All Products
Search
Document Center

Container Service for Kubernetes:CCM

Last Updated:Nov 29, 2024

The cloud controller manager (CCM) provides features to manage load balancing for cross-node communication. This topic introduces the CCM and describes the usage notes and release notes for the component.

Introduction

The CCM allows you to integrate Kubernetes with Alibaba Cloud services, such as Classic Load Balancer (CLB), formerly known as Server Load Balancer (SLB), Network Load Balancer (NLB), and Virtual Private Cloud (VPC). The CCM provides the following features:

  • Manage SLB instances

    If you set Type=LoadBalancer for a Service, the CCM automatically creates a CLB instance or an NLB instance for the Service and configures listeners and backend server groups. For more information about CLB and NLB instances, see Overview of CLB instances and NLB instances. When the endpoints of a Service change or the cluster nodes change, the CCM automatically updates the vServer groups of the CLB or NLB instance created for the Service.

  • Enable cross-node communication

    If Flannel is used as the network plug-in of a Kubernetes cluster, the CCM can enable network connections between containers and nodes. This allows you to implement cross-node communication. The CCM adds the pod CIDR block to the route table of the VPC where the cluster is deployed. This enables cross-node communication. This feature is ready for use after the CCM is installed.

Usage notes

Release notes

October 2024

Version

Image address

Release date

Description

Impact

v2.10.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.0

2024-10-21

Important

Starting from this version, modifications to the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags annotation take effect to existing and reused load balancing instances. If you use this annotation, make sure that the tags of the load balancer instance is consistent with the value of this annatation, and do not modify the tags of the load balancing instance in the console.

  • New features:

    • The readiness gates feature is supported.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags annotation is supported for existing instances to modify tags.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-preserve-lb-on-delete annotation is supported for preserving the load balancer after the Service is deleted.

    • Adding the node.alibabacloud.com/nodepool-id and node.alibabacloud.com/instance-charge-type annotations to nodes is supported.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn and service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn-policy annotations are supported for NLB instances to specify a TCP/SSL listener for the Application-Layer Protocol Negotiation (ALPN) policy.

  • Improvements:

    • Alpine Linux is upgraded to V3.18 for base images.

    • The reconcileID parameter is added to the log output.

  • Fixed issues:

    • The issue that Services in NLB instances may unintentionally be managed by the CLB Controller is fixed.

No impact on workloads

May 2024

Version

Image address

Release date

Description

Impact

v2.9.1

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.9.1

2024-05-10

Important

Starting from this version, by default, the CLB and NLB instances and their associated resources such as server groups created by the CCM belong to the resource group where the cluster resides. Existing CLB and NLB instances created in earlier versions are not affected.

  • New features:

    • When the CCM creates a CLB or NLB instance, the ID of the resource group where the cluster resides is used by default.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-slbport annotation is supported for CLB instances to enable the X-Forwarded-SLBPort request header.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-clientsrcport annotation is supported for CLB instances to enable the X-Forwarded-Client-srcport request header.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth-package-id annotation is supported for NLB instances to specify the ID of an elastic IP address (EIP) bandwidth plan.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-delete-protection annotation is supported for NLB instances to enable deletion protection. By default, this feature is enabled for newly created NLB instances.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-modification-protection annotation is supported for NLB instances to enable the configuration read-only mode. By default, this mode is enabled for newly created NLB instances.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port annotation is supported for NLB instances to reuse a server group. This annotation takes effect only when an existing NLB instance is reused.

    • When an NLB instance is reused by multiple Services, the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight annotation can be used to specify the weight of the traffic received by the current Service. This annotation takes effect only when an existing vServer group is reused.

    • NLB instances can be reused across VPCs.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-backend-ip-version: ipv6 annotation is supported for dual-stack NLB instances to mount IPv6 backend servers.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ipv6-address-type annotation is supported for dual-stack NLB instances to specify the IPv6 network access type.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-ep-id-enabled, service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-eps-id-enabled, and service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-vpc-id-enabled annotations are supported for NLB instances to pass the VpcId, PrivateLinkEpId, and PrivateLinkEpsId information to backend servers over Proxy Protocol.

    • In a dual-stack cluster, the IPv6 addresses of Elastic Compute Service (ECS) instances are automatically added to nodes.

  • Improvements:

    • By default, EndpointSlice is used instead of Endpoint for endpoint discovery.

    • A verification is added to check whether the route table ID is an empty string.

    • A verification is added to check the return values of API operations in reuse scenarios.

    • The resourceVersion=0 parameter setting is used when you initiate a LIST request.

  • Fixed issues:

    • The issue that the NetworkUnavailable state is not set during node initialization in Flannel mode is fixed.

    • The following issue is fixed: The NLB server group ownership is invalid when the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id annotation is used to specify a resource group.

No impact on workloads

October 2023

Version

Image address

Release date

Description

Impact

v2.8.1

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.8.1

2023-10-16

  • New features:

    • The Addon Token authorization mode is supported.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-server-group-type annotation can be used to create NLB server groups of the IP type. For more information about the types and description of NLB server groups, see NLB server groups.

  • Improvements:

    • Direct access from clients to the Kubernetes API server is supported to prevent stale data generated due to data caching.

    • The logic for creating NLB server groups is optimized to prevent the system from repeatedly creating server groups.

    • IP address verification is performed when you add the IP addresses of elastic network interfaces (ENIs) that are allocated to pods to CLB instances. The verification is performed to ensure that the IP addresses fall within the CIDR block of the VPC where the cluster resides.

No impact on workloads

June 2023

Version

Image address

Release date

Description

Impact

v2.7.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.7.0

2023-06-21

  • New features:

    The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ip annotation can be used to specify the IP address of an internal-facing SLB instance.

  • Improvements:

    • The synchronization logic of the backend server groups of CLB instances and NLB instances is optimized to reduce backend server group update failures caused by insufficient quotas.

    • The method used to calculate the hash values of Services is updated to reduce hash value changes due to cluster updates.

  • Fixed issues:

    • The issue that the Service configuration cannot be updated after you add annotations related to EIPs to the Service configuration is fixed.

    • The issue that HTTP cannot be configured for other ports after you add the ForwardPort annotation to the Service configuration is fixed.

No impact on workloads

March 2023

Version

Image address

Release date

Description

Impact

v2.6.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.6.0

2023-03-02

  • New features:

    • The alpha.service-controller.kubernetes.io/exclude-balancer label, which is used to remove backend servers from SLB instances, is deprecated. The node.kubernetes.io/exclude-from-external-load-balancers label is now used to remove backend servers from SLB instances.

    • A listener can be configured to use both TCP and UDP for an SLB instance.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-switch annotation can be used to disable TCP health checks and UDP health checks for CLB instances.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-proxy-protocol annotation can be used to enable Proxy Protocol for TCP listeners and UDP listeners of CLB instances.

      Important

      Enabling this feature results in service interruptions. You must stop your applications before you enable Proxy Protocol. Proceed with caution.

    • The validity period of certificates can be verified during HTTPS listener synchronization. If a certificate has expired, the CLB instance synchronization fails.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-security-group-ids annotation can be used to configure security groups for NLB instances.

  • Improvements:

    • Leases are used to lock resources for CCM leader election instead of endpointsleases. This reduces the frequency of leader switches.

    • The update logic of SLB instances is optimized. When attributes of an SLB instance, such as the name and resource group, fail to be updated, the vServer groups of the SLB instance are still updated.

    • The conditions for identifying node changes are narrowed to reduce the frequency of Service updates.

  • Fixed issues:

    The issue that ready nodes are occasionally recognized as NotReady is fixed.

No impact on workloads

October 2022, March 2023, August 2023, and June 2024

Version

Image address

Release date

Description

Impact

v2.5.1

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.5.1

2022-10-12

  • New features:

    • NLB instances can be created for LoadBalancer Services whose loadBalancerClass is set to alibabacloud.com/nlb. Only Kubernetes 1.24 and later support this feature. For more information, see What is NLB?

    • Network resources can be created for Services based on the spec.loadBalancerClass field of the Services. If the spec.loadBalancerClass field is left empty, a CLB instance is created. If the spec.loadBalancerClass field is set to alibabacloud.com/nlb, an NLB instance is created. Only Kubernetes 1.24 and later support this feature.

  • Improvements:

    • The issue that reused IPv6 SLB instances cannot be deleted is fixed.

    • The occasionally occurring issue that nodes cannot be deleted is fixed.

    • HTTPS is specified as the default protocol for API calls.

No impact on workloads

v2.4.5

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.5

2024-06-27

Improvements:

  • The method used to calculate the hash values of Services is updated to reduce hash value changes due to cluster updates.

No impact on workloads

v2.4.4

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.4

2023-08-07

Improvements:

  • The synchronization logic of CLB and NLB server groups is optimized to reduce synchronization failures caused by quota issues.

  • The validity period of certificates can be verified during HTTPS listener synchronization. If a certificate has expired, the CLB instance synchronization fails.

  • The update logic of SLB instances is optimized. When attributes of an SLB instance, such as the name and resource group, fail to be updated, the vServer groups of the SLB instance are still updated.

No impact on workloads

v2.4.3

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.3

2023-03-02

The issue that ready nodes are occasionally recognized as NotReady is fixed.

No impact on workloads

v2.4.2

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.2

2022-10-12

Improvements:

  • The issue that reused IPv6 SLB instances cannot be deleted is fixed.

  • The occasionally occurring issue that nodes cannot be deleted is fixed.

No impact on workloads

June 2022

Version

Image address

Release date

Description

Impact

v2.4.0

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.0

2022-06-20

  • New features:

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-instance-charge-type annotation can be used to specify the billing method of SLB instances.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-tls-cipher-policy annotation can be used to configure TLS security policies for SLB instances. Only HTTPS is supported.

    • The CCM automatically assigns a value to the node.spec.providerID field if the field is empty when you add a node.

    • The service.k8s.alibaba/loadbalancer-id label can be added to LoadBalancer Services to indicate the IDs of the SLB instances that are associated with the Services.

  • Improvements:

    • A node is not added to an SLB instance if the node has the ToBeDeletedByClusterAutoscaler taint.

    • The following issue is fixed: Conflicted routes cannot be deleted if the destination CIDR blocks of the routes are the same.

    • The logic of concurrent route synchronization is optimized to reduce false positives.

No impact on workloads

March 2022

Version

Image address

Release date

Description

Impact

v2.3.0

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.3.0

2022-03-21

  • New features:

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-hostname annotation can be used to specify the hostname of a Service.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-established-timeout annotation can be used to specify the connection timeout period for TCP listeners of SLB instances.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-request-timeout annotation can be used to specify the request timeout period for HTTP and HTTPS listeners of SLB instances.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-method annotation can be used to specify the health check method for HTTP health checks of SLB instances.

  • Improvements:

    • The format of vServer groups is verified when you reuse existing vServer groups.

    • The logic of vSwitch selection is optimized to resolve the issue that the default vSwitch is not specified.

    • The synchronization logic of vServer groups is optimized to reduce the number of API calls.

No impact on workloads

November 2021

Version

Image address

Release date

Description

Impact

v2.1.0

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.1.0

2021-11-22

  • New features:

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-proto annotation can be used to obtain the listener protocol of an SLB instance from the X-Forwarded-Proto header field.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-idle-timeout annotation can be used to specify the timeout period of idle connections.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-http2-enabled annotation can be used to enable HTTP2.

  • Improvements:

    The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight annotation can be set to 0 to stop distributing traffic to specific backend servers.

  • Fixed issues:

    • The issue that listeners cannot be created for a CLB instance when a large number of backend pods are added to the CLB instance.

    • The issue that the CLB instance used by a Service is not updated after the targetPort parameter of the Service is updated.

No impact on workloads

September 2021

Version

Image address

Release date

Description

Impact

v2.0.1

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.0.1

2021-09-02

  • New features:

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port annotation can be used to reuse an existing vServer group that is added to an SLB instance. This annotation takes effect only when the SLB instance is reused. For more information, see Use the CCM to deploy services across clusters.

    • When a reused SLB instance is shared among multiple Services, the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight annotation can be used to set the weight of each Service to enable weighted round-robin (WRR). This annotation takes effect only when the existing vServer group is reused. For more information, see Use the CCM to deploy services across clusters.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain annotation can be used to configure connection draining for an SLB instance. Only TCP and UDP are supported.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout annotation can be used to set the timeout period of connection draining for an SLB instance. Only TCP and UDP are supported.

    • The targetPort field can be set to a String value.

    • Finalizers can be specified for LoadBalancer Services.

  • Improvements:

    • Alpine Linux is updated to V3.13 for base images.

    • The port used by Prometheus metrics is changed from 10258 to 8080.

    • The node labels are synchronized by schedule.

No impact on workloads

April 2021

Version

Image address

Release date

Description

Impact

v1.9.3.380-gd6d0962-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.380-gd6d0962-aliyun

2021-04-20

  • The issue that the default server group cannot be updated is fixed.

  • Events are generated and alerts are triggered when an SLB instance is not associated with backend servers.

No impact on workloads

March 2021

Version

Image address

Release date

Description

Impact

v1.9.3.378-g42eac35-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.378-g42eac35-aliyun

2021-03-08

New features:

  • ECS instances other than those in the Container Service for Kubernetes (ACK) cluster can be added to a vServer group.

  • The kubernetes.reused.by.user label is automatically added to a reused SLB instance.

Improvements:

  • The number of concurrent threads for processing Services is increased to improve processing speed.

  • The processing logic of virtual-node is optimized to ignore Service updates caused by the status changes of virtual-node.

  • The service.beta.kubernetes.io/exclude-node label is deprecated. To exclude a node from the management of the CCM, use the label service.alibabacloud.com/exclude-node label instead.

  • Resource groups are verified when an SLB instance is reused. The resource group ID specified in annotations must be the ID of the resource group to which the SLB instance belongs. Otherwise, the SLB instance cannot be used to expose more than one Service.

  • The readability of event content is improved.

  • The version priority setting of annotations is optimized. If two versions of an annotation are added to the Service configurations, the later version prevails over the earlier version.

Fixed issues:

  • The issue that route entries failed to be deleted due to incomplete node configurations.

  • The logic of node initialization is optimized to fix the issue of taint missing. This prevents pods from being scheduled to a node for which route entries are not created during the initialization process.

No impact on workloads

December 2020

Version

Image address

Release date

Description

Impact

v1.9.3.339-g9830b58-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.339-g9830b58-aliyun

2020-12-18

  • Hash values are supported in the configurations of LoadBalancer Services. This way, when the CCM is restarted, only the vServer groups of the related SLB instances are updated if the Service configuration is not changed. The configurations of the related SLB instances and listeners are not updated.

  • SLB API calls are optimized to reduce the chances of throttling.

No impact on workloads

September 2020

Version

Image address

Release date

Description

Impact

v1.9.3.316-g8daf1a9-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.316-g8daf1a9-aliyun

2020-09-29

  • The occasional failure to update the vServer groups of SLB instances is fixed.

  • The health check port is changed from 10252 to 10258.

No impact on workloads

August 2020

Version

Image address

Release date

Description

Impact

v1.9.3.313-g748f81e-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.313-g748f81e-aliyun

2020-08-10

  • New features:

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-delete-protection annotation can be used to set deletion protection for SLB instances. By default, deletion protection is enabled for newly created SLB instances.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-modification-protection annotation can be used to set the configuration read-only mode for SLB instances. By default, the configuration read-only mode is enabled for newly created SLB instances.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id annotation can be used to specify the resource group to which an SLB instance belongs. This setting applies only when you create an SLB instance and cannot be modified after the instance is created.

    • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-name annotation can be used to specify the name of an SLB instance.

    • The API operations of Alibaba Cloud services can be called over internal networks instead of the Internet. To call the CCM operations, Internet access is no longer required in all regions.

    • Tags are added to an SLB instance that is created for a LoadBalancer Service. The tags are in the ack.aliyun.com: {your-cluster-id} format. This feature applies to only newly created clusters.

    • The cloud provider ID can be specified in the <cloudProvider>://<optional>/<segments>/<provider id> format, which is compatible with open source Kubernetes.

    • When a LoadBalancer Service is created in a cluster that uses Terway, the backed pods are automatically added to the SLB instance that is associated with the Service. The IP addresses of ENIs that are allocated to the pods are added as the backend servers of the SLB instance. This improves network performance. For LoadBalancer Services, the targetPort field cannot be set to a string value.

  • Improvements:

    • Alpine Linux is updated to V3.11.6 for base images.

    • Listener updates are automatically synchronized to vServer groups.

    • SLB API operations are optimized. You can call the SLB API to create SLB instances with improved speed.

No impact on workloads

June 2020

Version

Image address

Release date

Description

Impact

v1.9.3.276-g372aa98-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.276-g372aa98-aliyun

2020-06-11

  • New features:

    • The SLB instance attached to the cluster API server cannot be reused by LoadBalancer Services.

    • Prometheus metrics (ccm_node_latencies_duration_milliseconds, ccm_route_latencies_duration_milliseconds, and ccm_slb_latencies_duration_milliseconds) are added to monitor the synchronization latency of the CCM.

    • Events are collected to monitor the synchronization process between a Service and the related SLB instance.

  • Improvements:

    • Weight calculation is optimized for Services in Local mode. To enable the Local mode, set externalTrafficPolicy=Local in Service configurations. This improves load balancing among pods. For more information, see How does CCM calculate node weights in Local mode?

    • API calls of cloud services are optimized to improve efficiency and reduce the chances of throttling.

    • When you delete a node with the label service.beta.kubernetes.io/exclude-node, the related route entries are no longer deleted.

  • Fixed issues:

    • The issue that persistence timeout cannot be set to 0 by adding annotations during Service updates.

    • The issue that bandwidth cannot be set to 100 by adding annotations during Service updates.

No impact on workloads

March 2020

Version

Image address

Release date

Description

Impact

v1.9.3.239-g40d97e1-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.239-g40d97e1-aliyun

2020-03-05

  • New features:

    For LoadBalancer Services, the CCM allows you to specify both ECS nodes and ENIs as the backend servers of the related SLB instances.

  • Improvements:

    • The API operations of Alibaba Cloud services can be called over internal networks instead of the Internet. To call the CCM operations, Internet access is no longer required in regions other than China (Beijing), China (Shanghai), and UAE (Dubai).

    • The API operation that is used to query VPC route entries is changed to DescribeRouteEntryList. This provides higher performance when hundreds of queries are received within a short period of time.

No impact on workloads

December 2019

Version

Image address

Release date

Description

Impact

v1.9.3.220-g24b1885-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.220-g24b1885-aliyun

2019-12-31

  • vSwitch IDs are supported. You can specify vSwitch IDs in CloudConfig in the following format: :vswithid1,:vswitchid2.

  • Backoff is supported when throttling is enabled. Backoff allows failed requests to rejoin the reconcile queue every 30 to 180 seconds.

  • The number of worker threads to be reconciled is adjusted to 2. This allows you to fully utilize the queries per second (QPS) quota on API calls to speed up the reconciliation process.

  • The issue that the CCM quits unexpectedly due to concurrent Map reads and writes based on the aliyungo SDK is fixed.

  • When a node is removed from an ACK cluster, the related route entries are automatically deleted from the VPC route table by the CCM.

  • The issue that port configurations cannot be changed due to port dependencies for HTTP port forwarding is fixed.

  • If the backend server of an SLB instance is an ECS instance, the serverip field is no longer required when you change the backend server. This prevents errors caused by the changes of default serverip values in API requests when you add backend servers.

  • The route entries of a node are added to the VPC route table only if the status of the node is known.

  • NAT IP addresses are no longer added to node metadata by the CCM. This fixes the issue that the API server occasionally fails to connect to the kubelet.

  • When you modify the configurations of a listener, the start listener operation is called only if the listener is in the inactive state. This prevents throttling on API requests.

No impact on workloads

November 2019

Version

Image address

Release date

Description

Impact

v1.9.3.193-g6cddde4-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.193-g6cddde4-aliyun

2019-11-19

  • The label service.beta.kubernetes.io/exclude-node can be added to a node. After the label is added, the node is no longer managed by the CCM.

  • Multiple backend pods can be added to an SLB instance at a time. The network type of the pods must be Terway.

  • The node weight cannot be less than 1 for Services in Local mode (when externalTrafficPolicy=Local is set for the Services).

  • The issue that vServer groups are repeatedly created when concurrent requests are processed is fixed.

  • The issue that stale data is generated due to caching when you set node weights is fixed.

No impact on workloads

September 2019

Version

Image address

Release date

Description

Impact

v1.9.3.164-g2105d2e-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3-164-g2105d2e-aliyun

2019-09-11

  • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id annotation can be used to renew a certificate.

  • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-forward-port annotation can be used to enable port forwarding from an HTTP port to an HTTPS port.

  • The following annotations can be used to create SLB instances with access control list (ACL) settings: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-status, service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-id, and service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-type.

  • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-remove-unscheduled-backend annotation can be used to remove unschedulable nodes.

  • When the Terway network plug-in is used, you can use the service.beta.kubernetes.io/backend-type: "eni" annotation to add pods that are assigned ENIs as the backend servers of an SLB instance. This improves network forwarding performance.

  • Services in Local mode (when externalTrafficPolicy=Local is set for the Services) can automatically set node weights based on the number of pods on each node.

No impact on workloads

April 2019

Version

Image address

Release date

Description

Impact

v1.9.3.105-gfd4e547-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.105-gfd4e547-aliyun

2019-04-15

  • Multiple route tables can be created for a VPC. Configuration files can be used to set multiple route tables for a cluster.

  • The issue that updated HTTP configurations do not take effect is fixed.

No impact on workloads

March 2019

Version

Image address

Release date

Description

Impact

v1.9.3.81-gca19cd4-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.81-gca19cd4-aliyun

2019-03-20

  • Existing SLB instances that are not created by ACK can be reused by ACK managed clusters and ACK dedicated clusters.

  • Custom node names are supported. Node naming is no longer reliant on the nodeName field in Kubernetes.

  • The compatibility issue between CCM 1.8.4 and Kubernetes 1.11.5 is fixed. We recommend that you update the CCM to the latest version.

No impact on workloads

December 2018

Version

Image address

Release date

Description

Impact

v1.9.3.59-ge3bc999-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.59-ge3bc999-aliyun

2018-12-26

  • An SLB instance can be shared by multiple Kubernetes Services.

    • If an SLB instance is created along with a Service, you cannot reuse this SLB instance when you create other Services. Otherwise, the SLB instance may be deleted. Only SLB instances that are manually created in the console or by calling the API can be used to expose multiple Services.

    • Kubernetes Services that share the same SLB instance must use different frontend listening ports. Otherwise, port conflicts may occur.

    • When you reuse an SLB instance, you must use the listener name and vServer group name as identifiers. Do not modify the names of listeners or vServer groups.

    • You can modify the SLB instance name.

    • You cannot share SLB instances across clusters.

  • VPC route tables are managed in sequence instead of in parallel. This prevents throttling.

No impact on workloads

August 2018

Version

Image address

Release date

Description

Impact

v1.9.3.10-gfb99107-aliyun

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.10-gfb99107-aliyun

2018-08-15

  • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-master-zoneid annotation can be used to specify the primary zone for an automatically created SLB instance.

  • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-slave-zoneid annotation can be used to specify secondary zones for an automatically created SLB instance.

    Note

    This parameter does not take effect in regions that do not support SLB instances that are deployed across the primary zone and secondary zones.

  • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners annotation can be used to specify whether to overwrite the existing listeners when you reuse an existing SLB instance. A value of true overwrites the existing listeners when you reuse an existing SLB instance.

  • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth annotation can be used to specify the bandwidth when you create a pay-by-bandwidth SLB instance. The bandwidth is shared among listeners of the SLB instance.

No impact on workloads

June 2018

Version

Image address

Release date

Description

Impact

v1.9.3

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3

2018-06-25

  • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-backend-label annotation can be used to add worker nodes with specific labels as the backend servers of an SLB instance.

  • The service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec annotation can be used to specify the SLB instance type, such as shared-resource or high-performance.

  • The externalTraffic: Local mode for Services is supported. If this mode is enabled, only nodes that host the pods are added as the backend servers of the related SLB instance.

  • If a node is added to or removed from a cluster, the node is automatically added to or removed from the backend servers of the related SLB instances.

  • When the labels of a node are changed, the node is automatically added to or removed from the backend servers of the related SLB instances.

  • Sticky sessions are supported.

  • Listeners are no longer managed by the system when you create a Service by using an existing SLB instance. You must manually add listeners.

No impact on workloads