------------------------------
Title: February 20, 2024
[content]
AlloyDB for PostgreSQL
Feature
You can now configure instances to use 128 vCPUs and 864 GB of RAM per node.
Chronicle
Feature
Google has added Tokyo (Japan) as a new region for Chronicle customers. Chronicle can now store customer data in this region. This also adds a new regional endpoint for Chronicle APIs at https://asia-northeast1-backstory.googleapis.com.
Cloud Billing
Changed
US-based billing accounts only: In August 2023, Google Cloud Marketplace transitioned to the Agency model for marketplace services for US partners and US customers. As part of this change, the remittance information has changed on your Google Cloud invoices and in the Google Cloud console.

As part of this change, you can see the following information in your Cloud Billing tools:


In the Cost Table report, use the Seller Name and Transaction type columns.
In the Standard data export to BigQuery, use the seller_name and transaction_type columns.

Cloud Logging
Feature
You can now configure and save a Log Analytics chart directly in Monitoring. For more information, see Add charts generated from a Log Analytics query.
Changed
For information and recommendations about how to instrument your applications to collect metrics, logs, and traces, see the following documents:


Instrumentation and observability overview
Choose an instrumentation approach
Go instrumentation example
Java  instrumentation example

Cloud Monitoring
Changed
For information and recommendations about how to instrument your applications to collect metrics, logs, and traces, see the following documents:


Instrumentation and observability overview
Choose an instrumentation approach
Go instrumentation example
Java  instrumentation example

Cloud SQL for PostgreSQL
Feature
Cloud SQL Enterprise Plus edition now supports versions 12 and 13 of PostgreSQL. For more information, see Introduction to Cloud SQL editions.
Cloud Trace
Changed
For information and recommendations about how to instrument your applications to collect metrics, logs, and traces, see the following documents:


Instrumentation and observability overview
Choose an instrumentation approach
Go instrumentation example
Java  instrumentation example

Container Optimized OS
Changed
cos-105-17412-294-29 


  
    Kernel
    Docker
    Containerd
    GPU Drivers
  
  
    COS-5.15.146
    v23.0.3
    v1.7.10
    v470.223.02
(default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)
  

Security
Fixed CVE-2024-24557 in app-emulation/docker.
Security
Upgraded net-misc/curl to v8.6.0. This fixes CVE-2024-0853.
Security
Updated dev-libs/libxml2 to v2.11.7. This fixes CVE-2024-25062.
Security
Fixed CVE-2022-3566 in the Linux kernel.
Security
Fixed CVE-2022-3567 in the Linux kernel.
Changed
cos-109-17800-147-15 


  
    Kernel
    Docker
    Containerd
    GPU Drivers
  
  
    COS-6.1.75
    v24.0.5
    v1.7.13
    v535.154.05
(default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)
  

Changed
Updated app-containers/containerd to v1.7.13.
Security
Upgraded net-misc/curl to v8.6.0. This fixes CVE-2024-0853.
Security
Updated dev-libs/libxml2 to v2.11.7. This fixes CVE-2024-25062.
Deep Learning Containers
Feature
M117 release


Fixed an issue wherein the latest container had a deprecation-public-image tag. In this release and future releases, this tag will only be on the deprecated containers.
Fixed a problem wherein the user couldn't access the vulnerabilities result of each container.

Dialogflow
Changed
The previously announced migration from Standard NLU to Advanced NLU will no longer occur on March 1, 2024. For more information, see the email announcement
Changed
Dialogflow CX agents now default to advanced NLU.
Feature
You can now import and export Dialogflow CX custom entities.
Feature
Dialogflow CX channel-specific response messages are now available for the following integrations: Google Chat, LINE, Messenger from Meta, Workplace from Meta, Slack. See the integration documentation for details.
Google Distributed Cloud Virtual for Bare Metal
Feature
Release 1.16.6

GKE on Bare Metal 1.16.6 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.6 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal. 
Fixed
Fixes:


Fixed an issue where upgrades are blocked because cluster-operator can't
delete stale, failing preflight check resources.
Cleaned up stale etcd-events membership to enhance control plane initialization reliability in the event of a node join failure.

Fixed
Fixes:

The following container image security vulnerabilities have been fixed in 1.16.6: 


High-severity container vulnerabilities:


CVE-2024-21626

Medium-severity container vulnerabilities:


CVE-2023-3446
CVE-2023-3817

Low-severity container vulnerabilities:


CVE-2023-2975
CVE-2023-4527
CVE-2023-4911


Issue
Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
Google Kubernetes Engine
Feature
You can now use the GKE API to apply Resource Manager tags to your GKE nodes. GKE attaches these tags to the underlying Compute Engine VMs. You can use these tags to selectively enforce Cloud Firewall network firewall policies. This feature is generally available in GKE version 1.28 and later.
Feature
Kubernetes Engine best practice observability packages, including control plane logs, control plane metrics, and kube state metrics are now enabled by default for new managed GKE Enterprise clusters to ensure availability of necessary data when it's needed for troubleshooting or optimization. Control plane metrics and kube state metrics are included in GKE Enterprise Edition at no additional charge.
Feature
GKE now delivers insights and recommendations if your cluster's Certificate Authority (CA) is expired or will expire in the next 180 days. To learn more, see Find clusters with expiring or expired credentials.
Issue
A bug in the image streaming feature might cause containers to fail because of a missing file or files.

Containers running on a node with image streaming enabled on the following versions might fail to start or run with errors informing that certain files don't exist. The following are examples of such errors:


No such file or directory
Executable file not found in $PATH


The following GKE versions are impacted:


For 1.27: 1.27.10-gke.1077000 and later
For 1.28: All 1.28 versions
For 1.29: All 1.29 versions


GKE is working on fixing the issue. In the meantime, if you are impacted by this issue, please disable image streaming.
Security Command Center
Deprecated
Manual control of finding state deprecated for vulnerabilities and misconfigurations

Starting October 21, 2024, you will no longer be able to manually update the state of vulnerability or misconfiguration findings that are issued by Security Health Analytics or VM Manager. Security Command Center will return an error message on manual attempts to change the values of the state. Security Command Center will also begin preventing the manual creation of findings under the exact same name as a source that is automatically managed by Security Command Center in order to prevent the creation of findings that can never be resolved.

For more information, see Finding states.
Feature
Pane on Overview page that supports postures for Vertex AI released to Preview

A pane on the Overview page lets you monitor for vulnerabilities that were found by the Security Health Analytics custom modules that apply to Vertex AI, and lets you view any drift from the Vertex AI organization policies that are defined in a posture.

For more information, see Monitor posture drift.
[/content]

PublishedDate: 2024-02-20
Category: Technology
NewsPaper: GCP latest releases