Is Google Cloud Functions down?
Current Google Cloud Functions status is UP

Summary: Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
Description: There is no impact to cluster functionality or performance. The only impact is extra logs in Cloud Logging.
gke-metadata-server is a GKE-managed system workload that is part of the GKE Workload Identity feature. Versions 0.4.272 to 0.4.280 of gke-metadata-server contain an incorrect configuration that results in a high rate of debug logs that contain the string "Unable to sync sandbox". These logs are then ingested into Cloud Logging, consuming Cloud Logging ingestion quota, and causing excess billable usage when exceeding the free monthly allotment.
A rollout containing a fix to no longer ingest the excess logs to Cloud Logging is about 25% complete.
We will provide an update by Friday, 2023-11-10 14:00 US/Pacific.
Diagnosis: Customers can determine whether their cluster is impacted by inspecting the gke-metadata-server daemonset with kubectl get daemonset -n kube-system -l k8s-app=gke-metadata-server -o yaml and looking at the components.gke.io/component-version annotation in .spec.template.metadata.annotations. If the value is a version between 0.4.272 and 0.4.280 (inclusive), then the cluster is currently affected.
Workaround:
- Customers using GKE Rapid Channel can upgrade their cluster control plane to 1.28.2-gke.1157000 and above, or 1.27.7-gke.1038000 and above.
- Customers on GKE Regular Channel, GKE Stable Channel, or who are not using release channels do not have a workaround at this time.

Summary: Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
Description: There is no impact to cluster functionality or performance. The only impact is extra logs in Cloud Logging.
gke-metadata-server is a GKE-managed system workload that is part of the GKE Workload Identity feature. Versions 0.4.272 to 0.4.280 of gke-metadata-server contain an incorrect configuration that results in a high rate of debug logs that contain the string "Unable to sync sandbox". These logs are then ingested into Cloud Logging, consuming Cloud Logging ingestion quota, and causing excess billable usage when exceeding the free monthly allotment.
A rollout containing a fix to no longer ingest the excess logs to Cloud Logging is about 25% complete.
We will provide an update by Friday, 2023-11-10 14:00 US/Pacific.
Diagnosis: Customers can determine whether their cluster is impacted by inspecting the gke-metadata-server daemonset with kubectl get daemonset -n kube-system -l k8s-app=gke-metadata-server -o yaml and looking at the components.gke.io/component-version annotation in .spec.template.metadata.annotations. If the value is a version between 0.4.272 and 0.4.280 (inclusive), then the cluster is currently affected.
Workaround:
- Customers using GKE Rapid Channel can upgrade their cluster control plane to 1.28.2-gke.1157000 and above, or 1.27.7-gke.1038000 and above.
- Customers on GKE Regular Channel, GKE Stable Channel, or who are not using release channels do not have a workaround at this time.

Summary: Customer experiencing a requests to Secret Manager timeout for App Engine and Cloud Run.
Description: Mitigation work is currently underway by our engineering team.
We do not have an ETA for mitigation at this point.
We will provide more information by Wednesday, 2023-11-08 16:40 US/Pacific.
Diagnosis: Requests to Secret Manager might time out for App Engine and Cloud Run customers.
Workaround: Some customers reported that removing the secret manager calls and "hard coded" the secrets is a workaround.
Summary: Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
Description: There is no impact to cluster functionality or performance. The only impact is extra logs in Cloud Logging.
gke-metadata-server is a GKE-managed system workload that is part of the GKE Workload Identity feature. Versions 0.4.272 to 0.4.280 of gke-metadata-server contain an incorrect configuration that results in a high rate of debug logs that contain the string "Unable to sync sandbox". These logs are then ingested into Cloud Logging, consuming Cloud Logging ingestion quota, and causing excess billable usage when exceeding the free monthly allotment.
A rollout containing a fix to no longer ingest the excess logs to Cloud Logging is about 25% complete.
We will provide an update by Friday, 2023-11-10 14:00 US/Pacific.
Diagnosis: Customers can determine whether their cluster is impacted by inspecting the gke-metadata-server daemonset with kubectl get daemonset -n kube-system -l k8s-app=gke-metadata-server -o yaml and looking at the components.gke.io/component-version annotation in .spec.template.metadata.annotations. If the value is a version between 0.4.272 and 0.4.280 (inclusive), then the cluster is currently affected.
Workaround:
- Customers using GKE Rapid Channel can upgrade their cluster control plane to 1.28.2-gke.1157000 and above, or 1.27.7-gke.1038000 and above.
- Customers on GKE Regular Channel, GKE Stable Channel, or who are not using release channels do not have a workaround at this time.

Summary: Customer experiencing a requests to Secret Manager timeout for App Engine and Cloud Run.
Description: Mitigation work is currently underway by our engineering team.
We do not have an ETA for mitigation at this point.
We will provide more information by Wednesday, 2023-11-08 16:40 US/Pacific.
Diagnosis: Requests to Secret Manager might time out for App Engine and Cloud Run customers.
Workaround: Some customers reported that removing the secret manager calls and "hard coded" the secrets is a workaround.
Summary: Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
Description: There is no impact to cluster functionality or performance. The only impact is extra logs in Cloud Logging.
gke-metadata-server is a GKE-managed system workload that is part of the GKE Workload Identity feature. Versions 0.4.272 to 0.4.280 of gke-metadata-server contain an incorrect configuration that results in a high rate of debug logs that contain the string "Unable to sync sandbox". These logs are then ingested into Cloud Logging, consuming Cloud Logging ingestion quota, and causing excess billable usage when exceeding the free monthly allotment.
A rollout containing a fix to no longer ingest the excess logs to Cloud Logging is about 25% complete.
We will provide an update by Friday, 2023-11-10 14:00 US/Pacific.
Diagnosis: Customers can determine whether their cluster is impacted by inspecting the gke-metadata-server daemonset with kubectl get daemonset -n kube-system -l k8s-app=gke-metadata-server -o yaml and looking at the components.gke.io/component-version annotation in .spec.template.metadata.annotations. If the value is a version between 0.4.272 and 0.4.280 (inclusive), then the cluster is currently affected.
Workaround:
- Customers using GKE Rapid Channel can upgrade their cluster control plane to 1.28.2-gke.1157000 and above, or 1.27.7-gke.1038000 and above.
- Customers on GKE Regular Channel, GKE Stable Channel, or who are not using release channels do not have a workaround at this time.

Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results.
Description: As communicated previously, we have segmented our repair of this incident into two phases:
a) Stopping erroneous enrichments (Completed on 2 August 2023)
b) Repairing historically impacted events that used these erroneous enrichments. (Revised ETA - 18 August 2023)
We will provide an update by Friday, 2023-08-18 10:30 US/Pacific with current details.
Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect.
Workaround: None at this time.