Node.js
feature
The Node.js 14 runtime for the App Engine standard environment is now generally available.
BigQuery ML
changed
BigQuery ML now supports training for DNN/Boosted Tree models in the Iowa (us-central1) region.
Cloud Billing
feature
List cost and Unrounded cost columns now available in the Cost Table report
We've added two columns of data to the Cost table report: List cost and Unrounded cost.
  • List cost: The List cost column is available for Cloud Billing accounts associated with a negotiated pricing contract, and represents the monthly cost of your cloud usage calculated using list prices. If your account has negotiated, custom pricing, you can compare List cost amounts to Cost amounts to determine how much you are saving with your negotiated prices.
  • Unrounded cost: The Unrounded cost column contains the calculated cost of the usage to a precision of up to six decimal places. Unrounded costs can be helpful when analyzing your cost details and understanding the source of any discrepancies due to rounding.
For more information on the Cost table report, see View and download the cost details of your invoice or statement.
Cloud Composer
changed
New versions of Cloud Composer images:
  • composer-1.15.0-airflow-1.10.14
  • composer-1.15.0-airflow-1.10.12 (default)
  • composer-1.15.0-airflow-1.10.10
feature
DAG serialization is enabled by default in new environments created for Cloud Composer versions 1.15.0 and later. Upgrading an existing environment to 1.15.0 does not change the existing DAG serialization settings.
changed
When creating new environments, enabling asynchronous DAG loading disables DAG serialization.
changed
Before creating or updating an environment, Cloud Composer checks that required APIs are enabled in a project and that CIDR blocks specified for VPC Native and Private IP are valid. If these requirements are not met, Cloud Composer reports an error and the operation does not start. This change is available only for new Cloud Composer environments.
fixed
Environment deletion operations no longer fail when Artifact Registry API is disabled.
fixed
Fixed a bug that caused upgrades to fail during an in-cluster build in public IP environments.
fixed
Environment creation operations no longer fail in Private IP configurations that use Customer Managed Encryption Keys (CMEK).
fixed
The environment creation process now aborts early on any web server deployment failure.
fixed
Improved error reporting for web server deployment failures. App Engine errors that occur during the deployment are now marked as web server deployment errors.
Cloud Spanner
feature
Cloud Spanner provides a new metric, CPU Utilization by operation types, which breaks down CPU usage by user-initiated operations. For more information, see CPU utilization metrics.
Network Intelligence Center
feature
Connectivity Tests now includes a feature that verifies connectivity by sending probes. This feature, which is in Preview, is available for VM-to-VM tests. In the Google Cloud console, you can see the results of this analysis in the column labeled Last packet transmission result. In the gcloud command-line and API responses, you can see the results in the probingDetails object. This feature complements the existing configuration analysis feature, which evaluates reachability by assessing your network's configuration.
VPC Service Controls
feature
Beta stage support for the following integration:
Cloud Build
feature
Users can now create triggers to execute builds in response to events published to a Pub/Sub topic. For more information see, Creating Pub/Sub triggers.
Pub/Sub
feature
Pub/Sub push subscriptions can now be created with Cloud Run service endpoints protected by VPC Service Controls. This feature is available in the Preview launch stage.
Channel Services
feature
(v1alpha1 only) This release includes the new LookupOffer method.
LookupOffer displays the Offer for an entitlement. This provides a programmatic way to pull the pricing details of any online offer, including expired offers and special sales proposals that are unavailable through the ListOffers endpoint.
Network Connectivity Center
feature
Router appliance for Network Connectivity Center is available in Preview.
Channel Services
feature
(v1alpha1 only) This release includes the new ImportCustomer method.
ImportCustomer replaces CreateCustomer as the first step of a Transfer. You can use this method to import customer information using their domain or Cloud Identity ID.
Cloud Load Balancing
feature
You can now use the gcloud compute url-maps validate command to test advanced route configurations such as routing based on headers and query parameters, HTTP to HTTPS redirects, and URL rewrites.
You can also use this command to independently run tests without saving changes to the URL map. This protects live traffic to your production services and prevents any unintended interruptions due to URL map misconfigurations.
This feature is now available in General Availability.
Cloud Run
changed
The ability to specify a minimum number of container instances to be kept warm and ready to serve requests is now at general availability (GA).
Cloud Vision
issue
EXIF rotation feature fix
This fix will disable EXIF rotation, a feature activated by the model update mentioned in the November 11, 2020 release note. This feature affects the DOCUMENT_TEXT_DETECTION and TEXT_DETECTION features.
EXIF rotation will be turned down on March 22, 2021. If your usage relies on this specific behavior, please file a feature request to us.
Dataproc
announcement
Dataproc 2.0 image version will become a default Dataproc image version in 1 week on March 15, 2021.
Security Command Center
changed
Security Health Analytics, a built-in service of Security Command Center, launched new detectors in general availability:
Detects resources that are not using customer-managed encryption keys (CMEK)
  • BUCKET_CMEK_DISABLED
  • DISK_CMEK_DISABLED
  • NODEPOOL_BOOK_CMEK_DISABLED
  • SQL_CMEK_DISABLED
Detects vulnerabilities in Compute Engine instances
  • DEFAULT_SERVICE_ACCOUNT_USED
  • SHIELDED_VM_DISABLED
Detects publicly accessible Cloud KMS keys
  • KMS_PUBLIC_KEY
Detects out-of-region Compute Engine resources
  • ORG_POLICY_LOCATION_RESTRICTION
Detects misconfiguration of SQL instances
  • SQL_CROSS_DB_OWNERSHIP_CHAINING
  • SQL_CONTAINED_DATABASE_AUTHENTICATION
  • SQL_CROSS_DB_OWNERSHIP_CHAINING
  • SQL_LOCAL_INFILE
  • SQL_LOG_CHECKPOINTS_DISABLED
  • SQL_LOG_CONNECTIONS_DISABLED
  • SQL_LOG_DISCONNECTIONS_DISABLED
  • SQL_LOG_LOCK_WAITS_DISABLED
  • SQL_LOG_MIN_DURATION_STATEMENT_ENABLED
  • SQL_LOG_MIN_ERROR_STATEMENT
  • SQL_LOG_TEMP_FILES
For more information on these and other Security Health Analytics detectors, see Vulnerabilities findings.
changed
Event Threat Detection, a built in service of Security Command Center, launched a preview for a new detector.
Service account self-investigation detects when a service account is used to investigate roles associated with that same service account. For more information on Event Threat Detection detectors, see Event Threat Detection conceptual overview.
announcement
Documentation
  • Security Health Analytics documentation now includes more detailed information about detectors, including supported assets and scan configurations. For more information, see Vulnerabilities findings.
  • The Security Health Analytics remediation page now includes suggested instructions to resolve all Security Health Analytics findings. For more information, see Remediating Security Health Analytics findings.
  • Event Threat Detection documentation now includes additional details on cloud logs used by the service. For more information, see Event Threat Detection conceptual overview.
VPC Service Controls
feature
Preview for the following integration:
changed
Beta stage support for the following integration:
Transcoder API
AI Platform Deep Learning Containers
feature
M65 release
  • Upgraded tensorflow-cloud to 0.1.13.
  • Regular package refreshment and bug fixes.
AI Platform Deep Learning VM Image
feature
M65 release
  • Added support for DooD (Docker outside of Docker) in Dataflow notebooks container images.
  • Upgraded tensorflow-cloud to 0.1.13.
  • Regular package refreshment and bug fixes.
AI Platform Training
feature
AI Platform Training now provides pre-built PyTorch containers for PyTorch 1.7.
In addition to training with CPUs or GPUs, you can use one of the PyTorch 1.7 containers to perform PyTorch training with a TPU.
Cloud CDN
announcement
Support for item request coalescing is now Generally Available.
Item request coalescing allows multiple requests for a small object to be coalesced (collapsed) into a single origin request for the same cache key into a single origin request per edge node.
This enhances Cloud CDN's existing request coalescing behaviour for large objects, such as video and file downloads.
To enable request coalescing for your Cloud CDN enabled backends, visit the documentation.
Cloud Composer
changed
New versions of Cloud Composer images:
  • composer-1.14.5-airflow-1.10.14
  • composer-1.14.5-airflow-1.10.12 (default)
  • composer-1.14.5-airflow-1.10.10
changed
Improved the logging of Airflow exceptions. Full Python tracebacks for Airflow exceptions are reported and marked as errors in the logs.
fixed
Fixed a potential infinite loop in the airflow-monitoring pod. Environment health checks no longer get stuck after certain types of environment update operations.
fixed
Fixed the cause of failures when creating Qwiklabs environments.
fixed
When creating environments, unmet network requirements for pods and services cause the operation to fail immediately. Previously, the operation failed when a timeout was reached.
fixed
Cloud Composer acquires existing environment resources if they are available during an upgrade operation. Before, the operation could fail with the "ALREADY_EXISTS" error in some cases.
fixed
Added a precondition check for upgrade operations. This check verifies that GKE control plane can reach GKE nodes. Previously, if there was a networking problem with communication between the control plane and GKE nodes, the operation failed on a timeout.
fixed
Fixed a problem with airflow-monitoring not having logs after changing the machine type for GKE Cluster in a Cloud Composer environment.
fixed
PyPI packages can now be installed in Cloud Composer versions 1.11.0 and 1.11.1.
Cloud Run
feature
You can now use VPC Service Controls with Cloud Run to set up a secure perimeter to guard against data exfiltration. (Available in public preview.)
Cloud SQL for MySQL
feature
The following MySQL minor versions have been upgraded:
  • MySQL 5.6.47 is upgraded to 5.6.50
  • MySQL 5.7.25 is upgraded to 5.7.32
feature
Cloud SQL for MySQL now supports flexible instance configurations. Compared to our predefined machine types, flexible instance configurations offer you the extra freedom to configure your instance with the specific number of vCPUs and GB of RAM that fits your workload. To set up a new instance with a flexible instance configuration, see our documentation here.
Config Connector
announcement
Config Connector version 1.41.0 is now available.
feature
Added targetGRPCProxyRef field in ComputeForwardingRule.
feature
Added insightsConfig field in SQLInstance.
feature
Added transitEncryptionMode field in RedisInstance. Also added serverCaCerts to the status of RedisInstance.
fixed
Updated the format of the version tag to v0.0.0 so that Config Connector v1.41.0 and above can be fetched as a Go module. (Issue #408open_in_new)
Dataproc
changed
New sub-minor versions of Dataproc images: 1.3.86-debian10, 1.3.86-ubuntu18, 1.4.57-debian10, 1.4.57-ubuntu18, 1.5.32-centos8, 1.5.32-debian10, 1.5.32-ubuntu18, 2.0.5-debian10, and 2.0.5-ubuntu18
changed
Image 2.0:
fixed
Fixed a bug where YARN applications launched by Hive jobs were not correctly tagged, leading to missing YARN application status from job state.
fixed
Fixed the permission for mounted SSD Hadoop directories.
Google Cloud VMware Engine
security
Added security bulletin for the VMware Engine response to VMware security advisory VMSA-2021-0002.
Memorystore for Redis
feature
Support for In-transit encryption on Memorystore for Redis is now Generally Available.
AI Platform Notebooks
changed
New Notebooks instances add labels for VM image (goog-caip-notebook) and volume (goog-caip-notebook-volume).
Anthos Service Mesh
feature
1.9.1-asm.1 is now available. Anthos Service Mesh 1.9 includes the features of Istio 1.9 subject to the list of Anthos Service Mesh supported features.
feature
Google-managed control plane is now available as a public preview feature. This feature lets you move from managing istiod in your clusters to configuring the control plane as a service. Google will manage the availability, scalability and security of the control plane.
Using the managed control plane also simplifies multi-cluster mesh configuration and reduces the Kubernetes Engine privileges needed to install Anthos Service Mesh. For more information see Configuring the Google-managed control plane.
feature
Anthos Service Mesh for Compute Engine VMs is now available as a public preview feature. With this new feature you can manage, observe, and secure services running on both Compute Engine Managed Instance Groups and Kubernetes Engine clusters in the same mesh. You can mix and choose the best environment to run your services while enjoying the benefits of Anthos Service Mesh.
This feature also improves security and usability by letting you use Compute Engine service accounts for mTLS authentication to other Compute Engine VMs and Kubernetes Engine Pods. For more information see the documentation.
announcement
Anthos Service Mesh 1.5 is no longer supported. For more information see Supported versions.
Compute Engine
changed
The VM instance details page for Compute Engine now offers a guided installation path for Monitoring agents when they are not detected.
Identity and Access Management
feature
For workload identity federation, available in beta, you can now use updated client libraries for C++, Go, Java, Node.js, and Python to automatically obtain Google credentials.
For details, see the documentation for your identity provider:
Cloud Run
feature
Cloud Run reports a new Cloud Monitoring metric: Instance count, which counts the number of container instances that exist, broken down by state (active or idle).
Cloud Spanner
feature
Cloud Spanner now supports point-in-time recovery (PITR), which lets you recover data from a specific point in time in the past.
Dataproc Metastore
fixed
Fixed a bug where specifying a Cloud Storage URI without an object would return an internal error.
fixed
Fixed metastore.googleapis.com/service/health metric not showing up for some services.
Dialogflow
feature
Dialogflow now supports VPC Service Controls for both CX and ES agents.
Error Reporting
changed
Error Reporting has been updated to only analyze logs that are stored in global buckets in the same project where they are ingested. For more information, see Using Error Reporting with regionalized logs.
AI Platform (Unified)
changed
CMEK compliance using the client libraries
You can now use the client libraries to create resources with a customer-managed encryption key (CMEK).
For more information on creating a resource with an encryption key using the client libraries, see Using customer-managed encryption keys (CMEK).
BigQuery
changed
Updated version of Magnitude Simba ODBC driver includes bug fixes, performance improvements, and enhancements such as support for dynamic SQL and additional DDL and DML keywords.
changed
Updated version of Magnitude Simba JDBC driver includes bug fixes and performance improvements.
Cloud Composer
feature
GA: Support for the Airflow Role-Based Access Control (RBAC) UI is now generally available.
feature
GA: Support for Resource location restrictions and Data Residency is now generally available.
Dataproc
feature
Added the --cluster-labels flag to gcloud dataproc jobs submit to allow submitting jobs to a cluster that matches specified cluster labels. Also see Submitting a Dataproc job.
SAP on Google Cloud
announcement
Version 1.1 of the Google Cloud monitoring agent for SAP NetWeaver is now available. This new version removes automatic updates so that you can control when new versions are applied to your system. It also adds support for Bare Metal Solution environments.
For information about the new update method, see Updating the monitoring agent for SAP NetWeaver.
announcement
New SAP certifications: For SAP NetWeaver, the following Compute Engine virtual machine types that use the AMD CPU platform are certified by SAP:
  • n2d-standard-128
  • n2d-standard-224
  • n2d custom machine type vCPU limit increased to 96
For more information, see:
Cloud Run
feature
Cloud Run is now available in the following regions:
  • us-west2 (Los Angeles)
  • us-west3 (Salt Lake city)
  • us-west4 (Las Vegas)
Cloud Run for Anthos
changed
Cloud Run for Anthos on Google Cloud version 0.20.0-gke.6 is now available for the following GKE minor versions:
  • 1.19
  • 1.20
Events for Cloud Run for Anthos version 0.18.1-gke.108 is now available for the following GKE minor versions:
  • 1.19
  • 1.20
Cloud Scheduler
changed
The maximum job size (payload) is now 1 MB total, including ~1KB request overhead.
Cloud Spanner
feature
You can now optionally receive the mutation count for a transaction in the commit response to optimize the transactions while staying within the mutation count limit. For more information, see Retrieving commit statistics for a transaction.
Dataproc
announcement
Dataproc 2.0 image version will become a default Dataproc image version in 2 weeks on March 15, 2021.
Google Cloud Armor
feature
Google Cloud Armor Managed Protection Plus Tier is in General Availability. Managed Protection Plus Tier offers a monthly subscription that includes all of the features of Standard Tier, and bundles Google Cloud Armor WAF policy, rules, HTTP request usage, and named IP lists.
Pub/Sub
feature
Pub/Sub message schemas are now available in the Preview launch stage.
SAP on Google Cloud
announcement
The preview release of version 2 of the Google Cloud monitoring agent for SAP HANA is now available. Version 2.0 represents a complete refactoring of the monitoring agent for SAP HANA.
deprecated
Version 1.0 of the Google Cloud monitoring agent for SAP HANA is deprecated. For new installations, use the Google Cloud monitoring agent for SAP HANA V2.0.
Support for version 1 of the monitoring agent for SAP HANA ends on December 31, 2021.
For information about version 2, see Monitoring agent for SAP HANA V2.0 planning guide.
Text-to-Speech
feature
Text-to-Speech has launched Beta support of new SSML tags: <phoneme>, <mark>, <lang>, <voice>, and <say-as interpret-as="duration"> to specify durations. See the phonemes for a list of phonemes available for your language.
fixed
Support for the <prosody> SSML tag has been enhanced to produce continuous TTS when possible.
  • Text-to-speech has resolved an issue that affected how volume changes are calculated, resulting in different but correct behavior.
  • Text-to-speech has resolved an issue that affected how pitch changes are calculated, resulting in different but correct behavior.
fixed
Text-to-Speech has improved the continuity of mixed-media results. Now when you mix text and sounds within a <s>/<s> block, Text-to-Speech generates a much shorter pause and better transition between the synthesized speech and the sound.
announcement
Text-to-Speech has improved its handling of speech synthesis requests sent using SSML markup. These improvements might affect your applications in backward-incompatible ways. If your application is affected and you would like to temporarily opt out of the improved SSML model in order to make adjustments, please fill out this form.
fixed
Text-to-Speech has improved the verbalization and pacing of phone numbers.
Anthos Anthos clusters on VMware
feature
Anthos clusters on VMware (GKE on-prem) 1.6.2-gke.0 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.6.2-gke.0 clusters run on Kubernetes 1.18.13-gke.400.
fixed
Fixed in 1.6.2-gke.0:
  • Fixed a kubelet restarting issue that was found when running workloads that rely on kubectl exec/port-forward/attach, such as Jenkins.
  • Fixed CVE-2021-3156 in the node operating system image. CVE-2021-3156 is described in Security bulletins.
feature
GKE on-prem 1.4.5-gke.0 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.4.5-gke.0 clusters run on Kubernetes 1.16.11-gke.11.
fixed
Fixed in 1.4.5-gke.0:
Anthos clusters on bare metal
feature
Anthos on bare metal 1.6.2 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos on bare metal 1.6.2 runs on Kubernetes 1.18.
fixed
Fixes:
  • Updated custom resource API to reject changes to Cluster and NodePool configuration fields that are not currently supported. For a list of supported mutable fields, see Configuration in Known Issues.
  • Updated bmctl to allow creating or upgrading Anthos clusters on bare metal to the current bmctl version (1.6.2) only. For more information about version restrictions, see Installation in Known Issues.
  • Fixed an issue that caused the automatic reset of bare metal machines to fail after deleting the user cluster.
  • Added preflight check to verify that control group v2, or cgroup v2 for short, is not in use on the cluster machine. Anthos on bare betal 1.6.x is incompatible with cgroup v2. For more information, see Control group v2 incompatibility in Known Issues.
  • Updated csi-snapshot-validation-webhook to support certification rotation. For more information about certificate rotation, see Security in Known Issues.
  • Fixed an issue to prevent constant patching for snapshot.storage.k8s.io CRDs.
  • Fixed a Certificate Signing Request (CSR) issue with kubelet to ensure fully qualified domain name(FQDN) hostnames are supported.
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
Artifact Registry
feature
Support for Python packages in private PyPI repositories is now in alpha. This feature is only available to alpha users. If you are interested in joining the alpha, fill in the sign up form.
  • See the quickstart to get started.
  • Learn more about working with Python packages in the overview.
Config Connector
announcement
Config Connector version 1.40.0 is now available
feature
Added support for DataprocAutoscalingPolicy (no config-connector CLI support, expected Q2)
feature
Added support for DataprocCluster (no config-connector CLI support, expected Q2)
feature
Added support for DataprocWorkflowTemplate (no config-connector CLI support, expected Q2)
feature
Added support for MemcacheInstance
feature
New field for ComputeInstance: nicType
feature
New fields for ComputeInstanceTemplate: nicType and resourcePolicies
feature
New status field for BigQueryJob: status
fixed
Go client is no longer nested under generated folder.
Dataproc
changed
New sub-minor versions of Dataproc images: 1.3.85-debian10, 1.3.85-ubuntu18, 1.4.56-debian10, 1.4.56-ubuntu18, 1.5.31-centos8, 1.5.31-debian10, 1.5.31-ubuntu18, 2.0.4-debian10, and 2.0.4-ubuntu18
changed
Image 2.0: Upgraded Spark to 3.1.1 RC2 version
changed
Allow stopping clusters that have autoscaling enabled, and allow enabling autoscaling on clusters that are STOPPED, STOPPING, or STARTING. If you stop a cluster that has autoscaling enabled, the Dataproc autoscaler will stop scaling the cluster. It will resume scaling the cluster once it has been started again. If you enable autoscaling on a stopped cluster, the autoscaling policy will only take effect once the cluster has been started (see Starting and stopping clusters).
changed
Deactivated mysql and hive-metastore components for clusters created with a Dataproc Metastore service on an image that has the DISABLE_COMPONENT_HIVE_METASTORE and DISABLE_COMPONENT_MYSQL capabilities.
fixed
Image 1.3 - 1.5: HIVE-18871: hive on Tez execution error due to set hive.aux.jars.path to hdfs://
Recommender
feature
The product suggestion recommender helps you to optimize your Cloud usage by providing you with product suggestions. This can help you improve performance and security, and manage your resources better.
Resource Manager
feature
Project migration between organizations is now a self-serve process in public preview. For more information, see Migrating projects.
Transcoder API
feature
Sprite sheets now support different image compression levels with the new quality setting.
feature
Sprite sheets now preserve the source aspect ratio. Set the sprite width or height field, but not both (the API will automatically calculate the missing field).
feature
The API now supports video padding with black.
Virtual Private Cloud
feature
Hierarchical firewall policies are now available in General Availability.
AI Platform (Unified)
feature
AI Platform (Unified) now supports Access Transparency in beta. Google Cloud organizations with certain support packages can use this feature. Learn more about using Access Transparency with AI Platform (Unified).
changed
The client libraries for Node.js and Python now include enhancements to improve usage of training and prediction features. These client libraries include additional types and utility functions for sending training requests, sending prediction requests, and reading prediction results.
To use these enhancements, you must install the latest version of the client libraries.
changed
The predict and explain method calls no longer require the use of a different service endpoint (for example, https://us-central1-prediction-aiplatform.googleapis.com). These methods are now available on the same endpoint as all other methods.
feature
In addition to Docker images hosted on Container Registry, you can now use Docker images hosted on Artifact Registry and Docker Hub for custom container training on AI Platform.
changed
The Docker images for pre-built training containers and pre-built prediction containers are now available on Artifact Registry.
Anthos Config Management
feature
Hierarchy Controller now includes a preview of Hierarchical Resource Quotas (HRQs). HRQs are drop-in replacements for Kubernetes Resource Quotas, but apply to resources in both a namespace as well as all of its descendants. To learn more, see Using hierarchical resource quotas.
fixed
The Anthos Config Management Operator Deployment now specifies resources.limits for config-management-operator:manager.
changed
This release note was updated on March 5, 2021. The update removed information about a feature that is not yet available.
issue
Config Sync multi-repo mode can't sync Git repositories using ssh as the authentication method. To workaround the issue, see Syncing from multiple repositories.
Anthos GKE on AWS
announcement
Anthos clusters on AWS 1.6.2-gke.0 is now available.
Anthos clusters on AWS 1.6.2-gke.0 clusters run the following Kubernetes versions:
  • 1.16.15-gke.5302
  • 1.17.9-gke.6402
  • 1.18.10-gke.902
To upgrade your clusters, perform the following steps:
fixed
This release fixes an issue where the management service fails to start when provided with a KMS alias.
fixed
Bug fixes and security improvements.
BigQuery
feature
BigQuery materialized views are now generally available (GA). BigQuery materialized views are now generally available (GA). Materialized views are precomputed views that periodically cache the results of a query, enhancing performance and efficiency, and reducing costs, particularly for aggregated queries. For more information, see Introduction to materialized views.
BigQuery BI Engine
feature
BigQuery BI Engine now interacts with popular BI tools such as Looker, Tableau, and more, by means of an SQL interface. You must enroll to participate in the preview.
Cloud Composer
changed
New versions of Cloud Composer images:
  • composer-1.14.4-airflow-1.10.14
  • composer-1.14.4-airflow-1.10.12 (default)
  • composer-1.14.4-airflow-1.10.10
changed
When an environment update operation cannot start, an error message that lists possible causes for the error is generated.
changed
Improved the syncing of DAGs and plugins to the Airflow web server. DAG parsing is now less likely to break because of race conditions.
changed
Added FreeTDS system package to Cloud Composer images.
changed
Updated apache-beam package version to 2.24.0 in Airflow 1.10.10 so that Dataflow jobs now correctly create partitioned BigQuery tables. Airflow versions 1.10.12 and 1.10.14 already have apache-beam version 2.27.0 installed.
changed
Upgraded apache-airflow-backport-providers-google package to version 2021.2.5 in Airflow 1.10.12 and 1.10.14. This is potentially a breaking change because the package contains updates of Python Google Cloud libraries. For a list of new operators and for more information about breaking changes, see the 2021.2.5 release notes.
changed
The google-cloud-pubsublite package is installed by default in Composer images for Airflow 1.10.12 and 1.10.14.
changed
Improved the reliability of environment upgrade operations. Added new retrying procedures and enhanced existing ones.
fixed
Fixed the cause of several update-related errors.
fixed
When an environment deletion operation fails, a correct GKE error is displayed. Before, a different GKE error was displayed in some cases.
fixed
The Airflow scheduler liveness checker is now compatible with google-cloud-logging==2.2.0.
fixed
Fixed an error when some MsSQL operators were not working with Azure instances.
fixed
Fixed an error in GKE cluster builds. In private IP environments, an additional nodepool no longer remains after an update.
Compute Engine
feature
Preview: You can now use the gcloud command-line tool to import images from AWS into Google Cloud. For more information, see Importing images from AWS.
Firestore Memorystore for Memcached
feature
General Availability release of Memorystore for Memcached.
Secret Manager
feature
Event notifications is now available in Preview.
Event notifications sends information about changes to your secrets and secret versions to Pub/Sub. These notifications can be used to trigger arbitrary workflows, such as restarting an application when a new secret version is added, or notifying security engineers when a secret is deleted.
BigQuery Data Transfer Service
changed
The BigQuery Data Transfer Service's 1-hour minimum file age requirement for transfers from Cloud Storage has been eliminated.
Cloud Composer
feature
GA: Support for Customer Managed Encryption Keys (CMEK) is now generally available.
Cloud SQL for MySQL
changed
Cloud SQL now offers faster maintenance, with average connectivity loss lasting 90 seconds or less on average. See more about maintenance timelines.
Cloud SQL for PostgreSQL
changed
Cloud SQL now offers faster maintenance, with average connectivity loss lasting 90 seconds or less on average. See more about maintenance timelines.
Cloud Tasks
changed
Maximum push task size is now increased to 1 MB.
Identity and Access Management
feature
You can now use Policy Simulator to simulate policy changes before you apply them. This feature is available in Preview.
Private Catalog
feature
Private Catalog supports Terraform. Admins can create and curate Terraform configurations as solutions for their catalogs. Learn more
Pub/Sub
feature
An Apache Spark connector is now available for Pub/Sub Lite, allowing you to read messages from Pub/Sub Lite in your Spark clusters.
Pub/Sub Lite
feature
An Apache Spark connector is now available for Pub/Sub Lite, allowing you to read messages from Pub/Sub Lite in your Spark clusters.
Anthos Service Mesh
fixed
1.8.3-asm.2 is now available.
This patch release contains the same bug fixes that are in Istio 1.8.3. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:
BigQuery Data Transfer Service
changed
The BigQuery Data Transfer Service's minimum interval time between recurring transfers from Cloud Storage has been reduced from one hour to 15 minutes.
Channel Services
feature
Reseller Billing Account name is now available in the Offer resource.
For Google Cloud Platform offers, you can use this field to map an offer to the Reseller Billing Account name from Cloud Console.
changed
In the CreateCustomer and PatchCustomer endpoints, the addressLines field is now required for customer.orgPostalAddress.
This field is optional in v1alpha1.
changed
In the CheckCloudIdentityAccountsExist method, CloudIdentityAccounts now returns an empty list instead of a 404 error if the domain does not match an existing Cloud Identity.
In v1alpha1, this returns a 404 error.
Migrate for Anthos
fixed
180576558: Fixed an issue where the Linux discovery tool calculated an incorrect score.
fixed
Fixed an issue where using an Envoy proxy sidecar, not as part of Istio or Anthos Service Mesh, created networking issues with the migrated workload.
Virtual Private Cloud
feature
The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in General Availability. This feature presently only GA for individual VM instances. Support for instance templates and managed instance groups is still Preview.
Cloud Billing
feature
Optimal Recommendations for Compute Engine committed use discounts are now Generally Available. Recommendations provide you opportunities to optimize your compute costs by analyzing your VM spending trends and recommending committed use discount contracts.
Recommendations are presented in two forms:
  • Optimal recommendations are based on overall usage and might cover resources that are not on all the time.
  • Stable usage recommendations cover minimum stable usage over time.
For understanding and purchasing committed use discount recommendations, see the documentation.
Cloud Data Fusion
deprecated
Cloud Data Fusion Beta instances (versions 6.1.0.2 and lower that were created before November 21, 2019) will be turned down on March 1, 2021. Instead, export your pipeline, delete the old instance to avoid billing impact, create a new instance, and import your pipeline into the new instance.
Cloud SQL for PostgreSQL
feature
The following PostgreSQL minor versions are now available. If you use maintenance windows, you might not yet have the minor version. In this case, you will see the new minor version once your maintenance update occurs. To find your maintenance window or manage maintenance updates, see Finding and setting maintenance windows.
  • PostgreSQL 9.6.19 is upgraded to 9.6.20.
  • PostgreSQL 10.14 is upgraded to 10.15.
  • PostgreSQL 11.9 is upgraded to 11.10.
  • PostgreSQL 12.4 is upgraded to 12.5.
  • PostgreSQL 13 is upgraded to 13.1.
Config Connector
announcement
Config Connector version 1.39.0 is now available
feature
Alpha release of Go types and clients for Config Connector resources
feature
Added support for CloudSchedulerJob resource
fixed
Reverted webhook port to 443 to alleviate forwarding rule issue on GKE private clusters
fixed
Fixed issue with aggressive retrying of failed updates leading to exhausting quota
fixed
Fixed issue with ArtifactRegistryRepository always failing to update
Dataproc
announcement
Dataproc 2.0 image version will become a default Dataproc image version in 3 weeks on March 15, 2021.
AI Platform Deep Learning Containers
feature
M64 release
  • Upgraded TensorFlow 2.4 to 2.4.1.
  • Upgraded TFX and Fairness Indicators from 0.26.0 to 0.27.0.
  • Miscellaneous bug fixes and updates.
deprecated
Swift For TensorFlow
  • The Swift For TensorFlow project is entering archive mode. Containers will be deprecated and will no longer receive updates after this release.
AI Platform Deep Learning VM Image
feature
M64 release
  • Upgraded TensorFlow 2.4 to 2.4.1.
  • Upgraded TFX and Fairness Indicators from 0.26.0 to 0.27.0.
  • Added the Fast.ai book tutorials to Pytorch images.
  • Enabled gVNIC for all DLVM images.
  • Miscellaneous bug fixes and updates.
deprecated
Swift For TensorFlow
  • The Swift For TensorFlow project is entering archive mode. Swift images will be deprecated and will no longer receive updates after this release.
Dataproc Metastore
changed
Hive configuration overrides are rejected if either the key or value contains a newline or "<" character.
fixed
Fixed a bug where services would fail to create in projects with project IDs that contain the colon "(:)" character.
issue
Logs query builder doesn't work when selecting location and service ID.
deprecated
The MetadataImport.DatabaseDump.source_database field is deprecated. It will be removed from the v1beta API channel no earlier than August 18, 2021.
Google Cloud Armor
feature
Google Cloud Armor Adaptive Protection is available in Public Preview. Adaptive Protection builds machine-learning models that help you protect your Google Cloud applications, websites, and services against L7 distributed denial-of-service (DDoS) attacks.
Google Cloud VMware Engine
announcement
Added upfront prepay option for 3-year and 1-year commitment contracts. VMware Engine provides an option to unlock up to 50% off the hourly rate savings on resources through the prepay upfront option. Contact Sales for more information.
Cloud Logging
changed
Cloud Logging agent for Windows version 1-14 is now available. This version changes the default Windows configuration from using gRPC to REST for sending logs to the Cloud Logging API. For more information, refer to the release information on GitHub.
Dialogflow
feature
Dialogflow ES now supports the europe-west1 (Belgium) region.
Compute Engine
feature
Preview: Predictive autoscaling for managed instance groups lets you improve the availability of your workloads by using Machine Learning to predict future demand and create virtual machines ahead of forecasted load.
Google Cloud VMware Engine
feature
Added password management of the CloudOwner@gve.local user for vCenter and the admin user for NSX-T Manager. VMware Engine generates a password for these users when you deploy a private cloud. You can view and reset credentials from the private cloud details page.
feature
Added the ability to peer multiple VPCs with private clouds in a region. This improvement enables you to establish a many-to-many relationship between your VPCs and regions.
feature
Added support for global DNS name resolution for management components of your private cloud using Cloud DNS. You can set up Cloud DNS to resolve domain names of management components of multiple private clouds (in the same or different regions) in your project.
For more information, see Configuring DNS for vCenter access.
changed
Updated private cloud nodes so that the ESXi advanced parameter fakescsireservation and MAC learning are now enabled by default. This allows creation of a nested ESXi environment on your private cloud.
fixed
Added missing release notes for previous region launches of VMware Engine resources:
  • Montréal, Québec (northamerica-northeast1)
  • São Paulo, Brazil (southamerica-east1)
  • Jurong West, Singapore (asia-southeast1)
  • Eemshaven, Netherlands (europe-west4)
  • Sydney, Australia (australia-southeast1)
  • London, England (europe-west2)
  • Tokyo, Japan (asia-northeast1)
  • Frankfurt, Germany (europe-west3)
AI Platform Training
breaking
The default boot disk type for virtual machine instances used for training jobs has changed from pd-standard to pd-ssd. Learn more about disk types for custom training and read about pricing for different disk types.
Note that for training jobs where you don't specify a DiskConfig, pricing does not change. This is because the first 100 GB of disk for each VM do not incur any charge, regardless of disk type.
BigQuery
feature
BigQuery now supports exporting table data in Parquet format. This feature is in Preview. For more information, see Parquet export details.
Cloud Composer
feature
GA: Setting and updating machine types for CloudSQL/Web Server is now generally available.
feature
GA: Support for Domain restricted sharing is now generally available.
breaking
Cloud Composer 1.14.3 release was rolled back. If you have an environment that was created with a composer-1.14.3-airflow-* image, you can later upgrade it to a newer version.
Cloud DNS
feature
Managing response policies and rules in Cloud DNS is available in Preview.
Cloud Load Balancing
feature
Zonal NEGs (with GCE_VM_IP network endpoints) can now be used as backends for internal TCP/UDP load balancers. For more information on this type of zonal NEG, see Zonal NEGs overview.
This feature is in Preview.
Dataproc
changed
New sub-minor versions of Dataproc images: 1.3.84-debian10, 1.3.84-ubuntu18, 1.4.55-debian10, 1.4.55-ubuntu18, 1.5.30-centos8, 1.5.30-debian10, 1.5.30-ubuntu18, 2.0.3-debian10, and 2.0.3-ubuntu18
fixed
Fixed a bug that prevented Dataproc on GKE cluster creation.
Dataproc Metastore
security
You must now have storage.objects.get permission on the Cloud Storage object in order to import metadata from the Cloud Storage file.
Identity and Access Management
feature
You can now use IAM conditions to set limits on the roles that a member can grant and revoke. This feature is generally available.
SAP on Google Cloud
feature
For SAP HANA host auto-failover, version 2.0 of the gceStorageClient is now available with a new human-readable name: Google Cloud Storage Manager for SAP HANA Standby Nodes (Storage Manager for SAP HANA for short). The new version uses RPM Package Manager for installation and updates, and supports all versions of SAP HANA that are in mainstream maintenance.
deprecated
Version 1.n releases of the gceStorageClient for SAP HANA host auto-failover are deprecated.
If you are using a version 1.n release, upgrade to version 2.0 of the gceStorageClient, the Google Cloud Storage Manager for SAP HANA Standby Nodes, at your earliest convenience, but before support is discontinued.
Version 1.n releases of the gceStorageClient will be supported until December 31, 2021.
To determine which version you are running, see Deprecation of version 1.n releases of the storage manager for SAP HANA.
VPC Service Controls
feature
Preview release of Ingress and egress rules for VPC Service Controls.
Dataproc
announcement
Dataproc 2.0 image version will become a default Dataproc image version in 4 weeks on March 15, 2021.
Anthos Service Mesh
fixed
1.6.14-asm.1 is now available.
This patch release contains a fix for CVE-2021-3156. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:
BigQuery
changed
BigQuery standard SQL queries on Google Cloud Storage data are now supported by cached query results.
Compute Engine
feature
Google Virtual NIC (gVNIC) driver is now generally available. For more information, see Using Google Virtual NIC.
Cloud Composer
breaking
To upgrade environments that are deployed with VPC service controls, you must add Artifact Registry to the service perimeter and configure an additional firewall rule for *.pkg.dev.
For other types of environments, if your firewall configuration does not use the default rules, you might need to add a firewall rule for *.pkg.dev as well.
Cloud Healthcare API
feature
It is now possible to view the details of in-process long-running operations (LRO) from within the Healthcare Browser in the Cloud Console.
Kf
feature
Added support for Node Selector.
feature
Added support for Task.
feature
Added feature flags enable_dockerfile_builds, enable_custom_buildpacks and enable_custom_stacks.
feature
Added --as and --as-group global flags to support impersonation.
feature
Added health-check-http-endpoint flag to kf push command.
changed
Changed the kf CLI to use kubectl kubeconfig loading logic.
changed
Made hostname as an optional field when creating a route.
fixed
Make routes available in VCAP_APPLICATION.
changed
Updated the Tekton version to 0.19.0.
AI Platform Training
feature
Runtime version 2.4 is now available. You can use runtime version 2.4 to train with TensorFlow 2.4.1, scikit-learn 0.24.0, or XGBoost 1.3.1. Runtime version 2.4 supports training with CPUs, GPUs, or TPUs.
Cloud Asset Inventory
feature
New resource types now available.
The following resource types are now publicly available through the asset inventory APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API.
  • Compute Engine
    • compute.googleapis.com/Commitment
    • compute.googleapis.com/Reservation
Cloud Build
feature
Users can now create triggers that execute builds in response to webhook events, including events from external source code management services. To learn more, see Creating webhook triggers and Building repositories hosted on Bitbucket Server.
Cloud SQL for MySQL
feature
The Cloud SQL Admin API v1beta4 is now generally available. The URL for the Admin API will continue to refer to v1beta4 for backward compatibility. To start using the Cloud SQL Admin API now, see Using the Cloud SQL Admin API.
Cloud SQL for PostgreSQL
feature
The Cloud SQL Admin API v1beta4 is now generally available. The URL for the Admin API will continue to refer to v1beta4 for backward compatibility. To start using the Cloud SQL Admin API now, see Using the Cloud SQL Admin API.
Cloud SQL for SQL Server
feature
The Cloud SQL Admin API v1beta4 is now generally available. The URL for the Admin API will continue to refer to v1beta4 for backward compatibility. To start using the Cloud SQL Admin API now, see Using the Cloud SQL Admin API.
Cloud Healthcare API
feature
It is now possible set the value of the writeDisposition enum when exporting FHIR resources.
Config Connector
announcement
Config Connector version 1.38.1 is now available
fixed
Miscellaneous bug fixes
Dataproc
changed
New sub-minor versions of Dataproc images: 2.0.2-debian10, and 2.0.2-ubuntu18.
changed
Image 2.0:
  • Upgraded Spark built-in Hive to version 2.3.8.
  • Upgraded Druid to version 0.20.1
  • HIVE-24436: Fixed Avro NULL_DEFAULT_VALUE compatibility issue.
  • SQOOP-3485: Fixed Avro NULL_DEFAULT_VALUE compatibility issue.
  • SQOOP-3447: Removed usage of org.codehaus.jackson and org.json packages.
fixed
Fixed a bug for beta clusters using a Dataproc Metastore Service where using a subnetwork for the cluster resulted in an error.
Firestore
feature
Firestore now offers beta support for C++ through the Firebase C++ SDK.
Identity and Access Management
feature
You can now attach tags to resources, then use the tags to manage access to your resources. This feature is available in Preview.
issue
If you run one of the gcloud tool's add-iam-policy-binding commands, and the IAM policy contains conditional role bindings for that role, the gcloud tool prompts you to choose one of the condition expressions that exists in the policy. If you choose a condition expression that contains a comma, the command fails.
To work around this issue, use the --condition flag to specify a condition expression on the command line.
Migrate for Compute Engine
feature
Added support for the balanced disk type to the GcpDiskType runbook field when migrating in batches with waves. See Runbook reference for more.
Resource Manager
feature
Tags have released into public preview. Tags provide a way to conditionally allow or deny policies based on whether a resource has a specific tag. You can use tags and conditional enforcement of policies for fine-grained control across your resource hierarchy. For more information, see the Tags overview.
issue
If you run one of the gcloud tool's add-iam-policy-binding commands, and the IAM policy contains conditional role bindings for that role, the gcloud tool prompts you to choose one of the condition expressions that exists in the policy. If you choose a condition expression that contains a comma, the command fails.
To work around this issue, use the --condition flag to specify a condition expression on the command line.
AI Platform Deep Learning Containers
feature
M63 release
AI Platform Deep Learning VM Image
feature
M63 release
  • Nvidia driver is upgraded to 450.80.02.
  • TFX version is upgraded to 0.26.1.
  • Regular package refreshment and bug fixes.
Cloud Healthcare API
feature
The Cloud Healthcare API now supports getting HL7v2 messages in bulk. See Retrieving HL7v2 messages in bulk.
Cloud Logging
changed
Logging truncates oversized LogEntry label keys and values. For details, see Quotas and limits.
Cloud Spanner
feature
The Cloud Spanner Console now displays database storage utilization and warns you if you are approaching the recommended limit. For more information, see storage utilization metrics.
Dataproc
announcement
Dataproc 2.0 image version will become a default Dataproc image version in 5 weeks on March 15, 2021.
App Engine standard environment Java
changed
Removed data logging in the deprecated endpoints library.
Cloud Billing
feature
PayPal now available as a form of payment in many countries
If you have an online, auto-pay Cloud Billing account, you might be able to add PayPal as a form of payment on that account.
To learn if PayPal is available for your Cloud Billing account in your country or region, visit one of these tools:
To learn how to update the form of payment on your online, auto-pay Cloud Billing account, see Add, remove, or update a payment method.
Config Connector
changed
Config Connector version 1.38.0 is now available
feature
Added resourceID support to: ContainerCluster, ContainerNodePool, SourceRepoRepository and AccessContextManager resources
fixed
config-connector bulk-export now operates on LoggingLogSink resources
changed
Increased CPU and Memory limit for ConfigConnector Operator
Security Command Center
changed
Security Command Center's v1 API now includes a Severity field for Findings.
The Severity field indicates the severity of a finding, as determined by the finding provider, and is included with all findings. The field is managed by finding providers and you are cautioned to not modify its values.
Uses for the field include listing findings of a certain severity level or grouping findings by severity level.
Read Using the Security Command Center dashboard to learn more about findings and finding severity.
changed
Event Threat Detection, a built-in service of Security Command Center Premium, has launched previews for two new detectors.
IAM: Anomalous IP geolocation and IAM: Anomalous user agent detect anomalous connections to Google Cloud resources based on location and user agent, respectively.
Read more about available detectors in Event Threat Detection conceptual overview.
announcement
Documentation
App Engine standard environment Java
changed
  • Updated Java SDK to version 1.9.85.
  • Removed deprecated File APIs.
  • Updated Jetty web server to version 9.4.36.v20210114.
Cloud Functions
feature
There is now a security level feature for HTTP functions that controls whether the function's URL supports HTTPS only, or both HTTP and HTTPS.
Cloud Healthcare API
feature
The Quickstart using curl or Windows PowerShell has been updated with additional information on storing and viewing DICOM, FHIR, and HL7v2 data.
Cloud Scheduler
feature
Two new headers, X-CloudScheduler-JobName and X-CloudScheduler-ScheduleTime, have been added to the default headers for AppEngineHttpTarget and HttpTarget. These can be used to help with job deduplication.
Anthos GKE on AWS
changed
GKE on AWS 1.6.1-gke.2 is now available.
GKE on AWS 1.6.1-gke.2 clusters run the following Kubernetes versions:
  • 1.16.15-gke.5301
  • 1.17.9-gke.6401
  • 1.18.10-gke.901
To upgrade your clusters, perform the following steps:
feature
Snapshots now collect AWS EFS logs from user cluster nodes.
fixed
Bug fixes and performance improvements.
Cloud Build
feature
Cloud Composer
changed
Timeouts for environment upgrade operations are increased.
security
fixed
On a failed environment upgrade operation, the created CloudSQL database is now correctly rolled back.
fixed
Create and update operations for environments no longer fail if your account doesn't have the serviceusage.services.get permission.
fixed
Fixed SQL operation conflicts that were occurring during environment upgrade operations.
fixed
Upgrade operations that might have resulted in a semi-upgraded environment state when the operation timeout was reached are now correctly rolled back and errors are reported.
fixed
You can now enable and disable RBAC in environments with installed custom PyPI packages.
changed
New versions of Cloud Composer images:
  • composer-1.14.2-airflow-1.10.14
  • composer-1.14.2-airflow-1.10.12 (default)
  • composer-1.14.2-airflow-1.10.10
Cloud Data Fusion
feature
Preview: You can now replicate data continuously and in real time from operational data stores, such as SQL Server and MySQL, into BigQuery.
Cloud Load Balancing
feature
Identity-Aware Proxy (IAP) is supported with Internal HTTP(S) Load Balancing. This support is available in General Availability.
Dataflow
feature
Dataflow now supports Dataflow Shuffle, Streaming Engine, FlexRS, and the following regional endpoints in GA:
  • asia-east2 Hong Kong
  • asia-northeast2 - Japan (Osaka)
  • asia-northeast3 - Seoul
  • asia-southeast2 - Jakarta
  • europe-north1 - Finland
  • us-west3 - Salt Lake City
  • us-west4 - Las Vegas
Dataproc Metastore
feature
You can now create Dataproc Metastore services in cross-product networks (shared VPC).
feature
Dataproc Metastore now suppports the use of non-RFC 1918 private IP address ranges in metastore services.
feature
New Cloud Monitoring service metric is now available:
  • metastore.googleapis.com/service/request_count
feature
You can now update the description of metadata imports under a Dataproc Metastore service.
fixed
Fixed an issue in which a service could get stuck in the UPDATING state.
fixed
Fixed an issue where Cloud Storage buckets with single character directories would fail request validation.
Anthos Service Mesh
fixed
1.8.2-asm.2 is now available.
This patch release contains the same bug fixes that are in Istio 1.8.2. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:
changed
The install_asm script lets you reinstall the same version
You can use the install_asm script when you need to reinstall the same Anthos Service Mesh version to change the control plane configuration. For more information, see the following:
Artifact Registry
feature
On-Demand Scanning is available in Preview. You can manually scan Docker container images stored locally on your computer or remotely in Artifact Registry. To get started with manual scanning, see On-Demand Scanning quickstart
BigQuery
changed
Updated version of Magnitude Simba JDBC driver includes bug and security fixes and enhancements for additional DDL keywords and dynamic SQL.
Cloud Load Balancing
feature
For internal TCP/UDP load balancers, you can create multiple forwarding rules with the same IP address. The forwarding rules can have different protocols and ports. This feature is available in General Availability.
Compute Engine
feature
Generally Available: Sole-tenant nodes now support GPUs and local SSDs. For more information, see Sole-tenant nodes.
feature
Generally Available: Specify when maintenance begins on VMs in a sole-tenant node group. For more information, see Planned maintenance.
Container Registry
feature
On-Demand Scanning is available in Preview. You can manually scan container images stored locally on your computer or remotely in Container Registry. To get started with manual scanning, see On-Demand Scanning quickstart
Dialogflow
feature
Several new Dialogflow CX prebuilt agents have been launched. All of these prebuilt agents only support English at this time. The complete list of pre-built agents is currently:
  • Financial services agent (new)
  • Healthcare agent
  • Order and account management agent
  • Payment arrangement agent
  • Small talk agent (new)
  • Telecommunications agent (updated)
  • Travel: baggage claim agent (new)
  • Travel: car rental agent
  • Travel: flight information agent
AI Platform (Unified) AI Platform Notebooks
feature
Notebooks Terraform Module supports Notebooks API v1
AI Platform Training
feature
You can now use E2, N2, and C2 machine types for training. Learn about the specific machine types available for training, and learn about their pricing.
Cloud Billing
changed
Invoices are now simpler, providing only your cost totals. View your cost details in the Cost Table and other reports in the Cloud Console.
Beginning with your January 2021 invoice or statement (available in February 2021), we removed all cost details from your invoice and statement documents, including product-level costs and costs by subaccounts (for Resellers). Invoices and statements will continue to provide header information, such as business mailing address and billing account number, the cost totals for the invoice or statement period, and remittance information.
The cost details of your invoice or statement are available in the Cloud Console, in the downloadable Cost Table report. The Cost Table report reconciles to the invoice totals and includes the product-level costs and costs by subaccounts (for Resellers), along with additional details you might need, such as costs by projects, services, SKU IDs, and labels. You can also analyze your usage costs using the Reports page or create custom reports using your exported Cloud Billing data.
For guidance on using these reports, see:
feature
Cloud Billing Budgets now shows your historic cost trends when you're planning your budget .
In the Cloud Billing Console, the Cloud Billing Budget creation and edit experience has been updated to include a cost trend chart showing your summarized costs by month for the previous 12 months, helping you visualize how your targeted budget amount is tracking with your spend. Your cost trend chart will show different results based on the budget filters you set (for example, filtering on specific projects or services).
You can use the chart to identify previous spending trends and help forecast future needs as you plan your budget. If you need more detailed insights, the chart is linked to the Cloud Billing Reports page; the link uses the same filters you set on your budget to configure your report view.
For more information on the cost trend chart, see Set budgets and budget alerts.
Cloud Key Management Service
feature
Cloud EKM adds support for Dataflow shuffle and Secret Manager. For more information, see Cloud External Key Manager.
Cloud Run for Anthos
changed
Cloud Run for Anthos on Google Cloud version 0.19.0-gke.1 is now available for the following GKE minor versions:
  • 1.18
  • 1.19
  • 1.20
Compute Engine
feature
NVIDIA® T4 GPUs are now available in the following additional regions and zones:
  • Jakarta, Indonesia, APAC: asia-southeast2-a,b
For more information about using GPUs on Compute Engine, see GPUs on Compute Engine.
feature
Preview: You can now use schedule-based autoscaling from the Google Cloud Console.
feature
N2D machine types are now available in London, zone europe-west2-c. For pricing information, see VM instance pricing.
feature
You can now create instances with up to 24 local SSD partitions for 9 TB of local SSD space using N1, N2, and N2D machine types. This is Generally available. For more information, see Local SSD 9 TB maximum capacity.
feature
Preview: You can now create virtual machines for high performance computing (HPC) workloads using the HPC VM image.
Dataproc
announcement
Dataproc 2.0 image version will become a default Dataproc image version in 3 weeks on February 22, 2021.
Dialogflow
feature
Migrate for Anthos
feature
Released a fix, rolling out gradually and taking full effect 2/5/2021, for a migctl setup installation that fails on a GKE cluster when the automatically created bucket already exists.
feature
Released a fix, rolling out gradually and taking full effect 2/5/2021, for a migctl crash when kubectl is not in PATH.
Cloud CDN
feature
Cloud CDN now supports serving stale content and the ability to bypass the cache based on request header(s).
Serving stale content lets Google's global cache continue to serve content to users when your origin server is unreachable or is returning errors to Cloud CDN. You can configure how long Cloud CDN will serve content beyond expiry by setting the serveWhileStale value for each backend service or bucket.
These features are available when configuring Cloud CDN enabled backend services and backend buckets in the Cloud Console, in addition to the gcloud SDK and REST API.
These features are available in Preview .
Cloud Composer
feature
Preview: You can now configure Cloud Composer to use Artifact Registry instead of Container Registry.
Anthos clusters on bare metal
feature
Anthos on bare metal 1.6.1 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos on bare metal 1.6.1 runs on Kubernetes 1.18.6-gke.6600.
changed
Functionality changes:
  • Added upgrade support from 1.6.0. Users are able to upgrade existing Anthos bare metal cluster from 1.6.0 to 1.6.1.
  • Improved upgrade preflight check. Added preflight check before cluster upgrade to validate current cluster status, machine health and other issues before proceeding to upgrade.
  • Added support for deleting mounts and data from the anthos-system StorageClass during bmctl reset.
  • Relaxed the requirement for an odd number of control plane node pools to allow customers to add and remove nodes for maintenance or replacement.
  • Added support to force removing a broken worker node through annotation on the operator machine.
  • Added etcddefrag pod to control-plane nodes, which are responsible for monitoring etcd's database size and defragmenting the database as needed. This helps reclaim etcd database size and recover etcd when its disk space is exceeded.
  • Enabled kubelet server TLS certification auto-rotation. Kubelet on each node sends out CSR when nearing serving certificate expiration. A controller running inside the admin cluster validates and approves the CSR for user clusters.
  • Added proxy support to connect to the OIDC provider. This allows overriding the cluster proxy configuration with a different proxy.
  • Added bmctl update cluster for updating standalone clusters.
fixed
Fixes:
  • Fixed bug causing cluster deletion stall problem because of pods refusing to evacuate, or dead nodes.
BigQuery
feature
Clustered tables now support the DATETIME type for clustering columns. For more information, see Creating and using clustered tables. This feature is generally available.
Cloud Asset Inventory
feature
New resource types now available.
The following resource types are now publicly available through the resource search API (SearchAllResources), policy search API (SearchAllIamPolicies), and analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).
  • BigQuery
    • bigquery.googleapis.com/Table
  • Cloud Bigtable
    • bigtableadmin.googleapis.com/Cluster
    • bigtableadmin.googleapis.com/Instance
    • bigtableadmin.googleapis.com/Table
  • Pub/Sub
    • pubsub.googleapis.com/Topic
    • pubsub.googleapis.com/Subscription
    • pubsub.googleapis.com/Snapshot
  • Compute Engine (Note that Compute Engine types cover zonal, regional, and global resources.)
    • compute.googleapis.com/Reservation
    • compute.googleapis.com/Commitment
    • compute.googleapis.com/ExternalVpnGateway
    • compute.googleapis.com/NetworkEndpointGroup
    • compute.googleapis.com/NodeGroup
    • compute.googleapis.com/NodeTemplate
    • compute.googleapis.com/PacketMirroring
    • compute.googleapis.com/Project
    • compute.googleapis.com/ResourcePolicy
    • compute.googleapis.com/SslPolicy
    • compute.googleapis.com/VpnGateway
  • Dataflow
    • dataflow.googleapis.com/Job
feature
New resource types now available.
The following resource types are now publicly available through the resource search API (SearchAllResources), and policy search API (SearchAllIamPolicies).
  • Cloud SQL
    • sqladmin.googleapis.com/Instance
  • Cloud Storage
    • storage.googleapis.com/Bucket
  • Google Kubernetes Engine
    • container.googleapis.com/NodePool
feature
New searchable fields now available.
The following searchable fields are now publicly available through the resource search API (SearchAllResources).
  • kmsKey
  • state
  • createTime
  • updateTime
feature
New resource types now available.
The following resource types are now publicly available through the asset inventory APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API.
  • Service Directory
    • servicedirectory.googleapis.com/Namespace
Cloud Healthcare API
feature
The Cloud Healthcare API offers single-region support in the us-east4 (North Virginia) region.
Cloud Logging
changed
Cloud Logging has increased the number of entries.write API calls from 60,000 to 120,000 per minute. For more information on quotas and limits, see Quotas and limits.
Dataflow
announcement
Flex templates now support updating streaming jobs and Flexible Resource Scheduling (FlexRS).
feature
Dataflow snapshots are now available in Preview.
Dataproc
changed
New sub-minor versions of Dataproc images: 1.3.83-debian10, 1.3.83-ubuntu18, 1.4.54-debian10, 1.4.54-ubuntu18, 1.5.29-centos8, 1.5.29-debian10, 1.5.29-ubuntu18, 2.0.1-debian10, and 2.0.1-ubuntu18.
changed
Image 2.0:
AI Platform Training
feature
You can now use NVIDIA A100 GPUs and several accelerator-optimized (A2) machine types for training. You must use A100 GPUs and A2 machine types together.
A100 GPUs and A2 machine types are available in preview. Learn about their pricing.
Anthos Config Management
feature
Hierarchy Controller is upgraded to include HNC v0.7.0. This release introduces Exceptionsopen_in_new. Exceptions let you use Kubernetes label selectors to precisely control where certain objects are propagated.
This release also removes support for the v1alpha1 API. If you were using Hierarchy Controller 1.5.1 or earlier, you must either update to Hierarchy Controller 1.5.2 or 1.6.0, and follow the HNC v0.6.0 directionsopen_in_new to upgrade to v1alpha2.
fixed
The nomos status output has been fixed for multi-repo clusters to show git.syncBranch when git.syncRev is not specified (git.syncRev defaults to HEAD) to provide a consistent experience with mono-repo clusters.
fixed
The nomos status output has been fixed for multi-repo clusters to distinctly show status of multiple namespace repos synced to the clusters.
Cloud Billing
feature
Pricing report access updated to allow Billing Account Users to view a version of the report
The Pricing report provides SKU prices for Google's cloud services, including Google Cloud, Google Maps Platform, and Google Workspace. Prior to this update, you could access the report only if you were a Billing Account Administrator or a Billng Account Viewer. Now, Billing Account Users can also access the report.
The data displayed in your report is dependent on your level of access to your Cloud Billing account. For more information, see View and download prices for Google's cloud services.
Cloud Composer
changed
The default Airflow version for Composer images changes from 1.10.10 to 1.10.12.
deprecated
Airflow 1.10.9 is no longer included in Cloud Composer images.
fixed
Updated google-auth package version to 1.24.0 in Cloud Composer images so that it works with VPC Service Controls. Earlier versions of google-auth caused multiple DAG execution errors when used with VPC SC.
fixed
Updated pyarrow package version to 2.0.0 in Cloud Composer images to fix an error in BigQueryHook and Pandas integration. Earlier versions of pyarrow caused the to_pandas() got an unexpected keyword argument 'timestamp_as_object' error.
changed
New versions of Cloud Composer images:
  • composer-1.14.1-airflow-1.10.14
  • composer-1.14.1-airflow-1.10.12 (default)
  • composer-1.14.1-airflow-1.10.10
Cloud SQL for PostgreSQL
feature
Query Insights is now generally available. Query Insights helps you detect, diagnose, and prevent query performance problems for Cloud SQL databases. It provides self-service, intuitive monitoring, and diagnostic information that goes beyond detection to help you to identify the root cause of performance problems.
Compute Engine
announcement
Manage your operating system environments by using VM Manager. VM Manager is a suite of services for reviewing, patching, and configuring your operating systems across both Linux and Windows VMs. For more information, see VM Manager.
Secret Manager
feature
Secret Manager Expiration is available for all customers via public preview.
Anthos Anthos clusters on VMware
feature
Anthos clusters on VMware (GKE on-prem) 1.6.1-gke.1 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.6.1-gke.1 clusters run on Kubernetes 1.18.13-gke.400.
fixed
Fixes:
  • Fixed a bug where the user cluster upgrade is blocked if the vcenter resource pool is neither directly nor indirectly specified (that is, if the vcenter resource pool is inherited and is the one used by the admin cluster) in the configs.
  • Fixed CVE-2020-15157 and CVE-2020-15257 in containerd.
  • Fixed an issue where upgrading the admin cluster from 1.5 to 1.6.0 breaks 1.5 user clusters that use any OIDC provider and that have no value for authentication.oidc.capath in the user cluster configuration file.
Cloud Data Fusion
announcement
Cloud Data Fusion Beta instances (versions 6.1.0.2 and lower that were created before November 21, 2019) will be turned down on March 1, 2021. Instead, export your pipeline, create a new instance, and import your pipeline into the new instance. This note is incorrect; see entry for February 18, 2021.
Config Connector
announcement
Config Connector version 1.37.0 is now available.
changed
Added a column Status Age showing the last transition time for the value in Status, and added the column Age back to the default output of kubectl get for all Config Connector resources. Improved the value at Status and Ready columns to match against the condition name.
feature
Added resourceID support for ArtifactRegistryRepository, Bigtable resources, DataflowJob, DNS resources, Monitoring resources, RedisInstance, ResourceManagerLien, SecretManagerSecret, Spanner resources, StorageTransferJob.
fixed
Fixed the issue with the legacy Common Name field on x509 certificate. Config Connector should be working on clusters of K8s 1.19+. (Issue #335open_in_new)
Dialogflow
feature
Dialogflow CX beta launch of Experiments to compare the performance of flow versions to a control version while handling live traffic.
Cloud Billing
changed
The Cloud Billing Committed Use Discounts (CUD) Analysis report has been updated to include spend-based CUDs, allowing you to easily visualize the effectiveness and financial impact of discounts you have purchased. See the documentation for more details. Learn more about spend-based committed use discounts.
Eventarc
announcement
Eventarc is now Generally Available (GA).
Speech-to-Text
feature
Speech-to-Text now supports regional EU and US endpoints. See the multi-region endpoints documentation for more information.
AI Platform Deep Learning Containers
announcement
General Availability
AI Platform Deep Learning Containers is now generally available.
deprecated
Python 2
Python 2 is no longer supported in Deep Learning Containers. Read more about Python 2 support on Google Cloud.
feature
M62 release
  • Upgraded TensorFlow 2.3 to 2.3.2
  • Upgraded TensorFlow 2.1 to 2.1.3
  • Miscellaneous bug fixes and updates
AI Platform Deep Learning VM Image
deprecated
Python 2
Python 2 is no longer supported in Deep Learning VM Image. Read more about Python 2 support on Google Cloud.
feature
M62 release
  • Upgraded TensorFlow 2.3 to 2.3.2
  • Upgraded TensorFlow 2.1 to 2.1.3
  • Miscellaneous bug fixes and updates
Dataflow
feature
GPU support on Dataflow is currently available in Preview. To enroll in this Preview offering, contact Support or Sales.
Dataproc
announcement
Dataproc 2.0 image version will become a default Dataproc image version in 4 weeks on February 22, 2021.
Migrate for Anthos
feature
Previous releases of Migrate for Anthos required that you used Google Container Registry (GCR) and Google Cloud Storage for data repositories. This release adds support for additional repositories, including ECR, S3, and Docker registries that support basic authentication. See Defining data repositories for more.
feature
In many on-prem environments, outbound internet access is tightly controlled through the use of an HTTPS proxy server. If your environment uses a proxy server to control outbound internet access, then you can now configure Migrate for Anthos to use that proxy server. See Configuring an HTTPS proxy for more.
feature
Migrate for Anthos now includes the deployment_spec.yaml file in artifacts.zip for Windows migrations. You can use the deployment_spec.yaml file to deploy your migrated Windows workloads. See Deploying a Windows workload to a target cluster for more.
feature
Support added for using Anthos clusters on AWS as processing clusters to perform migrations of AWS workloads. This feature is in preview. See Prerequisites for migrating Linux VMs on AWS for more.
changed
Removed support for the --password option to the migctl command when creating a migration source on Anthos clusters on VMware:
migctl source create local-vmware local-vmware-src --vc '1.2.3.4' --username 'admin' --password 'pass1'
You are now prompted to enter the password. See Adding a migration source for more.
issue
172414359: Exporting multiple cloned VMs simultaneously from the same source might fail.
Workaround: Re-run the migctl migration generate-artifacts command again.
issue
174655315: A migration might stop responding when generating artifacts and remain in the retrying state. You might also see this error in the logs or in the verbose migration status:
D 2020-12-01T18:43:53Z SHELL ERROR: '2020/12/01 18:43:53 appending [/tarlayer/layer.tar.gz]: reading tar "/tarlayer/layer.tar.gz": flate: corrupt input before offset 681999708'
Workaround: Re-run migctl migration generate-artifacts.
issue
175000470: When adding a source when using a service account without the compute.disks.create permission, the source becomes ready but the migration will fail to create disks.
Workaround: Make sure that service account has the compute.disks.create permission.
issue
174299021: When creating a migration source or executing a migration, you might see this error:
"Error: Internal error occurred: failed calling webhook "vmigration.kb.io": Post https://controllers-webhook-service.v2k-system.svc:443/validate-anthos-migrate-cloud-google-com-v1beta2-migration?timeout=30s: unexpected EOF"
Workaround: Recreate the source or migration.
issue
171686793: The migctl setup upgrade --gkeop command might create a new ImageRepositiry or ArtifactRepository object that lacked Google Cloud access credentials.
Workaround: Use the following command to upgrade the cluster:
migctl setup upgrade --json-key key
Where key is the JSON key for the service account required for migctl installation. See Configuring service accounts.
issue
If you try to mount a secret on a deployed pod you will not be able to access it in /run/secrets. This is typically an issue when giving workload identity permissions to the pod (where a secret is added by Kubernetes to hold the workload identity credentials).
The contents of the secrets directory are in /kubernetes-info/secrets.
Workaround: Run the following command on the deployed pod:
ln -s /kubernetes-info/secrets /run/secrets
If the /run mount gets deleted (by a process in the pod, or by a pod reset), you might have to run the command again.
issue
178469863: Running migctl setup install with either the --node-selector or --tolerations flag returns an error.
Note: Running the migctl setup install command with both flags succeeds. This error only occurs when using one flag.
Workaround: Run migctl setup install without the option, and then manually add the nodeSelectors or tolerations to CSI and Controller pods. See Creating and managing cluster labels and Controlling scheduling with node taints for more.
issue
If you delete the configuration for a Docker image file registry, create a new one with a different configuration name. You cannot recreate a configuration with the name of a previously deleted configuration.
This issue affects Docker image file registries implemented by using GCR or by using Docker registries using basic auth. It does not affect ECR. See Defining data repositories for more information.
Workaround: Use the migctl docker-registry update command to modify an existing configuration rather than deleting it and recreating it.
Network Connectivity Center
feature
Network Connectivity Center is now available in Preview.
For more information, see the Network Connectivity Center overview.
VPC Service Controls
feature
Preview for the following integration:
Workflows
feature
Workflows is now Generally Available (GA).
feature
Workflows Connectors are now available in public preview.
AI Platform Notebooks
announcement
VPC-SC for Notebooks is now Generally Available
feature
Notebooks API supports Shielded VM configuration
Cloud Composer
breaking
  • If you run DAGs using Pandas and BigQuery in Composer version 1.14.0 and Airflow version 1.10.14, you must update the pyarrow PyPI package to version 1.0.0 or higher and apache-beam to version 2.27.0 or higher.
changed
  • New versions of Cloud Composer images: composer-1.14.0-airflow-1.10.9, composer-1.14.0-airflow-1.10.10, composer-1.14.0-airflow-1.10.12, and composer-1.14.0-airflow-1.10.14. The default is composer-1.14.0-airflow-1.10.10. Upgrade your Cloud SDK to use features in this release.
feature
  • The max-pods-per-node parameter configures the maximum number of pods per node in the GKE cluster. You can set this parameter when you create a new environment. This feature is available in Google Cloud SDK and Beta API.
feature
  • You can now specify maintenance windows for your environments. GKE cluster and SQL database are updated only during the specified period. This feature is available in Google Cloud SDK and Beta API.
changed
  • The maximum number of pods per node in the GKE cluster changes from 100 to 32. This change affects all newly created environments. You can use the max-pods-per-node parameter when creating an environment to increase or decrease the number of pods.
Cloud Logging
changed
The Logs Explorer now provides a higher degree of contrast that improves readability.
Compute Engine
feature
NVIDIA® T4 GPUs are now available in the following additional regions and zones:
  • Jurong West, Singapore, APAC: asia-southeast1-a
For more information about GPU availability on Compute Engine, see GPU regions and zones availability.
Config Connector
announcement
Config Connector version 1.36.0 is now available
changed
Added a column 'Ready' showing the value of the .status.conditions0, and associated Status to the default output of kubectl get for all Config Connector resources.
feature
Added support for referencing an organization to IAMCustomRole.
feature
Added a new sub-command to the CLI, config-connector print-resources which shows all config connector resources and their associated level of export and bulk-export support.
changed
Reduce the memory usage of deletiondefender and controller-manager in high-scale scenarios (1000+ resources under management).
feature
Added resourceID support to the Compute resources.
Dataproc
announcement
Announcing the General Availability (GA) release of Dataproc 2.0 images. This image will become the default Dataproc image version on February 22, 2021.
breaking
2.0 image clusters:
You can no longer pass the dataproc:dataproc.worker.custom.init.actions.mode property when creating a 2.0 image cluster. For 2.0+ image clusters, dataproc:dataproc.worker.custom.init.actions.mode is set to RUN_BEFORE_SERVICES. For more information, see Important considerations and guidelines—Initialization processing.
breaking
2.0 image clusters:
In 2.0 clusters, yarn.nm.liveness-monitor.expiry-interval-ms is set to 15000 (15 seconds). If the resource manager does not receive a heartbeat from a NodeManager during this period, it marks the NodeManager as LOST. This setting is important for clusters that use preemptible VMs. Usually, NodeManagers unregister with the resource manager when their VMs shut down, but in rare cases when they are be shut down ungracefully, it is important for the resource manager to notice this quickly.
changed
New sub-minor versions of Dataproc images: 1.3.82-debian10, 1.3.82-ubuntu18, 1.4.53-debian10, 1.4.53-ubuntu18, 1.5.28-centos8, 1.5.28-debian10, 1.5.28-ubuntu18, 2.0.0-debian10, and 2.0.0-ubuntu18.
fixed
Fixed bug affecting cluster scale-down: If Dataproc was unable to verify whether a master node exists, for example when hitting Compute Engine read quota limits, it would erroneously put the cluster into an ERROR state.
Google Cloud VMware Engine
announcement
VMware Engine nodes are now available in the following additional region:
  • Montréal, Québec (northamerica-northeast1)
Text-to-Speech
feature
New language: Text-to-Speech now supports Romanian (ro-RO). See the supported voices page for details and audio samples.
feature
New voice: Text-to-Speech now offers 2 new Bengali (bn-IN) WaveNet voices. See the supported voices page for details and audio samples.
Anthos
feature
Anthos 1.5.3 is now available.
Updated components:
Anthos clusters on VMware
feature
Anthos GKE on-prem 1.5.3-gke.0 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.5.3-gke.0 clusters run on Kubernetes 1.17.9-gke.4400.
fixed
Fixes:
  • Fixed CVE-2020-15157 and CVE-2020-15257 in containerd.
  • Cloud Run Operator is now able to successfully update custom resource definitions (CRDs).
Cloud Data Fusion
announcement
Cloud Data Fusion 6.3.0 is now available.
changed
In-place upgrades are now supported for minor and patch versions.
changed
You can configure the default system compute profile in the Developer edition starting in Cloud Data Fusion version 6.3.0.
Dialogflow
feature
Dialogflow CX system entities can now be extended.
Service Directory
announcement
Service Directory is now available in GA.
Traffic Director
feature
Traffic Director support for xDS clients that connect and request configuration using the xDS x3 API is now in Preview.
AI Platform Prediction
feature
AI Platform Training
feature
Training with a custom service account is now generally available.
feature
Support for VPC Network Peering is now generally available.
Anthos Service Mesh
fixed
1.7.6-asm.1 is now available.
This patch release contains the same bug fixes that are in Istio 1.7.6. For details on upgrading Anthos Service Mesh, refer to the following Anthos Service Mesh upgrade guides:
Cloud Run
feature
Cloud Run now supports WebSockets, HTTP/2 and gRPC streaming.
Identity and Access Management
feature
You can now troubleshoot conditional role bindings by troubleshooting directly from audit log entries. This feature is available in Preview.
SAP on Google Cloud
announcement
New SAP certifications: For SAP HANA, the following Bare Metal Solution bare-metal machine types are certified by SAP:
  • o2-ultramem-672-metal
  • o2-ultramem-896-metal
For more information, see Certified machine types for SAP HANA.
announcement
New SAP certifications: For SAP NetWeaver, the following Bare Metal Solution bare-metal machine types are certified by SAP:
  • o2-standard-32-metal
  • o2-standard-48-metal
  • o2-standard-112-metal
  • o2-highmem-224-metal
For more information, see Bare Metal Solution machine types.
Storage Transfer Service
feature
Storage Transfer Service offers Preview support for specifying source and destination paths when creating a transfer. For more information, see Specifying source and destination paths.
VPC Service Controls
feature
General availability for the following integration:
AI Platform (Unified)
feature
Preview: Select AI Platform (Unified) resources can now be configured to use Customer-managed encryption keys (CMEK).
Currently you can only create resources with a CMEK key in the UI; this functionality is not currently available using the client libraries.
Assured Workloads for Government
feature
  • New US Regions and Support platform control, enabling first-level US Person support and US data location.
  • Billing integration: Assured Workload Premium Subscriptions can be purchased via offline contract by both customers and resellers
  • Assured Workloads Support: Receive Premium Support from a US Person, in a US location, 24/7, to help meet compliance requirements (requires additional support services purchase).
  • Existing folder support: You can now create your Assured Workloads environment inside of an existing folder.
BigQuery
changed
BigQuery is now available in the Iowa (us-central1) region.
BigQuery BI Engine
changed
BigQuery BI Engine is now available in the Iowa (us-central1) region.
BigQuery Data Transfer Service
changed
The BigQuery Data Transfer Service is now available in the Iowa (us-central1) region.
BigQuery ML
changed
BigQuery ML is now available in the Iowa (us-central1) region.
Cloud SQL for PostgreSQL
feature
Database auditing in Cloud SQL for PostgreSQL is generally available, through the open-source pgAudit extension. Using this extension, you can selectively record and track SQL operations performed against a given database instance.
The pgAudit extension helps you configure many of the logs often required to comply with government, financial, and ISO certifications.
Dataproc Metastore
fixed
The Dataproc Metastore Cloud Logging and Monitoring issue has been fixed.
Storage Transfer Service
changed
Transfer service for on-premises data has updated the cost to $0.0125 per GB transferred to the destination successfully. For more information, see Transfer for on-premises pricing details.
VPC Service Controls
feature
Preview support for the following integration:
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2021-03-17 UTC.