Hotfix upgrade instructions for version 1.15.3
You must account for the following requirements to ensure a successful upgrade to GDC 1.15.3:
-
For new bootstraps, you must bootstrap the root organization directly to the 1.15.3-gdch.3086 binary.
-
To prevent a critical operating system (OS) downgrade when upgrading your environment from version 1.14.12, you must complete the following:
-
Load all available hotfixes and version 1.15.3-gdch.3086 into the system first.
-
Verify hotfixes are loaded prior to starting the upgrade to ensure the correct OS version is used.
-
Hotfix 5
Operating system:
-
Added SLO dashboards for operating systems in the root admin cluster and management API server.
-
Fixes the missing delete permission for the
OSPolicycontroller.
Hotfix 4
Backup:
-
Prevents backup plans from running overlapping backups to conserve system resources, especially against aggressive schedules.
-
Fixes an issue where the
VirtualMachineRestoreobject couldn't be deleted properly. -
Fixes an issue where an imported backup without a creation time couldn't be deleted.
Billing:
- Introduces a new billing SKU required for Gemini 2.5 Flash.
Cluster management:
- Fixes an issue where the Kubernetes cluster is not removed after deletion.
Database Service:
- Improves the reliability of creating and deleting databases and backups.
Cloud DNS:
-
Fixes the issue where wildcard DNS records aren't created at the zone apex level.
-
Fixes the issue where it takes over 25 minutes to create a managed DNS zone.
Health:
- Prevents alerts for SLOs marked as experimental by submitting an Infrastructure as Code (IaC) change.
Inventory management:
- Fixes the issue where the
gdcloud system assets addcommand failed to generatesplitInterfaceconfigurations for breakout cables during dynamic expansion.
Lifecycle management:
- Fixes an issue that prevented successful upgrades for subcomponents that used
the
lcm.private.gdc.goog/paused-remote: "true"annotation.
Logging:
- Fixes the egress label of the org infrastructure cluster for external security information and event management.
Networking:
-
Fixes an issue where a cluster gets stuck in a deleting state.
-
Adds new networking dashboards for runtime metrics.
Platform authentication:
- Adds additional probers to the system.
Security:
-
Fixes the SSH machine certificate generation process so it's an atomic operation.
-
Fixes an issue during the Nessus activation process for new installations.
Storage:
-
Fixes the persistence of dual-zone buckets after deletion in the GDC console.
-
Fixes the storage bucket versioning errors in the GDC console.
-
Fixes the issue where security key materials could be mismatched across zones in a dual-zone bucket.
-
Fixes the issue where the StorageGRID load balancer endpoint server certificates don't automatically rotate.
Upgrade:
- Fixes an issue that causes the
siem-clustersubcomponent to become unresponsive.
Virtual machines:
-
Fixes data population issues in the following IO dashboards:
- VMM-R0006: VM SSH connection problems
- VMM Control Plane: pods (expected versus observed)
- VMM GPU Control Plane: pods (expected versus observed)
-
Fixes an erroneous alert that occurs when creating a virtual machine disk.
Hotfix 3
Security:
- Updates Transport Layer Security (TLS) standards to restrict and enforce approved cipher suites (AES-256).
Hotfix 2
Firewall:
- The
FirewallNoderesource is in aNotReadystate after upgrade.
Networking:
- The
unet-root-admin-cmjob fails due to a missing organization.
Node OS:
- Linux Unified Key Setup (LUKS) keys are missing after upgrade prevents node from booting.
Operations lifecycle:
- The
iam-aissubcomponent fails due to a race condition.
Hotfix 1
Node OS:
- Updated the Rocky OS image version to 20260107 to apply the latest security patches and important updates.
