Hotfix upgrade instructions for version 1.15.3
You must account for the following requirements to ensure a successful upgrade to GDC 1.15.3:
For new bootstraps, you must bootstrap the root organization directly to the 1.15.3-gdch.3086 binary.
To prevent a critical operating system (OS) downgrade when upgrading your environment from version 1.14.12, you must complete the following:
Load all available hotfixes and version 1.15.3-gdch.3086 into the system first.
Verify hotfixes are loaded prior to starting the upgrade to ensure the correct OS version is used.
Hotfix 5
Operating system:
Added SLO dashboards for operating systems in the root admin cluster and management API server.
Fixes the missing delete permission for the
OSPolicycontroller.
Hotfix 4
Backup:
Prevents backup plans from running overlapping backups to conserve system resources, especially against aggressive schedules.
Fixes an issue where the
VirtualMachineRestoreobject couldn't be deleted properly.Fixes an issue where an imported backup without a creation time couldn't be deleted.
Billing:
- Introduces a new billing SKU required for Gemini 2.5 Flash.
Cluster management:
- Fixes an issue where the Kubernetes cluster is not removed after deletion.
Database Service:
- Improves the reliability of creating and deleting databases and backups.
Cloud DNS:
Fixes the issue where wildcard DNS records aren't created at the zone apex level.
Fixes the issue where it takes over 25 minutes to create a managed DNS zone.
Health:
- Prevents alerts for SLOs marked as experimental by submitting an Infrastructure as Code (IaC) change.
Inventory management:
- Fixes the issue where the
gdcloud system assets addcommand failed to generatesplitInterfaceconfigurations for breakout cables during dynamic expansion.
Lifecycle management:
- Fixes an issue that prevented successful upgrades for subcomponents that used
the
lcm.private.gdc.goog/paused-remote: "true"annotation.
Logging:
- Fixes the egress label of the org infrastructure cluster for external security information and event management.
Networking:
Fixes an issue where a cluster gets stuck in a deleting state.
Adds new networking dashboards for runtime metrics.
Platform authentication:
- Adds additional probers to the system.
Security:
Fixes the SSH machine certificate generation process so it's an atomic operation.
Fixes an issue during the Nessus activation process for new installations.
Storage:
Fixes the persistence of dual-zone buckets after deletion in the GDC console.
Fixes the storage bucket versioning errors in the GDC console.
Fixes the issue where security key materials could be mismatched across zones in a dual-zone bucket.
Fixes the issue where the StorageGRID load balancer endpoint server certificates don't automatically rotate.
Upgrade:
- Fixes an issue that causes the
siem-clustersubcomponent to become unresponsive.
Virtual machines:
Fixes data population issues in the following IO dashboards:
- VMM-R0006: VM SSH connection problems
- VMM Control Plane: pods (expected versus observed)
- VMM GPU Control Plane: pods (expected versus observed)
Fixes an erroneous alert that occurs when creating a virtual machine disk.
Hotfix 3
Security:
- Updates Transport Layer Security (TLS) standards to restrict and enforce approved cipher suites (AES-256).
Hotfix 2
Firewall:
- The
FirewallNoderesource is in aNotReadystate after upgrade.
Networking:
- The
unet-root-admin-cmjob fails due to a missing organization.
Node OS:
- Linux Unified Key Setup (LUKS) keys are missing after upgrade prevents node from booting.
Operations lifecycle:
- The
iam-aissubcomponent fails due to a race condition.
Hotfix 1
Node OS:
- Updated the Rocky OS image version to 20260107 to apply the latest security patches and important updates.