GCP updates | November 12, 2018

created at 2018/11/28 18:59:24

COMPUTE

Compute Engine – logging serial port output to Stackdriver: beta

This feature enables you to configure your VM instances to automatically log serial port output to Stackdriver, allowing it to persist beyond the lifetime of the VMs. Logging this data to Stackdriver makes it easier for you to analyze and troubleshoot VMs that have crashed or terminated. Documentation

おもしろいなw
IaaSレイヤーで凝ったことしてたら必要になってくるんですね。

Compute Engine – mounting persistent disks into containers: beta

With Container-Optimized OS 69 or newer, you can now mount persistent disks from a host VM into a container automatically, no coding required. This is similar to using the gcePersistentDisk volume type in Kubernetes. Documentation

GCEのコンテナを起動できる機能に関して、APIとかコンソール一発でコンテナからPersistent Diskをマウントできるようになったって感じかな。
コンテナなのにGCEを使うってときはステートフルなあれが多いと思うので、あると嬉しいのかもしれませんね。

DATA ANALYTICS

BigQuery sandbox available through Firebase: beta

Firebase users on the free Spark plan can now export their project data to a BigQuery sandbox for analysis. You can export to BigQuery without a billable account to access up to 10 GB of active storage and 1 TB of processed query data per month. Documentation

課金してなくてもFirebase -> BigQueryを試せるようになったってことかな。

NETWORKING

Content-based HTTPS health checks: GA

Health-checking mechanisms determine whether VM instances are responding properly to traffic. You can now specify the content that should be seen in the response string of an HTTPS health check for Google Cloud Platform load balancers. Documentation

ふむ。

Cloud DNS – private DNS zones: beta

Private DNS zones provide a simple-to-manage internal DNS solution for your private networks on GCP. This GCP-native and managed private zone capability removes the need to provision and manage additional software and compute resources. Blog

Private Google Access from on-premises: beta

This feature enables your on-premises hosts to reach Google APIs and services through a Cloud VPN tunnel or Cloud Interconnect connection. Documentation

今までできなかったんですね。
こーゆーオンプレまわりの機能強化って日本企業の要望が強かったりするんだろうか。

STORAGE

Cloud Firestore emulator: beta

By running a binary of Cloud Firestore within a local environment, you can safely test how code will interact with your apps and check the behavior of your Cloud Firestore Security Rules. Documentation

いいですね。Firestoreへの移行が着々と進んでますね。

IDENTITY & SECURITY

Compute Engine – new Cloud Identity and Access Management features: beta

A new resource-level IAM feature allows you to control access by setting policies on individual resources, such as VM instances or disks. And with the new IAM conditions feature you can also grant access based on predefined conditions, such as resource name prefix or time frame. Blog

より細かくIAMで権限をコントロールできるようになるみたいですね。
ブログの例だとリソースタイプとリソースの名前の前方一致という条件でポリシーを設定しています。

{
   "policy": {
     "bindings": [
      {
        "role": "roles/compute.instanceAdmin.v1",
        "members": [
          "user:[email protected]",
         ]
        "condition": { 
          "title": "dev1 prefix",
          "description": "Role granted only for instances and disks with Name Prefix dev1",
          "expression": 
            "(resource.type=="compute.instances"&& resource.name.startsWith("projects/[PROJECT_NAME]/zones/[ZONE_NAME]/instances/dev1"))||(resource.type=="compute.disks"&&resource.name.startsWith("projects/[PROJECT_NAME]/zones/[ZONE_NAME]/disks/dev1"))"
        }
      }
    }
  }

もうちょっと細かく権限管理したいなぁと思うことはあったけど、あんまり多用はしたくないですね :sweat_smile: