Basic information and release notes for Cloud Controller Manager - Container Service for Kubernetes

The cloud-controller-manager (CCM) component in a Kubernetes cluster manages load balancing and enables cross-node communication. This topic describes the CCM component, its usage notes, and its release notes.

Component introduction

The cloud-controller-manager (CCM) integrates Kubernetes with Alibaba Cloud infrastructure products, such as Classic Load Balancer (CLB), which was formerly Server Load Balancer (SLB), Network Load Balancer (NLB), and Virtual Private Cloud (VPC). CCM provides the following features:

Manage load balancing
When you set the type of a service to Type=LoadBalancer, the CCM component creates and configures a Classic Load Balancer (CLB) or a Network Load Balancer (NLB) for the service. This includes resources such as the CLB or NLB instance, listeners, and backend server groups. When the backend endpoints of the service or the cluster nodes change, CCM automatically updates the backend vServer groups of the CLB or NLB instance.
Enable cross-node communication
When Flannel is the network component of the cluster, the CCM component enables cross-node container communication by writing the pod CIDR block of each node to the VPC route table. This feature requires no configuration and is ready to use after installation.

Usage notes

The CCM component creates and configures a Classic Load Balancer (CLB) or a Network Load Balancer (NLB) for a service. This includes resources such as the CLB or NLB instance, listeners, and backend server groups. For more information, see Considerations for configuring service load balancers.
The CCM component provides many annotations to support a wide range of load balancing capabilities on the cloud. For detailed instructions, see Configure a Classic Load Balancer (CLB) using annotations and Configure a Network Load Balancer (NLB) using annotations.
For solutions to cloud-controller-manager (CCM) component upgrade check failures, see Troubleshoot CCM upgrade check failures.

Release notes

December 2025

Version

Registry address

Modification Time

Changes

Impact

v2.12.4

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.4

December 11, 2025

New feature:

Adds the Pod ReadinessGate webhook feature and enables it by default for new clusters. For more information about how to use this feature, see Ensure smooth pod updates by configuring a Readiness Gate.

Fixed issue:

Fixed an issue where the associated server group was not automatically cleaned up when an NLB service was deleted.

This upgrade does not affect your services.

November 2025

Version

Registry address

Modification Time

Changes

Impact

v2.12.3

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.3

November 19, 2025

New feature:

Supports Lingjun nodes: Automatically cleans up Lingjun node resources in the cluster after the Lingjun instances are released.

Optimization:

When a CLB instance reports an error because it cannot find the ENI corresponding to a backend pod IP address, the new error log includes the specific pod name (targetRef) and its node information.

Fixed issue:

Fixed a panic issue that occurred during service synchronization when querying NLB information or when an asynchronous task call failed.

This upgrade does not affect your services.

September 2025

Version	Registry Address	Modification Time	Changes	Impact
v2.12.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.1	September 11, 2025	Important Starting from this version, the default billing method for new CLB instances changes from pay-by-specification (PayBySpec) to pay-by-CLCU (PayByCLCU). Existing CLB instances are not affected. For more information about this change, see [Product Change] Announcement on the change of the default load balancer type and billing method for new services and Nginx Ingress controllers. New features: The default billing method for newly created CLB instances is changed from pay-by-specification to pay-by-CU. Ignores the processing of hybrid cloud nodes. When processing node change events, ignores services that directly mount pod ENIs to the load balancer backend (for Terway clusters created after August 10, 2020). Optimizations: Improves the processing speed of CLB and NLB instances and optimizes performance. When an NLB API call is throttled, the system retries the call after a waiting period. Optimizes metrics related to the synchronization time for services, routes, and nodes. The retry wait time for `readinessGate` is changed from exponential backoff to a fixed value. Fixed issues: Fixed an issue where the backend `targetPort` could not be automatically used as the health check port when an NLB instance was configured with a listener port range and manual health checks. Fixed an issue in hybrid deployments of ECS, ECI, and ACS instances where ECI or ACS instances could not be mounted or the backend server weights were set incorrectly.	This upgrade does not affect your services.

July 2025

Version	Registry address	Modification Time	Changes	Impact
v2.11.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.4	July 17, 2025	Fixed issue Fixed an issue where creating an NLB listener port range using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-listener-port-range` annotation failed.	This upgrade does not affect your services.

June 2025

Version	Registry address	Modification Time	Changes	Impact
v2.11.3	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.3	June 27, 2025	New feature Supports the ECS metadata hardening-only mode. Optimization: Skips the OpenAPI call to add servers if the server group is empty upon creation. Fixed issue Fixed an issue where servers failed to be added when targetPort in the service configuration used a port name and only some pods were selected.	This upgrade does not affect your services.

May 2025

Version	Registry address	Modification Time	Changes	Impact
v2.11.2	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.2	May 29, 2025	Optimization: Optimized the server group synchronization logic to reduce OpenAPI calls.	This upgrade does not affect your services.
v2.11.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.1	May 15, 2025	New features: Supports ignoring backend server weight updates using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ignore-weight-update` annotation. CLB supports configuring multiple ACL IDs and access control policy groups. NLB supports configuring listener port ranges using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-listener-port-range` annotation. Supports configuring custom NLB OpenAPI endpoints using the `NLB_ENDPOINT` environment variable. Optimizations: Optimizes the processing speed for adding nodes and routes to reduce the number of OpenAPI calls. Parallelizes service synchronization for listeners and server groups to reduce the synchronization time for a single service. When you call the OpenAPI to create an NLB instance, a null pointer is passed instead of an empty string if you do not specify an EIP instance ID or an IPv4 private IP address. When you call the DescribeNetworkInterfaces operation, `NextToken` is used for pagination instead of `PageSize`. Fixed issue: Fixed an issue for NLB where a service using ReadinessGate did not retry when a pod was not ready.	This upgrade does not affect your services.

March 2025

Version	Registry address	Modification Time	Changes	Impact
v2.10.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.4	March 24, 2025	New feature: Disables the source and destination IP address check feature for the primary ENIs of new ECS instances that are added to a cluster. For more information about why this feature is added, see [Product Change] Announcement on disabling the source/destination IP address check for new ECS instances in ACK clusters by default.	This upgrade does not affect your services.

January 2025

Version	Registry address	Modification Time	Changes	Impact
v2.10.2	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.2	January 20, 2025	New feature: Supports adding the `node.alibabacloud.com/spot-strategy` tag to nodes to identify whether a node is a Spot instance. Optimization: When multiple listeners of the same service are associated with the same server group, the server group is synchronized only once. Fixed issues: Fixed an issue where an SLB instance could not be created if a `LoadBalancer` service was changed to another type and then changed back to the `LoadBalancer` type. Fixed an issue where an error "Pod not found" was reported when updating the readiness state of a pod. When updating SLB instance tags, system tags that start with `acs:` are ignored.	This upgrade does not affect your services.

October 2024

Version

Registry address

Modification Time

Changes

Impact

v2.10.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.0

October 21, 2024

Important

Starting from this version, changes to the value of the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags annotation take effect on created and reused SLB instances. When you use this annotation, do not modify the SLB tags in the console. Before you upgrade to this version, make sure that the tags on the SLB instance are consistent with the annotation.

New features:
- Supports the readinessGate feature.
- Supports modifying tags after instance creation using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags annotation.
- Supports preserving the SLB instance after the service is deleted using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-preserve-lb-on-delete annotation.
- Supports adding the node.alibabacloud.com/nodepool-id and node.alibabacloud.com/instance-charge-type tags to nodes.
- NLB supports specifying the ALPN policy for TCPSSL listeners using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn and service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn-policy annotations.
Optimizations:
- Upgrades the base image to Alpine 3.18.
- Optimizes log output by adding a reconcileID.
Fixed issue:
- Fixed an issue where a service in an NLB instance might be incorrectly taken over by the CLB controller.

This upgrade does not affect your services.

May 2024

Version	Registry address	Modification time	Changes	Impact
v2.9.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.9.1	May 10, 2024	Important Starting from this version, new CLB and NLB instances and their associated resources, such as server groups, belong to the resource group of the cluster by default. Existing CLB and NLB instances are not affected. New features: When you create a new CLB or NLB instance, the resource group ID of the cluster is used by default. CLB supports enabling the `X-Forwarded-SLBPort` request header using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-slbport` annotation. CLB supports enabling the `X-Forwarded-Client-srcport` request header using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-clientsrcport` annotation. NLB supports specifying an Internet Shared Bandwidth instance ID using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth-package-id` annotation. Deletion protection and configuration read-only mode are enabled by default for new NLB instances. NLB supports reusing a server group using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port` annotation. This annotation takes effect only when you reuse an existing NLB instance. When multiple services reuse the same NLB instance, you can use the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight` annotation to set the weight of traffic that the current service receives. This annotation takes effect only when you reuse an existing vServer group. Supports reusing NLB instances across VPCs in the same region. Dual-stack NLB instances support mounting IPv6 backends using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-backend-ip-version: ipv6` annotation. Dual-stack NLB instances support specifying the IPv6 public or private network type using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ipv6-address-type` annotation. NLB supports passing `VpcId`, `PrivateLinkEpId`, and `PrivateLinkEpsId` information to backend servers over the Proxy Protocol using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-ep-id-enabled`, `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-eps-id-enabled`, and `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-vpc-id-enabled` annotations. In a dual-stack cluster, the IPv6 addresses of ECS instances are automatically added to nodes. Optimizations: Uses `EndpointSlice` instead of `Endpoint` for endpoint discovery by default. Adds a check for an empty route table ID string. Adds a check for OpenAPI return values in reuse scenarios. Uses the `resourceVersion=0` parameter when initiating a List request. Fixed issues: Fixed an issue where the `NetworkUnavailable` state was not set during node initialization in Flannel network mode. Fixed an issue where the NLB server group had an incorrect owner when a resource group was specified using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id` annotation.	This upgrade does not affect your services.

October 2023

Version	Registry address	Modification Time	Changes	Impact
v2.8.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.8.1	October 16, 2023	New features: Supports the Addon Token authorization mode. NLB supports creating IP-based server groups using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-server-group-type` annotation. For more information about NLB server group types, see NLB server groups. Optimizations: Allows clients to directly access the API server to prevent dirty data caused by the caching mechanism. NLB: Optimizes the server group creation logic to prevent occasional duplicate creation of server groups. CLB: Adds IP address validation when mounting pod ENIs to a CLB instance. The IP addresses must be within the cluster's VPC.	This upgrade does not affect your services.

June 2023

Version	Registry address	Modification Time	Changes	Impact of the change
v2.7.0	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.7.0	June 21, 2023	New feature: Supports specifying an IP address for an internal-facing SLB instance using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ip` annotation. Optimizations: Optimizes the synchronization logic for CLB and NLB server groups to reduce synchronization failures due to insufficient quotas. Updates the service hash calculation method to reduce hash value changes caused by scenarios such as cluster upgrades. Fixed issues: Fixed an issue where the service configuration could not be updated after setting an EIP annotation. Fixed an issue where the HTTP protocol could not be set for other ports after setting a ForwardPort annotation.	This upgrade does not affect your services.

March 2023

Version	Registry address	Modification Time	Changes	Impact of Changes
v2.6.0	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.6.0	March 2, 2023	New features: The `alpha.service-controller.kubernetes.io/exclude-balancer` tag for excluding nodes from the SLB backend is deprecated. Use the new `node.kubernetes.io/exclude-from-external-load-balancers` tag instead. SLB supports configuring both TCP and UDP protocols for a single listener. CLB supports disabling TCP and UDP health checks using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-switch` annotation. CLB supports configuring the Proxy Protocol for TCP and UDP listeners of a CLB instance using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-proxy-protocol` annotation. Important This feature does not support smooth online migration. Switching to the Proxy Protocol requires service downtime for the upgrade. Configure this with caution. CLB supports verifying the certificate validity period when synchronizing HTTPS listeners. If a certificate expires, the CLB synchronization fails. NLB supports setting security groups for an NLB instance using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-security-group-ids` annotation. Optimizations: The resource lock for CCM leader election is switched from endpointsleases to leases to reduce primary/secondary switchovers. Optimizes the load balancer synchronization logic. When the load balancer's own properties, such as its name or resource group, fail to update, the vServer group continues to be updated. Optimizes the criteria for determining node changes to reduce the number of service synchronizations. Fixed issue: Fixed an issue that occasionally caused nodes to be misidentified as NotReady.	This upgrade does not affect your services.

October 2022, March 2023, August 2023, and June 2024

Version	Registry Address	Modification Time	Changes	Impact
v2.5.1	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.5.1	October 12, 2022	New features: ACK supports creating NLB resources for LoadBalancer services with `loadBalancerClass` set to `alibabacloud.com/nlb`. This feature is supported only in Kubernetes 1.24 and later. For more information, see What is a Network Load Balancer (NLB)?. ACK supports creating different types of cloud resources based on the `spec.loadBalancerClass` field of a service. If this field is not set, a CLB instance is created by default. If it is set to `alibabacloud.com/nlb`, an NLB instance is created. This feature is supported only in Kubernetes 1.24 and later. Optimizations: Fixed an issue where a reused IPv6 SLB instance could not be deleted. Fixed an occasional issue where nodes could not be deleted. The default protocol for OpenAPI calls is set to HTTPS.	This upgrade does not affect your services.
v2.4.5	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.5	June 27, 2024	Optimization: Updates the service hash calculation method to reduce hash value changes caused by scenarios such as cluster upgrades.	This upgrade does not affect your services.
v2.4.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.4	August 7, 2023	Optimizations: Optimizes the CLB server group synchronization logic to reduce synchronization failures due to quota issues. CLB supports verifying the certificate validity period when synchronizing HTTPS listeners. If a certificate expires, the CLB synchronization fails. Optimizes the load balancer synchronization logic. When the load balancer's own properties, such as its name or resource group, fail to update, the vServer group continues to be updated.	This upgrade does not affect your services.
v2.4.3	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.3	March 2, 2023	Fixed an occasional issue where a node was misidentified as NotReady.	This upgrade does not affect your services.
v2.4.2	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.2	October 12, 2022	Optimizations: Fixed an issue where a reused IPv6 SLB instance could not be deleted. Fixed an occasional issue where nodes could not be deleted.	This upgrade does not affect your services.

June 2022

Version	Registry address	Modified Time	Changes	Impact
v2.4.0	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.0	June 20, 2022	New features: Supports setting the billing method for an SLB instance using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-instance-charge-type`. Supports setting a security policy for an SLB instance using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-tls-cipher-policy`. Only the HTTPS protocol is supported. When you add a node, CCM automatically adds the `node.spec.providerID` property if the field is empty. Supports adding the `service.k8s.alibaba/loadbalancer-id` tag to a LoadBalancer service to show the ID of the associated SLB instance. Optimizations: Nodes with the ToBeDeletedByClusterAutoscaler taint are not added to the backend of the load balancer. Fixed an issue where conflicting routes could not be deleted when the routes had the same CIDR block. Optimizes the logic for concurrent route synchronization to reduce false positives.	This upgrade does not affect your services.

March 2022

Version	Registry address	Modification Time	Changes	Impact
v2.3.0	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.3.0	March 21, 2022	New features: Supports setting a hostname for a service using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-hostname`. Supports setting the connection timeout for listeners of an SLB instance using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-established-timeout`. Only the TCP protocol is supported. Supports setting the request timeout for listeners of an SLB instance using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-request-timeout`. Only the HTTP and HTTPS protocols are supported. Supports setting the health check method for an SLB instance using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-method`. Only HTTP health checks are supported. Optimizations: Validates the vServer group format when reusing an existing vServer group. Optimizes the vSwitch selection logic to prevent the default vSwitch from being empty. Optimizes the vServer group synchronization logic to reduce OpenAPI calls.	This upgrade does not affect your services.

November 2021

Version	Registry address	Modification Time	Changes	Impact
v2.1.0	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.1.0	November 22, 2021	New features: Supports configuring whether to obtain the SLB listener protocol from the X-Forwarded-Proto header field using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-proto`. Supports setting the idle connection timeout using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-idle-timeout`. Supports enabling the HTTP/2 feature using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-http2-enabled`. Optimization: Supports setting `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight` to 0, which is suitable for traffic switching between clusters. Fixed issues: Fixed an issue where CLB listeners could not be created with many pods. Fixed an issue where the CLB instance was not updated after the Service TargetPort was updated.	This upgrade does not affect your services.

September 2021

Version	Registry address	Modification time	Changes	Impact
v2.0.1	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.0.1	September 2, 2021	New features: Supports reusing an existing vServer group using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port. This annotation takes effect only when you reuse an existing SLB instance. For more information, see Deploy services across clusters by reusing an existing load balancer. When multiple services reuse the same SLB instance, you can use the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight to set the weight of traffic that the current service receives. This annotation takes effect only when you reuse an existing vServer group. For more information, see Deploy services across clusters by reusing an existing load balancer. Supports managing graceful connection draining for an SLB instance using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain. Only the TCP and UDP protocols are supported. Supports setting the graceful connection draining timeout for an SLB instance using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout. Only the TCP and UDP protocols are supported. Supports String type for TargetPort. Adds a finalizer for LoadBalancer services. Optimizations: Upgrades the base image to Alpine 3.13. Changes the Prometheus metrics port from 10258 to 8080. Periodically synchronizes node tags.	This upgrade does not affect your services.

April 2021

Version	Registry address	Modification Time	Changes	Impact
v1.9.3.380-gd6d0962-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.380-gd6d0962-aliyun	April 20, 2021	Fixed an issue where the default server group could not be updated. Exposes an alert event when the SLB backend is empty.	This upgrade does not affect your services.

March 2021

Version	Registry address	Modification Time	Changes	Impact of changes
v1.9.3.378-g42eac35-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.378-g42eac35-aliyun	March 8, 2021	New features: Supports adding ECS instances from outside the cluster to a vServer group. When you reuse an existing SLB instance, the `kubernetes.reused.by.user` tag is added to the SLB instance by default. Optimizations: Adjusts the number of concurrent processing threads for services to optimize service processing speed. Optimizes the virtual-node processing logic to ignore service synchronizations triggered by virtual-node status changes. The `service.beta.kubernetes.io/exclude-node` tag for excluding nodes is deprecated. Use the new `service.alibabacloud.com/exclude-node` tag instead. Adds resource group validation when reusing an existing SLB instance. The resource group ID in the annotation must be the same as the resource group ID of the SLB instance. Otherwise, the reuse fails. Optimizes the content of events to improve readability. Optimizes the priority configuration for new and old versions of annotations. If a service has both new and old versions of the same annotation, the new version takes precedence. Fixed issues: Fixed an issue where route deletion failed due to missing node configuration. Optimizes the node initialization logic to fix the issue of missing taints. During node initialization, this prevents application pods from being scheduled to nodes where routes have not been created.	This upgrade does not affect your services.

December 2020

Version	Registry address	Modification Time	Changes	Impact
v1.9.3.339-g9830b58-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.339-g9830b58-aliyun	December 18, 2020	Supports adding a hash value to a LoadBalancer service. This ensures that when CCM restarts, only the vServer group backend is synchronized if the service has not been modified. The LoadBalancer and listener configurations are no longer synchronized. Optimizes SLB OpenAPI calls to reduce the risk of throttling.	This upgrade does not affect your services.

September 2020

Version	Registry address	Modification Time	Changes	Change impact
v1.9.3.316-g8daf1a9-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.316-g8daf1a9-aliyun	September 29, 2020	Fixed an occasional issue where the SLB vServer group was not updated. Updates the health check port from 10252 to 10258.	This upgrade does not affect your services.

August 2020

Version	Registry address	Modification Time	Changes	Impact
v1.9.3.313-g748f81e-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.313-g748f81e-aliyun	August 10, 2020	New features: Supports setting deletion protection for an SLB instance using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-delete-protection. Deletion protection is enabled by default for new SLB instances. Supports setting configuration read-only mode for an SLB instance using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-modification-protection. Configuration read-only mode is enabled by default for new SLB instances. Supports specifying the resource group of an SLB instance using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id. This takes effect only at creation and cannot be modified. Supports specifying the name of an SLB instance using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-name. Alibaba Cloud product OpenAPI calls are changed from public network to internal network, removing the public network dependency for CCM (supported in all regions). A tag is added by default to the SLB instance created for a LoadBalancer service. The format is `ack.aliyun.com: {your-cluster-id}`. This takes effect only for new clusters. Compatible with the community provider ID naming convention `<cloudProvider>://<optional>/<segments>/<provider id>`. For new Terway clusters, LoadBalancer services default to mounting pods directly to the SLB backend. For new ACK clusters in Terway network mode, if the service type is LoadBalancer, the pod's ENI IP is mounted as the load balancer's backend by default to improve network performance. For LoadBalancer services, a string type for targetPort is not supported. Optimizations: Upgrades the base image to Alpine 3.11.6. Updating a listener will synchronize the vServer group. Optimizes the SLB API to reduce SLB creation time.	This upgrade does not affect your services.

June 2020

Version	Registry address	Modification Time	Changes	Impact of changes
v1.9.3.276-g372aa98-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.276-g372aa98-aliyun	June 11, 2020	New features: For LoadBalancer services, reusing the cluster API server's SLB instance is restricted. Adds Prometheus metrics (ccm_node_latencies_duration_milliseconds, ccm_route_latencies_duration_milliseconds, and ccm_slb_latencies_duration_milliseconds) to expose CCM synchronization latency information. Supports exposing the synchronization process between a service and a LoadBalancer as an event. Optimizations: Optimized the weight calculation method for Services in Local mode (`externalTrafficPolicy=Local`) to improve load balancing among pods. For more information, see How to automatically set node weights in Local mode?. Optimizes cloud product API calls to improve efficiency and reduce the risk of throttling. When a node has the service.beta.kubernetes.io/exclude-node tag, the associated route is no longer deleted when the node is deleted. Fixed issues: Fixed an issue where persistence timeout could not be set to 0 using an annotation when updating a service. Fixed an issue where bandwidth could not be set to 100 using an annotation when updating a service.	This upgrade does not affect your services.

March 2020

Version	Registry Address	Modification Time	Changes	Impact
v1.9.3.239-g40d97e1-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.239-g40d97e1-aliyun	March 5, 2020	New feature: For Loadbalancer services, CCM supports mounting both ECS nodes and ENIs to the SLB backend at the same time. Optimizations: Alibaba Cloud product OpenAPI calls are changed from public network to internal network, removing the public network dependency for CCM. This is not yet supported in the China (Beijing), China (Shanghai), and UAE (Dubai) regions. The VPC route query interface is changed to DescribeRouteEntryList to avoid performance issues when querying hundreds of entries in a short time.	This upgrade does not affect your services.

December 2019

Version	Registry address	Modification Time	Changes	Impact
v1.9.3.220-g24b1885-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.220-g24b1885-aliyun	December 31, 2019	Configures VSwitchIds. CloudConfig supports adding IDs in the `:vswitchid1,:vswitchid2` format. Adds a backoff mechanism for retries when OpenAPI calls are throttled. Requests are re-added to the reconcile queue at intervals of 30s to 180s. Adjusts the number of Reconcile worker threads to 2 to maximize the use of the OpenAPI QPS quota and improve the Reconcile speed. Fixed a CCM crash caused by concurrent map reads and writes in the aliyungo SDK. When a node is removed from a Kubernetes cluster, CCM automatically deletes the corresponding VPC route table entry for that node. Fixed an issue where the port configuration for HTTP Forward could not be changed due to port forwarding dependencies. If the SLB backend type is ECS, the serverip field does not need to be checked when updating the SLB backend servers. This avoids backend addition failures caused by changes in the default value of the OpenAPI serverip field. The corresponding VPC route table entry for a node is added only when the node's status is known. CCM no longer adds NAT IP addresses to node metadata, fixing an occasional issue where the API server could not access the kubelet. When changing the listener configuration, the start listener OpenAPI is called only when the listener status is inactive. This avoids triggering OpenAPI throttling issues.	This upgrade does not affect your services.

November 2019

Version	Registry address	Modification Time	Changes	Impact of the change
v1.9.3.193-g6cddde4-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.193-g6cddde4-aliyun	November 19, 2019	Supports adding the label service.beta.kubernetes.io/exclude-node to a node, which causes CCM to no longer manage that node. Supports batch adding pods with the Terway network type to the SLB backend. Restricts the node weight to be no less than 1 in Local mode (that is, when the service's externalTrafficPolicy=Local). Fixed an issue of duplicate vServer group creation caused by concurrency. Fixed an issue of dirty data being generated when setting node weights due to caching.	This upgrade does not affect your services.

September 2019

Version	Registry address	Change time	Changes	Impact
v1.9.3.164-g2105d2e-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3-164-g2105d2e-aliyun	September 11, 2019	Supports updating certificates using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id. Supports port forwarding from HTTP to HTTPS using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-forward-port. Supports creating an SLB instance with an ACL using the annotations service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-status, service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-id, and service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-type. Supports setting whether to remove unschedulable nodes using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-remove-unscheduled-backend. In Terway network mode, supports mounting pods directly to the SLB backend to improve network forwarding performance using the annotation service.beta.kubernetes.io/backend-type: "eni". In Local mode (that is, when the service's externalTrafficPolicy=Local), the service automatically sets the node weight based on the number of pods on the node.	This upgrade does not affect your services.

April 2019

Version	Registry address	Change time	Changes	Impact
v1.9.3.105-gfd4e547-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.105-gfd4e547-aliyun	April 15, 2019	Supports multiple VPC route tables. You can configure multiple route tables for a cluster using a configuration file. Fixed an issue where HTTP protocol configuration updates did not take effect.	This upgrade does not affect your services.

March 2019

Version	Registry address	Modification Time	Changes	Impact
v1.9.3.81-gca19cd4-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.81-gca19cd4-aliyun	March 20, 2019	Managed Kubernetes and Dedicated Kubernetes support reusing existing SLB instances not created by Kubernetes. CCM supports custom Kubernetes node names. It no longer has a strong dependency on the Kubernetes NodeName. Fixed a compatibility issue between CCM 1.8.4 and Kubernetes 1.11.5. Upgrade CCM to the latest version.	This upgrade does not affect your services.

December 2018

Version	Registry address	Modification Time	Changes	Impact
v1.9.3.59-ge3bc999-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.59-ge3bc999-aliyun	December 26, 2018	Supports reusing the same SLB instance for multiple Kubernetes services. SLB instances created by a Kubernetes service cannot be reused. This can cause the SLB instance to be accidentally deleted. You can only reuse SLB instances that you manually create in the console or by calling the OpenAPI. Multiple services that reuse the same SLB instance cannot have the same frontend listener port. Otherwise, a port conflict will occur. When you reuse an SLB instance, use the listener name and vServer group name as identifiers. Do not modify the names of the listener and vServer group. The name of the SLB instance can be modified. Reusing SLB instances across clusters is not supported. VPC route table operations are changed from parallel to serial to fix the VPC throttling issue.	This upgrade does not affect your services.

August 2018

Version	Registry address	Modification Time	Changes	Impact
v1.9.3.10-gfb99107-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.10-gfb99107-aliyun	August 15, 2018	Supports specifying the primary zone for an automatically created SLB instance using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-master-zoneid. Supports specifying the secondary zone for an automatically created SLB instance using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-slave-zoneid. Note Some regions do not support creating SLB instances of the primary/secondary zone type. This parameter is invalid in those regions. When specifying an existing SLB instance, you can use the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners to set whether to overwrite the SLB listeners. If set to true, the original listeners on the SLB instance are deleted. Supports specifying the bandwidth value for a created pay-by-bandwidth SLB instance using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth. Multiple listeners share this bandwidth.	This upgrade does not affect your services.

June 2018

Version	Registry address	Modification Time	Changes	Impact of the change
v1.9.3	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3	June 25, 2018	Supports using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-backend-label to allow users to use worker nodes with a specified label as backend servers. Supports specifying the SLB type, such as shared-resource or performance-guaranteed, using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec. Supports the `externalTraffic: Local` mode for services. Only the nodes where the pods are located are added as the SLB backend. When a cluster node is added or deleted, the SLB backend is automatically processed to synchronize the addition or removal of the corresponding node. When a node's label changes, the SLB backend is automatically processed to synchronize the addition or removal of the corresponding node. Supports Session Sticky. Services created by specifying an existing SLB instance no longer process listeners. You need to add SLB listeners yourself.	This upgrade does not affect your services.