Google Cloud release notes

Anthos on bare metal is generally available

Anthos on bare metal is a deployment option to run Anthos on physical or virtual servers, deployed on an operating system provided by you, without a hypervisor layer. Anthos on bare metal ships with built-in networking, lifecycle management, diagnostics, health checks, logging, and monitoring. Anthos on bare metal supports CentOS, Red Hat Enterprise Linux (RHEL), and Ubuntu—all validated by Google. With Anthos on bare metal, you can use your company's standard hardware and operating system images, taking advantage of existing investments, which are automatically checked and validated against Anthos infrastructure requirements.

Anthos on bare metal is available today, with either subscription or pay-as-you-go pricing. Anthos on bare metal lets you leverage existing investments in hardware, OS, and networking infrastructure. The minimum system requirement to run Anthos on bare metal is 2 nodes with a minimum total of 4 cores, 32 GB RAM, and 128 GB of disk space with no specialized hardware. The setup lets you run Anthos on bare metal on almost any infrastructure.

Anthos on bare metal uses a "bring your own operating system" model. It runs atop physical or virtual instances, and supports Red Hat Enterprise Linux 8.1/8.2, CentOS 8.1/8.2, or Ubuntu 18.04/20.04 LTS. Anthos provides overlay networking and L4/L7 load balancing. You can also integrate with your own load balancer such as F5 and Citrix. For storage, you can deploy persistent workloads using CSI integration with your existing infrastructure.

You can deploy Anthos on bare metal using one of the following deployment models:

• A standalone model lets you manage every cluster independently. This is a good choice when running in an edge location or if you want your clusters to be administered independent of one another.
• The multiple-cluster model lets central IT teams manage a fleet of clusters from a centralized cluster, called the admin cluster. This is more suitable if you want to build automation or tooling, or if you want to delegate the lifecycle of clusters to individual teams without sharing sensitive credentials such as SSH keys or Google Cloud service account details.

Like with all Anthos environments, a bare metal cluster has a thin, secure connection back to Google Cloud called Connect. After it's installed in your clusters, you can centrally view, configure, and monitor your clusters from the Google Cloud Console.

Anthos on bare metal, which is part of the Anthos 1.6 release, provides the following features and capabilities:

• Kubernetes 1.18
• Ubuntu/RHEL/CentOS support
• Standalone and multiple-cluster architecture
• In-place upgrades (minor and major)
• Overlay networking, Ingress (L7), integrated load balancing (L4, L2-Mode)
• Manual load balancing (F5, Citrix)
• Installs behind proxy support
• Preflight and health checks
• Node maintenance mode
• Cloud Monitoring and Cloud Logging
• ACM, ASM, identity, hub or connect, billing, and pay-as-you-go
• NVIDIA GPU support
• Scales to 500 nodes
• Virtual machine management (Kubevirt) preview

You can now automate the deployment of SAP HANA in a SUSE Linux Enterprise Server high-availability (HA) cluster that uses the recommended TCP internal load balancer implementation for the virtual IP address.

For more information, see Automated deployment of Linux high-availability clusters for SAP HANA.

New sole-tenant node types:

• GA:

  • c2-node-60-240
  • m1-node-160-3844
  • m2-node-416-11776
  • n2-node-80-640
  • n2d-node-224-896

• Beta:

  • m1-node-96-1433

The Dialogflow CX test cases feature is now launched and documented.

BigQuery ML integration with AI Platform for Boosted Tree models is now generally available (GA). For more information, see the following documentation:

• CREATE MODEL statement for Boosted Tree models using XGBoost

• ML.FEATURE_IMPORTANCE function

BigQuery ML integration with AI Platform for Deep Neural Network (DNN) models is now generally available (GA). For more information, see CREATE MODEL statement for Deep Neural Network (DNN) models.

Exporting BigQuery ML models to Cloud Storage and using them for online prediction is now generally available (GA). For more information, see Exporting models and the EXPORT MODEL statement.

Cloud Composer is now available in Los Angeles (us-west2).

Added support for the ComputeTargetGRPCProxy resource

Added support for the ResourceManagerLien resource

Composer version 1.12.5 or newer: File synchronization between buckets in Domain restricted sharing compliant environments has been improved. If your environment was created before November 20, 2020 you must upgrade your environment to access this feature

Preview: Reserve GPUs and local SSDs on sole-tenant nodes.

Preview: Rename VM instances.

The Dialogflow Messenger integration is now implemented for Dialogflow CX.

Agent Validation is now implemented for Dialogflow CX.

Firewall Insights is available in General Availability.

Users can now transfer Cloud Build metrics to BigQuery through the BigQuery notifier, a new open-source notifier.

Cloud Functions has added support for a new runtime, .NET, in Preview. This runtime is based on .NET Core 3.1.

• The .NET runtime
• Blog post

Cloud SQL for MySQL now supports retention settings for automated backups. You can configure retention of your automated backups for shorter or longer periods (1 to 365 days). The default setting remains 7 days.

Cloud SQL for MySQL now supports retention settings for point-in-time recovery. You have the option of retaining logs, used for point-in-time recovery, for shorter periods (1 to 7 days). The default setting is 7 days.

Cloud SQL for PostgreSQL now supports retention settings for automated backups. You can configure retention of your automated backups for shorter or longer periods (1 to 365 days). The default setting remains 7 days.

Cloud SQL for PostgreSQL now supports retention settings for point-in-time recovery. You have the option of retaining logs, used for point-in-time recovery, for shorter periods (1 to 7 days). The default setting is 7.

Cloud SQL for SQL Server now supports retention settings for automated backups. You can configure retention of your automated backups for shorter or longer periods (1 to 365 days). The default setting iremains 7 days.

Private Catalog launches an updated Cloud Console experience for cloud admins. The updates include more options for managing access control, sharing catalogs, and bulk editing solutions.

The PHP7.4 runtime for the App Engine standard environment are now generally available.

The Ruby 2.6 and 2.7 runtimes for the App Engine standard environment are now generally available.

Filestore now supports access over VPN. With this new capability, you can mount Filestore file shares on an on-premises client, as well as clients on a remote VPC. To learn how to set up a VPN connection with Cloud VPN, see Creating an HA VPN gateway to a Peer VPN gateway.

Pub/Sub message filtering is now available in GA.

BigQuery column-level security is now generally available. Policy tags can be replicated across locations. For more information, see Introduction to BigQuery column-level security.

You can now use security keys as a 2-step verification method when connecting to VMs using OS Login. For more information, see Setting up OS Login with 2-step verification.

Preview release

AI Platform (Unified) is now available in Preview.

For more information, see the product documentation.

Anthos GKE on-prem 1.5.2-gke.3 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.5.2-gke.3 clusters run on Kubernetes 1.17.9-gke.4400.

GKE Data Plane V2 Preview is now available.

• GKE Data Plane V2 is a new programmable data path that enables Google to offer new network security features like Network Policy Logging and Node Network Policy.

Binary Authorization for GKE on-prem 0.2.1 is now available.

• Binary Authorization for GKE on-prem 0.2.1 adds a proxy side cache that caches AdmissionReview responses. This can improve the reliability of the webhook.

A new dashboard editor is available in Preview. The new editor lets you create and edit all dashboard widget types, including gauges, scorecards, and text boxes. With mosaic-mode, you can resize and reposition widgets. The configuration tabs - Basic, Advanced, MQL - let you choose how you want to configure your widgets. For more information, see Custom dashboards.

GA: Collect diagnostic information from Windows Server VMs.

N2D machine types are now available in us-west1-a, The Dalles, Oregon. See VM instance pricing for pricing details.

General availability support for the following integration:

• Artifact Registry

You can now use the Share link button in the Logs Explorer to create and share a shortened URL of your current query. For more information, see Using the Logs Explorer.

Anthos Service Mesh, Mesh CA and the Anthos Service Mesh dashboards in Google Cloud Console are now available for any GKE customer and do not require the purchase of Anthos. See pricing for details.

There are slight changes to the behavior of Google Cloud Console for customers who use Anthos Service Mesh without an Anthos subscription. See details here.

Added a shell script to automate Anthos Service Mesh installation and migration from Istio and the Istio on GKE add-on. For details, see the following guides:

• 1.6: Installation and migration on GKE

• 1.7: Installation, migration, and upgrades on GKE

IAM Conditions now provides resource attributes for Pub/Sub Lite. You can use these resource attributes to grant access to a subset of your Pub/Sub Lite subscriptions and topics.

Migrations from the 1.6 version of the add-on to Anthos Service Mesh 1.7 or 1.6 using a Google-provided script is available. For details see Upgrading to Istio 1.6 with Operator

Traffic Director now supports multi-environment deployments. The hybrid connectivity network endpoint group (NEG) is in General Availability. The documentation includes an overview of the feature and a tutorial, Network edge services for multi-environment (on-premises, multi-cloud) deployments.

The following regional endpoints are now generally available for online prediction, in addition to the regional endpoints that were already available:

• us-east1-ml.googleapis.com
• us-east4-ml.googleapis.com
• us-west1-ml.googleapis.com
• northamerica-northeast1-ml.googleapis.com
• europe-west1-ml.googleapis.com
• europe-west2-ml.googleapis.com
• europe-west3-ml.googleapis.com
• asia-northeast1-ml.googleapis.com
• asia-southeast1-ml.googleapis.com
• australia-southeast1-ml.googleapis.com

On some of these regional endpoints, you can use GPUs to accelerate prediction. Learn which types of GPUs are available on which regional endpoints.

Pricing for online prediction varies between regional endpoints. Read about the pricing for each regional endpoint.

Cost table report now includes invoice header information and project-level taxes.

The cost table report presents a detailed, tabular view of your monthly costs for a given invoice or statement. The cost table has been updated to include invoice or statement header information that is viewable in the cost table page as well as downloadable to CSV.

Additionally, the cost table report now breaks out your tax costs by each project. Prior to this update, your tax costs were listed at the end of the cost table as a row for each type of tax incurred, aggregated for the whole invoice or statement. To view the details of your tax costs, in the cost table, look for rows with a Cost type: Tax and SKU description: description and percentage of tax (for example, PST/QST/RST (9.975%) or State sales tax (4.71%)).

For information on using the cost table report to view and analyze the details of your invoice or statement, refer to the Cost table reports documentation.

Cloud Build now enables you to create triggers that you can invoke manually through the Cloud Console. To learn how to create and run manual triggers, see Creating manual triggers.

Compute-optimized (C2) machine types are now available in Hong Kong, asia-east2, in all three zones. For pricing information, see VM instance pricing.

Data Catalog is now available in Singapore (asia-southeast1).

Dataflow now supports Interactive Notebooks in GA.

The following methods have been added to update or view the storage information for your DICOM data: * projects.locations.datasets.storageOptions.setBlobStorageSettings sets the storage class for all instances in a study. * projects.locations.datasets.storageOptions.getStorageInfo displays the storage details for the instances in a DICOM store.

External TCP/UDP Network Load Balancing is now supported with backend services. Compared to the target pool backend, a backend service gives you more fine-grained control over your load balancer, including access to features such as connection draining, failover policies, and support for managed instance groups as backends.

Network load balancers with a backend service can also use health checks that match the traffic (TCP, SSL, HTTP, HTTPS, or HTTP/2) they are distributing.

To get started, see:

• Network Load Balancing with backend services
• Setting up a network load balancer with a backend service
• Transitioning a network load balancer from a target pool to a backend service

This feature is available in Preview.

Added support for the MonitoringAlertPolicy resource.

Added maintenancePolicy field to ComputeNodeGroup.

Added exclusions field to LoggingLogSink.

Added authEnabled field to RedisInstance.

Added interface field to ComputeDisk.

Added mtu field to ComputeNetwork.

Added privateIpv6GoogleAccess field to ComputeSubnetwork.

Added confidentialNodes field to ContainerCluster.

Added skipInitialVersionCreation field to KMSCryptoKey.

The Cloud Billing Budgets API v1 is now available.

• Learn about the Cloud Billing Budgets REST API.
• Review examples of using the Billing Budgets REST API.
• Learn about the Cloud Billing Budgets API client libraries.

• Airflow 1.10.12 is now available for Cloud Composer.
• The GKE release channel is set to STABLE for new and upgraded Composer environments.

A new multi-region instance configuration is now available in North America - nam8 (Los Angeles/Oregon/Salt Lake City).

Identify resources like persistent disks, IP addresses, and custom disk images that aren't in use. Viewing and applying idle resources recommendations can help reduce unused resources and reduce your Compute Engine bill. This feature is Generally available.

Compute-optimized (C2) machine types are now available in Sydney, Australia, australia-southeast1-c. For pricing details, see VM instance pricing.

Storage Transfer Service support for specifying an end time to scheduling transfer jobs is in Preview.

By using the new gcloud command and API for live tailing, you can now stream your logs in real time as your applications write them to the Cloud Logging API. To learn more, see Live tailing log entries.

Field descriptions now document immutability.

DataflowJob labels are now mutable.

The Cloud Healthcare API offers single-region support in the europe-west6 (Zurich, Switzerland) region.

Enhancements to the VM Details page. A new Event Timeline shows important events as bars on a timeline. Hovering over any event bar displays summary information about the event and provides a link to the Incident Details page for the event.

PostgreSQL version 13 is now generally available. To start using PostgreSQL 13, see Creating instances.

Dataflow now supports Dataflow Shuffle, Streaming Engine, FlexRS, and the following regional endpoints in GA:

• us-west2 (Los Angeles)
• southamerica-east1 (São Paulo)
• europe-west6 (Zurich)
• asia-south1 (Mumbai)

Users can now build containers without a Dockerfile or a Cloud Build config file using Cloud Native Buildpacks.

Dialogflow CX now supports the same languages as Dialogflow ES.

Preview support for the following integration:

• Transfer Appliance

1.7.3-asm.6 is now available

Anthos Service Mesh 1.7 is compatible with and has the feature set of Istio 1.7, subject to the list of Anthos Service Mesh supported features.

Added support for on-premises secure key management, provided by Thales Luna HSM 7+ and Hashicorp Vault.

Added a shell script to automate Anthos Service Mesh installation and migration from Istio 1.6. See the installation guide for details.

Added revision label support to sidecar injection for greater control over various scenarios, such as canary upgrades and more.

Anthos 1.4.4 is now available.

Updated components:

• Anthos GKE on-prem release notes
• Anthos Config Management release notes

Anthos 1.3.5 is now available.

Updated components:

• Anthos GKE on-prem release notes
• Anthos Config Management release notes

You can now use Private Google Access to provision images for your GKE on AWS environment. For more information, see spec.ubuntuRepositoryMirror in the AWSManagementService resource.

Anthos GKE on-prem 1.4.4-gke.1 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.4.4-gke.1 clusters run on Kubernetes 1.16.11-gke.11.

Anthos GKE on-prem 1.3.5-gke.2 is now available. To upgrade, see Upgrading GKE on-prem. GKE on-prem 1.3.5-gke.2 clusters run on Kubernetes 1.15.12-gke.6400.

You can now configure cache modes, cache TTLs and set custom response headers in the Cloud Console, in addition to the existing gcloud and REST API support.

Secret Manager support for Customer-Managed Encryption Keys (CMEK) is available to all customers via public preview.

Learn more at Enabling CMEK in Secret Manager.