Basic information and changelog for Cloud Controller Manager-Container Service for Kubernetes(ACK)-阿里云帮助中心

The Cloud Controller Manager (CCM) manages load balancing for cross-node communication within a Kubernetes cluster. This topic describes the CCM component, its usage instructions, and release notes.

Introduction

The cloud controller manager (CCM) integrates Kubernetes with Alibaba Cloud services, such as Classic Load Balancer (CLB), formerly known as Server Load Balancer (SLB), Network Load Balancer (NLB), and Virtual Private Cloud (VPC). CCM provides the following features:

Manage load balancers
When you set the type of a Service to Type=LoadBalancer, CCM creates a Classic Load Balancer (CLB) or Network Load Balancer (NLB) instance for the Service and configures resources such as listeners and backend server groups. When the backend endpoints or cluster nodes of the Service change, CCM automatically updates the vServer groups of the associated CLB or NLB instance.
Enable cross-node communication
If your cluster uses Flannel as its network component, CCM enables cross-node communication by adding the pod CIDR block of each node to the VPC route table. This allows containers on different nodes to communicate with each other. This feature requires no configuration and works automatically after installation.

Usage notes

The CCM component creates a Classic Load Balancer (CLB) or a Network Load Balancer (NLB) for a Service, configuring resources such as listeners and backend server groups. For more information, see Considerations for Service load balancing.
The CCM component offers extensive annotations to configure various load balancing capabilities. For detailed instructions, see Configure Classic Load Balancer (CLB) using annotations and Configure Network Load Balancer (NLB) using annotations.
If a CCM upgrade check fails, see Troubleshoot Cloud Controller Manager (CCM) component upgrade check failures.

Changelog

April 2026

Version

Image address

Date

Changes

Impact

v2.14.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.14.0

April 13, 2026

New features:

Network Load Balancer (NLB) now lets you use the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ip-version: "DualStack" to attach both IPv4 and IPv6 backends to a server group, automatically enabling IP version affinity.
NLB now supports the spec.loadBalancerSourceRanges field to specify which source ranges can access the Service.
You can now use the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-default-weight to configure or update the default weight of a server group.

This upgrade does not affect your workloads.

January 2026

Version

Image address

Date

Description

Impact

v2.13.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.13.0

January 30, 2026

New features:

Classic Load Balancer (CLB) now supports adding additional domain certificates to HTTPS listeners using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-domain-extensions annotation.
Network Load Balancer (NLB) now supports adding additional certificates to TCPSSL listeners using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-cert-ids annotation.
NLB now supports configuring cross-zone forwarding (enabled by default) using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cross-zone-enabled annotation.

Optimizations:

Improved the ENI attachment logic to prevent an attachment failure on one pod from affecting other attachments.
The controller now automatically selects an available VSwitch from the cluster when you create a private CLB without specifying one.

This update has no impact on your workloads.

December 2025

Version

Image address

Release date

Description

Impact

v2.12.4

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.4

December 11, 2025

New feature:

Added support for the Pod readiness gate webhook. This feature is enabled by default for new clusters. For more information, see Configure readiness gates to ensure smooth Pod updates.

Fixed issue:

Fixed an issue where deleting a Service of type NLB did not automatically clean up the associated server group.

This upgrade has no impact on workloads.

November 2025

Version

Image address

Release date

Description

Impact

v2.12.3

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.3

November 19, 2025

New feature:

CCM now automatically removes Lingjun node resources from a cluster when the corresponding Lingjun instances are released.

Improvement:

The CLB error log now includes the pod name (targetRef) and node information when CCM fails to find the elastic network interface (ENI) for a backend pod IP.

Fixed issue:

Fixed a potential panic during Service synchronization when querying NLB information or when an asynchronous task call fails.

This upgrade does not impact your workloads.

September 2025

Version	Image address	Release date	Description	Impact
v2.12.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.1	September 11, 2025	Important Starting with this version, the default billing method for newly created CLB instances changes from Pay-By-Spec to Pay-By-CLCU. Existing CLB instances are not affected. For details, see [Product Changes] Default load balancer type and billing method change for new Services and Nginx Ingress Controller. New features: Changes the default billing method for newly created CLB instances from Pay-By-Spec to Pay-By-CLCU. Ignores hybrid cloud nodes. Skips processing node change events for Services that directly mount pod ENIs to load balancer backends in Terway clusters created after August 10, 2020. Improvements: Improves CLB and NLB processing speed and performance. Adds a limited number of wait-and-retry attempts when NLB OpenAPI calls are rate-limited. Optimizes metrics related to the synchronization latency for Services, routes, and nodes. Changes the retry wait time for `readinessGate` from exponential backoff to a fixed value. Fixed issues: Fixes an issue where the backend's `targetPort` was not correctly used as the health check port in NLB configurations that use both a listener port range and a manually configured health check. Fixes an issue in mixed ECS and ECI/ACS deployments where ECI/ACS instances failed to attach or received incorrect backend weights.	This upgrade has no impact on your workloads.

July 2025

Version	Image address	Release date	Description	Impact
v2.11.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.4	July 17, 2025	Bug fixes Fixed an issue where creating an NLB listener port range by using `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-listener-port-range` failed.	This update has no impact on existing services.

June 2025

Version	Image address	Update time	Changes	Impact
v2.11.3	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.3	June 27, 2025	New feature: Adds support for ECS metadata in hardening mode only. Improvement: Skips the OpenAPI call to add servers when the server group is empty upon creation. Bug fix: Fixed an issue where servers failed to be added when `targetPort` was set to a named port and only a subset of pods were selected in the service configuration.	This upgrade has no impact on your workloads.

May 2025

Version	Image address	Date	Changes	Impact
v2.11.2	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.2	May 29, 2025	Optimizations: Optimized the server group sync logic to reduce OpenAPI calls.	This upgrade has no impact on your workloads.
v2.11.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.1	May 15, 2025	New Features: Added support for ignoring backend server weight updates by using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ignore-weight-update` annotation. Cloud Load Balancer (CLB) now supports assigning multiple access control (ACL) IDs to apply multiple access control policies. You can now use the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-listener-port-range` annotation to configure a listener port range for Network Load Balancer (NLB). You can now use the `NLB_ENDPOINT` environment variable to configure a custom OpenAPI endpoint for Network Load Balancer (NLB). Optimizations: Improved the processing speed for node joining and route addition, reducing the number of OpenAPI calls. Parallelized listener and server group operations during Service synchronization to reduce the sync time for a single Service. When creating a Network Load Balancer (NLB) instance via an OpenAPI call, if an Elastic IP Address (EIP) instance ID or IPv4 private address is not specified, a null pointer is now passed instead of an empty string. The DescribeNetworkInterfaces API call now uses `NextToken` for pagination instead of `PageSize`. Bug Fixes: Fixed an issue with Network Load Balancer (NLB) where a Service that uses a ReadinessGate would fail to retry if its Pod was not ready.	This upgrade has no impact on your workloads.

March 2025

Version	Image address	Date	Description	Impact
v2.10.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.4	March 24, 2025	New features: Disables the source/destination check on the primary network interface for new ECS instances added to an ACK cluster. For more information, see [Product Change] Announcement on Disabling the Source/Destination Check by Default for New ECS Instances in ACK clusters.	This upgrade does not affect your workloads.

January 2025

Version	Image address	Release date	Description	Impact
v2.10.2	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.2	January 20, 2025	New feature: You can add the `node.alibabacloud.com/spot-strategy` label to a node to identify whether the node is a preemptible instance. Improvement: Improved performance by synchronizing a server group only once, even when it is used by multiple listeners from the same Service. Fixed issues: Fixed an issue where a load balancer instance failed to be created when a `LoadBalancer` Service was changed to another type and then changed back to the `LoadBalancer` type. Fixed a "pod not found" error that occurred when updating the readiness status of a pod. When you update load balancer instance labels, ignore system labels that start with `acs:`.	This upgrade has no impact on your workloads.

October 2024

Version

Image address

Release date

Description

Impact

v2.10.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.0

October 21, 2024

Important

Starting with this version, changes to the value of the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags annotation apply to both newly created and existing load balancer instances. When you use this annotation, do not modify the tags of the load balancer instance in the console. Before upgrading, ensure the tags on the load balancer instance match the annotation's value.

New features:
- Adds support for readinessGate.
- Adds support for modifying tags on an existing instance by using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags annotation.
- Adds support for adding the node.alibabacloud.com/nodepool-id and node.alibabacloud.com/instance-charge-type tags to nodes.
- Network Load Balancer (NLB) now supports ALPN policies for TCPSSL listeners by using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn and service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn-policy annotations.
Improvements:
- Upgrades the base image to Alpine 3.18.
- Adds a reconcileID to the log output.
Fixed issues:
- Fixed an issue where the CLB Controller might incorrectly manage a Service backed by an NLB instance.

This upgrade does not impact your workloads.

May 2024

Version	Image address	Release date	Description	Impact
v2.9.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.9.1	May 10, 2024	Important Starting from this version, new CLB and NLB instances and their associated resources, such as server groups, are created in the cluster's resource group by default. Existing CLB and NLB instances are not affected. New features: CLB now supports the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-slbport` to enable the `X-Forwarded-SLBPort` request header. CLB now supports the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-clientsrcport` to enable the `X-Forwarded-Client-srcport` request header. NLB now supports the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth-package-id` to specify the ID of an EIP bandwidth plan. Deletion protection and configuration read-only mode are now enabled by default for new NLB instances. NLB now supports the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port` to reuse a server group. This annotation applies only when an existing NLB instance is reused. When multiple Services reuse the same NLB instance, you can use the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight` annotation to set the traffic weight for the current Service. This annotation applies only when an existing vServer group is reused. You can now reuse NLB instances across different VPCs in the same region. For dual-stack NLB instances, you can now attach IPv6 backend servers by using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-backend-ip-version: ipv6` annotation. For dual-stack NLB instances, you can now use the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ipv6-address-type` annotation to specify the IPv6 network type as public or private. NLB now supports passing `VpcId`, `PrivateLinkEpId`, and `PrivateLinkEpsId` information to backend servers through Proxy Protocol with the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-ep-id-enabled`, `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-eps-id-enabled`, and `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-vpc-id-enabled` annotations. In dual-stack clusters, the controller now automatically adds the IPv6 addresses of ECS instances to nodes. Improvements: The controller now uses `EndpointSlice` by default instead of `Endpoint` for endpoint discovery. The controller now checks for empty route table IDs. The controller now validates OpenAPI return values in reuse scenarios. The controller now uses the `resourceVersion=0` parameter when initiating List requests. Fixed issues: Fixed an issue where the `NetworkUnavailable` status was not set during node initialization in Flannel network mode. Fixed an issue where the NLB server group was assigned to the wrong resource group when using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id` annotation.	This upgrade does not affect your workloads.

October 2023

Version	Image address	Release date	Description	Impact
v2.8.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.8.1	October 16, 2023	New features: Adds support for the Addon Token authorization mode. NLB now supports creating IP-based server groups using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-server-group-type` annotation. For more information about NLB server group types and descriptions, see NLB server groups. Improvements: Clients now access the API server directly to prevent stale data due to caching. NLB: Improved the server group creation logic to prevent the creation of duplicate server groups. CLB: Added IP address validation when mounting pod ENIs to a CLB instance, requiring the IP address to be within the cluster's VPC.	This upgrade does not affect existing services.

June 2023

Version	Image address	Release date	Changes	Impact
v2.7.0	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.7.0	June 21, 2023	New features: Adds support for specifying an IP address for an internal load balancer with the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ip` annotation. Improvements: Optimized the synchronization logic for CLB and NLB server groups to reduce synchronization failures due to insufficient quotas. Updated the Service hash calculation method to reduce hash changes during cluster upgrades. Fixed issues: Fixed an issue that prevented the Service configuration from being updated after an EIP annotation was set. Fixed an issue that prevented the HTTP protocol from being set for other ports after configuring the ForwardPort annotation.	This upgrade does not impact existing services.

March 2023

Version	Image address	Release date	Description	Impact
v2.6.0	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.6.0	March 2, 2023	New features: The label for excluding nodes from the load balancer backend, `alpha.service-controller.kubernetes.io/exclude-balancer`, is deprecated. Use the new label `node.kubernetes.io/exclude-from-external-load-balancers` instead. You can now configure a single listener with both TCP and UDP protocols for a load balancer. CLB supports using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-switch` annotation to disable TCP and UDP health checks. CLB supports the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-proxy-protocol` annotation for configuring the Proxy Protocol on TCP and UDP listeners. Important This feature does not support online migration. Enabling it requires a service upgrade with downtime. Proceed with caution. CLB validates the certificate validity period when syncing an HTTPS listener. If a certificate is expired, the CLB synchronization fails. NLB supports using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-security-group-ids` to configure security groups. Improvements: Switched the resource lock for CCM leader election from `endpointsleases` to `leases` to reduce the frequency of leader switches. Optimized the load balancer synchronization logic. Now, vServer groups are updated even if the load balancer's properties, such as its name or resource group, fail to update. Optimized the detection criteria for node changes to reduce the number of Service synchronizations. Fixed issues: Fixed an intermittent issue where ready nodes were incorrectly marked as NotReady.	This upgrade does not affect your workloads.

October 2022, March 2023, August 2023, and June 2024

Version	Image address	Release date	Description	Impact
v2.5.1	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.5.1	October 12, 2022	New features: ACK supports creating a Network Load Balancer (NLB) resource for a Service of the loadBalancer type that has loadBalancerClass set to `alibabacloud.com/nlb`. This feature is supported only in Kubernetes 1.24 and later versions. For more information, see What is Network Load Balancer (NLB). ACK supports creating different types of cloud resources based on the `spec.loadBalancerClass` field of a Service. If this field is not set, a CLB is created by default. If it is set to `alibabacloud.com/nlb`, an NLB is created. This feature is supported only in Kubernetes 1.24 and later versions. Improvements: Fixed an issue where a reused IPv6 SLB instance could not be deleted. Fixed an intermittent issue that prevented a node from being deleted. The default protocol for OpenAPI calls is now HTTPS.	This upgrade has no impact on your workloads.
v2.4.5	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.5	June 27, 2024	Improvements: Updated the Service hash calculation method to reduce hash changes during events such as a cluster update.	This upgrade has no impact on your workloads.
v2.4.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.4	August 7, 2023	Improvements: Optimized the synchronization logic for CLB server groups to reduce synchronization failures caused by insufficient quotas. CLB now verifies the certificate validity period during HTTPS listener synchronization. An expired certificate will cause the synchronization to fail. Optimized the load balancer synchronization logic. Now, vServer groups are updated even if updates to the load balancer's properties, such as its name or resource group, fail.	This upgrade has no impact on your workloads.
v2.4.3	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.3	March 2, 2023	Fixed an intermittent issue where ready nodes were incorrectly marked as NotReady.	This upgrade has no impact on your workloads.
v2.4.2	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.2	October 12, 2022	Improvements: Fixed an issue where a reused IPv6 SLB instance could not be deleted. Fixed an intermittent issue that prevented a node from being deleted.	This upgrade has no impact on your workloads.

June 2022

Version	Image address	Release date	Description	Impact
v2.4.0	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.0	June 20, 2022	New features: Supports setting the billing method for a Server Load Balancer (SLB) instance using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-instance-charge-type`. Supports setting a security policy for an SLB instance using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-tls-cipher-policy`. This feature is for HTTPS listeners only. The cloud controller manager (CCM) now automatically populates an empty `node.spec.providerID` field when a node is added. Supports adding the `service.k8s.alibaba/loadbalancer-id` label to Services of type LoadBalancer. This label stores the ID of the associated SLB instance. Improvements: When a node has the ToBeDeletedByClusterAutoscaler taint, it will not be added to the backend of a load balancer. Fixed an issue that prevented the deletion of conflicting routes with the same route CIDR block. Optimized concurrent route synchronization to reduce false positives.	This upgrade has no impact on your workloads.

March 2022

Version	Image address	Release date	Description	Impact
v2.3.0	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.3.0	March 21, 2022	New features: Adds support for setting a hostname for a Service via the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-hostname`. Adds support for setting the connection timeout for a listener on an SLB instance via the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-established-timeout`. This feature is available only for the TCP protocol. Adds support for setting the request timeout for a listener on an SLB instance via the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-request-timeout`. This feature is available only for the HTTP and HTTPS protocols. Adds support for specifying the health check method for an SLB instance via the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-method`. This feature is available only for HTTP health checks. Improvements: Added validation for the vServer group format when reusing an existing vServer group. Optimized the vSwitch selection logic to prevent the default vSwitch from being empty. Optimized the vServer group synchronization logic to reduce OpenAPI calls.	This upgrade does not affect your workloads.

November 2021

Version	Image address	Release date	Description	Impact
v2.1.0	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.1.0	November 22, 2021	New features: You can use the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-proto` to configure whether to retrieve the SLB listener protocol from the X-Forwarded-Proto header. You can set the idle connection timeout by using the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-idle-timeout`. You can configure whether to enable the HTTP/2 feature by using the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-http2-enabled`. Improvements: Supports setting the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight` annotation to 0 for inter-cluster traffic switching. Fixed issues: Fixed an issue where CLB listeners could not be created in clusters with a large number of pods. Fixed an issue where changing the `targetPort` of a Service did not update the corresponding CLB instance.	This update has no impact on existing services.

September 2021

Version	Image address	Release date	Description	Impact
v2.0.1	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.0.1	2021-09-02	New features: Added support for reusing an existing vServer group with the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port annotation. This annotation applies only when an existing SLB instance is reused. For more information, see Use the CCM to deploy services across clusters. Added support for setting a Service's traffic weight with the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight annotation when multiple Services reuse the same SLB instance. This annotation applies only when an existing vServer group is reused. For more information, see Use the CCM to deploy services across clusters. Added support for configuring connection draining for an SLB instance with the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain annotation. Only the TCP and UDP protocols are supported. Added support for setting the connection draining timeout period for an SLB instance with the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout annotation. Only the TCP and UDP protocols are supported. Added support for setting the TargetPort field to a string value. Added a finalizer to Services of type LoadBalancer. Improvements: Upgraded the base image to Alpine 3.13. Changed the Prometheus metrics port from 10258 to 8080. Added scheduled synchronization of node labels.	This upgrade has no impact on your workloads.

April 2021

Version	Image address	Release date	Description	Impact
v1.9.3.380-gd6d0962-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.380-gd6d0962-aliyun	2021-04-20	Fixed an issue where the default server group could not be updated. Surfaced a warning event when an SLB instance has no backend servers.	This upgrade does not impact your workloads.

March 2021

Version	Image address	Release date	Description	Impact
v1.9.3.378-g42eac35-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.378-g42eac35-aliyun	2021-03-08	New features: Adds support for adding ECS instances from outside a cluster to a vServer group. Now automatically adds the `kubernetes.reused.by.user` label when reusing an SLB instance. Improvements: Improved Service processing speed by adjusting the number of concurrent threads. Improved virtual-node processing by ignoring Service synchronizations triggered by virtual-node status changes. The `service.beta.kubernetes.io/exclude-node` label is deprecated. Use `service.alibabacloud.com/exclude-node` instead. Added resource group validation when reusing an SLB instance. The resource group ID in the annotation must match the SLB instance's resource group ID. Otherwise, the reuse fails. Improved event content readability. Updated the priority logic for annotations. If a Service has both a new and an old version of the same annotation, the new version takes precedence. Fixed issues: Fixed a route deletion failure caused by missing node configurations. Fixed an issue with missing taints during node initialization. This change prevents workload Pods from being scheduled to a node before its routes are created.	This upgrade has no impact on your workloads.

December 2020

Version	Image address	Release date	Description	Impact
v1.9.3.339-g9830b58-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.339-g9830b58-aliyun	December 18, 2020	Added a hash value to LoadBalancer Services to improve synchronization. When the CCM restarts, it now only synchronizes the vServer group backends for unmodified Services. This change prevents unnecessary updates to load balancer and listener configurations. Optimized SLB OpenAPI calls to reduce the risk of throttling.	This upgrade has no impact on your workloads.

September 2020

Version	Image address	Release date	Description	Impact
v1.9.3.316-g8daf1a9-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.316-g8daf1a9-aliyun	2020-09-29	Fixed an intermittent issue where VServer groups for Server Load Balancer (SLB) were not updated. Updated the health check port from 10252 to 10258.	This upgrade does not impact your workloads.

August 2020

Version	Image address	Release date	Description	Impact
v1.9.3.313-g748f81e-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.313-g748f81e-aliyun	August 10, 2020	New features: You can configure SLB deletion protection by using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-delete-protection. By default, deletion protection is enabled for new SLBs. You can use the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-modification-protection to set the configuration read-only mode for a Server Load Balancer (SLB). This mode is enabled by default for new SLBs. You can specify the resource group for a Server Load Balancer (SLB) by using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id. This setting takes effect only at creation time and cannot be modified. You can specify the SLB name by using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-name. The cloud controller manager now makes Alibaba Cloud OpenAPI calls over the private network. This change removes the dependency on the public network in all supported regions. For an SLB instance created by a LoadBalancer service, a default tag is added with the format `ack.aliyun.com: {your-cluster-id}` (effective for new clusters only). Supports the community-standard provider ID format: `<cloudProvider>://<optional>/<segments>/<provider id>`. In new ACK clusters that use the Terway network mode, the system now directly adds the elastic network interface (ENI) IP addresses of pods as backends to SLB instances for LoadBalancer services. This improves network performance. Note: For this type of LoadBalancer service, the targetPort field does not support string values. Improvements: Upgraded the base image to Alpine 3.11.6. Updating a listener now also synchronizes its corresponding virtual server group. Optimized SLB API calls to reduce the creation time of SLB instances.	This update does not impact your services.

June 2020

Version	Image address	Release date	Description	Impact
v1.9.3.276-g372aa98-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.276-g372aa98-aliyun	June 11, 2020	New features: Prevents `LoadBalancer` Services from reusing the SLB instance associated with the cluster API server. Added Prometheus metrics, including `ccm_node_latencies_duration_milliseconds`, `ccm_route_latencies_duration_milliseconds`, and `ccm_slb_latencies_duration_milliseconds`, to expose the synchronization latency of the CCM. Emits events to track the synchronization between a Service and its associated load balancer. Improvements: Optimized the node weight calculation in Local mode (`externalTrafficPolicy=Local`) to distribute loads more evenly across pods. For more information, see How does CCM calculate node weights in Local mode?. Optimized cloud product API calls to improve efficiency and reduce the risk of throttling. When a node has the service.beta.kubernetes.io/exclude-node label, deleting the node no longer deletes the associated routes. Fixed issues: Fixed an issue that prevented the persistence timeout from being set to 0 through an annotation when updating a Service. Fixed an issue that prevented setting the bandwidth annotation to 100 when updating a Service.	This update does not affect existing Services.

March 2020

Version	Image address	Release date	Description	Impact
v1.9.3.239-g40d97e1-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.239-g40d97e1-aliyun	2020-03-05	New feature: For Services of type LoadBalancer, the cloud controller manager (CCM) supports attaching both Elastic Compute Service (ECS) nodes and elastic network interfaces (ENIs) as backends to a Server Load Balancer (SLB) instance. Improvements: The cloud controller manager (CCM) now makes Alibaba Cloud OpenAPI calls over the internal network instead of the Internet, removing its dependency on the Internet. This feature is not yet supported in the China (Beijing), China (Shanghai), and UAE (Dubai) regions. The CCM now uses the DescribeRouteEntryList operation to query Virtual Private Cloud (VPC) route entries. This prevents performance issues when querying hundreds of entries in a short period.	This upgrade has no impact on your workloads.

December 2019

Version	Image address	Release date	Description	Impact
v1.9.3.220-g24b1885-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.220-g24b1885-aliyun	2019-12-31	Added support for configuring vSwitch IDs in `CloudConfig` in the format `:vswitchid1,:vswitchid2`. Added a retry backoff mechanism to handle OpenAPI throttling. Failed requests now rejoin the reconciliation queue after a 30 to 180-second interval. Adjusted the number of reconciliation worker threads to two to make full use of the OpenAPI QPS quota and accelerate reconciliation. Fixed a bug where concurrent map reads and writes in the `aliyungo` SDK caused the CCM to crash. When a node is removed from a Kubernetes cluster, the CCM now automatically deletes the corresponding VPC route table entry. Fixed an issue where dependencies prevented changes to port configurations for HTTP forwarding. If an SLB instance's backend server type is ECS, the CCM no longer checks the serverip field when updating backend servers. This prevents backend attachment failures caused by changes to the default serverip value in the OpenAPI. The CCM now adds a VPC route table entry for a node only when the node status is known. The CCM no longer adds a NAT IP to node metadata. This fixes an intermittent connectivity issue between the API server and the kubelet. When updating a listener, the CCM now calls the start listener OpenAPI operation only when the listener is inactive. This helps prevent OpenAPI throttling.	This upgrade has no impact on existing services.

November 2019

Version	Image address	Release date	Description	Impact
v1.9.3.193-g6cddde4-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.193-g6cddde4-aliyun	November 19, 2019	Excludes nodes from Cloud Controller Manager (CCM) management if they have the service.beta.kubernetes.io/exclude-node label. Enables batch-adding pods with the Terway network type as backend servers to a Server Load Balancer (SLB). Enforced a minimum node weight of 1 for Services in Local mode (where externalTrafficPolicy=Local). Fixed an issue where duplicate vServer groups were created due to concurrency. Fixed an issue where setting node weights generated stale data due to caching.	This upgrade has no impact on your workloads.

September 2019

Version	Image address	Release date	Description	Impact
v1.9.3.164-g2105d2e-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3-164-g2105d2e-aliyun	September 11, 2019	You can now update a certificate by using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id. You can now enable port forwarding from HTTP to HTTPS by using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-forward-port. You can now create an SLB instance with an access control list (ACL) by using the following annotations: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-status, service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-id, and service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-type. You can now configure the removal of unschedulable nodes by using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-remove-unscheduled-backend. In clusters that use the Terway network plugin, you can now add pods with Elastic Network Interfaces (ENIs) as backend servers of an SLB instance by using the annotation: service.beta.kubernetes.io/backend-type:"eni", which improves network forwarding performance. In Local mode (when externalTrafficPolicy=Local is set for a service), the service automatically sets each node's weight based on its number of pods.	This update has no impact on existing services.

April 2019

Version	Image address	Release date	Description	Impact
v1.9.3.105-gfd4e547-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.105-gfd4e547-aliyun	April 15, 2019	Added support for multiple VPC route tables. You can now use a configuration file to configure them for a cluster. Fixed an issue where updates to HTTP configurations failed to apply.	This update does not affect your workloads.

March 2019

Version	Image address	Release date	Description	Impact
v1.9.3.81-gca19cd4-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.81-gca19cd4-aliyun	March 20, 2019	ACK managed clusters and ACK dedicated clusters can now reuse existing Server Load Balancer (SLB) instances not created by ACK. The Cloud Controller Manager (CCM) now supports custom Kubernetes node names, removing the dependency on the Kubernetes NodeName field. Fixes a compatibility issue between CCM v1.8.4 and Kubernetes v1.11.5. Please upgrade CCM to the latest version.	This update has no impact on your workloads.

December 2018

Version	Image address	Release date	Description	Impact
v1.9.3.59-ge3bc999-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.59-ge3bc999-aliyun	December 26, 2018	You can now share an SLB instance across multiple Kubernetes Services. Do not reuse an SLB instance that a Kubernetes Service creates automatically, as this can cause accidental deletion. You can reuse only the SLB instances that you create manually in the console or by calling OpenAPI. Kubernetes Services that share the same SLB instance must use different frontend listening ports to avoid port conflicts. When reusing an SLB instance, use the listener and vServer group names as identifiers and do not modify them. You can modify the SLB instance name. You cannot share an SLB instance across multiple clusters. VPC route tables are now managed sequentially instead of in parallel. This change prevents VPC throttling.	This upgrade does not affect your workloads.

August 2018

Version	Image address	Release date	Description	Impact
v1.9.3.10-gfb99107-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.10-gfb99107-aliyun	August 15, 2018	You can now specify the primary zone for an automatically created SLB using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-master-zoneid`. You can now specify the secondary zone for an automatically created SLB using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-slave-zoneid`. Note This parameter has no effect in regions that do not support deploying SLB across both primary and secondary zones. You can now overwrite listeners on an existing SLB. Setting the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners` to `true` deletes all existing listeners on the SLB. You can now specify the bandwidth for a pay-by-bandwidth SLB using the annotation `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth`. The SLB's listeners share this bandwidth.	This upgrade has no impact on your workloads.

June 2018

Version	Image address	Release date	Description	Impact
v1.9.3	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3	June 25, 2018	Added support for using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-backend-label to add worker nodes with specific labels as backend servers. Added support for using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec to specify an SLB instance's type, such as shared-resource or high-performance. Supports the `externalTraffic: Local` mode for services. Only the nodes that host the Pods are added to the backend of the Server Load Balancer (SLB). When a node is added to or removed from a cluster, the system automatically adds or removes it from the backend servers of the corresponding SLB instance. When the labels of a node change, the system automatically adds or removes the node from the backend servers of the corresponding SLB instance. Added support for sticky sessions. When you reuse an existing SLB instance to create a service, its listeners are no longer managed. You must add them to the SLB instance manually.	This update does not affect existing workloads.