GCP Release Notes: September 02, 2025

BigQuery

Feature

You can now create a remote model based on an open embedding model from Vertex Model Garden or Hugging Face that is deployed to Vertex AI. Options include E5 Embedding and other leading open embedding generation models. You can then use the ML.GENERATE_EMBEDDING function with this remote model to generate embeddings.

Try this feature with the Generate text embeddings by using an open model and the ML.GENERATE_EMBEDDING function tutorial.

This feature is in Preview.

Feature

You can now create a remote model based on the Vertex AI gemini-embedding-001 model. You can then use the ML.GENERATE_EMBEDDING function with this remote model to generate embeddings. This feature is in Preview.

Feature

You can now reference BigQuery ML and DataFrames in your prompts when you use the Data Science Agent in a BigQuery notebook. The Data Science Agent is in Preview.

Feature

You can now configure listings for multiple regions for shared datasets and linked dataset replicas in BigQuery sharing. For more information, see Create a listing. This feature is in preview.

Feature

You can now enable the automatic selection of a processing location in your pipeline configurations. For more information, see Create pipelines. This feature is generally available (GA).

Cloud Build

Feature

Dark theme is now available for Cloud Build. To enable the dark theme, in the Google Cloud console, click Settings and utilities > Preferences. In the navigation menu, click Appearance, and then select your color theme and click Save.

Cloud Deploy

Feature

You can now use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud Deploy resources. For more information, see Use custom organization policies.

Cloud Service Mesh

Security

1.26.4-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains a fix for a use-after-free (UAF) vulnerability in the DNS cache. For more information, see the security bulletin.

Only clusters running in-cluster Cloud Service Mesh version 1.26 are affected. If you are running an earlier in-cluster version or managed Cloud Service Mesh, you are not affected and do not need to take any action.

For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh.

Dataform

Feature

Dataform now automatically selects a processing location based on the datasets referenced in your SQL queries. This makes setting the default location optional in your workflow configurations. For more information, see About repository settings. This feature is generally available (GA).

Dataproc

Feature

Multi-tenant clusters are now available in Preview. Many data engineers and scientists can share a multi-tenant cluster to execute their workloads in isolation from each other.

Gemini Code Assist

Feature

Create and manage multiple chats in IntelliJ

You can create and manage multiple chats in IntelliJ Gemini Code Assist. Each chat contains its own context separate from other chats.

Google Cloud Contact Center as a Service

Announcement

Mobile SDK 2.14 is released

Mobile SDK 2.14 includes the following updates:

• Android SDK and iOS SDK:

  • Support for virtual agent to virtual agent chat transfers by queue.

  • Support for hiding the download transcript button in the options menu, the post-chat screen, or both. For the Android SDK, see SDK configuration. For the iOS SDK, see Show or hide the download transcript button.

  • Improved accessibility, including better navigation and screen reader support.

• Android SDK:

  • Support for hiding the SDK using the Ujet.hideSDK() method. For more information, see Hide the SDK.

  • New event types: MessageLinkClicked and QuickReplyClicked.

To support the new virtual agent chat transfer capabilities of this release, we've added a new configuration setting in the Google Cloud CCaaS portal. You can use this setting to hide transfer system messages in chat sessions with virtual agent to virtual agent transfers.

Administrators: In the Settings > Chat > Web & Mobile Chat Settings pane, there's a new Transfers checkbox.

For more information, see Hide transfer messages in chat sessions.

Google Cloud Managed Service for Apache Kafka

Feature

Managed Service for Apache Kafka now supports HIPAA Compliance on Google Cloud.

Google Distributed Cloud (software only) for VMware

Announcement

Google Distributed Cloud (software only) for VMware 1.33.0-gke.799 is now available for download. To upgrade, see Upgrade a cluster. Google Distributed Cloud 1.33.0-gke.799 runs on Kubernetes v1.33.2-gke.700.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Changed

• GA: Changed the cluster creation process so that all new clusters are advanced clusters. Additionally, all cluster upgrades to 1.33 are automatically converted to advanced clusters.
• Upgraded the etcd component to version 3.4.33.

Feature

• GA: Enabled the vsphere-metrics-exporter component for advanced clusters. This exporter provides greater visibility into the VMware vSphere environment by collecting key performance and health metrics.
• GA: Added support for VM-Host affinity groups in advanced clusters. This feature allows for the creation of rules that constrain cluster nodes to run on specific, predefined groups of hosts.
• GA: Added support for automatic node resizing in advanced clusters. This feature optimizes resource use by automatically adjusting the CPU and memory allocated to control plane nodes in response to workload demands.
• Public Preview: Added support for Virtual Machine (VM) tracking using vSphere tags in advanced clusters. This feature simplifies resource management by automatically applying identifying tags to cluster VMs.
• GA: Introduced an Envoy proxy sidecar to the GKE Identity Service for clusters that use Controlplane V2. This change enhances the security, reliability, and performance of the authentication service.

Fixed

The following issues were fixed in 1.33.0-gke.799:

• Fixed vulnerabilities listed in Vulnerability fixes.

Google Distributed Cloud (software only) for bare metal

Announcement

Google Distributed Cloud for bare metal 1.33.0-gke.799 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.33.0-gke.799 runs on Kubernetes v1.33.2-gke.700.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Feature

The following features were added in 1.33.0-gke.799:

• GA: Introduced an Envoy sidecar into the GKE Identity Service to increase security, reliability, and performance.

• GA: Added support for the Ubuntu 24.04 LTS operating system with the 6.8 kernel.

• GA: Added the ability to override the cluster-level pod density setting for individual node pools.

• Preview: Added Node Agent to give you the ability to transition from using Ansible over SSH for cluster operations to a more secure, agent-based model. Added bmctl nodeagent commands to provide a straightforward and reliable process of migrating existing clusters to use Node Agent.

• Preview: Added a bundled version of the NVIDIA GPU Operator (version 25.3.1). The bundled operator is an open-source solution for managing the NVIDIA software components needed to provision and manage GPU devices.

• Preview: Added Dynamic Resource Allocation, a Kubernetes API that lets you request and share generic resources, such as GPUs, among pods and containers. When enabled, this capability helps you run AI workloads by dynamically and precisely allocating the GPU resources within your bare metal clusters, improving resource utilization and performance for demanding workloads.

• Preview: Added vertical Pod autoscaling, which lets you analyze and set CPU and memory resources required by Pods. Instead of having to set up-to-date CPU requests and limits and memory requests and limits for the containers in your Pods, you can configure vertical Pod autoscaling to provide recommended values for CPU and memory requests and limits that you can use to manually update your Pods, or you can configure vertical Pod autoscaling to automatically update the values.

• Preview: Added support for skip minor version cluster upgrades. You can directly upgrade your cluster control plane nodes (and entire cluster if worker node pools aren't pinned at a lower version) to two minor versions above the current version. Added the bmctl upgrade intermediate-version to print the intermediate version for a skip minor version upgrade.

• Surface failures from node pool status to the RecentFailures field in cluster status.

• Surface failures from failed preflight checks triggered by the cluster controller to the RecentFailures field in cluster status.

Changed

The following functional changes were made in 1.33.0-gke.799:

• Changed logging behavior so that kubeadm logs show up in the journald of the node machine where kubeadm runs.

• To help prevent stale ARP cache issues, iptables-persistent is installed in Debian nodes.

• Cluster manifests are deployed using a Kubernetes job, allowing the cluster operator to be more responsive to cluster events.

• Updated the validation checks for cluster upgrades to enforce the cluster version skew rules for user clusters. If the upgrade version information for a user cluster doesn't comply with the version skew rules, the upgrade is halted.

• Updated health checks and upgrade preflight checks to inspect for kubeadm certificate expiration.

• Updated etcd version to 3.5.21.

• Removed support for Red Hat Enterprise Linux 8.8 as it is beyond the Red Hat support window.

• Removed support for Ubuntu 20.04 LTS as it has reached the end of standard security maintenance in May 2025.

• Upgraded ansible-core to 2.16.4 to support Python 3.12.

• Increased the RSA key size for Cluster API certifications to 4096 bits for improved security.

Fixed

The following issues were fixed in 1.33.0-gke.799:

• Fixed an issue where restoring a cluster that has a node with a GPU causes instability of pods on the nodes.

• Fixed an issue that caused the Ansible playbook for handling Cloud Audit Logging to fail and not complete.

• Fixed an issue that caused nodes to get stuck in maintenance mode. Health checks have been updated so that the network check job skips connectivity checks for nodes that are in maintenance mode.

• Fixed an issue where the CronJob for periodic health checks wasn't updating after configuration changes.

• Fixed vulnerabilities listed in Vulnerability fixes.

Issue

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

Announcement

Features that were part of GKE Enterprise are now available as part of the standard GKE offering, or offered as standalone SKUs.

The following advanced multi-cluster management and networking features are included in the GKE offering at no additional cost:

• Fleet dashboard
• Multi-team Management
• Config Sync
• Config Controller
• Managed Policy Controller
• Connect Gateway
• Network Function Optimizer
• Fully Qualified Domain Name (FQDN) Network Policy
• Inter-node Transparent Encryption

The following GKE Enterprise features continue to be available using their current standalone SKUs. If you are using any of these features, your billing is automatically transitioned to the corresponding standalone SKU.

• Managed Cloud Service Mesh
• Multicluster Gateways; Multicluster Ingress
• Binary Authorization
• Advanced Vulnerability Scanning
• GKE Extended Support (LTS)

Security Command Center

Feature

Vulnerability assessment for Google Cloud supports scanning disks configured with customer-managed encryption keys (CMEK) for projects that are outside of VPC Service Control perimeters. For more information about how to scan disks configured with CMEK, see Run Vulnerability Scans for CMEK disks.

Source: Google Cloud Platform