Google Cloud Updates on December 14, 2021

Anthos Service Mesh

• Anthos Service Mesh 1.7-1.9 are no longer supported. For more information, see Supported versions.

Anthos on bare metal

• Release 1.8.7: Anthos clusters on bare metal 1.8.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.8.7 runs on Kubernetes 1.20.
• Fixes: The following container image security vulnerability has been fixed: CVE-2020-21913
• Known issues:For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

BigQuery BI Engine

• BigQuery BI Engine SQL interface is now generally availabile.

Compute Engine

• Generally available: You can now share reservations of Compute Engine zonal resources between multiple projects. Learn about shared reservations and creating a shared reservation.

Config Connector

• Config Connector 1.69.0 is now available
• Added support for VPCAccessConnector resource
• Added support for ComputePacketMirroring resource
• Added support for PrivateCACAPool resource
• Added support for IAMWorkloadIdentityPool resource
• Added support for IAMWorkloadIdentityPoolProvider resource
• Added support for CloudIdentityMembership resource
• Rollout support for state-into-spec: absent to ContainerCluster resource (Issue #576)
• Add billgProject flag in ConfigConnectorContext to specify a quota project to send along with user_project_override header, used for all requests sent from Config Connector. If set on a resource that supports sending the resource project, this value will supersede the resource project. This field can only be set if requestProjectPolicy takes BILLING_PROJECT value
• Fixed the issues in config-connector export that the exported YAML now include zero primitives to match the Google Cloud resource live state
• Fixed the issues in ContainerCluster with creating autopilot clusters

Dataproc Metastore

• An Apache Log4j 2 vulnerability. that impacted Dataproc clusters has been addressed (see Recreate and update a cluster, which provides guidance to Dataproc users). Dataproc Metastore users do not need to take any action; the fix applied by Dataproc Metastore is sufficient to address the issue.

Datastream

• Datastream now supports customer-managed encryption keys (CMEK). Click here to access the documentation.

Kf

• Added buildDisableIstioSidecar configuration feature.
• Added buildPodResources configuration feature.
• Added controllerCACerts configuration feature.
• Added buildRetentionCount configuration feature.
• Added V3 Google stack as build option.
• Added V3 kf-v2-to-v3-shim stack as build option.
• Fixed an issue that could prevent SIGTERM from reaching an app.
• Fixed an issue that caused extra reconciliation loops and logs.
• Improved CLI performance.
• Improved subresource API server resilience.
• Updated Config Connect to v1.66.0.
• Updated Tekton to v0.29.0.
• Support for Anthos Service Mesh (ASM) v1.11+, which recommends ingress gateways be outside of the istio-system namespace.
• Changed build ImagePullPolicy default from always download to prefer cached.
• Improved Workload Identity reliability.

Service Directory

• Configuring an external TCP/UDP load balancer in Service Directory is available in Preview.