v2.8.0

Image

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.8.0

Features

• Support addon token authorization.
• NLB supports creating IP type server groups through the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-server-group-type. Please refer to the doc for NLB server group description.
• Support pprof (default port is 6060).

Improvements

• Disable cache for node, service, endpoint and endpointSlice.

NLB

• Optimize the server group creation to avoid repeatedly creating server groups.

CLB

• Add IP address verification when using the ENI mode. The IP address must be in the cluster VPC.
• If service.beta.kubernetes.io/alibaba-cloud-loadbalancer-instance-charge-type is set to PayByCLCU, the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec annotation will be ignored.

What's Changed

• chore: chore: pkg imported more than once by @testwill in #367
• fix: typo in loadbalancer by @mitingjin in #370
• chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml by @Juneezee in #368
• Bugfix/servergroup by @gujingit in #374
• Bugfix/no cache for node by @gujingit in #375
• feat: filter pods whose ip not in vpc cidr in eni mod by @gujingit in #377
• Feature/dependency update by @gujingit in #376
• feat: update instanceChargeType && instanceSpec by @gujingit in #378
• Feature/addon token by @gujingit in #380
• support configuring server group batch size by @gujingit in #381
• test: update route controller tests by @gujingit in #382
• Feature/ip mode by @gujingit in #379
• add nlb ip tests; update expect to support paybyclcu & serverGroupTDype by @gujingit in #384

New Contributors

• @testwill made their first contribution in #367
• @mitingjin made their first contribution in #370
• @Juneezee made their first contribution in #368

Full Changelog: v2.7.0...v2.8.0

v2.7.0

Image

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.7.0

Features

• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-ip can be used to create an intranet loadbalancer with the specifying IP address.

Improvements

• Optimize the reconciling of CLB and NLB server groups to reduce errors caused by insufficient Quota.
• Update Service Hash Function to reduce the change of Hash value caused by operations such as cluster upgrade.

Fixed bugs

• Fix the bug that the Service could not be reconciled after setting the EIP Annotation.
• Fix the bug that HTTP protocol cannot be set for other ports after setting ForwardPort Annotation.

v2.6.0

Image

registry-cn-hangzhou.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.6.0

Features

• The node label alpha.service-controller.kubernetes.io/exclude-balancer which excludes a node from cloud load balancers (using Service Type=LoadBalancer) is deprecated in favor of node.kubernetes.io/exclude-balancer.
• Support load balancers with mixed protocol types, enables the creation of a LoadBalancer Service that has different port definitions with different protocols.

Only for CLB

• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-switch can be used to disable health check for TCP and UDP listeners.
• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-proxy-protocol can be used to configure the ProxyProtocol protocol for TCP and UDP listeners.

Please note that this function does not support online smooth migration. Switching to proxy protocol requires service shutdown and upgrade.

• The validity period of the certificate will be verified when synchronizing the HTTPS listener. When the certificate expires, the CLB synchronization will fail.

Only for NLB

• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-security-group-ids can be used to configure security groups for NLB.

Improvements

• The resource lock is changed to leases.
• Continue to update the virtual server groups when the update of the load balancer attributes (such as name, resource group, etc.) fails.
• Synchronize services only when the ready condtion of the node changes, ignoring other condtions change.

Fixed bugs

• Fix the bug of occasional misjudgment of node NotReady when Kubernetes Version=1.24 & CCM Version=v2.5.1

v2.5.1

Image

registry.${region}.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.5.1

Features

• Support to manage NLB (Network Load Balancer) instances. If you set Type=LoadBalancer & loadbalancerClass=alibabacloud.com/nlb for a service, the CCM automatically creates a NLB instance for the serivce, and configures listeners and backend server groups. See help doc for more usage.
  Only supported for Kubernetes 1.24 and above.
• Support to create different types of load balancers accroding to the service loadBalancerClass.
  If you not set loadBalancerClass for a service, the CCM creates a CLB instance by default; if you set loadbalancerClass=alibabacloud.com/nlb, the CCM creates a NLB instance.
  Only supported for Kubernetes 1.24 and above.

Improvements

• Fix the bug that the service which reuses a IPv6 CLB cannot be deleted.
• Fix the bug that can not delete nodes occasionally.
• Call openAPIs with HTTPS protocol as default.

v2.4.0

Image

registry.${region}.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.4.0

Features

• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-instance-charge-type can be used to set loadbalancer instance charge type .
• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-tls-cipher-policy can be used to configure security policy. Each security policy contains TLS protocol versions and cipher suites available for HTTPS. Only HTTPS are supported.
• CCM will automatically patch the node.spec.providerID field of the node if this field is empty when adding a node.
• Adding the service.k8s.alibaba/loadbalancer-id label to the service in order to record the loadbalancer instance id associated with the service.

Improvements

• When a node has the ToBeDeletedByClusterAutoscaler taint, the node will not be added to the loadbalancer instance backends.
• Fixed an issue where conflicting routes could not be deleted when the route CIDR was the same.
• Optimize the processing of concurrent route synchronization to reduce false warning events.

v2.3.0

Image

registry.${region}.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.3.0

Features

• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-hostname can be used to set hostname for service.
• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-established-timeout can be used to configure the established timeout for an SLB instance. Only TCP is supported.
• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-request-timeout can be used to configure the request timeout for an SLB instance. Only HTTP & HTTPS are supported.
• The annoation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-method can be used to configure the health check method for HTTP health check.

Improvements

• Verify the format of virtual server group id when reusing an existing virtual server group.
• Optimize the switch selection to avoid the default switch being empty.
• Optimize virtual server group synchronization in order to reduce OpenAPI calls.

v2.2.0

Image

registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.2.0

Features

• Support the AlibabaCloud Application Load Balancer (ALB) Ingress controller. The ALB Ingress controller retrieves the changes to ingresses from the API server and dynamically generates Albconfigs when ingresses changes are detected. Then, the ALB Ingress controller performs the following operations in sequence: creating a ALB instance, configuring listeners, creating Ingress rules, and configuring backend server groups. Usage of the ALB Ingress Controller please refer ALB Ingress.

v2.1.0

Image

registry.${region}.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.1.0

Features

• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-xforwardedfor-proto can be used to specify whether to use the X-Forwarded-Proto header to retrieve the listener protocol.
• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-idle-timeout can be used to configure the connection idle timeout for an SLB instance. Only HTTP and HTTPS are supported.
• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-http2-enabled can be used to specify whether to use HTTP/2.
• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port can be used to reuse an existing vServer group attached to an SLB instance. This annotation takes effect only when the SLB instance is reused.
• When a reused SLB instance is shared among multiple Services, the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight can be used to set the weight of each Service to enable weighted round robin. This annotation takes effect only when the existing vServer group is reused.
• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain can be used to configure connection draining for an SLB instance. Only TCP and UDP are supported.
• The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout can be used to set the timeout value when connection draining is enabled for an SLB instance. Only TCP and UDP are supported.
• The TargetPort field can be set to a String value.
• Finalizers can be specified for LoadBalancer Services.

Improvements

• The node labels are synchronized by schedule.

v1.9.3.376-g5c84e19-aliyun

Image

registry.${region}.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.372-gcf3535b-aliyun

Features

• Support for adding ECS ​​outside the cluster to a virtual server group.
• When reusing an existing SLB, the label kubernetes.reused.by.user is added to the SLB by default.

Improvements

• Adjust the number of concurrent service processing threads to optimize the service processing speed.
• Skip service reconcile caused by the status change of the virtual-kubelet node.
• The label service.beta.kubernetes.io/exclude-node has been deprecated, please use the new label service.alibabacloud.com/exclude-node instead.
• When reusing an existing SLB, add resource group verification. The resource group id in the annotation needs to be consistent with the resource group id of the SLB.
• Optimize the content of Events to improve readability.
• Optimize the priority of the annotations of the new version and the old version. If the annotations of the new version and the old version have the same name, the annotations of the new version take priority.

Fixed bugs

• Fix the problem of route deletion failure caused by node configuration error.
• In the node initialization process, avoid scheduling Pods to nodes whose route has not been created.

v1.9.3.316-g8daf1a9-aliyun

Image:

registry.${region}.aliyuncs.com/acs/cloud-controller-manager-amd64:v1.9.3.316-g8daf1a9-aliyun

Features:

• You are not allowed to reuse the Server Load Balancer (SLB) instances of the cluster API Server for LoadBalancer services.

• Prometheus metrics (ccm_node_latencies_duration_milliseconds, ccm_route_latencies_duration_milliseconds, and ccm_slb_latencies_duration_milliseconds) are added to monitor information about the CCM synchronization delay from services to SLB instances.

• Adds events for monitoring the synchronization process between the service and LoadBalancer.

• Adds support for setting up SLB deletion protection by using the following annotations: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-delete-protection. Newly created SLB turns on deletion protection by default.

• Adds support for setting SLB configuration modification by using the following annotations: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-modification-protection. Newly created SLB turns on configuration modification protection by default.

• Adds support for creating an SLB instance with specific resource group by using the following annotations: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id.

• Adds support for creating an SLB instance with specific name by sing the following annotations: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-name.

• You must call APIs of Alibaba Cloud services over internal networks instead of the Internet. To call CCM operations, Internet access is no longer required.

• For SLB created by LoadBalancer type Service, Tag is added by default, and its format is ack.aliyun.com: {your-cluster-id} (only valid for new clusters).

• Compatible with community provider ID naming method <cloudProvider>://<optional>/<segments>/<provider id>.

• The LoadBalancer service of the newly created Terway cluster will mount the Pod directly to the SLB backend by default. For the newly created ACK cluster in Terway network mode, if the Service type is LoadBalancer, the ENI IP of the Pod is directly mounted as the backend of load balancing by default to improve network performance (for LoadBalancer type of Service, string type targetPort is not currently supported) .

Improvements:

• Optimizes weight calculation for services in Local mode. You can set externalTrafficPolicy to Local to enable the Local mode. This improves the balance of loads among pods.

• Optimizes API calls of cloud services to improve efficiency and minimizes the chances of traffic throttling.

• When you delete a node attached with the service.beta.kubernetes.io/exclude-node label, the associated Ingress is no longer deleted.

• Update the health check port (changed from 10252 to 10258).

Fixed bugs:

• Fixes the bug that persistence timeout cannot be set to 0 through annotations during service upgrades.

• Fixes the bug that bandwidth cannot be set to 100 through annotations during service upgrades.

• Fixes the bug that the SLB virtual server group cannot be updated occasionally.