Cloud Controller Manager overview and change history - Container Service for Kubernetes

The Cloud Controller Manager (CCM) component manages load balancing and enables cross-node communication in Kubernetes clusters. This topic describes the CCM component, provides usage notes, and lists its change history.

Component overview

The CCM component integrates Kubernetes with Alibaba Cloud infrastructure products, such as Classic Load Balancer (CLB), formerly known as Server Load Balancer (SLB), Network Load Balancer (NLB), and Virtual Private Cloud (VPC). The CCM component provides the following features:

Manage load balancing
When you set the service type to Type=LoadBalancer, the CCM component creates and configures a Classic Load Balancer (CLB) or a Network Load Balancer (NLB) instance for the service. This includes resources such as the CLB or NLB instance, listeners, and backend server groups. When the backend endpoints or cluster nodes for the service change, the CCM component automatically updates the backend vServer group of the CLB or NLB instance.
Enable cross-node communication
When the cluster network component is Flannel, the CCM component connects the container and node networks to enable cross-node communication between containers. The CCM component writes the pod CIDR block of each node to the VPC route table. This feature is enabled by default and requires no configuration.

Usage notes

The CCM component creates and configures a Classic Load Balancer (CLB) or a Network Load Balancer (NLB) instance for the service. This includes resources such as the CLB or NLB instance, listeners, and backend server groups. For more information, see Notes on service load balancing configurations.
The CCM component provides many annotations to support a wide range of load balancing capabilities on the cloud. For more information, see Configure a CLB instance using annotations and Configure an NLB instance using annotations.
For information about how to resolve CCM component upgrade check failures, see Cloud Controller Manager (CCM) component upgrade check failure.

Change history

January 2026

Version number

Registry Address

Modification Time

Changes

Impact

v2.13.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.13.0

January 30, 2026

This version is in a phased rollout.

New features:

CLB supports configuring additional domain name certificates for HTTPS listeners using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-domain-extensions annotation.
NLB supports configuring additional certificates for TCPSSL listeners using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-cert-ids annotation.
NLB supports configuring cross-zone forwarding using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cross-zone-enabled annotation. This feature is enabled by default.

Optimizations:

Optimized the ENI attachment logic to prevent attachment failures of some pod ENIs from affecting other ENI attachments.
When you create an internal-facing CLB instance and do not specify a vSwitch, a random available cluster vSwitch is selected.

This upgrade does not affect your services.

December 2025

Version

Registry Address

Modification Time

Changes

Impact

v2.12.4

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.4

December 11, 2025

New features:

Supports the Pod ReadinessGate webhook feature. This feature is enabled by default for new clusters. For more information, see Ensure smooth pod updates by configuring Readiness Gate.

Bug fixes:

Fixed an issue where associated server groups were not automatically cleaned up when an NLB service was deleted.

This upgrade does not affect your services.

November 2025

Version

Registry Address

Modification Time

Changes

Impact

v2.12.3

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.3

November 19, 2025

New features:

Supports Lingjun nodes: Automatically cleans up Lingjun node resources in the cluster after the Lingjun instance is released.

Optimizations:

When a CLB instance reports an error because it cannot find the ENI that corresponds to a backend pod IP address, the new error log includes the specific pod name (targetRef) and node information.

Bug fixes:

Fixed a panic that occurred during service synchronization when a query for NLB information or an asynchronous task call failed.

This upgrade does not affect your services.

September 2025

Version	Registry Address	Modification Time	Changes	Impact
v2.12.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.12.1	September 11, 2025	Important Starting from this version, the default billing method for new CLB instances changes from pay-by-specification (PayBySpec) to pay-by-CU (PayByCLCU). Existing CLB instances are not affected. For more information about this change, see [Product Change] Announcement on Changes to the Default Load Balancer Type and Billing Method for New Services and NGINX Ingress Controllers. New features: The default billing method for new CLB instances is changed from pay-by-specification to pay-by-CU. Ignores the processing of hybrid cloud nodes. When processing node change events, services that directly attach pod ENIs to the backends of SLB instances are ignored. This applies to Terway clusters created after August 10, 2020. Optimizations: Improves the processing speed and performance of CLB and NLB instances. When an NLB API call to OpenAPI is throttled, the system retries the call after a waiting period. Optimizes metrics related to the synchronization time of services, routes, and nodes. The retry interval for `readinessGate` is changed from exponential backoff to a fixed value. Bug fixes: Fixed an issue where the health check port could not be automatically set to the backend `targetPort` when an NLB instance was configured to use a listener port range and health checks were manually configured. Fixed an issue where ECI or ACS instances could not be attached or the backend weight was incorrectly set in hybrid deployments of ECS and ECI/ACS instances.	This upgrade does not affect your services.

July 2025

Version	Registry Address	Modification Time	Changes	Impact
v2.11.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.4	July 17, 2025	Bug fixes Fixed an issue where creating an NLB listener port range using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-listener-port-range` annotation failed.	This upgrade does not affect your services.

June 2025

Version	Registry Address	Modification Time	Changes	Change Impact
v2.11.3	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.3	June 27, 2025	New features Supports the ECS Metadata reinforced-only mode. Optimizations: Skips the OpenAPI call to add servers when the server group is empty during its creation. Bug fixes Fixed an issue where adding servers failed when the targetPort in the service configuration used a port name and only some pods were selected.	This upgrade does not affect your services.

May 2025

Version Number	Registry Address	Modification time	Changes	Impact
v2.11.2	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.2	May 29, 2025	Optimizations: Optimized the server group synchronization logic to reduce OpenAPI calls.	This upgrade does not affect your services.
v2.11.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.11.1	May 15, 2025	New features: Supports ignoring backend server weight updates using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ignore-weight-update` annotation. CLB supports configuring multiple access control policy groups using multiple ACL IDs. NLB supports configuring listener port ranges using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-listener-port-range` annotation. Supports configuring a custom NLB OpenAPI endpoint using the `NLB_ENDPOINT` environment variable. Optimizations: Improves the processing speed for adding nodes and routes and reduces the number of OpenAPI calls. Parallelizes listener and server group operations for service synchronization to reduce the time required for a single service synchronization. Passes a null pointer instead of an empty string when calling the OpenAPI to create an NLB instance if no EIP instance ID or private IPv4 address is specified. Uses `NextToken` instead of `PageSize` for paging when calling the DescribeNetworkInterfaces API. Bug fixes: NLB: Fixed an issue where retries were not performed when a pod was not ready while the service was using ReadinessGate.	This upgrade does not affect your services.

March 2025

Version	Registry Address	Change Time	Changes	Impact
v2.10.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.4	March 24, 2025	New features: Disables the source and destination IP address check for the primary NIC of new ECS instances added to the cluster. For more information about why this feature was added, see [Product Change] Announcement on Disabling Source/Destination IP Check for New ECS Instances in ACK Clusters by Default.	This upgrade does not affect your services.

January 2025

Version	Registry Address	Modification Time	Changes	Impact
v2.10.2	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.2	January 20, 2025	New features: Supports adding the `node.alibabacloud.com/spot-strategy` tag to nodes to identify whether a node is a spot instance. Optimizations: When multiple listeners of the same service are associated with the same server group, the server group is synchronized only once. Bug fixes: Fixed an issue where an SLB instance could not be created after a `LoadBalancer` service was changed to another type and then back to the `LoadBalancer` type. Fixed an issue where an error was reported indicating that a pod could not be found when updating the pod readiness state. Ignores system tags that start with `acs:` when updating SLB instance tags.	This upgrade does not affect your services.

October 2024

Version

Registry Address

Change Time

Changes

Impact

v2.10.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager:v2.10.0

October 21, 2024

Important

Starting from this version, changes to the value of the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags annotation take effect on both created and reused SLB instances. When you use this annotation, do not modify the SLB tags in the console. Before you upgrade to this version, make sure that the tags on the SLB instance are consistent with the annotation.

New features:
- Supports the readinessGate feature.
- Supports modifying tags after instance creation using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags annotation.
- Supports preserving an SLB instance after a service is deleted using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-preserve-lb-on-delete annotation.
- Supports adding the node.alibabacloud.com/nodepool-id and node.alibabacloud.com/instance-charge-type tags to nodes.
- NLB supports specifying the ALPN policy for TCPSSL listeners using the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn and service.beta.kubernetes.io/alibaba-cloud-loadbalancer-alpn-policy annotations.
Optimizations:
- Upgrades the base image version to Alpine 3.18.
- Optimizes log output by adding reconcileID.
Bug fixes:
- Fixed an issue where a service in an NLB instance might be incorrectly taken over by the CLB controller.

This upgrade does not affect your services.

May 2024

Version	Registry Address	Modification Time	Changes	Impact
v2.9.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.9.1	May 10, 2024	Important Starting from this version, new CLB and NLB instances and their associated resources, such as server groups, belong to the resource group of the cluster by default. Existing CLB and NLB instances are not affected. New features: When you create a new CLB or NLB instance, the resource group ID of the cluster is used by default. CLB supports enabling the `X-Forwarded-SLBPort` request header using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-slbport` annotation. CLB supports enabling the `X-Forwarded-Client-srcport` request header using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-clientsrcport` annotation. NLB supports specifying a shared bandwidth ID using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth-package-id` annotation. Deletion protection and configuration read-only mode are enabled by default for new NLB instances. NLB supports reusing server groups using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port` annotation. This annotation takes effect only when you reuse an existing NLB instance. When multiple services reuse the same NLB instance, you can set the weight of traffic received by the current service using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight` annotation. This annotation takes effect only when you reuse an existing vServer group. Supports reusing NLB instances across VPCs in the same region. Dual-stack NLB instances support attaching IPv6 backends using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-backend-ip-version: ipv6` annotation. Dual-stack NLB instances support specifying the IPv6 public or private network type using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ipv6-address-type` annotation. NLB supports passing `VpcId`, `PrivateLinkEpId`, and `PrivateLinkEpsId` information to backend servers through the Proxy Protocol using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-ep-id-enabled`, `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-eps-id-enabled`, and `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ppv2-pvl-vpc-id-enabled` annotations. In dual-stack clusters, the IPv6 address of the ECS instance is automatically added to the node. Optimizations: Uses `EndpointSlice` instead of `Endpoint` for endpoint discovery by default. Adds a check for empty route table ID strings. Adds a check for return values from OpenAPI in reuse scenarios. Uses the `resourceVersion=0` parameter when initiating List requests. Bug fixes: Fixed an issue where the `NetworkUnavailable` status was not set during node initialization in Flannel network mode. Fixed an issue where the NLB server group belonged to the wrong resource group when a resource group was specified using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id` annotation.	This upgrade does not affect your services.

October 2023

Version	Registry Address	Change Time	Changes	Impact
v2.8.1	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.8.1	October 16, 2023	New features: Supports the Addon Token authorization mode. NLB supports creating IP-based server groups using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-server-group-type` annotation. For more information about NLB server group types, see NLB server groups. Optimizations: The client directly accesses the API server to prevent dirty data caused by the caching mechanism. NLB: Optimized the server group creation logic to prevent the occasional creation of duplicate server groups. CLB: Adds an IP address check when attaching pod ENIs. The IP address must be within the cluster VPC.	This upgrade does not affect your services.

June 2023

Version	Registry Address	Modification Time	Changes	Impact
v2.7.0	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.7.0	June 21, 2023	New features: Supports specifying an IP address for an internal-facing SLB instance using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ip` annotation. Optimizations: Optimized the synchronization logic for CLB and NLB server groups to reduce synchronization failures caused by insufficient quotas. Updated the service hash calculation method to reduce hash value changes caused by cluster upgrades and other scenarios. Bug fixes: Fixed an issue where the service configuration could not be updated after setting the EIP annotation. Fixed an issue where the HTTP protocol could not be set for other ports after setting the ForwardPort annotation.	This upgrade does not affect your services.

March 2023

Version	Registry Address	Change Time	Changes	Impact
v2.6.0	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.6.0	March 2, 2023	New features: The `alpha.service-controller.kubernetes.io/exclude-balancer` label for excluding nodes from SLB backends is deprecated. Use the new `node.kubernetes.io/exclude-from-external-load-balancers` label instead. SLB supports configuring both TCP and UDP protocols for a single listener. CLB supports disabling TCP and UDP health checks using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-switch` annotation. CLB supports configuring the ProxyProtocol for TCP and UDP listeners of a CLB instance using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-proxy-protocol` annotation. Important This feature does not support smooth online migration. Switching to ProxyProtocol requires service downtime for the upgrade. Configure this with caution. CLB supports checking the certificate validity period when synchronizing HTTPS listeners. An expired certificate will cause the CLB synchronization to fail. NLB supports setting security groups for an NLB instance using the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-security-group-ids` annotation. Optimizations: The resource lock for CCM leader election is switched from endpointsleases to leases to reduce primary/secondary switchovers. Optimized the load balancing synchronization logic. When the attributes of the SLB instance itself, such as its name or resource group, fail to update, the vServer group is still updated. Optimized the criteria for determining node changes to reduce the number of service synchronizations. Bug fixes: Fixed an issue that occasionally caused nodes to be incorrectly identified as NotReady.	This upgrade does not affect your services.

October 2022, March 2023, August 2023, and June 2024

Version	Registry Address	Change Time	Changes	Impact
v2.5.1	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.5.1	October 12, 2022	New features: ACK supports creating NLB resources for services of the loadBalancer type with the loadBalancerClass set to `alibabacloud.com/nlb`. This is supported only in Kubernetes 1.24 and later. For more information, see What is NLB?. ACK supports creating different types of cloud resources based on the service's `spec.loadBalancerClass` field. If this field is not set, a CLB instance is created by default. If it is set to `alibabacloud.com/nlb`, an NLB instance is created. This is supported only in Kubernetes 1.24 and later. Optimizations: Fixed an issue where a reused IPv6 SLB instance could not be deleted. Fixed an issue that occasionally prevented nodes from being deleted. The OpenAPI call protocol is set to HTTPS by default.	This upgrade does not affect your services.
v2.4.5	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.5	June 27, 2024	Optimizations: Updated the service hash calculation method to reduce hash value changes caused by cluster upgrades and other scenarios.	This upgrade does not affect your services.
v2.4.4	registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.4	August 7, 2023	Optimizations: Optimized the CLB server group synchronization logic to reduce synchronization failures caused by quota issues. CLB supports checking the certificate validity period when synchronizing HTTPS listeners. An expired certificate will cause the CLB synchronization to fail. Optimized the load balancing synchronization logic. When the attributes of the SLB instance itself, such as its name or resource group, fail to update, the vServer group is still updated.	This upgrade does not affect your services.
v2.4.3	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.3	March 2, 2023	Fixed an issue that occasionally caused nodes to be incorrectly identified as NotReady.	This upgrade does not affect your services.
v2.4.2	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.2	October 12, 2022	Optimizations: Fixed an issue where a reused IPv6 SLB instance could not be deleted. Fixed an issue that occasionally prevented nodes from being deleted.	This upgrade does not affect your services.

June 2022

Version	Registry Address	Last Modified	Changes	Impact
v2.4.0	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.0	June 20, 2022	New features: Supports setting the billing method for an SLB instance using the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-instance-charge-type`. Supports setting a security policy for an SLB instance using the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-tls-cipher-policy`. This is supported only for the HTTPS protocol. When a node is added, if the `node.spec.providerID` field of the node is empty, CCM automatically adds this property. Supports adding the `service.k8s.alibaba/loadbalancer-id` tag to LoadBalancer services to display the ID of the associated SLB instance. Optimizations: When a node has the ToBeDeletedByClusterAutoscaler taint, it is not added to the backend of the SLB instance. Fixed an issue where conflicting routes could not be deleted when their CIDR blocks were the same. Optimized the logic for concurrent route synchronization to reduce false positives.	This upgrade does not affect your services.

March 2022

Version	Registry Address	Change Time	Changes	Impact
v2.3.0	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.3.0	March 21, 2022	New features: Supports setting a hostname for a service using the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-hostname`. Supports setting the connection timeout for a listener of an SLB instance using the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-established-timeout`. This is supported only for the TCP protocol. Supports setting the request timeout for a listener of an SLB instance using the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-request-timeout`. This is supported only for the HTTP and HTTPS protocols. Supports setting the health check method for an SLB instance using the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-method`. This is supported only for HTTP health checks. Optimizations: Validates the vServer group format when reusing an existing vServer group. Optimizes the vSwitch selection logic to prevent the default vSwitch from being empty. Optimized the vServer group synchronization logic to reduce OpenAPI calls.	This upgrade does not affect your services.

November 2021

Version	Registry Address	Modified time	Changes	Impact
v2.1.0	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.1.0	November 22, 2021	New features: Supports configuring whether to obtain the listener protocol of an SLB instance through the X-Forwarded-Proto header field using the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-proto`. Supports setting the connection idle timeout period using the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-idle-timeout`. Supports enabling the HTTP/2 feature using the annotation: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-http2-enabled`. Optimizations: Supports setting `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight` to 0. This is suitable for traffic switching between clusters. Bug fixes: Fixed an issue where CLB listeners could not be created for many pods. Fixed an issue where the CLB instance was not updated after the service TargetPort was updated.	This upgrade does not affect your services.

September 2021

Version	Registry Address	Modification Time	Changes	Impact
v2.0.1	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.0.1	September 2, 2021	New features: Supports reusing an existing vServer group using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port. This annotation takes effect only when you reuse an existing SLB instance. For more information, see Deploy services across clusters by reusing an SLB instance. When multiple services reuse the same SLB instance, you can set the weight of traffic received by the current service using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight. This annotation takes effect only when you reuse an existing vServer group. For more information, see Deploy services across clusters by reusing an SLB instance. Supports managing graceful connection draining for SLB instances using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain. This is supported only for the TCP and UDP protocols. Supports setting the graceful connection draining timeout for SLB instances using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout. This is supported only for the TCP and UDP protocols. Supports string-type TargetPorts. Adds a finalizer to LoadBalancer services. Optimizations: Upgrades the base image version to Alpine 3.13. Changes the Prometheus metrics port from 10258 to 8080. Periodically synchronizes node labels.	This upgrade does not affect your services.

April 2021

Version	Registry Address	Modification Time	Changes	Impact
v1.9.3.380-gd6d0962-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.380-gd6d0962-aliyun	April 20, 2021	Fixed an issue where the default server group could not be updated. Exposes an alert event when the SLB backend is empty.	This upgrade does not affect your services.

March 2021

Version	Registry Address	Modification Time	Changes	Impact
v1.9.3.378-g42eac35-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.378-g42eac35-aliyun	March 8, 2021	New features: Supports adding ECS instances from outside the cluster to a vServer group. When reusing an existing SLB instance, the `kubernetes.reused.by.user` tag is added to the SLB instance by default. Optimizations: Adjusts the number of concurrent processing threads for services to improve service processing speed. Optimizes the virtual-node processing logic to ignore service synchronizations triggered by virtual-node status changes. The `service.beta.kubernetes.io/exclude-node` label for excluding nodes is deprecated. Use the new `service.alibabacloud.com/exclude-node` label instead. Adds a resource group check when reusing an existing SLB instance. The resource group ID in the annotation must match the resource group ID of the SLB instance. Otherwise, the reuse fails. Optimizes the content of management events to improve readability. Optimizes the priority configuration for new and old annotations. If a service has both new and old versions of the same annotation, the new version takes precedence. Bug fixes: Fixed a route deletion failure caused by missing node configurations. Optimized the node initialization logic to fix the issue of missing taints. During node initialization, this prevents application pods from being scheduled to nodes where routes have not been created.	This upgrade does not affect your services.

December 2020

Version	Registry Address	Modification Time	Changes	Impact
v1.9.3.339-g9830b58-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.339-g9830b58-aliyun	December 18, 2020	Supports adding a hash value to LoadBalancer services. This ensures that when CCM restarts, if the service is not modified, only the backends of the vServer group are synchronized. The SLB and listener configurations are not synchronized. Optimizes SLB OpenAPI calls to reduce the risk of throttling.	This upgrade does not affect your services.

September 2020

Version	Registry Address	Modification Time	Changes	Impact
v1.9.3.316-g8daf1a9-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.316-g8daf1a9-aliyun	September 29, 2020	Fixed an issue that occasionally prevented SLB vServer groups from being updated. Updated the health check port from 10252 to 10258.	This upgrade does not affect your services.

August 2020

Version	Registry Address	Modification Time	Changes	Impact
v1.9.3.313-g748f81e-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.313-g748f81e-aliyun	August 10, 2020	New features: Supports setting SLB deletion protection using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-delete-protection. Deletion protection is enabled by default for new SLB instances. Supports setting SLB configuration read-only mode using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-modification-protection. Configuration read-only mode is enabled by default for new SLB instances. Supports specifying the resource group for an SLB instance using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id. This takes effect only during creation and cannot be modified. Supports specifying the SLB name using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-name. Alibaba Cloud product OpenAPI calls are changed from public to internal network access, removing the public network dependency for CCM. This is supported in all regions. A default tag is added to SLB instances created for LoadBalancer services. The format is `ack.aliyun.com: {your-cluster-id}`. This applies only to new clusters. Compatible with the community provider ID naming convention: `<cloudProvider>://<optional>/<segments>/<provider id>`. For LoadBalancer services in new Terway clusters, pods are directly attached to the SLB backend by default. For new ACK clusters in Terway network mode, if the service type is LoadBalancer, the pod's ENI IP is directly attached as the backend of the SLB instance to improve network performance. String-type targetPorts are not supported for LoadBalancer services. Optimizations: Upgrades the base image version to Alpine 3.11.6. Updating a listener now also synchronizes the vServer group. Optimizes the SLB API to reduce SLB creation time.	This upgrade does not affect your services.

June 2020

Version	Registry Address	Modification Time	Changes	Impact
v1.9.3.276-g372aa98-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.276-g372aa98-aliyun	June 11, 2020	New features: For LoadBalancer services, reusing the SLB instance of the cluster API server is restricted. Adds Prometheus metrics (ccm_node_latencies_duration_milliseconds, ccm_route_latencies_duration_milliseconds, ccm_slb_latencies_duration_milliseconds) to expose CCM synchronization latency information. Supports exposing the synchronization process between services and SLB instances as events. Optimizations: Optimizes the weight calculation method in Local mode (externalTrafficPolicy=Local) to make the load more balanced among pods. For more information, see How are node weights automatically set in Local mode?. Optimizes cloud product API calls to improve efficiency and reduce the risk of throttling. When a node has the service.beta.kubernetes.io/exclude-node label, the associated route is no longer deleted when the node is deleted. Bug fixes: Fixed an issue where persistence timeout could not be set to 0 through an annotation when updating a service. Fixed an issue where bandwidth could not be set to 100 through an annotation when updating a service.	This upgrade does not affect your services.

March 2020

Version	Registry Address	Modification Time	Changes	Impact
v1.9.3.239-g40d97e1-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.239-g40d97e1-aliyun	March 5, 2020	New features: For Loadbalancer services, CCM supports attaching both ECS nodes and ENIs to the SLB backend. Optimizations: Alibaba Cloud product OpenAPI calls are changed from public to internal network access, removing the public network dependency for CCM. Beijing, Shanghai, and Dubai regions are not yet supported. The VPC route query interface is changed to DescribeRouteEntryList to avoid performance issues when querying hundreds of entries in a short period.	This upgrade does not affect your services.

December 2019

Version	Registry Address	Modification Time	Changes	Impact
v1.9.3.220-g24b1885-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64: v1.9.3.220-g24b1885-aliyun	December 31, 2019	Configures VSwitchIds. CloudConfig supports adding the `:vswitchid1,:vswitchid2` format. Adds a backoff mechanism for retries when OpenAPI throttling occurs. The request is re-added to the reconcile queue after an interval of 30 to 180 seconds. Adjusts the number of Reconcile worker threads to 2 to maximize the use of the OpenAPI QPS quota and improve the reconcile speed. Fixed a CCM crash caused by concurrent read and write operations on a map in the aliyungo SDK. When a node is removed from a Kubernetes cluster, CCM automatically deletes the corresponding VPC route table entry. Fixed an issue where the port configuration could not be changed due to a port forwarding dependency for HTTP Forward. If the SLB backend type is ECS, the serverip field is not checked when updating the SLB backend servers. This avoids backend addition failures caused by changes in the default value of the OpenAPI serverip field. The corresponding VPC route table entry for a node is added only when the node status is known. CCM no longer adds NAT IP addresses to node metadata. This fixes an issue that occasionally caused access failures from the API server to the kubelet. When changing the listener configuration, the start listener OpenAPI is called only when the listener status is inactive. This avoids OpenAPI throttling issues.	This upgrade does not affect your services.

November 2019

Version	Registry Address	Modification time	Changes	Impact
v1.9.3.193-g6cddde4-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.193-g6cddde4-aliyun	November 19, 2019	Supports adding the label: service.beta.kubernetes.io/exclude-node to a node, which causes CCM to no longer manage that node. Supports batch adding pods with the Terway network type to the SLB backend. Limits the node weight to at least 1 in Local mode (externalTrafficPolicy=Local). Fixed an issue that caused duplicate vServer groups to be created due to concurrency. Fixed an issue that caused dirty data when setting node weights due to caching.	This upgrade does not affect your services.

September 2019

Version	Registry Address	Change Time	Changes	Impact
v1.9.3.164-g2105d2e-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3-164-g2105d2e-aliyun	September 11, 2019	Supports updating certificates using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id. Supports HTTP to HTTPS port forwarding using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-forward-port. Supports creating an SLB instance with an ACL using the annotations: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-status, service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-id, and service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-type. Supports setting whether to remove unschedulable nodes using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-remove-unscheduled-backend. In Terway network mode, supports directly attaching pods to the SLB backend to improve network forwarding performance using the annotation: service.beta.kubernetes.io/backend-type: "eni". In Local mode (with the service's externalTrafficPolicy=Local setting), the Service automatically sets a weight for each Node based on the number of Pods on the Node.	This upgrade does not affect your services.

April 2019

Version	Registry Address	Modification Time	Changes	Impact
v1.9.3.105-gfd4e547-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.105-gfd4e547-aliyun	April 15, 2019	Supports multiple VPC route tables. Allows configuring multiple route tables for a cluster using a configuration file. Fixed an issue where HTTP protocol configuration updates did not take effect.	This upgrade does not affect your services.

March 2019

Version	Registry Address	Change Time	Changes	Impact
v1.9.3.81-gca19cd4-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.81-gca19cd4-aliyun	March 20, 2019	Managed Kubernetes and Dedicated Kubernetes support reusing existing SLB instances not created by Kubernetes. CCM supports custom Kubernetes node names. It no longer has a strong dependency on the Kubernetes NodeName. Fixed a compatibility issue between CCM 1.8.4 and Kubernetes 1.11.5. Upgrade CCM to the latest version.	This upgrade does not affect your services.

December 2018

Version	Registry Address	Last Modified	Changes	Impact
v1.9.3.59-ge3bc999-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.59-ge3bc999-aliyun	December 26, 2018	Supports reusing a single SLB instance for multiple Kubernetes services. You cannot reuse an SLB instance created by a Kubernetes service. This can cause the SLB instance to be accidentally deleted. You can only reuse an SLB instance that you manually created in the console or by calling an OpenAPI. Services that reuse the same SLB instance cannot have the same frontend listener port. Otherwise, a port conflict will occur. When reusing an SLB instance, use the names of the listener and vServer group as identifiers. Do not modify the names of the listener and vServer group. The name of the SLB instance can be modified. Reusing SLB instances across clusters is not supported. The method for operating VPC route tables is changed from parallel to serial to fix the VPC throttling issue.	This upgrade does not affect your services.

August 2018

Version	Registry Address	Modification Time	Changes	Impact
v1.9.3.10-gfb99107-aliyun	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.10-gfb99107-aliyun	August 15, 2018	Supports specifying the primary zone for an automatically created SLB instance using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-master-zoneid. Supports specifying the secondary zone for an automatically created SLB instance using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-slave-zoneid. Note Some regions do not support creating primary/secondary zone SLB instances. This parameter is invalid in those regions. When specifying an existing SLB instance, supports setting whether to overwrite the SLB listeners using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners. When set to true, the original listeners on the SLB instance are deleted. Supports specifying the bandwidth value for a pay-by-bandwidth SLB instance using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth. Multiple listeners share this bandwidth.	This upgrade does not affect your services.

June 2018

Version	Registry Address	Change Time	Changes	Impact
v1.9.3	registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3	June 25, 2018	Supports using worker nodes with a specified label as backend servers using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-backend-label. Supports specifying the type of SLB instance, such as shared-resource or dedicated, using the annotation: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec. Supports the `externalTraffic: Local` mode for services. Only nodes where pods are located are added as backends of the SLB instance. When cluster nodes are added or removed, the backends of the SLB instance are automatically processed to synchronize the addition or removal of the corresponding nodes. When the label of a node changes, the backends of the SLB instance are automatically processed to synchronize the addition or removal of the corresponding nodes. Supports Session Sticky. Services created by specifying an existing SLB instance no longer process listeners. You need to add SLB listeners yourself.	This upgrade does not affect your services.