Google Cloud release notes

Anthos Policy Controller now supports the ability for users to mutate resources as a preview feature. For more information see Mutating resources.

Anthos Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: f6c2fe8).

1.10.2-asm.2 is now available.

This patch release contains the same bug fixes that are in Istio 1.10.2. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

• Upgrading on GKE using the install_asm script
• Upgrading on Anthos clusters on VMware

Anthos clusters on-premises support Mesh CA.

New installations of Anthos Service Mesh 1.10x on Anthos clusters on VMWare and bare metal support the Anthos Service Mesh certificate authority (Mesh CA). For details on the installation, see Installing Anthos Service Mesh on-premises.

When you install Anthos Service Mesh on-premises with Mesh CA, this enables Cloud Monitoring and Cloud Logging by default. Additionally, you can use Cloud Trace (which you enable separately) as needed for troubleshooting.

Google-managed control plane release channels are available.

Anthos Service Mesh releases updates often, to deliver security updates, fix known issues, and introduce new features. Release channels offer you the ability to balance between stability and the feature set of the Anthos Service Mesh version. Google automatically manages the version and upgrade cadence for each release channel. To learn more, see the following:

• 1.9x Google-managed control plane

• 1.10x Google-managed control plane

Migrating to Mesh CA from Istio CA with little or no downtime.

Migrating to Anthos Service Mesh certificate authority (Mesh CA) from Istio CA (also known as Citadel) requires migrating the root of trust. Prior to Anthos Service Mesh 1.10, if you wanted to migrate from Istio on to Anthos Service Mesh with Mesh CA, you needed to schedule downtime because Anthos Service Mesh was not able to load multiple root certificates, which interrupted mutual TLS (mTLS) traffic during the migration.

With Anthos Service Mesh 1.10 and higher, you can install a new in-cluster control plane with an option that distributes the Mesh CA root of trust to all proxies. After switching to the new control plane and restarting workloads, all proxies are configured with both the Istio CA and Mesh CA root of trust. Next, you install a new in-cluster control plane that has Mesh CA enabled. As you switch workloads over to the new control plane, mTLS traffic isn't interrupt. For details, see Migrating to Mesh CA.

New resource types are now available.

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Managed Service For Microsoft Active Directory
  • managedservices.googapis.com/Domain

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Secret Manager (Newly added real-time feed support)
  • secretmanager.googleapis.com/Secret
  • secretmanager.googleapis.com/SecretVersion

Cloud SQL for SQL Server now supports SQL Server 2019. The default version continues to be SQL Server 2017 Standard. See Database versions and version policies.

Preview: Use patch alerting to monitor the patch jobs running in your environment. For more information, see Monitoring patch jobs.

Versions of included products

• Anthos Config Management v1.8.0, release notes
• Config Connector v1.52.0, release notes

Config Controller can be used to deploy a landing zone blueprint.

Internal load balancer subsetting for GKE is now generally available in GKE versions 1.18.19-gke.1400 and later.

BigQuery now supports the following function:

• CONTAINS_SUBSTR

This feature is generally available (GA).

Console Table Management for Cloud Bigtable is now generally available. You can now use the Google Cloud Console to create, edit, and delete Cloud Bigtable tables, column families, and garbage collection policies.

Preview: You can now replicate data continuously and in real time from operational data stores in Oracle into BigQuery using the Oracle (by Datastream) plugin. The plugin is available in Cloud Data Fusion version 6.4.0 or later.

Cloud Router now supports the following:

• Enabling and disabling BGP sessions
• Updating the BGP keepalive interval

Cloud SQL storage limits are now increased to support up to 64 TB. See Cloud SQL storage limits for more information.

The following MySQL minor versions have been upgraded:

MySQL 5.6.50 is upgraded to 5.6.51 MySQL 5.7.32 is upgraded to 5.7.33

Cloud SQL storage limits are now increased to support up to 64 TB. See Cloud SQL storage limits for more information.

Cloud SQL storage limits are now increased to support up to 64 TB. See Cloud SQL storage limits for more information.

Cloud SQL storage limits are now increased to support up to 64 TB. See Cloud SQL storage limits for more information.

Cloud SQL storage limits are now increased to support up to 64 TB. See Cloud SQL storage limits for more information.

Cloud SQL storage limits are now increased to support up to 64 TB. See Cloud SQL storage limits for more information.

Best practices are now available for the Compute Engine API.

Added new Memorystore for Memcached region: Melbourne (australia-southeast2).

BigQuery Data Transfer Service now supports Google Merchant Center data transfers for local inventories and regional inventories.

BigQuery ML is releasing the following features for preview:

• The ML.DETECT_ANOMALIES function is now available. This function provides anomaly detection for BigQuery ML. The function runs against time-series data using ARIMA_PLUS models. The function runs against independent and identically distributed (IID) random variables data using AUTOENCODER and KMEANS models.
• The AUTOENCODER model type is now available for CREATE MODEL statements. This is a TensorFlow-based, deep-learning model that supports sparse data representations, and is commonly used in ML tasks such as feature embedding, unsupervised anomaly detection, and non-linear dimensionality reduction. The ML.PREDICT function can use previously built AUTOENCODER models to reduce the dimensionality of query results.
• Hyperparameter tuning is now available and can be used to improve model performance by searching for the optimal hyperparameters when training ML models using CREATE MODEL statements. View the BigQuery ML Hypertuning tutorial to learn how to improve model performance by 40%.

External HTTP(S) Load Balancing and Cloud CDN now support HTTP/3. HTTP/3 is based on the IETF QUIC transport protocol. Compared to HTTP/2, it reduces request latency, improves throughput, and mitigates head-of-line blocking. HTTP/3 is already supported on most major web browsers.

To learn how to enable HTTP/3 on your external HTTP(S) load balancer, visit the documentation.

External HTTP(S) Load Balancing and Cloud CDN now support HTTP/3. HTTP/3 is based on the IETF QUIC transport protocol. Compared to HTTP/2, it reduces request latency, improves throughput, and mitigates head-of-line blocking. HTTP/3 is already supported on most major web browsers.

To learn how to enable HTTP/3 on your external HTTP(S) load balancer, visit the documentation.

Symmetric hashing for internal TCP/UDP load balancers as next hops—When load balancing to multiple NICs on the backends, you no longer need to use source network address translation (SNAT). SNAT isn't required because Google Cloud uses symmetric hashing. This means that when packets belong to the same flow, Google Cloud calculates the same hash. In other words, the hash doesn't change when the source IP address:port is swapped with the destination IP address:port.

This feature is in General Availability.

Dataflow is now able to use workers, Dataflow Shuffle, Streaming Engine, FlexRS, and regional endpoints in zones in Melbourne (australia-southeast2).

M73 Release

• Upgraded TensorFlow Enterprise 2.1.3 to 2.1.4.
• Upgraded TensorFlow Enterprise 2.3.2 to 2.3.3.
• Miscellaneous bug fixes and updates.

M73 Release

• Upgraded TensorFlow Enterprise 2.1.3 to 2.1.4.
• Upgraded TensorFlow Enterprise 2.3.2 to 2.3.3.
• Disabled automatic updates for Ubuntu to be in line with the behavior in Debian images.
• Miscellaneous bug fixes and updates.

General availability for the following integration:

• Identity-Aware Proxy for TCP forwarding

Release 1.8.0

Anthos clusters on bare metal release 1.8.0 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.8.0 runs on Kubernetes 1.20.

Extended installation support:

• Provided support to use containerd as the container runtime as GA for Anthos clusters on bare metal release 1.8.0. Cluster upgrades to 1.8.0 are blocked for 1.7.x clusters that are configured to use the preview containerd capability. For more information, see Upgrading 1.7.x clusters that use containerd in Known Issues.
• Preview: Improved virtual machine (VM) management capability. Anthos VM Runtime uses KubeVirt to orchestrate VMs on clusters, allowing you to work with your VM-based apps and workloads in a uniform development environment. Anthos VM Runtime has worked with Anthos clusters on bare metal as a preview feature since November 2020 and we have continued to enhance its capability. For more information, see Working with VM-based workloads.
• Added edge profile support for standalone clusters. The edge profile is recommended for edge devices with limited resources. Add profile: edge to the cluster config file when you create a standalone cluster to produce a cluster that has significantly reduced system resource requirements. The edge profile is only available for standalone clusters, it is ignored for other cluster types. For more information, see Creating standalone clusters.
• Added support to specify provider ID for Nodes (controlPlane.nodePoolSpec.nodes.providerID) to support deploying on OpenStack using Load Balancing as a Service (LBaaS) resources. For more information, see Configure your clusters to use OpenStack.
• Preview: Added support for installing Anthos clusters on bare metal, using your own registry service, instead of gcr.io. For instructions and additional information, see Installing Anthos Bare Metal using registry mirror.

Improved upgrade:

• Enabled support for upgrading non-SELinux clusters to SELinux. For more information, see Enable SELinux in Upgrading Anthos clusters on bare metal.
• Cluster upgrades are not blocked by excessive Node draining durations. During a cluster upgrade, if the draining process takes longer than 20 minutes for any specific Node, the upgrade process will carry on without waiting for draining to complete.

Updated user cluster lifecycle management:

• Added bmctl improvements for resetting user cluster and adding additional preflight checks to confirm machine and network readiness for cluster creation:

Enhanced monitoring and logging:

• Preview: Added Cloud Audit Logging capability, which enables audit logs to be written to Cloud Audit Logs in your Google project. Audit logs are useful for investigating suspicious API requests and for collecting statistics. For more information, see Enable Audit Logging.

Introduced new networking capabilities in preview:

• Preview: Added multi-NIC capability to provide additional interfaces to your Pods.
• Preview: Added egress NAT gateway capability to provide persistent, deterministic routing for the egress traffic from your clusters. For more information, see Configure an egress NAT gateway for external communication.
• Preview: Added option for BGP bundled load balancer for Layer-3 (L3) topologies. This feature can be used with user clusters and admin clusters.

Enhanced security:

• Workload Identity is GA. The Connect Agent Service Account Key is no longer required during installation. Connect Agent uses Workload Identity to authenticate to GCP instead of an exported GCP Service Account Key.

Expanded support for newer versions of operating systems:

• Added support for installing Anthos clusters on bare metal on Red Hat Enterprise Linux (RHEL) 8.4, and CentOS 8.4

Row-level security on table data is now generally available in BigQuery.

Cloud Bigtable is now available in the australia-southeast2 (Melbourne) region.

Support for australia-southeast2 (Melbourne) region.

Support for australia-southeast2 (Melbourne) region.

A preview enables you to use replication in Cloud SQL for SQL Server. Additionally, the preview enables you to make cross-region replicas.

You can use replication to scale the use of data in a database without degrading performance. Other reasons include migrating or maintaining data duplicates between regions.

For more information, see Replication in Cloud SQL.

Support for australia-southeast2 (Melbourne) region.

Melbourne region (australia-southeast2) launched.

• New location for storing your data.

Cloud VPN is now available in region australia-southeast2 (Melbourne, Australia).

Pricing is available on the Cloud VPN pricing page.

Melbourne, Australia australia-southeast2-a,b,c has launched with E2, N2, N1, and M1 machines. M1 machines are only available in zones b and c.

See VM instance pricing for details.

Added support for NetworkSecurityClientTLSPolicy

Added support for NetworkSecurityServerTLSPolicy

Added support for strong hierarchal references to several resources:

• Add spec.projectRef to DataprocAutoScalingPolicy
• Add spec.projectRef to DataprocCluster
• Add spec.projectRef to DataprocWorkflowTemplate
• Add spec.projectRef to MonitoringGroup

Added new Memorystore for Redis region: Melbourne (australia-southeast2).

Secret Manager is now available in australia-southeast2 (Melbourne). See Secret Manager locations for more information.

For auto mode VPC networks, added a new subnet 10.192.0.0/20 for the Melbourne australia-southeast2 region. For more information, see Auto mode IP ranges.

Generally available: You can now create application consistent snapshots of disks attached to Linux VMs. For more information, see Creating Linux application consistent snapshots.

Storage Transfer Service offers Preview support for transferring data from Azure ADLS Gen 2 to Cloud Storage.

Query Insights is now supported for read replicas.

You can now customize E2 shared-core machine types. Shared-core machine types provide a fractional vCPU with the ability to burst to 2 vCPU for a short period of time.

• E2 shared-core machine types support predefined platforms with Intel or AMD EPYC Rome processors.

• The custom memory range is:

  • 1 to 2 GB for micro machines
  • 1 to 4 GB for small machines
  • 1 to 8 GB for medium machines

E2 shared-core custom machine pricing is the same as E2 custom machine pricing. E2 machines are available in all regions and zones.

Create a custom E2 shared-core machine using gcloud or the API.

Memory-optimized M2 machine types are now available in Belgium, europe-west1-b,c. See VM instance pricing for details.

M72 Release

• Added PyTorch 1.9 and PyTorch/XLA 1.9 containers.

M72 Release

• Added PyTorch 1.9 and PyTorch/XLA 1.9 images.

Added autoscale policies that can automatically expand or shrink a cluster in your private cloud based on factors like CPU utilization or storage capacity thresholds. All clusters begin with a default autoscale policy that adds a node based on a storage capacity threshold.

For details about this feature, see Autoscale policies.

Preview: vSAN data encryption for data at rest now uses keys generated by Cloud Key Management Service for all new private clouds.

For details about this feature, see Configuring vSAN encryption for your private cloud.

Text-to-Speech now offers voices in the following new languages. See the supported voices page for a complete list of voices and audio samples.

• ms-MY (Malay, Malaysia)
• nl-BE (Dutch, Belgium)

New resource types are now available.

The following resource types are now publicly available through the resource search API (SearchAllResources) and policy search API (SearchAllIamPolicies):

• Google Kubernetes Engine
  • apps.k8s.io/Deployment
  • apps.k8s.io/ReplicaSet
  • batch.k8s.io/Job
• Hub
  • gkehub.googleapis.com/Membership
• API Gateway
  • apigateway.googleapis.com/Api
  • apigateway.googleapis.com/ApiConfig
  • apigateway.googleapis.com/Gateway
• Document AI
  • documentai.googleapis.com/HumanReviewConfig
  • documentai.googleapis.com/LabelerPool
  • documentai.googleapis.com/Processor
• Vertex AI
  • aiplatform.googleapis.com/BatchPredictionJob
  • aiplatform.googleapis.com/CustomJob
  • aiplatform.googleapis.com/DataLabelingJob
  • aiplatform.googleapis.com/Dataset
  • aiplatform.googleapis.com/Endpoint
  • aiplatform.googleapis.com/HyperparameterTuningJob
  • aiplatform.googleapis.com/Model
  • aiplatform.googleapis.com/SpecialistPool
  • aiplatform.googleapis.com/TrainingPipeline

The SAP accelerator for the order to cash process is now available. It provides sample pipelines that you can use to build your end-to-end order to cash process and analytics with Cloud Data Fusion, BigQuery, and Looker. The accelerator is a sample implementation of the SAP Table Batch Source plugin, which enables bulk data integration from SAP applications with Cloud Data Fusion. The accelerator is available in Cloud Data Fusion environments running in version 6.3.0 and above.

Cloud Tasks is now available in us-west1, asia-east1, and asia-southeast1.

Google-managed control plane is now a generally available (GA) feature. This feature lets you move from managing Istiod in your clusters to configuring the control plane as a service. Google will manage the availability, scalability and security of the control plane.

In addition, it offers these new features:

• Support for CNI
• Support for private clusters with a public IP address/endpoint access for the control plane
• Support for private clusters with Master Authorized Network (MAN)

Using the Google-managed control plane also simplifies multi-cluster mesh configuration and reduces the Kubernetes Engine privileges needed to install Anthos Service Mesh. For more information see Configuring the Google-managed control plane.

Support for Identity and Access Management custom roles.

Support for Identity and Access Management custom roles.

Kf Operator to manage Kf installation.

Added Operator diagnostics to kf doctor.

Allow target command to take arg instead of flag.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

App Engine is now available in the us-west1 (Oregon), asia-southeast1 (Singapore), and asia-east1 (Taiwan) regions.

Cloud Functions is now available in the following region:

• asia-southeast1 (Singapore)

See Cloud Functions Locations for details.

In addition to scalar functions, Dataflow SQL now supports aggregate user-defined functions (UDFs) for Java. For more information, see Dataflow SQL user-defined functions. This feature is in Preview.

Support for the following additional locations:

• asia-southeast1 Singapore
• us-west1 Oregeon
• asia-east1 Taiwan

See the full list of locations.

Support for the following additional locations:

• asia-southeast1 Singapore
• us-west1 Oregeon
• asia-east1 Taiwan

See the full list of locations.

Added support for ComputeURLMap, DataFusionInstance, LoggingLogExclusion.

IAMServiceAccount: added support for resourceID.

GKE Multi-cluster Services support for pod-specific addressing is now generally available.

You can now use a pre-built container to serve predictions from TensorFlow 2.5 models.

You can now use a pre-built container to serve predictions from XGBoost 1.4 models.

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, BatchGetAssetsHistory) and the Feed API:

• Serverless VPC Access
  • vpcaccess.googleapis.com/Connector
• Certificate Authority Service
  • privateca.googleapis.com/CaPool
  • privateca.googleapis.com/CertificateAuthority
  • privateca.googleapis.com/CertificateRevocationList
  • privateca.googleapis.com/CertificateTemplate

The following resource types are now publicly available through the Analyze Policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning):

• Cloud KMS
  • cloudkms.googleapis.com/KeyRing
  • cloudkms.googleapis.com/CryptoKey
  • cloudkms.googleapis.com/CryptoKeyVersion
  • cloudkms.googleapis.com/ImportJob
• Service Usage
  • serviceusage.googleapis.com/Service
• Cloud Data Fusion
  • datafusion.googleapis.com/Instance

NVIDIA® T4 GPUs are now available in the following additional regions and zones:

• St. Ghislain, Belgium: europe-west1-b,c,d

For more information about using GPUs on Compute Engine, see GPUs on Compute Engine.

Volume snapshots is now generally available. Starting in GKE version 1.21 and later, you can now use v1 snapshots; v1beta1 snapshots will continue to operate as expected until further notice.

Committed use discounts are now generally available to purchase for Google Kubernetes Engine (Autopilot Mode).

Google Kubernetes Engine (Autopilot Mode) committed use discounts apply to all Autopilot Pod workload vCPU, memory, and ephemeral storage usage in the region in which you have committed. Google Kubernetes Engine (Autopilot Mode) committed use discounts do not apply to the cluster management fee or to GKE Standard mode compute nodes.

See the documentation for more details.

For GKE clusters running Windows Server node pools, you can see the version mapping between GKE versions and Windows Server versions for all available GKE versions by using a gcloud command. This feature is now available in preview.

For more details, see Use gcloud tool to get version mapping.

Added support for Upgrading the Redis version of an instance with the Google Cloud Console.

Released support for Redis version 6.x (Preview) on Memorystore for Redis. For more details, see Supported versions.

Network Load Balancing now supports load-balancing ESP (Encapsulating Security Payload) and ICMP (Internet Control Message Protocol) traffic. To handle these protocols, you specify the new L3_DEFAULT protocol on the load balancer's forwarding rule.

For details, see:

• Forwarding rule protocols for backend service-based network load balancers
• Setting up Network Load Balancing for multiple protocols

This feature is available in Preview.

Dataflow SQL now supports user-defined functions (UDFs) written using Java. For more information, see Dataflow SQL user-defined functions. This feature is in Preview.

VPC Service Controls

Integration with Document AI VPC Service Controls is now generally available.

Integration with Document AI VPC Service Controls is now generally available.

Runtime version 2.5 is now available. You can use runtime version 2.5 to serve online predictions with TensorFlow 2.5.1, scikit-learn 0.24.1, or XGBoost 1.4.0. Runtime version 2.5 does not support batch prediction.

See the full list of updated dependencies in runtime version 2.5.

Anthos clusters on VMware 1.5.4-gke.2 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.5.4-gke.2 runs on Kubernetes v.1.17.9-gke.4400. The supported versions that offer the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.7, 1.6, and 1.5.

Committed use discounts for Google Kubernetes Engine (GKE) are now Generally Available to purchase for workloads running on GKE Autopilot.

They provide discounted prices in exchange for your commitment to use a minimum level of resources for a specified term. The spend-based committed use discounts apply to all GKE Autopilot Pod workload CPU, memory, and ephemeral storage usage in the region in which you have committed. This gives you low, predictable costs, without the need to make any manual changes or updates yourself. This flexibility saves you time and helps you to save more by achieving high utilization rates across your commitments.

GKE Autopilot Mode commitments do not apply to the cluster management fee or to GKE Standard mode compute nodes.

See the documentation for more details.

You can check for VPN tunnel overutilization using the VPN tunnel utilization recommender. A recommender is a service in Google Cloud that provides usage recommendations for cloud resources.

Generally available: You can configure how your regional managed instance group distributes instances across zones by using capacity-aware distribution shapes, which can automatically deploy instances to zones where capacity is available and optionally prioritize the use of reservations.

Preview: When rolling out configuration or application updates to a stateful or stateless managed instance group, use the minimum and most disruptive allowed actions to control disruption to your workload.

Transition the underlying OS used by Migrate for Compute Engine components (Manager, Cloud Extensions, Importers, and Exporters) to use Ubuntu Advantage.

The Resource Settings API has entered general availability. You can use Resource Settings to centrally configure settings for your Google Cloud projects, folders, and organization. For more information, see Resource Settings overview.

Anthos clusters on VMware 1.6.3-gke.3 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.6.3-gke.3 runs on Kubernetes v1.18.18-gke.100. The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.7, 1.6, and 1.5.

BigQuery now supports parameterized types. The following parameterized types are supported:

• STRING(L)
• BYTES(L)
• NUMERIC(P) / NUMERIC(P, S)
• BIGNUMERIC(P) / BIGNUMERIC(P, S)

This feature is in Preview.

New resource types are now available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Cloud Redis
  • redis.googleapis.com/Instance

You can now store values for the smtp_password Airflow configuration option in Secret Manager.

Cloud SQL now offers faster maintenance, with connectivity dropping for less than 60 seconds on average.

Cloud SQL now offers faster maintenance, with connectivity dropping for less than 60 seconds on average.

Cloud SQL now offers faster maintenance, with connectivity dropping for less than 120 seconds on average.

String processing functions are now available in the text module of the Workflows standard library.

Maven, npm, and Python repositories are now in Preview.

Storage and network egress charges apply to all formats that are in Preview or are generally available.

Cloud Asset Inventory Console Preview is now publicly available. It enables you to see insights about Google Cloud footprint, details and history of resources, and provides powerful and easy filtering and search capabilities.

Both the Cloud SQL Java Connector and Cloud SQL Python Connector now support IAM Authentication for PostgreSQL.

Artifact Registry now supports Access Transparency. Access Transparency provides you with logs of actions that Google staff have taken when accessing your data. To learn more about Access Transparency, see the Overview of Access Transparency.

New resource types are now available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Cloud Bigtable
  • bigtableadmin.googleapis.com/AppProfile

N2D machine types are now available in us-west4-a , Las Vegas, Nevada. See VM instance pricing for details.

Anthos 1.7.2 is now available.

Updated components

• Anthos clusters on VMware release notes

• Anthos clusters on bare metal release notes

• Anthos clusters on AWS release notes

• Anthos Config Management release notes

Release 1.7.2

Anthos clusters on bare metal release 1.7.2 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.7.2 runs on Kubernetes 1.19.

M71 release

• Upgraded TensorFlow Probability, TensorFlow I/O, and TensorFlow Estimator in TensorFlow 2.5 containers.

M71 Release

• Refreshed the Debian-10 images (Ubuntu images not refreshed in this release).
• Upgraded TensorFlow Probability, TensorFlow I/O, and TensorFlow Estimator in TensorFlow 2.5 images.
• Added support for a Post Startup script and provided status in guest attributes.
• TensorFlow 2.x image names are now available in two formats: tf-xxx-2-y-zzz (the new standard format) tf2-xxx-2-y-zzz (the previous standard format). Image names in the previous standard format will be deprecated in a future release.

Transfer Appliance offers the Transfer Appliance Cloud Setup Application. The application prompts for several settings, and uses the information you provide to configure your Google Cloud permissions, preferred Cloud Storage bucket, and Cloud KMS key for your transfer.

Publishing services and accessing published services using Private Service Connect is now available in Preview.

Chronicle Automated GCP Log Ingestion

Google Cloud customers can now send logs directly to their Chronicle account. Customers can send both Cloud Audit and Cloud DNS logs. See Ingesting GCP Logs in to Chronicle for more information.

A JSON editor has been integrated with the dashboard page. In addition to using the JSON editor to change the contents of the dashboard, you can save the current dashboard definition to a local system, and you can upload a dashboard definition to your Google Cloud project. For more information, see Managing dashboards through the Cloud Console.

CloudSQL for MySQL now supports the MySQL flags expire_logs_days (for MySQL 5.6 and 5.7) and binlog_expire_logs_seconds (for MySQL 8.0). Note that if you enable point-in-time recovery, the expiration period of your binary logs will be determined by the lesser of your transaction log retention period and the value of these flags.

The logical replication and decoding functionality of PostgreSQL is available as a preview. These features enable logical replication workflows and change data capture workflows.

For more information, see Setting up logical replication and decoding.

Cloud SQL for PostgreSQL now supports the pg_similarity extension, which provides support for similarity queries in PostgreSQL.

Also, the default value for the database flag autovacuum_vacuum_cost_delay is changed to 2 milliseconds in PostgreSQL 9.6, 10 and 11.

The minor versions for various extensions have also been upgraded:

Preview: Access the Compute Engine API using Cloud Client Libraries built on our latest client library model. Updated client libraries are now available in the following languages:

• Java
• .NET
• Node.js
• PHP
• Python
• Ruby

For more information, see Compute Engine client libraries.

1.21 Features

The following features are introduced in version 1.21:

CronJob (GA)

The CronJob API has graduated to General Availability (GA), bringing performance improvements and allowing scheduled jobs to be run using a stable API.

• This resource is now available in the batch/v1 group/version.
• The batch/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

PodDisruptionBudget (GA)

The PodDisruptionBudget has graduated to GA, allowing pod evictions to be controlled using a stable API.

• This resource is now available in the policy/v1 group/version.
• The policy/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

EndpointSlice (GA)

The EndpointSlice API has graduated to GA, bringing performance improvements over the v1 Endpoints API.

• This more scalable API for service discovery is now enabled on all clusters and is promoted to discovery.k8s.io/v1.
• The discovery.k8s.io/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

Default namespace label (Beta)

Namespace API objects now have a kubernetes.io/metadata.name label matching their metadata.name field to allow selecting any namespace by its name using a label selector. This can be used for objects which select namespaces by label, such as admission webhooks and network policies.

Bound service account token volumes (Beta)

• The API credentials injected into containers at /var/run/secrets/kubernetes.io/serviceaccount/token are now time-limited, auto-refreshed, and invalidated when the containing pod is deleted.
• By default, injected tokens are given an extended lifetime so they remain valid even after a new refreshed token is provided. The metric serviceaccount_stale_tokens_total and the audit annotation authentication.k8s.io/stale-token can be used to monitor for workloads that depend on the extended lifetime and are continuing to use tokens even after a refreshed token is provided to the container.
• Clients should reload the token from disk periodically (once per minute is recommended) to ensure they use the refreshed token. k8s.io/client-go version 11.0.0+ and 0.15.0+ reload tokens automatically.

GKE clusters running version 1.18 or later now support container native Cloud DNS (available in Preview). Cloud DNS can be used as the in-cluster DNS provider instead of kube-dns.

Anthos clusters on VMware 1.7.2-gke.2 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.7.2-gke.2 runs on Kubernetes 1.19.10-gke.1602.

The supported versions that offer the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.7, 1.6, and 1.5.

Cloud Data Fusion version 6.4.1 is now available. To upgrade, see Upgrading instances and pipelines. This release is in parallel with the CDAP 6.4.1 release.

In Cloud Data Fusion version 6.4.1, Replication supports the Datetime data type in BigQuery targets. You can now read and write to tables that contain Datetime fields.

Added support for the Reserved Memory configuration for Memorystore for Memcached. For more information, see Memory management best practices.

Preview: Disable simultaneous multithreading (SMT) on VMs. For more information, see Disabling simultaneous multithreading.

The Cloud documentation now includes a list of partners whose solutions are integrated with Network Connectivity Center.

The process for migrating a project from one organization to another has released into general availability. To make it easier to see the impact a project migration will have on your organization, you can use the Cloud Asset Inventory Analyze Move API to get a detailed report before performing a move. For more information, see Migrating projects and Analyze project move.

Generally Available: Enable nested virtualization directly when creating a VM. For more information, see Nested virtualization overview.

New resource types are now available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Artifact Registry
  • artifactregistry.googleapis.com/Repository

Added support for specifying an IP address range for the private service access connection mode. For more information, see Custom ranges with private services access.

Security Command Center Premium has launched project- and folder-level roles in general availability. The feature lets you grant users Identity and Access Management (IAM) roles for specific folders and projects. You have more granular control over who can access what resources throughout your organization. For more information, see Access control.

You must be a Security Command Center Premium customer to use this feature. Security Command Center Standard continues to support granting roles only at the organization level. To subscribe to Security Command Center Premium, contact your sales representative or fill out our inquiry form.

Speech-to-Text now supports Spoken Punctuation and Spoken Emoji as Preview features. See the documentation for details.

Network Policy Logging is generally available (GA). Note that Network Policy Logging requires Dataplane V2.

BigQuery GIS now supports loading geography data from newline-delimited GeoJSON files. This feature is generally available (GA). For more information, see Loading GeoJSON data.

BigQuery GIS now supports the following functions. These functions are generally available (GA).

• ST_STARTPOINT
• ST_ENDPOINT
• ST_POINTN

These functions return a point of a linestring geography as a point geography.

Policy Analyzer now supports evaluations on time-based conditions. See the user guide for more information.

Asset Insights are now available. See the user guide for more information.

Cloud DNS monitoring dashboard is available in GA.

BigQuery now supports the ability to rename tables using SQL. See ALTER TABLE RENAME TO. This feature is generally available (GA).

Cloud SQL supports the preview version of the out-of-disk recommender. This feature proactively generates recommendations that helps you reduce the risk of downtime that might be caused by your instances running out of disk space. These recommendations can be applied when a Cloud SQL instance is trending towards the storage limit.

For information about pricing, prerequisites, and instructions for how to view the out-of-disk recommender, see Cloud SQL out of disk recommender.

Cloud SQL supports the preview version of the out-of-disk recommender. This feature proactively generates recommendations that helps you reduce the risk of downtime that might be caused by your instances running out of disk space. These recommendations can be applied when a Cloud SQL instance is trending towards the storage limit.

For information about pricing, prerequisites, and instructions for how to view the out-of-disk recommender, see Cloud SQL out of disk recommender.

Cloud SQL supports the preview version of the out-of-disk recommender. This feature proactively generates recommendations that helps you reduce the risk of downtime that might be caused by your instances running out of disk space. These recommendations can be applied when a Cloud SQL instance is trending towards the storage limit.

For information about pricing, prerequisites, and instructions for how to view the out-of-disk recommender, see Cloud SQL out of disk recommender.

Generally Available: You can now create VM instances with V100, A100, and T4 GPUs that support network bandwidths of up to 100 Gbps. See Using network bandwidths of up to 100 Gbps.

Traffic Director security service with GKE is now available in Public Preview. This provides the following:

• Authentication and encryption using transport layer security (TLS) and mutual TLS (mTLS) for both Traffic Director with Envoy and proxyless gRPC applications. Server TLS policies and client TLS policies control whether services need to prove their identities to each other and use encrypted communication channels.

• Authorization, based on characteristics of the client and the request. Authorization policies control whether a service is permitted to access another service, and which actions are allowed. Authorization is currently available only for Traffic Director with Envoy.

The CREATE MODEL statement for training AutoML Tables models is now generally available (GA). AutoML Tables enable you to automatically build state-of-the-art machine learning models on structured data at massively increased speed and scale. For more information, see CREATE MODEL statement for training AutoML Tables models.

Vertex AI has added support for custom model training, custom model batch prediction, custom model online prediction, and a limited number of other services in the following regions:

• us-west1
• us-east1
• us-east4
• northamerica-northeast1
• europe-west2
• europe-west1
• asia-southeast1
• asia-northeast1
• australia-southeast1
• asia-northeast3

Vertex AI now supports forecasting with time series data for AutoML tabular models, in Preview. You can use forecasting to predict a series of numeric values that extend into the future.

Vertex Pipelines is now available in Preview. Vertex Pipelines helps you to automate, monitor, and govern your ML systems by orchestrating your ML workflow.

Vertex Model Monitoring is now available in Preview. Vertex Model Monitoring enables you to monitor model quality over time.

Vertex Feature Store is now available in Preview. Vertex Feature Store provides a centralized repository for organizing, storing, and serving ML features.

Vertex ML Metadata is now available in Preview. Vertex ML Metadata lets you record the metadata and artifacts produced by your ML system so you can analyze the performance of your ML system.

Vertex Matching Engine is now available in Preview. Vertex Matching Engine enables vector similarity search.

Vertex TensorBoard is now available in Preview. Vertex TensorBoard enables you to track, visualize, and compare ML experiments.

Release 1.6.3

Anthos clusters on bare metal release 1.6.3 is now available. To upgrade, see Upgrading Anthos clusters on bare metal. Anthos clusters on bare metal 1.6.3 runs on Kubernetes 1.18.

The UpgradeAvailableEvent notification is now generally available.

Archive Rules

You can now archive rules specified for the Detection Engine. Archiving a rule hides the security data related to that rule (and all of its versions) without actually deleting the rule. See Archive rules for more information.

XML API multipart uploads^Preview launched.

You can now enable logging of human-readable hot keys. For more information, see the hot key entry in Pipeline options.

M70 Release

• Added TensorFlow Enterprise 2.5 containers. Note this is an Enterprise version but not a Long Term Support (LTS) version.

M70 Release

• Added TensorFlow Enterprise 2.5 images. Note this is an Enterprise version but not a Long Term Support (LTS) version.

Preview launch of Twilio telephony integration.

You can now use the Google Cloud Console to manage workload identity federation. For details, see the documentation for your identity provider:

• Access resources from AWS
• Access resources from Microsoft Azure
• Access resources from an OIDC identity provider

Secret Manager now supports etags for optimistic concurrency control. This feature is available in Preview.

See Etags to learn more.

Anthos 1.7.1 is now available.

Updated components

• Anthos clusters on VMware release notes

• Anthos clusters on bare metal release notes

• Anthos clusters on AWS release notes

• Anthos Config Management release notes

Anthos Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: 9b5e4cf).

Committed use discounts are now available for public preview to purchase for Cloud Run. They provide discounted prices in exchange for your commitment to use a minimum level of resources for a specified term. The spend-based committed use discounts apply to all aggregated Cloud Run CPU, memory, and request usage in a region, giving you low, predictable costs when your code is running in one of the supported container ecosystems.

Cloud Run commitments do not apply to networking changes.

See the documentation for more details.

Preview: Cloud Composer supports Airflow 2. For more information about transferring from environments with Airflow 1 to Airflow 2, see Migrate environments to Airflow 2.

Airflow 2.0.1 is available in Cloud Composer images.

You can now break down costs associated with particular Cloud Composer environments. User labels that you assign to your environments now appear in billing reports.

Preview: You can use OS configuration management to deploy and automate software configurations on your virtual machine (VM) instances using gcloud command-line and OS Config API.

With the release of OS configuration management (preview), you can now rollout policies from the Cloud console, control the rollout pace, use more VM filter options, and view compliance reports. For more information, see OS configuration management (preview).

You can now view recent import and export operations from the Google Cloud Console.

M69 Release

• Updated cuDNN from 8.0.4 to 8.0.5.

M69 Release

• Migrated Collection Agent to Cloud Monitoring version 2.

Configuring Cloud DNS scopes is now available in Preview.

Cloud Monitoring is introducing metrics scopes. For a Google Cloud project, its metrics scope defines the projects whose metrics the project can view and monitor:

• When you create a project, its metrics scope is set to self.
• You can modify a project's metrics scope to include other Google Cloud projects, or to include AWS accounts. For more information, see Viewing metrics for multiple projects.
• A Google Cloud project can be included in multiple metrics scopes.

For more information about metrics scopes, see Configuring your project for Cloud Monitoring.

Committed use discounts are now available for Cloud Run . (Available in public preview.)

Customer managed encryption keys are now available for use with Cloud Run. (Available in public preview.)

You can now use Binary authorization with Cloud Run to enforce policy-based deployment of Cloud Run services. (Available in public preview.)

Recommender now provides recommendations for securing Cloud Run services by creating dedicated service accounts. (Available in public preview.)

Cloud Run now provides UI, command line, and YAML support for referencing Secret Manager Secrets. (Available in public preview.)

N2 machines are now available in the following regions and zones:

• Osaka, Japan: asia-northeast2-a,b,c
• Seoul, South Korea: asia-northeast3-a,b,c

See VM instance pricing for details.

Dataplane V2 is generally available in newly created clusters using GKE versions 1.20.6-gke.700 and later.

The GKE Gateway controller, Google Cloud's implementation of the Gateway API, is available in Preview in GKE version 1.20 and later. See Deploying Gateways for how to expose applications using Gateway.

Secret Manager integration with Cloud Run

Cloud Run now provides UI, command line, and YAML support for using secrets. This feature is available in Preview.

New resource types are now available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Cloud Bigtable
  • bigtableadmin.googleapis.com/Backup

Dataflow Shuffle is now the default mode for all batch pipelines.

BigQuery now supports the following SQL query clauses and operators:

• PIVOT operator
• UNPIVOT operator
• QUALIFY clause

This feature is in Preview.

You can now use IAM conditions to define and enforce conditional access control for Cloud Bigtable instances, clusters, and tables. This feature is generally available.

Cloud Billing Reports now show the target budget amount when you open the report from a budget

In the Cloud Billing Console, Billing Budgets are linked to the Billing Reports page. If you open the Reports page from a Budget, the budget's scopes are used to set the report's filters and the report opens displaying the costs tracked by the budget. Additionally, the budget's target amount appears in the report chart as a red, dashed line, helping you to visualize the budget amount in the report while you are analyzing the specific, budget-related costs. You can open the cost report from the list of budgets, or from a budget's cost trend chart.

For more details about how budgets and cost reports are linked, see Viewing a budget in your report.

N2D machines are now available in Tokyo asia-northeast1-c. See VM instance pricing for details.

Workflows is HIPAA compliant.

Cloud Interconnect support for GRE traffic is available in General Availability. For more information, see the Cloud Interconnect overview.

Cloud VPN support for GRE traffic is available in General Availability. For more information, see the Cloud VPN overview.

The Speech-to-Text model adaptation feature is now a GA feature. See the model adaptation concepts page for more information about using this feature.

gRPC's observability features can now be used with services that use Traffic Director, including monitoring and tracing metrics that help you solve issues with your deployment. For more details, see Observability with proxyless gRPC applications.

Proxyless gRPC applications can now use these advanced traffic management features:

• Circuit breaking
• Fault injection
• Max stream duration

For complete information, see Setting up proxyless gRPC services with advanced traffic management

GRE support for VPC networks is now available in General Availability.

The Logs Explorer Histogram offers new time controls, including zooming and scrolling, to give you more in-depth analysis of your logs data. For details, see Analyzing logs using time controls.

You can now enable and configure OS Login for private GKE clusters and nodes. This feature is enabled for private GKE clusters running node pool versions 1.20.5 or later.

General availability for the following integration:

• Memorystore for Memcached

Anthos clusters on VMware 1.7.1-gke.4 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.7.1-gke.4 runs on Kubernetes 1.19.7-gke.2400.

The supported versions that offer the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.7, 1.6, and 1.5.

Cloud Monitoring has added new ways to interact with charts. You can now select a range of lines displayed on chart, shift the time axis by using your pointer, and have new controls to expand the chart around a specific point in time. Charts displaying distribution data include 50th, 95th, and 99th percentile lines as an optional overlay. For more information, see Exploring charted data.

M68 Release

• Upgraded R containers from 3.6 to 4.0.
• Added xai-tabular-widget onto all TensorFlow containers.
• Miscellaneous bug fixes and updates.

M68 Release

• Upgraded R Images from 3.6 to 4.0.
• Added xai-tabular-widget onto all TensorFlow images.
• Miscellaneous bug fixes and updates.

Security Command Center Premium has launched Continuous Exports for Pub/Sub in general availability. The feature simplifies the process of creating a NotificationConfig and automates the export of new findings to Pub/Sub.

You must be a Security Command Center Premium customer to use the feature. Security Command Center Standard continues to support one-time exports. To subscribe to Security Command Center Premium, contact your sales representative or fill out our inquiry form.

Zonal NEGs (with GCE_VM_IP network endpoints) can now be used as backends for internal TCP/UDP load balancers. For more information on this type of zonal NEG, see Zonal NEGs overview. For instructions on how to set up an internal TCP/UDP load balancer with a zonal NEG backend, see Setting up Internal TCP/UDP Load Balancing with zonal NEGs

This feature is in General Availability.

Pub/Sub Lite is now available in the following regions:

• Hong Kong (asia-east2)
• Tokyo (asia-northeast1)
• Osaka (asia-northeast2)
• Seoul (asia-northeast3)
• Mumbai (asia-south1)
• Jakarta (asia-southeast2)
• Warsaw (europe-central2)
• Montreal (northamerica-northeast1)
• Sao Paulo (southamerica-east1)
• Northern Virginia (us-east4)
• Salt Lake City (us-west3)
• Las Vegas (us-west4)

For the full list of available regions, see Pub/Sub Lite locations.

Pub/Sub Lite is now available in the following regions:

• Hong Kong (asia-east2)
• Tokyo (asia-northeast1)
• Osaka (asia-northeast2)
• Seoul (asia-northeast3)
• Mumbai (asia-south1)
• Jakarta (asia-southeast2)
• Warsaw (europe-central2)
• Montreal (northamerica-northeast1)
• Sao Paulo (southamerica-east1)
• Northern Virginia (us-east4)
• Salt Lake City (us-west3)
• Las Vegas (us-west4)

For the full list of available regions, see Pub/Sub Lite locations.

The following features are available in the Video Intelligence API version v1:

Face detection: Locate faces within a video, and identify attributes such as glasses being worn. Learn more

Person detection: Locate people in a video, and identify attributes and 2D landmarks. Learn more

This GA launch brings significant quality improvement to both features.

Artifact Registry now supports audit logging for container images in Cloud Audit Logs.

The ability to restore from a Cloud Bigtable backup to a different instance is now generally available. This feature enhancement lets you use backups for a wider variety of use cases.

You can now add custom fields in the Logs Explorer to better analyze logs and refine your queries. For more information, see Adding fields to Log fields pane .

The Inventory tab on the Cloud Monitoring VM Instances dashboard now offers the ability to filter and sort the instance table by any combination of columns. In addition, new health scorecards report a variety of metrics and statistics related to the health and status of your VMs and agents.

You can now use Identity-aware Proxy with Cloud Run to use identity and context to guard access to your applications. (Available in public preview.)

Generally available: Create virtual machines for high performance computing (HPC) workloads using the HPC VM image.

The kubelet graceful node shutdown feature is now enabled on preemptible and GPU accelerator nodes running versions 1.20.5-gke.500 or later.

You can now use a pre-built container to serve predictions from TensorFlow 2.4 models.

You can now use a pre-built container to serve predictions from scikit-learn 0.24 models.

You can now use a pre-built container to serve predictions from XGBoost 1.3 models.

Release 1.7.1

Anthos clusters on bare metal release 1.7.1 is now available. To upgrade, see Upgrading Anthos clusters on bare metal. Anthos clusters on bare metal 1.7.1 runs on Kubernetes 1.19.

BigQuery now supports the following data definition language (DDL) statements:

• CREATE VIEW with column name list
• ALTER COLUMN DROP NOT NULL constraint

This feature is in GA.

New resource types are now available.

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

• Cloud Monitoring
  • monitoring.googleapis.com/AlertPolicy
• Cloud Filestore
  • file.googleapis.com/Backup

The following version upgrade applies to Cloud SQL for SQL Server:

• SQL Server 2017 is upgraded from 14.0.3257.3 to 14.0.3370.1

If you use maintenance windows, the new version will be available after your maintenance update. For information about maintenance windows, and to manage maintenance updates, see Finding and setting maintenance windows.

Preview: With the introduction of OS inventory management v2.0, you can now query the OS Config API to get inventory and vulnerability report data for your VMs in a specific zone, see OS inventory management.

You can now create extreme persistent disks in certain regions. With consistently high performance for both random access workloads and bulk throughput, extreme persistent disks are designed for high-end database workloads.

For more information, see Extreme persistent disks.

Internal TCP/UDP Load Balancing now supports session affinity for the UDP protocol. This feature is available in General Availability.

C2 machines are available in the following regions and zones:

• Osaka asia-northeast2-a

See VM instance pricing for details.

Google Kubernetes Engine is supported by Access Approval in Preview stage.

Cloud Spanner is supported by Access Approval in GA stage.

Webhook triggers are now generally available. Learn more about using webhook triggers to build repos hosted on Gitlab, Bitbucket Cloud, and Bitbucket Server.

Users can now run manual triggers on a schedule. For more information, see Scheduling builds.

You can now install the Cloud Logging agent, Cloud Monitoring agent, and Ops Agent on VMs running OpenSUSE Leap versions 15, 15.1, and 15.2.

You can now install the Cloud Logging agent, Cloud Monitoring agent, and Ops Agent on VMs running OpenSUSE Leap versions 15, 15.1, and 15.2.

N2D machines are available in the following regions and zones:

• Osaka asia-northeast2-c
• Montréal northamerica-northeast1-a,c
• Finland europe-north1-a,b,c

See VM instance pricing for details.

ComputeDisk added support for projectRef

Added go-clients for GKEHubMembership and CloudIdentityGroup

Multi-Instance GPU on GKE is available in Preview.

Vizier is now available in preview. Vizier is a feature of AI Platform (Unified) that you can use to perform black-box optimization. You can use Vizier to tune hyperparameters or optimize any evaluable system.