Basic information and changelog of Cloud Controller Manager - Container Compute Service

The Cloud Controller Manager (CCM) manages load balancing services in Kubernetes clusters. This topic describes the features, usage, and changelog of the CCM.

Component overview

The CCM connects Kubernetes with Alibaba Cloud infrastructure products to manage load balancing services in ACS clusters. It supports Classic Load Balancer (CLB) and Network Load Balancer (NLB). Its features are as follows:

When you set the service type to Type=LoadBalancer, the CCM creates or configures a CLB or NLB instance for the service. This includes resources such as CLB or NLB instances, listeners, and backend servers.
When the backend endpoints or cluster virtual nodes for a service change, the CCM automatically updates the backend server group of the CLB or NLB instance.

Usage instructions

For more information about how to use the CCM to manage load balancing services, see the following documents:
- Before you configure load balancing, review the related notes. For more information, see Notes on Server Load Balancer configurations for a service.
- For more information about how to configure load balancing, see Expose an application using a service that automatically creates a Server Load Balancer instance and Expose an application using a service that uses an existing Server Load Balancer instance.
- The CCM provides many annotations to support a wide range of load balancing features. For detailed usage, see Configure a Classic Load Balancer (CLB) instance using annotations.
For more information about how to resolve a CCM upgrade failure, see A Cloud Controller Manager (CCM) component fails the upgrade check.

Changelog

January 2026

Version number

Registry Address

Modification Time

Changes

Impact

v2.13.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.13.0

January 30, 2026

This version is in grayscale release.

New features:

CLB: Supports configuring additional domain name certificates for HTTPS listeners using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-domain-extensions annotation.
NLB: Supports configuring additional certificates for TCPSSL listeners using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-cert-ids annotation.
NLB: Supports configuring cross-zone forwarding (enabled by default) using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cross-zone-enabled annotation.

Optimizations:

Optimized the ENI attachment logic to prevent attachment failures of some pod ENIs from affecting other ENI attachments.
Supports auto-assigning an available cluster vSwitch when you create a private-network CLB instance without specifying a vSwitch.

This upgrade does not affect your services.

December 2025

Version

Registry address

Modification Time

Changes

Impact

v2.12.4

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.4

December 11, 2025

New feature:

Adds the Pod ReadinessGate webhook feature and enables it by default for new clusters. For more information about how to use this feature, see Ensure smooth pod updates by configuring a Readiness Gate.

Fixed issue:

Fixed an issue where the associated server group was not automatically cleaned up when an NLB service was deleted.

This upgrade does not affect your services.

November 2025

Version

Registry address

Modification Time

Changes

Impact

v2.12.3

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.3

November 19, 2025

Optimization:

When a CLB instance reports an error because it cannot find the ENI corresponding to a backend pod IP address, the new error log includes the specific pod name (targetRef) and its node information.

Fixed issue:

Fixed a panic issue that occurred during service synchronization when querying NLB information or when an asynchronous task call failed.

This upgrade does not affect your services.

September 2025

Version	Registry Address	Modification Time	Changes	Impact
v2.12.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.1	September 11, 2025	Important Starting from this version, the default billing method for new CLB instances changes from pay-by-specification (PayBySpec) to pay-by-CLCU (PayByCLCU). Existing CLB instances are not affected. For more information about this change, see [Product Change] Announcement on the change of the default load balancer type and billing method for new services and Nginx Ingress controllers. New features: The default billing method for newly created CLB instances is changed from pay-by-specification to pay-by-CU. Optimizations: Improves the processing speed of CLB and NLB instances and optimizes performance. When an NLB API call is throttled, the system retries the call after a waiting period. Optimizes metrics related to the synchronization time for services, routes, and nodes. The retry wait time for `readinessGate` is changed from exponential backoff to a fixed value. Fixed issues: Fixed an issue where the backend `targetPort` could not be automatically used as the health check port when an NLB instance was configured with a listener port range and manual health checks.	This upgrade does not affect your services.

July 2025

Version	Registry address	Modification Time	Changes	Impact
v2.11.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.4	July 17, 2025	Fixed issue Fixed an issue where creating an NLB listener port range using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-listener-port-range` annotation failed.	This upgrade does not affect your services.

June 2025

Version	Registry address	Modification Time	Changes	Impact
v2.11.3	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.3	June 27, 2025	Optimization: Skips the OpenAPI call to add servers if the server group is empty upon creation. Fixed issue Fixed an issue where servers failed to be added when targetPort in the service configuration used a port name and only some pods were selected.	This upgrade does not affect your services.

May 2025

Version	Registry address	Modification Time	Changes	Impact
v2.11.2	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.2	May 29, 2025	Optimization: Optimized the server group synchronization logic to reduce OpenAPI calls.	This upgrade does not affect your services.
v2.11.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.1	May 15, 2025	New features: Supports ignoring backend server weight updates using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ignore-weight-update` annotation. CLB supports configuring multiple ACL IDs and access control policy groups. NLB supports configuring listener port ranges using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-listener-port-range` annotation. Supports configuring custom NLB OpenAPI endpoints using the `NLB_ENDPOINT` environment variable. Optimizations: Optimizes the processing speed for adding nodes and routes to reduce the number of OpenAPI calls. Parallelizes service synchronization for listeners and server groups to reduce the synchronization time for a single service. When you call the OpenAPI to create an NLB instance, a null pointer is passed instead of an empty string if you do not specify an EIP instance ID or an IPv4 private IP address. When you call the DescribeNetworkInterfaces operation, `NextToken` is used for pagination instead of `PageSize`. Fixed issue: Fixed an issue for NLB where a service using ReadinessGate did not retry when a pod was not ready.	This upgrade does not affect your services.

January 2025

Version number	Modification Time	Changes	Impact
v2.10.2	January 20, 2024	New features: Supports adding the `node.alibabacloud.com/spot-strategy` label to a node to identify whether the node is a spot instance. Optimizations: When multiple listeners of the same service are associated with the same server group, the server group is synced only once. Bug fixes: Fixed an issue where an SLB instance could not be created if a service of the `LoadBalancer` type was changed to another type and then changed back to the `LoadBalancer` type. Fixed an issue where an error indicating that the pod could not be found was reported when updating the pod readiness state. Ignores system tags that start with `acs:` when updating SLB instance tags.	This upgrade does not affect your services.

December 2024

Version number	Modification Time	Changes	Impact
v2.10.0	December 02, 2024	Important Starting from this version, changes to the value of the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags` annotation take effect on created and reused SLB instances. When you use this annotation, do not modify the SLB tags in the console. Before you upgrade to this version, confirm that the tags on the SLB instance are consistent with the annotation. New features: Supports the readinessGate feature. Supports modifying tags after instance creation using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags` annotation. Supports retaining the SLB instance after the service is deleted using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-preserve-lb-on-delete` annotation. Supports adding the `node.alibabacloud.com/nodepool-id` and `node.alibabacloud.com/instance-charge-type` labels to nodes. NLB: Supports specifying the ALPN policy for `TCPSSL` listeners using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn` and `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn-policy` annotations. Optimizations: Upgraded the base image version to Alpine 3.18. Optimized log output by adding `reconcileID`. Bug fixes: Fixed an issue where a service in an NLB instance might be incorrectly taken over by the CLB controller.	This upgrade does not affect your services.

June 2024

Version number	Modification Time	Change details	Impact
v2.8.3	June 30, 2024	New features: Supports the Addon Token authorization mode. NLB: Supports creating IP-based server groups using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-server-group-type` annotation. For more information about NLB server group classifications and descriptions, see NLB server groups. Optimizations: The client directly accesses the API Server to prevent dirty data caused by the caching mechanism. NLB: Optimized the server group creation logic to prevent the occasional issue of duplicate server group creation. CLB: Added an IP address check when attaching a pod ENI to a CLB instance. The IP address must be within the cluster's VPC.	This upgrade does not affect your services.