• Add the IAMAuditConfig resource
• The webhook and deletiondefender admission handlers now persist their generated certificates into a Secret and reload on startup
• Added cloud log severity to log messages
• Improved the scalability of the webhook admission handler process
  • Added horizontal pod autoscaling at 60% CPU utilization to the webhook pod
  • Increased the webhook pod's CPU limit in namespaced mode from 40m to 100m
  • Removed the memory 'requests' of 32Mi so the pod is always at the 64Mi limit
• Reduced the load on the API server when the deletiondefender is restarted
• Added custom access level conditions to AccessContextManagerAccessLevel
• CloudBuildTrigger
  • Added the ability to reference a StorageBucket for logs
  • Added the queueTtl, secret, source, substitutions, invertRegex and tags fields
• ComputeBackendService no longer requires the healthChecks field
• Added the logConfig field to ComputeFirewall
• Added the grpcHealthCheck field to ComputeHealthCheck
• ComputeImage
  • Added the ability to reference a source ComputeImage
  • Added the ability to reference a ComputeSnapshot
• Added the confidentialInstanceConfig field to ComputeInstance and ComputeInstanceTemplate
• Added the exportSubnetRoutesWithPublicIp field to ComputeNetworkPeering
• Added the filterExpr and metadataFields fields to ComputeSubNetwork
• Added the defaultRouteAction field to ComputeURLMap
• Added the clusterTelemetry, defaultSnatStatus, networkingMode, kubeletConfig, linuxNodeConfig , and masterGlobalAccessConfig fields to ContainerCluster
• Added the publicKeyData field to IAMServiceAccountKey
• Added the enableMessageOrdering, filter, and retryPolicy fields to PubSubSubscription
• Added the persistenceIamIdentity flag to RedisInstance
• Added the uniformBucketLevelAccess field to StorageBucket
• Added the ability to reference a KMSCryptoKey to ArtifactRegistryRepository
• Added the schema field to BigQueryTable