Basic information and changelog for Cloud Controller Manager - Container Service for Kubernetes

CCM bridges Kubernetes Services with CLB/NLB load balancers and manages VPC routes for cross-node pod communication.

Overview

The Cloud Controller Manager (CCM) integrates Kubernetes with Alibaba Cloud services such as Classic Load Balancer (CLB), formerly known as Server Load Balancer (SLB), Network Load Balancer (NLB), and Virtual Private Cloud (VPC).

Manage load balancers

When a Service type is set to Type=LoadBalancer, CCM creates a CLB or NLB instance and configures listeners and backend server groups. When backend endpoints or cluster nodes change, CCM automatically updates the associated vServer groups.
Enable cross-node communication

If your cluster uses Flannel as its network plugin, CCM adds the pod CIDR block of each node to the VPC route table for cross-node communication. This works automatically after installation.

Usage notes

CCM creates a CLB or NLB instance for a Service and configures listeners and backend server groups. See Considerations for Service load balancing.
CCM provides annotations to configure load balancing. See Configure CLB using annotations and Configure NLB using annotations.
If a CCM upgrade check fails, see Troubleshoot Cloud Controller Manager (CCM) component upgrade check failures.

Changelog

April 2026

Version

Image address

Date

Changes

Impact

v2.14.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.14.0

April 13, 2026

New features:

NLB now supports the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ip-version: "DualStack" to attach both IPv4 and IPv6 backends to a server group with automatic IP version affinity.
NLB now supports the spec.loadBalancerSourceRanges field to specify which source ranges can access the Service.
The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-default-weight now configures or updates the default weight of a server group.

This upgrade does not affect your workloads.

January 2026

Version

Image address

Date

Description

Impact

v2.13.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.13.0

January 30, 2026

New features:

CLB now supports adding additional domain certificates to HTTPS listeners using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-domain-extensions annotation.
NLB now supports adding additional certificates to TCPSSL listeners using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-cert-ids annotation.
NLB now supports configuring cross-zone forwarding (enabled by default) using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cross-zone-enabled annotation.

Optimizations:

Improved ENI attachment logic so a failure on one pod does not block other attachments.
The controller now auto-selects a VSwitch when creating a private CLB without one specified.

This update has no impact on your workloads.

December 2025

Version

Image address

Release date

Description

Impact

v2.12.4

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.4

December 11, 2025

New feature:

Added Pod readiness gate webhook support, enabled by default for new clusters. See Configure readiness gates to ensure smooth Pod updates.

Fixed issue:

Fixed an issue where deleting a Service of type NLB did not automatically clean up the associated server group.

This upgrade has no impact on workloads.

November 2025

Version

Image address

Release date

Description

Impact

v2.12.3

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.3

November 19, 2025

New feature:

CCM now automatically removes Lingjun node resources from a cluster when the corresponding Lingjun instances are released.

Improvement:

The CLB error log now includes the pod name (targetRef) and node information when CCM fails to find the elastic network interface (ENI) for a backend pod IP.

Fixed issue:

Fixed a potential panic during Service synchronization when querying NLB information or when an asynchronous task call fails.

This upgrade does not impact your workloads.

September 2025

Version	Image address	Release date	Description	Impact
v2.12.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.1	September 11, 2025	Important Starting with this version, the default billing method for newly created CLB instances changes from Pay-By-Spec to Pay-By-CLCU. Existing CLB instances are not affected. See [Product Changes] Default load balancer type and billing method change for new Services and Nginx Ingress Controller. New features: Changes the default billing method for newly created CLB instances from Pay-By-Spec to Pay-By-CLCU. Ignores hybrid cloud nodes. Skips processing node change events for Services that directly mount pod ENIs to load balancer backends in Terway clusters created after August 10, 2020. Improvements: Improves CLB and NLB processing speed and performance. Adds a limited number of wait-and-retry attempts when NLB OpenAPI calls are rate-limited. Optimizes metrics related to the synchronization latency for Services, routes, and nodes. Changes the retry wait time for `readinessGate` from exponential backoff to a fixed value. Fixed issues: Fixes an issue where the backend's `targetPort` was not correctly used as the health check port in NLB configurations that use both a listener port range and a manually configured health check. Fixes an issue in mixed ECS and ECI/ACS deployments where ECI/ACS instances failed to attach or received incorrect backend weights.	This upgrade has no impact on your workloads.

July 2025

Version	Image address	Release date	Description	Impact
v2.11.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.4	July 17, 2025	Bug fixes Fixed an issue where creating an NLB listener port range by using `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-listener-port-range` failed.	This update has no impact on existing services.

June 2025

Version	Image address	Update time	Changes	Impact
v2.11.3	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.3	June 27, 2025	New feature: Adds support for ECS metadata in hardening mode only. Improvement: Skips the OpenAPI call to add servers when the server group is empty upon creation. Bug fix: Fixed an issue where servers failed to be added when `targetPort` was set to a named port and only a subset of pods were selected in the service configuration.	This upgrade has no impact on your workloads.

May 2025

Version	Image address	Date	Changes	Impact
v2.11.2	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.2	May 29, 2025	Optimizations: Optimized the server group sync logic to reduce OpenAPI calls.	This upgrade has no impact on your workloads.
v2.11.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.1	May 15, 2025	New Features: The `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ignore-weight-update` annotation ignores backend server weight updates. CLB now supports assigning multiple access control (ACL) IDs to apply multiple access control policies. The `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-listener-port-range` annotation now configures a listener port range for NLB. The `NLB_ENDPOINT` environment variable now configures a custom OpenAPI endpoint for NLB. Optimizations: Improved node-join and route-addition speed with fewer OpenAPI calls. Parallelized listener and server group operations during Service sync to reduce single-Service sync time. When creating an NLB instance via OpenAPI, unspecified EIP instance IDs or IPv4 private addresses now pass null instead of an empty string. The DescribeNetworkInterfaces API call now uses `NextToken` for pagination instead of `PageSize`. Bug Fixes: Fixed an NLB issue where a Service using ReadinessGate failed to retry if its Pod was not ready.	This upgrade has no impact on your workloads.

March 2025

Version	Image address	Date	Description	Impact
v2.10.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.4	March 24, 2025	New features: Disables the source/destination check on the primary network interface for new ECS instances added to an ACK cluster. See [Product Change] Announcement on Disabling the Source/Destination Check by Default for New ECS Instances in ACK clusters.	This upgrade does not affect your workloads.

January 2025

Version	Image address	Release date	Description	Impact
v2.10.2	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.2	January 20, 2025	New feature: The `node.alibabacloud.com/spot-strategy` label identifies whether a node is a preemptible instance. Improvement: Improved performance by synchronizing a server group only once, even when it is used by multiple listeners from the same Service. Fixed issues: Fixed an issue where a load balancer instance failed to be created when a `LoadBalancer` Service was changed to another type and then changed back to the `LoadBalancer` type. Fixed a "pod not found" error that occurred when updating the readiness status of a pod. When updating load balancer instance labels, system labels that start with `acs:` are ignored.	This upgrade has no impact on your workloads.

October 2024

Version

Image address

Release date

Description

Impact

v2.10.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.0

October 21, 2024

Important

Starting with this version, changes to the value of the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags annotation apply to both newly created and existing load balancer instances. When you use this annotation, do not modify the tags of the load balancer instance in the console. Before upgrading, ensure the tags on the load balancer instance match the annotation's value.

New features:
- Adds support for readinessGate.
- The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags annotation modifies tags on existing instances.
- Adds the node.alibabacloud.com/nodepool-id and node.alibabacloud.com/instance-charge-type tags to nodes.
- NLB now supports ALPN policies for TCPSSL listeners using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn and service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn-policy annotations.
Improvements:
- Upgrades the base image to Alpine 3.18.
- Adds a reconcileID to the log output.
Fixed issues:
- Fixed an issue where the CLB Controller might incorrectly manage a Service backed by an NLB instance.

This upgrade does not impact your workloads.

May 2024

Version	Image address	Release date	Description	Impact
v2.9.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.9.1	May 10, 2024	Important Starting with this version, new CLB and NLB instances and their associated resources, such as server groups, are created in the cluster's resource group by default. Existing CLB and NLB instances are not affected. New features: When creating a CLB or NLB instance, the cluster resource group ID is used by default. CLB now supports the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-slbport` to enable the `X-Forwarded-SLBPort` request header. CLB now supports the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-clientsrcport` to enable the `X-Forwarded-Client-srcport` request header. NLB now supports the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth-package-id` to specify the ID of an EIP bandwidth plan. Deletion protection and configuration read-only mode are now enabled by default for new NLB instances. NLB now supports the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port` to reuse a server group. This annotation applies only when an existing NLB instance is reused. When multiple Services reuse the same NLB instance, you can use the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight` annotation to set the traffic weight for the current Service. This annotation applies only when an existing vServer group is reused. NLB instances can be reused across VPCs in the same region. Dual-stack NLB instances support attaching IPv6 backend servers with the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-backend-ip-version: ipv6` annotation. Dual-stack NLB instances support the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ipv6-address-type` annotation to specify the IPv6 network type (public or private). NLB now supports passing `VpcId`, `PrivateLinkEpId`, and `PrivateLinkEpsId` information to backend servers through Proxy Protocol with the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-ep-id-enabled`, `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-eps-id-enabled`, and `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-vpc-id-enabled` annotations. In dual-stack clusters, the controller now automatically adds the IPv6 addresses of ECS instances to nodes. Improvements: The controller now uses `EndpointSlice` by default instead of `Endpoint` for endpoint discovery. The controller now checks for empty route table IDs. The controller now validates OpenAPI return values in reuse scenarios. The controller now uses the `resourceVersion=0` parameter when initiating List requests. Fixed issues: Fixed an issue where the `NetworkUnavailable` status was not set during node initialization in Flannel network mode. Fixed an issue where the NLB server group was assigned to the wrong resource group when using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id` annotation.	This upgrade does not affect your workloads.

October 2023

Version	Image address	Release date	Description	Impact
v2.8.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.8.1	October 16, 2023	New features: Adds support for the Addon Token authorization mode. NLB now supports creating IP-based server groups using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-server-group-type` annotation. See NLB server groups. Improvements: Clients now access the API server directly to prevent stale data due to caching. NLB: Improved the server group creation logic to prevent the creation of duplicate server groups. CLB: Added IP address validation when mounting pod ENIs to a CLB instance, requiring the IP address to be within the cluster's VPC.	This upgrade does not affect existing services.

June 2023

Version	Image address	Release date	Changes	Impact
v2.7.0	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.7.0	June 21, 2023	New features: Adds support for specifying an IP address for an internal load balancer with the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ip` annotation. Improvements: Optimized the synchronization logic for CLB and NLB server groups to reduce synchronization failures due to insufficient quotas. Updated the Service hash calculation method to reduce hash changes during cluster upgrades. Fixed issues: Fixed an issue that prevented the Service configuration from being updated after an EIP annotation was set. Fixed an issue that prevented the HTTP protocol from being set for other ports after configuring the ForwardPort annotation.	This upgrade does not impact existing services.

March 2023

Version	Image address	Release date	Description	Impact
v2.6.0	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.6.0	March 2, 2023	New features: The label for excluding nodes from the load balancer backend, `alpha.service-controller.kubernetes.io/exclude-balancer`, is deprecated. Use the new label `node.kubernetes.io/exclude-from-external-load-balancers` instead. A single listener now supports both TCP and UDP protocols. CLB supports using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-switch` annotation to disable TCP and UDP health checks. CLB supports the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-proxy-protocol` annotation for configuring the Proxy Protocol on TCP and UDP listeners. Important This feature does not support online migration. Enabling it requires a service upgrade with downtime. Proceed with caution. CLB validates the certificate validity period when syncing an HTTPS listener. If a certificate is expired, the CLB synchronization fails. NLB supports using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-security-group-ids` to configure security groups. Improvements: Switched the resource lock for CCM leader election from `endpointsleases` to `leases` to reduce the frequency of leader switches. Optimized the load balancer synchronization logic. Now, vServer groups are updated even if the load balancer's properties, such as its name or resource group, fail to update. Optimized the detection criteria for node changes to reduce the number of Service synchronizations. Fixed issues: Fixed an intermittent issue where ready nodes were incorrectly marked as NotReady.	This upgrade does not affect your workloads.

October 2022, March 2023, August 2023, and June 2024

Version	Image address	Release date	Description	Impact
v2.5.1	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.5.1	October 12, 2022	New features: ACK supports creating an NLB resource for a LoadBalancer Service with `loadBalancerClass` set to `alibabacloud.com/nlb` (Kubernetes 1.24+). See What is Network Load Balancer (NLB). ACK supports creating different types of cloud resources based on the `spec.loadBalancerClass` field of a Service. If this field is not set, a CLB is created by default. If it is set to `alibabacloud.com/nlb`, an NLB is created. This feature is supported only in Kubernetes 1.24 and later versions. Improvements: Fixed an issue where a reused IPv6 SLB instance could not be deleted. Fixed an intermittent issue that prevented a node from being deleted. The default protocol for OpenAPI calls is now HTTPS.	This upgrade has no impact on your workloads.
v2.4.5	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.5	June 27, 2024	Improvements: Updated the Service hash calculation method to reduce hash changes during events such as a cluster update.	This upgrade has no impact on your workloads.
v2.4.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.4	August 7, 2023	Improvements: Optimized the synchronization logic for CLB server groups to reduce synchronization failures caused by insufficient quotas. CLB now verifies the certificate validity period during HTTPS listener synchronization. An expired certificate will cause the synchronization to fail. Optimized the load balancer synchronization logic. Now, vServer groups are updated even if updates to the load balancer's properties, such as its name or resource group, fail.	This upgrade has no impact on your workloads.
v2.4.3	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.3	March 2, 2023	Fixed an intermittent issue where ready nodes were incorrectly marked as NotReady.	This upgrade has no impact on your workloads.
v2.4.2	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.2	October 12, 2022	Improvements: Fixed an issue where a reused IPv6 SLB instance could not be deleted. Fixed an intermittent issue that prevented a node from being deleted.	This upgrade has no impact on your workloads.

June 2022

Version	Image address	Release date	Description	Impact
v2.4.0	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.0	June 20, 2022	New features: Supports setting the billing method for an SLB instance using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-instance-charge-type`. Supports setting a security policy for an SLB instance using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-tls-cipher-policy`. This feature is for HTTPS listeners only. The cloud controller manager (CCM) now automatically populates an empty `node.spec.providerID` field when a node is added. Supports adding the `service.k8s.alibaba/loadbalancer-id` label to Services of type LoadBalancer. This label stores the ID of the associated SLB instance. Improvements: When a node has the ToBeDeletedByClusterAutoscaler taint, it will not be added to the backend of a load balancer. Fixed an issue that prevented the deletion of conflicting routes with the same route CIDR block. Optimized concurrent route synchronization to reduce false positives.	This upgrade has no impact on your workloads.

March 2022

Version	Image address	Release date	Description	Impact
v2.3.0	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.3.0	March 21, 2022	New features: The annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-hostname` sets a hostname for a Service. The annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-established-timeout` sets the connection timeout for SLB listeners. TCP only. The annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-request-timeout` sets the request timeout for SLB listeners. HTTP and HTTPS only. The annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-method` specifies the health check method for SLB instances. HTTP health checks only. Improvements: Added validation for the vServer group format when reusing an existing vServer group. Optimized the vSwitch selection logic to prevent the default vSwitch from being empty. Optimized the vServer group synchronization logic to reduce OpenAPI calls.	This upgrade does not affect your workloads.

November 2021

Version	Image address	Release date	Description	Impact
v2.1.0	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.1.0	November 22, 2021	New features: The annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-proto` configures whether to retrieve the SLB listener protocol from the X-Forwarded-Proto header. The annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-idle-timeout` sets the idle connection timeout. The annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-http2-enabled` enables or disables HTTP/2. Improvements: Supports setting the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight` annotation to 0 for inter-cluster traffic switching. Fixed issues: Fixed an issue where CLB listeners could not be created in clusters with a large number of pods. Fixed an issue where changing the `targetPort` of a Service did not update the corresponding CLB instance.	This update has no impact on existing services.

September 2021

Version	Image address	Release date	Description	Impact
v2.0.1	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.0.1	2021-09-02	New features: Supports reusing an existing vServer group with the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port annotation (only when reusing an SLB instance). See Use the CCM to deploy services across clusters. Supports setting a Service's traffic weight with the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight annotation when multiple Services reuse the same SLB instance (only when reusing a vServer group). See Use the CCM to deploy services across clusters. The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain annotation configures connection draining for SLB instances. TCP and UDP only. The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout annotation sets the connection draining timeout for SLB instances. TCP and UDP only. Added support for setting the TargetPort field to a string value. Added a finalizer to Services of type LoadBalancer. Improvements: Upgraded the base image to Alpine 3.13. Changed the Prometheus metrics port from 10258 to 8080. Added scheduled synchronization of node labels.	This upgrade has no impact on your workloads.

April 2021

Version	Image address	Release date	Description	Impact
v1.9.3.380-gd6d0962-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.380-gd6d0962-aliyun	2021-04-20	Fixed an issue where the default server group could not be updated. Surfaced a warning event when an SLB instance has no backend servers.	This upgrade does not impact your workloads.

March 2021

Version	Image address	Release date	Description	Impact
v1.9.3.378-g42eac35-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.378-g42eac35-aliyun	2021-03-08	New features: Adds support for adding ECS instances from outside a cluster to a vServer group. Now automatically adds the `kubernetes.reused.by.user` label when reusing an SLB instance. Improvements: Improved Service processing speed by adjusting the number of concurrent threads. Improved virtual-node processing by ignoring Service synchronizations triggered by virtual-node status changes. The `service.beta.kubernetes.io/exclude-node` label is deprecated. Use `service.alibabacloud.com/exclude-node` instead. Added resource group validation when reusing an SLB instance. The resource group ID in the annotation must match the SLB instance's resource group ID. Otherwise, the reuse fails. Improved event content readability. Updated the priority logic for annotations. If a Service has both a new and an old version of the same annotation, the new version takes precedence. Fixed issues: Fixed a route deletion failure caused by missing node configurations. Fixed an issue with missing taints during node initialization. This change prevents workload Pods from being scheduled to a node before its routes are created.	This upgrade has no impact on your workloads.

December 2020

Version	Image address	Release date	Description	Impact
v1.9.3.339-g9830b58-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.339-g9830b58-aliyun	December 18, 2020	Added a hash value to LoadBalancer Services to improve synchronization. When the CCM restarts, it now only synchronizes the vServer group backends for unmodified Services. This change prevents unnecessary updates to load balancer and listener configurations. Optimized SLB OpenAPI calls to reduce the risk of throttling.	This upgrade has no impact on your workloads.

September 2020

Version	Image address	Release date	Description	Impact
v1.9.3.316-g8daf1a9-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.316-g8daf1a9-aliyun	2020-09-29	Fixed an intermittent issue where SLB VServer groups were not updated. Updated the health check port from 10252 to 10258.	This upgrade does not impact your workloads.

August 2020

Version	Image address	Release date	Description	Impact
v1.9.3.313-g748f81e-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.313-g748f81e-aliyun	August 10, 2020	New features: The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-delete-protection configures SLB deletion protection. Enabled by default for new SLBs. The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-modification-protection sets the configuration read-only mode for an SLB. Enabled by default for new SLBs. The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id specifies the resource group for an SLB. Takes effect only at creation time. The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-name specifies the SLB name. The cloud controller manager now makes Alibaba Cloud OpenAPI calls over the private network. This change removes the dependency on the public network in all supported regions. For an SLB instance created by a LoadBalancer service, a default tag is added with the format `ack.aliyun.com: {your-cluster-id}` (effective for new clusters only). Supports the community-standard provider ID format: `<cloudProvider>://<optional>/<segments>/<provider id>`. In new ACK clusters that use the Terway network mode, the system now directly adds the elastic network interface (ENI) IP addresses of pods as backends to SLB instances for LoadBalancer services. This improves network performance. Note: For this type of LoadBalancer service, the targetPort field does not support string values. Improvements: Upgraded the base image to Alpine 3.11.6. Updating a listener now also synchronizes its corresponding virtual server group. Optimized SLB API calls to reduce the creation time of SLB instances.	This update does not impact your services.

June 2020

Version	Image address	Release date	Description	Impact
v1.9.3.276-g372aa98-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.276-g372aa98-aliyun	June 11, 2020	New features: Prevents `LoadBalancer` Services from reusing the SLB instance associated with the cluster API server. Added Prometheus metrics, including `ccm_node_latencies_duration_milliseconds`, `ccm_route_latencies_duration_milliseconds`, and `ccm_slb_latencies_duration_milliseconds`, to expose the synchronization latency of the CCM. Emits events to track the synchronization between a Service and its associated load balancer. Improvements: Optimized node weight calculation in Local mode (`externalTrafficPolicy=Local`) for more even pod distribution. See How does CCM calculate node weights in Local mode?. Optimized cloud product API calls to improve efficiency and reduce the risk of throttling. When a node has the service.beta.kubernetes.io/exclude-node label, deleting the node no longer deletes the associated routes. Fixed issues: Fixed an issue that prevented the persistence timeout from being set to 0 through an annotation when updating a Service. Fixed an issue that prevented setting the bandwidth annotation to 100 when updating a Service.	This update does not affect existing Services.

March 2020

Version	Image address	Release date	Description	Impact
v1.9.3.239-g40d97e1-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.239-g40d97e1-aliyun	2020-03-05	New feature: For LoadBalancer Services, CCM supports attaching both ECS nodes and elastic network interfaces (ENIs) as backends to an SLB instance. Improvements: CCM now makes Alibaba Cloud OpenAPI calls over the internal network, removing its dependency on the Internet. This feature is not yet supported in the China (Beijing), China (Shanghai), and UAE (Dubai) regions. The CCM now uses the DescribeRouteEntryList operation to query VPC route entries. This prevents performance issues when querying hundreds of entries in a short period.	This upgrade has no impact on your workloads.

December 2019

Version	Image address	Release date	Description	Impact
v1.9.3.220-g24b1885-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.220-g24b1885-aliyun	2019-12-31	Added support for configuring vSwitch IDs in `CloudConfig` in the format `:vswitchid1,:vswitchid2`. Added a retry backoff mechanism to handle OpenAPI throttling. Failed requests now rejoin the reconciliation queue after a 30 to 180-second interval. Adjusted the number of reconciliation worker threads to two to make full use of the OpenAPI QPS quota and accelerate reconciliation. Fixed a bug where concurrent map reads and writes in the `aliyungo` SDK caused the CCM to crash. When a node is removed from a Kubernetes cluster, the CCM now automatically deletes the corresponding VPC route table entry. Fixed an issue where dependencies prevented changes to port configurations for HTTP forwarding. If an SLB instance's backend server type is ECS, the CCM no longer checks the serverip field when updating backend servers. This prevents backend attachment failures caused by changes to the default serverip value in the OpenAPI. The CCM now adds a VPC route table entry for a node only when the node status is known. The CCM no longer adds a NAT IP to node metadata. This fixes an intermittent connectivity issue between the API server and the kubelet. When updating a listener, the CCM now calls the start listener OpenAPI operation only when the listener is inactive. This helps prevent OpenAPI throttling.	This upgrade has no impact on existing services.

November 2019

Version	Image address	Release date	Description	Impact
v1.9.3.193-g6cddde4-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.193-g6cddde4-aliyun	November 19, 2019	Excludes nodes from Cloud Controller Manager (CCM) management if they have the service.beta.kubernetes.io/exclude-node label. Enables batch-adding Terway-networked pods as SLB backend servers. Enforced a minimum node weight of 1 for Services in Local mode (where externalTrafficPolicy=Local). Fixed an issue where duplicate vServer groups were created due to concurrency. Fixed an issue where setting node weights generated stale data due to caching.	This upgrade has no impact on your workloads.

September 2019

Version	Image address	Release date	Description	Impact
v1.9.3.164-g2105d2e-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3-164-g2105d2e-aliyun	September 11, 2019	The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id updates a certificate. The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-forward-port enables HTTP-to-HTTPS port forwarding. The following annotations create an SLB instance with an ACL: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-status, service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-id, and service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-type. The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-remove-unscheduled-backend removes unschedulable nodes from backends. In Terway clusters, the annotation service.beta.kubernetes.io/backend-type:"eni" adds pods with ENIs as SLB backend servers, improving network forwarding performance. In Local mode (when externalTrafficPolicy=Local is set for a service), the service automatically sets each node's weight based on its number of pods.	This update has no impact on existing services.

April 2019

Version	Image address	Release date	Description	Impact
v1.9.3.105-gfd4e547-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.105-gfd4e547-aliyun	April 15, 2019	Added support for configuring multiple VPC route tables via a configuration file. Fixed an issue where updates to HTTP configurations failed to apply.	This update does not affect your workloads.

March 2019

Version	Image address	Release date	Description	Impact
v1.9.3.81-gca19cd4-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.81-gca19cd4-aliyun	March 20, 2019	ACK managed and dedicated clusters can now reuse existing SLB instances not created by ACK. The Cloud Controller Manager (CCM) now supports custom Kubernetes node names, removing the dependency on the Kubernetes NodeName field. Fixes a compatibility issue between CCM v1.8.4 and Kubernetes v1.11.5. Please upgrade CCM to the latest version.	This update has no impact on your workloads.

December 2018

Version	Image address	Release date	Description	Impact
v1.9.3.59-ge3bc999-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.59-ge3bc999-aliyun	December 26, 2018	SLB instances can be shared across multiple Kubernetes Services. Do not reuse an SLB instance that a Kubernetes Service creates automatically, as this can cause accidental deletion. You can reuse only the SLB instances that you create manually in the console or by calling OpenAPI. Kubernetes Services that share the same SLB instance must use different frontend listening ports to avoid port conflicts. When reusing an SLB instance, use the listener and vServer group names as identifiers and do not modify them. You can modify the SLB instance name. You cannot share an SLB instance across multiple clusters. VPC route tables are now managed sequentially instead of in parallel. This change prevents VPC throttling.	This upgrade does not affect your workloads.

August 2018

Version	Image address	Release date	Description	Impact
v1.9.3.10-gfb99107-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.10-gfb99107-aliyun	August 15, 2018	The annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-master-zoneid` specifies the primary zone for an auto-created SLB. The annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-slave-zoneid` specifies the secondary zone for an auto-created SLB. Note This parameter has no effect in regions that do not support deploying SLB across both primary and secondary zones. Setting the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners` to `true` overwrites all existing listeners on the SLB. The annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth` specifies the bandwidth for a pay-by-bandwidth SLB. Listeners share this bandwidth.	This upgrade has no impact on your workloads.

June 2018

Version	Image address	Release date	Description	Impact
v1.9.3	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3	June 25, 2018	The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-backend-label adds worker nodes with specific labels as backend servers. The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec specifies an SLB instance type, such as shared-resource or high-performance. Supports `externalTraffic: Local` mode. Only nodes hosting Pods are added to the SLB backend. The system automatically adds or removes nodes from SLB backends when nodes join or leave the cluster. The system automatically updates SLB backends when node labels change. Added support for sticky sessions. When you reuse an existing SLB instance to create a service, its listeners are no longer managed. You must add them to the SLB instance manually.	This update does not affect existing workloads.