Container Service for Kubernetes:Cloud Controller Manager - Container Service for Kubernetes

The Cloud Controller Manager (CCM) is a Kubernetes component that manages load balancing and enables cross-node communication in Kubernetes clusters. This topic describes the CCM component, usage notes, and release notes.

Component overview

CCM integrates Kubernetes with Alibaba Cloud core services, including Classic Load Balancer (CLB), Network Load Balancer (NLB), and Virtual Private Cloud (VPC). It provides two capabilities:

Manage load balancing

When you set Type=LoadBalancer for a service, CCM creates and configures a Classic Load Balancer (CLB) instance — or an NLB instance if you use Network Load Balancer (NLB). This includes CLB or NLB instances, listeners, and backend server groups. When service endpoints or cluster nodes change, CCM automatically updates the virtual server group on the CLB or NLB.

Enable cross-node communication

When Flannel is used as the cluster network plugin, CCM establishes network connectivity between containers and nodes by adding each node's pod CIDR block to the VPC route table. No manual configuration is required — install CCM to activate this feature.

Usage notes

CCM creates and configures a Classic Load Balancer (CLB) instance — or an NLB instance if you use Network Load Balancer (NLB) — for services. This includes CLB or NLB instances, listeners, and backend server groups. For more information, see Considerations for configuring load balancing for services.
CCM supports multiple annotations for rich load balancing capabilities on Alibaba Cloud. For CLB configuration, see Configure Classic Load Balancer (CLB) using annotations. For NLB configuration, see Configure Network Load Balancer (NLB) using annotations.
To resolve CCM upgrade check failures, see Cloud Controller Manager (CCM) upgrade check failure.

Release notes

January 2026

Version	Image address	Change time	Changes	Impact
v2.13.0	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.13.0`	January 30, 2026	New features:<br>- CLB supports extended domain name certificates for HTTPS listeners using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-domain-extensions` annotation.<br>- NLB supports extended certificates for TCPSSL listeners using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-cert-ids` annotation.<br>- NLB supports cross-AZ forwarding using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cross-zone-enabled` annotation. This feature is enabled by default.<br><br>Optimizations:<br>- Optimized Elastic Network Interface (ENI) attachment logic to prevent ENI attachment failures on other pods when some pods fail to attach ENIs.<br>- When creating an internal-facing CLB without specifying a vSwitch, CCM randomly selects an available vSwitch from the cluster.	This upgrade does not affect your business.

December 2025

Version	Image address	Change time	Changes	Impact
v2.12.4	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.4`	December 11, 2025	New features:<br>- Support Pod ReadinessGate Webhook, enabled by default for new clusters. For usage instructions, see Ensure smooth Pod updates by configuring Readiness Gate.<br><br>Bug fixes:<br>- Fixed an issue where associated server groups were not automatically cleaned up when deleting an NLB service.	This upgrade does not affect your business.

November 2025

Version	Image address	Change time	Changes	Impact
v2.12.3	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.3`	November 19, 2025	New features:<br>- Support Lingjun nodes: automatically clean up Lingjun node resources in the cluster after Lingjun instances are released.<br><br>Optimizations:<br>- When CLB fails because no ENI is found for a backend pod IP, the error log now includes the specific pod name (`targetRef`) and node information.<br><br>Bug fixes:<br>- Fixed a panic during the service synchronization process when querying NLB information or when an asynchronous task call failed.	This upgrade does not affect your business.

September 2025

Version	Image address	Change time	Changes	Impact
v2.12.1	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.1`	September 11, 2025	Important Starting from this version, the billing method for newly created CLB instances changes from PayBySpec to PayByCLCU. Existing CLB instances are unaffected. For details, see Announcement: Default load balancer type and billing method changes for new services and Nginx Ingress Controllers.<br><br>New features:<br>- The billing method for newly created CLB instances changes from PayBySpec to PayByCLCU.<br>- Ignore hybrid cloud nodes.<br>- Ignore services that directly attach pod ENIs to load balancer backends for Terway clusters created after August 10, 2020.<br><br>Optimizations:<br>- Improved CLB and NLB processing speed and performance.<br>- When NLB OpenAPI calls are rate limited, CCM retries the call multiple times.<br>- Optimized metrics related to service, Ingress, and node synchronization time.<br>- Changed the retry wait time for `readinessGate` from exponential backoff to a fixed value.<br><br>Bug fixes:<br>- Fixed an issue where health check ports could not be automatically set to the backend `targetPort` when NLB listeners use port ranges and health checks are manually configured.<br>- Fixed an issue where ECS + ECI/ACS hybrid deployments fail to attach ECI/ACS instances or incorrectly set backend weights.	This upgrade does not affect your business.

July 2025

Version	Image address	Change time	Changes	Impact
v2.11.4	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.4`	July 17, 2025	Bug fixes:<br>- Fixed an issue where NLB listener port ranges failed to create when using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-listener-port-range` annotation.	This upgrade does not affect your business.

June 2025

Version	Image address	Change time	Changes	Impact
v2.11.3	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.3`	June 27, 2025	New features:<br>- Support ECS metadata hardening mode.<br><br>Optimizations:<br>- Skip the OpenAPI call to add servers when creating an empty server group.<br><br>Bug fixes:<br>- Fixed an issue where adding servers fails when the service configuration uses a port name for `targetPort` and only some pods are selected.	This upgrade does not affect your business.

May 2025

Version	Image address	Change time	Changes	Impact
v2.11.2	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.2`	May 29, 2025	Optimizations:<br>- Optimized server group synchronization logic to reduce OpenAPI calls.	This upgrade does not affect your business.
v2.11.1	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.1`	May 15, 2025	New features:<br>- Support ignoring backend server weight updates using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ignore-weight-update` annotation.<br>- CLB supports multiple ACL IDs to configure multiple access control policy groups.<br>- NLB supports listener port ranges using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-listener-port-range` annotation.<br>- Support custom NLB OpenAPI endpoints using the `NLB_ENDPOINT` environment variable.<br><br>Optimizations:<br>- Optimized node join and route addition speed to reduce OpenAPI calls.<br>- Parallelized listener and server group synchronization for services to reduce per-service synchronization time.<br>- When calling the OpenAPI to create an NLB instance without specifying an EIP instance ID or IPv4 private IP address, pass a null pointer instead of an empty string.<br>- Use `NextToken` instead of `PageSize` for pagination when calling the DescribeNetworkInterfaces API.<br><br>Bug fixes:<br>- Fixed an issue where NLB does not retry when pods are not ready for services using ReadinessGate.	This upgrade does not affect your business.

March 2025

Version	Image address	Change time	Changes	Impact
v2.10.4	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.4`	March 24, 2025	New features:<br>- Disable source and destination IP address checking for primary ENIs of newly added ECS instances in the cluster. For details, see Announcement: Default disablement of source/destination IP checking for new ECS instances in ACK clusters.	This upgrade does not affect your business.

January 2025

Version	Image address	Change time	Changes	Impact
v2.10.2	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.2`	January 20, 2025	New features:<br>- Support adding the `node.alibabacloud.com/spot-strategy` label to identify whether a node is a Spot instance.<br><br>Optimizations:<br>- When multiple listeners of the same service share a server group, synchronize the server group only once.<br><br>Bug fixes:<br>- Fixed an issue where LB instances fail to create when a `LoadBalancer` service changes to another type and then back to `LoadBalancer`.<br>- Fixed an error where pods cannot be found when updating Pod Readiness status.<br>- When updating LB instance tags, ignore system tags that start with `acs:`.	This upgrade does not affect your business.

October 2024

Version	Image address	Change time	Changes	Impact
v2.10.0	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.0`	October 21, 2024	Important Starting from this version, changes to the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags` annotation take effect on both newly created and reused LB instances. Do not modify LB tags in the console when using this annotation. Before upgrading to this version, verify that LB tags match the annotation values.<br><br>New features:<br>- Support readinessGate capability.<br>- Support modifying tags for existing LB instances using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags` annotation.<br>- Support retaining LB instances after service deletion using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-preserve-lb-on-delete` annotation.<br>- Support adding the `node.alibabacloud.com/nodepool-id` and `node.alibabacloud.com/instance-charge-type` labels to nodes.<br>- NLB supports specifying the ALPN policy for a `TCPSSL` listener using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn` and `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn-policy` annotations.<br><br>Optimizations:<br>- Upgraded the base image to Alpine 3.18.<br>- Optimized log output by adding `reconcileID`.<br><br>Bug fixes:<br>- Fixed an issue where NLB services are incorrectly managed by the CLB controller.	This upgrade does not affect your business.

May 2024

Version	Image address	Change time	Changes	Impact
v2.9.1	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.9.1`	May 10, 2024	Important Starting from this version, newly created CLB and NLB instances and their associated resources (such as server groups) belong to the resource group of the cluster by default. Existing CLB and NLB instances are unaffected.<br><br>New features:<br>- When creating new CLB or NLB instances, use the cluster's resource group ID by default.<br>- CLB supports enabling the `X-Forwarded-SLBPort` request header using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-slbport` annotation.<br>- CLB supports enabling the `X-Forwarded-Client-srcport` request header using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-clientsrcport` annotation.<br>- NLB supports specifying an Internet Shared Bandwidth package ID using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth-package-id` annotation.<br>- New NLB instances have deletion protection and configuration read-only mode enabled by default.<br>- NLB supports reusing server groups using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port` annotation. This annotation takes effect only when reusing an existing NLB.<br>- When multiple services reuse the same NLB, set traffic weights for the current service using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight` annotation. This annotation takes effect only when reusing an existing vServer group.<br>- Support reusing NLB across VPCs in the same region.<br>- Dual-stack NLB supports attaching IPv6 backends using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-backend-ip-version: ipv6` annotation.<br>- Dual-stack NLB supports specifying IPv6 public or private network types using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ipv6-address-type` annotation.<br>- NLB supports passing `VpcId`, `PrivateLinkEpId`, and `PrivateLinkEpsId` information to backend servers through the Proxy Protocol using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-ep-id-enabled`, `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-eps-id-enabled`, and `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-vpc-id-enabled` annotations.<br>- In dual-stack clusters, ECS IPv6 addresses are automatically added to nodes.<br><br>Optimizations:<br>- Use `EndpointSlice` instead of `Endpoint` for endpoint discovery by default.<br>- Add validation for empty route table IDs.<br>- Add validation for OpenAPI return values in reuse scenarios.<br>- Use the `resourceVersion=0` parameter when initiating list requests.<br><br>Bug fixes:<br>- Fixed an issue where the `NetworkUnavailable` status is not set during node initialization in Flannel network mode.<br>- Fixed an issue where NLB server group ownership is incorrect when using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id` annotation to specify a resource group.	This upgrade does not affect your business.

October 2023

Version	Image address	Change time	Changes	Impact
v2.8.1	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.8.1`	October 16, 2023	New features:<br>- Support Addon Token authorization mode.<br>- NLB supports creating IP-based server groups using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-server-group-type` annotation. For NLB server group categories and descriptions, see NLB server groups.<br><br>Optimizations:<br>- Directly access the API server to avoid dirty data caused by caching mechanisms.<br>- NLB: Optimized server group creation logic to prevent occasional duplicate server group creation.<br>- CLB: Added IP address validation when attaching pod ENIs to CLB. The IP address must be in the cluster VPC.	This upgrade does not affect your business.

June 2023

Version	Image address	Change time	Changes	Impact
v2.7.0	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.7.0`	June 21, 2023	New features:<br>- Support specifying an IP address for internal-facing load balancers using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ip` annotation.<br><br>Optimizations:<br>- Optimized CLB and NLB server group synchronization logic to reduce synchronization failures caused by quota limits.<br>- Updated the service hash calculation method to reduce hash value changes during cluster upgrades.<br><br>Bug fixes:<br>- Fixed an issue where service configurations cannot be updated after setting the EIP annotation.<br>- Fixed an issue where the HTTP protocol cannot be set for other ports after setting the ForwardPort annotation.	This upgrade does not affect your business.

March 2023

Version	Image address	Change time	Changes	Impact
v2.6.0	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.6.0`	March 2, 2023	New features:<br>- The `alpha.service-controller.kubernetes.io/exclude-balancer` label for excluding nodes from LB backends is deprecated. Use `node.kubernetes.io/exclude-from-external-load-balancers` instead.<br>- LB supports configuring TCP and UDP protocols for the same listener.<br>- CLB supports disabling TCP and UDP health checks using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-switch` annotation.<br>- CLB supports configuring the Proxy Protocol for TCP and UDP listeners using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-proxy-protocol` annotation.<br> Important This feature does not support online smooth migration. To switch to Proxy Protocol, stop your applications and upgrade. Configure with caution.<br><br>- CLB validates certificate validity periods when synchronizing HTTPS listeners. Synchronization fails if the certificate expires.<br>- NLB supports assigning security groups using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-security-group-ids` annotation.<br><br>Optimizations:<br>- Switched the CCM leader election resource lock from `endpointsleases` to `leases` to reduce primary/secondary switchover.<br>- Optimized load balancer synchronization logic. Continue updating virtual server groups even if load balancer attributes (such as name or resource group) fail to update.<br>- Optimized node change detection to reduce service synchronization frequency.<br><br>Bug fixes:<br>- Fixed occasional misidentification of nodes as NotReady.	This upgrade does not affect your business.

October 2022, March 2023, August 2023, and June 2024

Version	Image address	Change time	Changes	Impact
v2.5.1	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.5.1`	October 12, 2022	New features:<br>- ACK supports creating Network Load Balancer (NLB) resources for services of the `LoadBalancer` type whose `loadBalancerClass` is `alibabacloud.com/nlb`. This feature is supported only in Kubernetes 1.24 and later versions. For more information, see What is Network Load Balancer (NLB).<br>- ACK supports creating different cloud resources based on the `spec.loadBalancerClass` field of a service. If unset, CLB is created by default. If set to `alibabacloud.com/nlb`, NLB is created. Supported only on Kubernetes 1.24 and later.<br><br>Optimizations:<br>- Fixed an issue where reused IPv6 SLB instances cannot be deleted.<br>- Fixed occasional node deletion failures.<br>- Set the OpenAPI call protocol to HTTPS by default.	This upgrade does not affect your business.
v2.4.5	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.5`	June 27, 2024	Optimizations:<br>- Updated the service hash calculation method to reduce hash value changes during cluster upgrades.	This upgrade does not affect your business.
v2.4.4	`registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.4`	August 7, 2023	Optimizations:<br>- Optimized CLB server group synchronization logic to reduce synchronization failures caused by quota issues.<br>- CLB validates certificate validity periods when synchronizing HTTPS listeners. Synchronization fails if the certificate expires.<br>- Optimized load balancer synchronization logic. Continue updating virtual server groups even if load balancer attributes (such as name or resource group) fail to update.	This upgrade does not affect your business.
v2.4.3	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.3`	March 2, 2023	Bug fixes:<br>- Fixed occasional misidentification of nodes as NotReady.	This upgrade does not affect your business.
v2.4.2	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.2`	October 12, 2022	Optimizations:<br>- Fixed an issue where reused IPv6 SLB instances cannot be deleted.<br>- Fixed occasional node deletion failures.	This upgrade does not affect your business.

June 2022

Version	Image address	Change time	Changes	Impact
v2.4.0	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.0`	June 20, 2022	New features:<br>- Support setting the billing method for load balancer instances using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-instance-charge-type` annotation.<br>- Support setting security policies for load balancer instances using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-tls-cipher-policy` annotation. Supported only for HTTPS.<br>- When adding nodes, CCM automatically adds the `node.spec.providerID` field if it is empty.<br>- Support adding the `service.k8s.alibaba/loadbalancer-id` label to LoadBalancer services to display the associated load balancer instance ID.<br><br>Optimizations:<br>- Nodes with the `ToBeDeletedByClusterAutoscaler` taint are not added to load balancer backends.<br>- Fixed an issue where conflicting routes cannot be deleted when route CIDR blocks are identical.<br>- Optimized concurrent route synchronization to reduce false positives.	This upgrade does not affect your business.

March 2022

Version	Image address	Change time	Changes	Impact
v2.3.0	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.3.0`	March 21, 2022	New features:<br>- Support setting hostnames for services using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-hostname` annotation.<br>- Support setting connection timeout for load balancer listeners using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-established-timeout` annotation. Supported only for TCP.<br>- Support setting request timeout for load balancer listeners using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-request-timeout` annotation. Supported only for HTTP and HTTPS.<br>- Support setting health check methods for load balancers using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-method` annotation. Supported only for HTTP health checks.<br><br>Optimizations:<br>- Validate server group format when reusing existing server groups.<br>- Optimized vSwitch selection logic to prevent empty default vSwitches.<br>- Optimized server group synchronization logic to reduce OpenAPI calls.	This upgrade does not affect your business.

November 2021

Version	Image address	Change time	Changes	Impact
v2.1.0	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.1.0`	November 22, 2021	New features:<br>- Support configuring whether to obtain the SLB listener protocol from the X-Forwarded-Proto header using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-proto` annotation.<br>- Support setting connection idle timeout using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-idle-timeout` annotation.<br>- Support enabling HTTP2 using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-http2-enabled` annotation.<br><br>Optimizations:<br>- Support setting `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight` to `0`. This is useful for traffic switching between clusters.<br><br>Bug fixes:<br>- Fixed an issue where CLB listeners cannot be created for large numbers of pods.<br>- Fixed an issue where CLB does not synchronize updates to service `TargetPort`.	This upgrade does not affect your business.

September 2021

Version	Image address	Change time	Changes	Impact
v2.0.1	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.0.1`	September 2, 2021	New features:<br>- Support reusing existing virtual server groups using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port` annotation. This annotation takes effect only when reusing existing SLB instances. For instructions, see Deploy services across clusters by reusing existing load balancers.<br>- When multiple services reuse the same SLB, set traffic weights for the current service using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight` annotation. This annotation takes effect only when reusing existing virtual server groups. For instructions, see Deploy services across clusters by reusing existing load balancers.<br>- Support managing SLB graceful connection termination using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain` annotation. Supported only for TCP and UDP.<br>- Support setting SLB graceful connection termination timeout using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout` annotation. Supported only for TCP and UDP.<br>- Support String-type `TargetPort`.<br>- Add Finalizer for `LoadBalancer` services.<br><br>Optimizations:<br>- Upgraded the base image to Alpine 3.13.<br>- Changed the Prometheus metrics port from 10258 to 8080.<br>- Synchronize node labels periodically.	This upgrade does not affect your business.

April 2021

Version	Image address	Change time	Changes	Impact
v1.9.3.380-gd6d0962-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.380-gd6d0962-aliyun`	April 20, 2021	Bug fixes:<br>- Fixed an issue where the default server group cannot be updated.<br>- When the SLB backend is empty, emit an alert event.	This upgrade does not affect your business.

March 2021

Version	Image address	Change time	Changes	Impact
v1.9.3.378-g42eac35-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.378-g42eac35-aliyun`	March 8, 2021	New features:<br>- Support adding ECS instances outside the cluster to virtual server groups.<br>- When reusing existing SLB instances, add the `kubernetes.reused.by.user` tag to the SLB by default.<br><br>Optimizations:<br>- Adjusted the number of concurrent service processing threads to optimize service processing speed.<br>- Optimized virtual-node handling logic to ignore service synchronization triggered by virtual-node state changes.<br>- The `service.beta.kubernetes.io/exclude-node` label for excluding nodes is deprecated. Use `service.alibabacloud.com/exclude-node` instead.<br>- When reusing existing SLB instances, add resource group validation. The resource group ID in the annotation must match the SLB's resource group ID. Otherwise, reuse fails.<br>- Optimized event content for better readability.<br>- Optimized annotation priority settings for new and old versions. When both new and old versions of the same annotation exist on a service, the new version takes precedence.<br><br>Bug fixes:<br>- Fixed an issue where route deletion fails due to missing node configurations.<br>- Optimized node initialization logic to fix missing taints. During node initialization, prevent business pods from being scheduled to nodes before routes are created.	This upgrade does not affect your business.

December 2020

Version	Image address	Change time	Changes	Impact
v1.9.3.339-g9830b58-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.339-g9830b58-aliyun`	December 18, 2020	New features:<br>- Support adding hashes to `LoadBalancer` services to ensure that when CCM restarts and the service is unchanged, only the virtual server group backend is synchronized — not the `LoadBalancer` configuration or listener configuration.<br><br>Optimizations:<br>- Optimized SLB OpenAPI calls to reduce rate limiting risks.	This upgrade does not affect your business.

September 2020

Version	Image address	Change time	Changes	Impact
v1.9.3.316-g8daf1a9-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.316-g8daf1a9-aliyun`	September 29, 2020	Bug fixes:<br>- Fixed occasional failures to update SLB virtual server groups.<br>- Updated the health check port from 10252 to 10258.	This upgrade does not affect your business.

August 2020

Version	Image address	Change time	Changes	Impact
v1.9.3.313-g748f81e-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.313-g748f81e-aliyun`	August 10, 2020	New features:<br>- Support SLB deletion protection using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-delete-protection` annotation. Deletion protection is enabled by default for new SLB instances.<br>- Support SLB configuration read-only mode using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-modification-protection` annotation. Configuration read-only mode is enabled by default for new SLB instances.<br>- Support specifying the resource group for SLB instances using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id` annotation. This takes effect only at creation and cannot be modified later.<br>- Support specifying SLB names using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-name` annotation.<br>- Changed Alibaba Cloud OpenAPI calls from public network to internal network to remove CCM's public network dependency. Supported in all regions.<br>- For SLB instances created by `LoadBalancer` services, add the `ack.aliyun.com: {your-cluster-id}` tag by default. Applies only to new clusters.<br>- Support community provider ID naming: `<cloudProvider>://<optional>/<segments>/<provider id>`.<br>- For `LoadBalancer` services in new Terway clusters, attach pods directly to SLB backends by default. Pod ENI IPs are directly attached to SLB backends to improve network performance. Note: String-type `TargetPort` is not supported for `LoadBalancer` services in this mode.<br><br>Optimizations:<br>- Upgraded the base image to Alpine 3.11.6.<br>- Updating listeners also updates virtual server groups.<br>- Optimized SLB APIs to reduce SLB creation time.	This upgrade does not affect your business.

June 2020

Version	Image address	Change time	Changes	Impact
v1.9.3.276-g372aa98-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.276-g372aa98-aliyun`	June 11, 2020	New features:<br>- Restrict reusing SLB instances attached to the cluster API server for `LoadBalancer` services.<br>- Add Prometheus metrics (`ccm_node_latencies_duration_milliseconds`, `ccm_route_latencies_duration_milliseconds`, `ccm_slb_latencies_duration_milliseconds`) to expose CCM synchronization latency.<br>- Expose service and `LoadBalancer` synchronization processes as events.<br><br>Optimizations:<br>- Optimized weight calculation in Local mode (`externalTraffic: Local`) to balance loads across pods. For details, see How do I automatically set node weights in Local mode?.<br>- Optimized cloud product API calls to improve efficiency and reduce rate limiting risks.<br>- When nodes have the `service.beta.kubernetes.io/exclude-node` label, do not delete associated routes when deleting nodes.<br><br>Bug fixes:<br>- Fixed an issue where the `persistence timeout` annotation cannot be set to `0` when updating a service.<br>- Fixed an issue where the `bandwidth` cannot be set to `100` using an annotation when updating a service.	This upgrade does not affect your business.

March 2020

Version	Image address	Change time	Changes	Impact
v1.9.3.239-g40d97e1-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.239-g40d97e1-aliyun`	March 5, 2020	New features:<br>- For `LoadBalancer` services, CCM supports attaching both ECS nodes and Elastic Network Interfaces (ENIs) to SLB backends.<br><br>Optimizations:<br>- Changed Alibaba Cloud OpenAPI calls from public network to internal network to remove CCM's public network dependency. Not supported in Beijing, Shanghai, or Dubai yet.<br>- Replaced the VPC route query API with `DescribeRouteEntryList` to avoid performance issues when querying hundreds of entries in a short time.	This upgrade does not affect your business.

December 2019

Version	Image address	Change time	Changes	Impact
v1.9.3.220-g24b1885-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.220-g24b1885-aliyun`	December 31, 2019	New features:<br>- Configure vSwitch IDs. CloudConfig supports the `:vswitchid1,:vswitchid2` format.<br>- When nodes are removed from the Kubernetes cluster, CCM automatically deletes the corresponding VPC route table entries.<br><br>Optimizations:<br>- When OpenAPI calls are rate limited, add backoff before retrying. Rejoin the reconcile queue after 30–180 seconds.<br>- Set the number of reconcile worker threads to 2 to maximize OpenAPI QPS quota usage and improve reconcile speed.<br>- If the SLB backend type is ECS, skip `serverip` field validation when updating SLB backend servers. This avoids backend attachment failures caused by OpenAPI `serverip` default value changes.<br>- Add VPC route table entries for nodes only when node status is known.<br>- CCM no longer adds NAT IP addresses to node metadata. This fixes occasional connectivity issues between the API server and kubelet.<br>- Call the start listener OpenAPI only when the listener status is inactive to avoid OpenAPI rate limiting.<br><br>Bug fixes:<br>- Fixed a crash caused by concurrent map reads and writes in the aliyungo SDK.<br>- Fixed an issue where HTTP forward port configuration cannot be changed due to port forwarding dependencies.	This upgrade does not affect your business.

November 2019

Version	Image address	Change time	Changes	Impact
v1.9.3.193-g6cddde4-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.193-g6cddde4-aliyun`	November 19, 2019	New features:<br>- Support adding the `service.beta.kubernetes.io/exclude-node` label to nodes to exclude them from CCM management.<br>- Support batch-attaching Terway-network pods to SLB backends.<br><br>Optimizations:<br>- Limit node weights to at least 1 in Local mode (`externalTrafficPolicy=Local`).<br><br>Bug fixes:<br>- Fixed duplicate virtual server group creation caused by concurrency.<br>- Fixed dirty data issues when setting node weights caused by caching.	This upgrade does not affect your business.

September 2019

Version	Image address	Change time	Changes	Impact
v1.9.3.164-g2105d2e-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3-164-g2105d2e-aliyun`	September 11, 2019	New features:<br>- Support updating certificates using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id` annotation.<br>- Support HTTP-to-HTTPS port forwarding using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-forward-port` annotation.<br>- Support creating SLB instances with ACLs using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-status`, `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-id`, and `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-type` annotations.<br>- Support removing unschedulable nodes using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-remove-unscheduled-backend` annotation.<br>- In Terway network mode, support attaching pods directly to SLB backends using the `service.beta.kubernetes.io/backend-type: "eni"` annotation to improve network forwarding performance.<br>- In Local mode (`externalTrafficPolicy=Local`), services automatically set node weights based on the number of pods on each node.	This upgrade does not affect your business.

April 2019

Version	Image address	Change time	Changes	Impact
v1.9.3.105-gfd4e547-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.105-gfd4e547-aliyun`	April 15, 2019	New features:<br>- Support multiple VPC route tables. Allow configuring multiple route tables for clusters through configuration files.<br><br>Bug fixes:<br>- Fixed an issue where HTTP protocol configuration updates do not take effect.	This upgrade does not affect your business.

March 2019

Version	Image address	Change time	Changes	Impact
v1.9.3.81-gca19cd4-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.81-gca19cd4-aliyun`	March 20, 2019	New features:<br>- Managed Kubernetes and Dedicated Kubernetes support reusing existing SLB instances not created by Kubernetes.<br>- CCM supports custom Kubernetes node names. It no longer depends strictly on Kubernetes `NodeName`.<br><br>Bug fixes:<br>- Fixed compatibility issues between CCM 1.8.4 and Kubernetes 1.11.5. Upgrade CCM to the latest version.	This upgrade does not affect your business.

December 2018

Version	Image address	Change time	Changes	Impact
v1.9.3.59-ge3bc999-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.59-ge3bc999-aliyun`	December 26, 2018	New features:<br>Support multiple Kubernetes services reusing the same SLB. Rules and constraints:<br>- SLB instances created by Kubernetes services cannot be reused (this may cause accidental SLB deletion). Only manually created SLB instances (in the console or via OpenAPI) can be reused.<br>- Multiple services reusing the same SLB cannot have identical frontend listener ports, or port conflicts occur.<br>- When reusing SLB, use listener names and virtual server group names as identifiers. Do not rename listeners or virtual server groups.<br>- You can rename SLB instances.<br>- Cross-cluster SLB reuse is not supported.<br><br>Optimizations:<br>- Changed VPC route table operations from parallel to sequential to fix VPC rate limiting issues.	This upgrade does not affect your business.

August 2018

Version	Image address	Change time	Changes	Impact
v1.9.3.10-gfb99107-aliyun	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.10-gfb99107-aliyun`	August 15, 2018	New features:<br>- Support specifying the primary zone for automatically created SLB instances using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-master-zoneid` annotation.<br>- Support specifying the secondary zone for automatically created SLB instances using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-slave-zoneid` annotation.<br> Note This parameter is invalid in regions that do not support primary/secondary zone SLB instances.<br><br>- When specifying an existing SLB, support overriding SLB listeners using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners` annotation. When set to `true`, existing listeners on the SLB are deleted.<br>- Support specifying bandwidth for pay-by-bandwidth SLB instances using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth` annotation. Multiple listeners share this bandwidth.	This upgrade does not affect your business.

June 2018

Version	Image address	Change time	Changes	Impact
v1.9.3	`registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3`	June 25, 2018	New features:<br>- Support selecting worker nodes as backend servers using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-backend-label` annotation.<br>- Support specifying SLB instance types (such as shared-resource or dedicated-resource) using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec` annotation.<br>- Support `externalTraffic: Local` mode. Only attach nodes where pods are scheduled as SLB backends.<br>- Automatically manage SLB backends when cluster nodes are added or removed.<br>- Automatically manage SLB backends when node labels change.<br>- Support session stickiness.<br>- For services created with existing SLB instances, CCM no longer manages listeners. Add listeners manually.	This upgrade does not affect your business.