Updated on 2024-11-01 GMT+08:00

Patch Versions

Version 1.30

Table 1 Release notes for the v1.30 patch

CCE Cluster Patch Version

Kubernetes Version

Feature Updates

Optimization

Vulnerability Fixing

v1.30.4-r0

v1.30.4

  • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
  • You can change a node password when updating its node pool.
  • A node can be attached with no data disks.
  • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
  • The default image address can be customized for Docker node pools.

Fixed some security issues.

v1.30.1-r2

v1.30.2

None

Enhanced system stability.

Fixed some security issues.

v1.30.1-r0

v1.30.2

CCE clusters of v1.30 are released for the first time. For more information, see Kubernetes 1.30 Release Notes.

  • When deleting a cluster, CCE enables you to select which log groups to delete.
  • When creating a cluster, you can select bring-your-own KMS instances for secret-encrypted etcd.
  • When a node is created using a private image, the image password can be retained.
  • CCE supports GPU rendering.

CCE can handle ELB listeners on all ports.

Fixed some security issues.

Version 1.29

Table 2 Release notes for the v1.29 patch

CCE Cluster Patch Version

Kubernetes Version

Feature Updates

Optimization

Vulnerability Fixing

v1.29.8-r0

v1.29.8

  • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
  • You can change a node password when updating its node pool.
  • A node can be attached with no data disks.
  • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
  • The default image address can be customized for Docker node pools.

Fixed some security issues.

v1.29.4-r2

v1.29.3

None

Enhanced system stability.

Fixed some security issues.

v1.29.4-r0

v1.29.3

  • When deleting a cluster, CCE enables you to select which log groups to delete.
  • When creating a cluster, you can select bring-your-own KMS instances for secret-encrypted etcd.
  • When a node is created using a private image, the image password can be retained.
  • CCE supports GPU rendering.

CCE can handle ELB listeners on all ports.

Fixed some security issues.

v1.29.3-r0

v1.29.3

  • RAM allows secrets to be shared between accounts.
  • Nodes can be migrated to a custom node pool.
  • FlexusX is supported.
  • The default containerd image path has been included in the management of node pool configurations.
  • On the node pool list page, you can sort node pools according to your preferences.

Fixed some security issues.

v1.29.2-r4

v1.29.3

None

The stability of ELB has been improved during upgrades that span across multiple versions.

Fixed some security issues.

v1.29.2-r2

v1.29.3

None

During cluster upgrades, the collection of container logs has been made more reliable.

Fixed some security issues.

v1.29.2-r0

v1.29.3

  • CCE ingresses support traffic distribution based on custom HTTP headers.
  • Scaling priority policies can be configured for third-party workloads.
  • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
  • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
  • An in-progress node drainage can be canceled.
  • When creating a node pool, you do not need to configure its billing mode.
  • When updating a node pool, you can change its agency name, prefix, and suffix.
  • Resetting a node on the console will reserve the node's Kubernetes labels and taints by default.
  • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.

Fixed some security issues.

v1.29.1-r10

v1.29.1

  • CCE ingress forwarding policies can be sorted by priority.
  • When configuring volumeClaimTemplates for StatefulSets, you can configure the name prefixes of PVs and underlying storage. (The Everest version must be 2.4.15 or later.)
  • A yearly/monthly-billed node pool supports multiple node flavors.
  • The default node flavor can be deleted when a node pool is updated.
  • Nodes can be managed in a custom node pool.
  • An alarm rule has been added for a CoreDNS resolution failure.
  • Nodes can be drained before they are unsubscribed from.
  • After a node pool is updated, the configuration differences of each node are displayed.

Fixed some security issues.

v1.29.1-r0

v1.29.1

CCE clusters of v1.29 are released for the first time. For more information, see Kubernetes 1.29 Release Notes.

None

None

Version 1.28

Table 3 Release notes for the v1.28 patch

CCE Cluster Patch Version

Kubernetes Version

Feature Updates

Optimization

Vulnerability Fixing

v1.28.13-r0

v1.28.13

  • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
  • You can change a node password when updating its node pool.
  • A node can be attached with no data disks.
  • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
  • The default image address can be customized for Docker node pools.

Fixed some security issues.

v1.28.8-r2

v1.28.8

None

Enhanced system stability.

Fixed some security issues.

v1.28.8-r0

v1.28.8

  • When deleting a cluster, CCE enables you to select which log groups to delete.
  • When creating a cluster, you can select bring-your-own KMS instances for secret-encrypted etcd.
  • When a node is created using a private image, the image password can be retained.
  • CCE supports GPU rendering.

CCE can handle ELB listeners on all ports.

Fixed some security issues.

v1.28.7-r2

v1.28.8

  • RAM allows secrets to be shared between accounts.
  • Nodes can be migrated to a custom node pool.
  • FlexusX is supported.
  • The default containerd image path has been included in the management of node pool configurations.
  • On the node pool list page, you can sort node pools according to your preferences.

Fixed some security issues.

v1.28.6-r4

v1.28.8

None

The stability of ELB has been improved during upgrades that span across multiple versions.

Fixed some security issues.

v1.28.6-r2

v1.28.8

None

During cluster upgrades, the collection of container logs has been made more reliable.

Fixed some security issues.

v1.28.6-r0

v1.28.8

  • CCE ingresses support traffic distribution based on custom HTTP headers.
  • Scaling priority policies can be configured for third-party workloads.
  • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
  • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
  • An in-progress node drainage can be canceled.
  • When creating a node pool, you do not need to configure its billing mode.
  • When updating a node pool, you can change its agency name, prefix, and suffix.
  • Resetting a node on the console will reserve the node's Kubernetes labels and taints by default.
  • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.

Fixed some security issues.

v1.28.5-r0

v1.28.5

  • CCE ingress forwarding policies can be sorted by priority.
  • When configuring volumeClaimTemplates for StatefulSets, you can configure the name prefixes of PVs and underlying storage. (The Everest version must be 2.4.15 or later.)
  • A yearly/monthly-billed node pool supports multiple node flavors.
  • The default node flavor can be deleted when a node pool is updated.
  • Nodes can be managed in a custom node pool.
  • An alarm rule has been added for a CoreDNS resolution failure.
  • Nodes can be drained before they are unsubscribed from.
  • After a node pool is updated, the configuration differences of each node are displayed.

Fixed some security issues.

v1.28.4-r0

v1.28.5

  • Docker can be selected when you create a node.
  • General-purpose SSD v2 EVS disks are available.
  • LoadBalancer ingresses support grayscale release.
  • LoadBalancer ingresses allow URL redirection and rewriting, as well as HTTP-to-HTTPS redirection.

The configurations of frequently used cluster parameters and node pool parameters are publicly available.

Fixed some security issues.

v1.28.3-r0

v1.28.3

LoadBalancer Services and ingresses allow you to:
  • Configure SNI.
  • Enable HTTP/2.
  • Configure idle timeout, request timeout, and response timeout.
  • Obtain the listener port number and the number of the port requested by the client from the request header of an HTTP packet, and rewrite X-Forwarded-Host.

None

Fixed some security issues.

v1.28.2-r0

v1.28.3

  • You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.
  • CCE node images support security hardening.

None

Fixed some security issues.

v1.28.1-r4

v1.28.3

None

None

Fixed CVE-2024-21626 issues.

v1.28.1-r2

v1.28.3

None

Fixed the issue that configuration conflicts occasionally occur when an SNI certificate is configured on an ingress with HTTP/2 enabled.

None

v1.28.1-r0

v1.28.3

CCE clusters of v1.28 are released for the first time. For more information, see Kubernetes 1.28 Release Notes.

  • The prefix and suffix of a node name can be customized in node pools.
  • CCE Turbo clusters support container network configurations for workloads and allow you to specify pod subnets.
  • LoadBalancer ingresses support gRPC.
  • ELB private IP addresses can be specified when you create a LoadBalancer Service using YAML.
  • Accelerated the startup speed for creating a large number of Kata containers in a CCE Turbo cluster.
  • Improved the stability when Kata containers are repeatedly created or deleted in a CCE Turbo cluster.

None

Version 1.27

dockershim has been removed since Kubernetes v1.24, and Docker is not supported in v1.24 and later versions by default. Use containerd. To migrate nodes from Docker to containerd, follow the operations described in Migrating Nodes from Docker to containerd.

Table 4 Release notes for the v1.27 patch

CCE Cluster Patch Version

Kubernetes Version

Feature Updates

Optimization

Vulnerability Fixing

v1.27.16-r0

v1.27.16

  • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
  • You can change a node password when updating its node pool.
  • A node can be attached with no data disks.
  • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
  • The default image address can be customized for Docker node pools.

Fixed some security issues.

v1.27.10-r2

v1.27.12

None

Enhanced system stability.

Fixed some security issues.

v1.27.10-r0

v1.27.12

  • When deleting a cluster, CCE enables you to select which log groups to delete.
  • When creating a cluster, you can select bring-your-own KMS instances for secret-encrypted etcd.
  • When a node is created using a private image, the image password can be retained.
  • CCE supports GPU rendering.

CCE can handle ELB listeners on all ports.

Fixed some security issues.

v1.27.9-r0

v1.27.12

  • RAM allows secrets to be shared between accounts.
  • Nodes can be migrated to a custom node pool.
  • FlexusX is supported.
  • The default containerd image path has been included in the management of node pool configurations.
  • On the node pool list page, you can sort node pools according to your preferences.

Fixed some security issues.

v1.27.8-r4

v1.27.12

None

The stability of ELB has been improved during upgrades that span across multiple versions.

Fixed some security issues.

v1.27.8-r2

v1.27.12

None

During cluster upgrades, the collection of container logs has been made more reliable.

Fixed some security issues.

v1.27.8-r0

v1.27.12

  • CCE ingresses support traffic distribution based on custom HTTP headers.
  • Scaling priority policies can be configured for third-party workloads.
  • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
  • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
  • An in-progress node drainage can be canceled.
  • When creating a node pool, you do not need to configure its billing mode.
  • When updating a node pool, you can change its agency name, prefix, and suffix.
  • Resetting a node on the console will reserve the node's Kubernetes labels and taints by default.
  • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.

Fixed some security issues.

v1.27.7-r0

v1.27.9

  • CCE ingress forwarding policies can be sorted by priority.
  • When configuring volumeClaimTemplates for StatefulSets, you can configure the name prefixes of PVs and underlying storage. (The Everest version must be 2.4.15 or later.)
  • A yearly/monthly-billed node pool supports multiple node flavors.
  • The default node flavor can be deleted when a node pool is updated.
  • Nodes can be managed in a custom node pool.
  • An alarm rule has been added for a CoreDNS resolution failure.
  • Nodes can be drained before they are unsubscribed from.
  • After a node pool is updated, the configuration differences of each node are displayed.

Fixed some security issues.

v1.27.6-r0

v1.27.9

  • Docker can be selected when you create a node.
  • General-purpose SSD v2 EVS disks are available.
  • LoadBalancer ingresses support grayscale release.
  • LoadBalancer ingresses allow URL redirection and rewriting, as well as HTTP-to-HTTPS redirection.

The configurations of frequently used cluster parameters and node pool parameters are publicly available.

Fixed some security issues.

v1.27.5-r0

v1.27.4

LoadBalancer Services and ingresses allow you to:
  • Configure SNI.
  • Enable HTTP/2.
  • Configure idle timeout, request timeout, and response timeout.
  • Obtain the listener port number and the number of the port requested by the client from the request header of an HTTP packet, and rewrite X-Forwarded-Host.

None

Fixed some security issues.

v1.27.4-r0

v1.27.4

  • You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.
  • CCE node images support security hardening.

None

Fixed some security issues.

v1.27.3-r4

v1.27.4

None

None

Fixed CVE-2024-21626 issues.

v1.27.3-r2

v1.27.4

None

Fixed the issue that configuration conflicts occasionally occur when an SNI certificate is configured on an ingress with HTTP/2 enabled.

None

v1.27.3-r0

v1.27.4

  • The prefix and suffix of a node name can be customized in node pools.
  • CCE Turbo clusters support container network configurations for workloads and allow you to specify pod subnets.
  • LoadBalancer ingresses support gRPC.
  • ELB private IP addresses can be specified when you create a LoadBalancer Service using YAML.
  • Accelerated the startup speed for creating a large number of Kata containers in a CCE Turbo cluster.
  • Improved the stability when Kata containers are repeatedly created or deleted in a CCE Turbo cluster.
  • Added certificate verification when an ingress object is created. This prevents the ingress certificates already available on the ELB from being overwritten.
  • Fixed the issue of repeatedly reporting flavor sold-out events when a node pool is scaled out.
  • Added the logic for mutually checking the occupation of service and ingress ports, as well as the logic for checking the conflict of ingress paths in a cluster.

Fixed some security issues.

v1.27.2-r0

v1.27.2

  • Volcano supports node pool affinity scheduling.
  • Volcano supports workload rescheduling.

None

Fixed some security issues.

v1.27.1-r10

v1.27.2

None

Optimized the events generated during node pool scaling.

Fixed some security issues.

v1.27.1-r0

v1.27.2

CCE clusters of v1.27 are released for the first time. For more information, see Kubernetes 1.27 Release Notes.

  • Both soft eviction and hard eviction are supported in node pool configurations.
  • TMS tags can be added to automatically created EVS disks to facilitate cost management.

The cluster IP address in clusters of v1.27 or later cannot be pinged due to security hardening.

None

Version 1.25

All nodes in the CCE clusters of version 1.25, except the ones running EulerOS 2.5, use containerd by default.

Table 5 Release notes for the v1.25 patch

CCE Cluster Patch Version

Kubernetes Version

Feature Updates

Optimization

Vulnerability Fixing

v1.25.16-r0

v1.25.16

  • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
  • You can change a node password when updating its node pool.
  • A node can be attached with no data disks.
  • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
  • The default image address can be customized for Docker node pools.

Fixed some security issues.

v1.25.13-r2

v1.25.16

None

Enhanced system stability.

Fixed some security issues.

v1.25.13-r0

v1.25.16

  • When deleting a cluster, CCE enables you to select which log groups to delete.
  • When creating a cluster, you can select bring-your-own KMS instances for secret-encrypted etcd.
  • When a node is created using a private image, the image password can be retained.
  • CCE supports GPU rendering.

CCE can handle ELB listeners on all ports.

Fixed some security issues.

v1.25.12-r0

v1.25.16

  • RAM allows secrets to be shared between accounts.
  • Nodes can be migrated to a custom node pool.
  • FlexusX is supported.
  • The default containerd image path has been included in the management of node pool configurations.
  • On the node pool list page, you can sort node pools according to your preferences.

Fixed some security issues.

v1.25.11-r4

v1.25.16

None

The stability of ELB has been improved during upgrades that span across multiple versions.

Fixed some security issues.

v1.25.11-r2

v1.25.16

None

During cluster upgrades, the collection of container logs has been made more reliable.

Fixed some security issues.

v1.25.11-r0

v1.25.16

  • CCE ingresses support traffic distribution based on custom HTTP headers.
  • Scaling priority policies can be configured for third-party workloads.
  • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
  • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
  • An in-progress node drainage can be canceled.
  • When creating a node pool, you do not need to configure its billing mode.
  • When updating a node pool, you can change its agency name, prefix, and suffix.
  • Resetting a node on the console will reserve the node's Kubernetes labels and taints by default.
  • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.

Fixed some security issues.

v1.25.10-r0

v1.25.16

  • CCE ingress forwarding policies can be sorted by priority.
  • When configuring volumeClaimTemplates for StatefulSets, you can configure the name prefixes of PVs and underlying storage. (The Everest version must be 2.4.15 or later.)
  • A yearly/monthly-billed node pool supports multiple node flavors.
  • The default node flavor can be deleted when a node pool is updated.
  • Nodes can be managed in a custom node pool.
  • An alarm rule has been added for a CoreDNS resolution failure.
  • Nodes can be drained before they are unsubscribed from.
  • After a node pool is updated, the configuration differences of each node are displayed.

Fixed some security issues.

v1.25.9-r0

v1.25.16

  • General-purpose SSD v2 EVS disks are available.
  • LoadBalancer ingresses support grayscale release.
  • LoadBalancer ingresses allow URL redirection and rewriting, as well as HTTP-to-HTTPS redirection.

The configurations of frequently used cluster parameters and node pool parameters are publicly available.

Fixed some security issues.

v1.25.8-r0

v1.25.10

LoadBalancer Services and ingresses allow you to:
  • Configure SNI.
  • Enable HTTP/2.
  • Configure idle timeout, request timeout, and response timeout.
  • Obtain the listener port number and the number of the port requested by the client from the request header of an HTTP packet, and rewrite X-Forwarded-Host.

None

Fixed some security issues.

v1.25.7-r0

v1.25.10

  • You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.
  • CCE node images support security hardening.

None

Fixed some security issues.

v1.25.6-r4

v1.25.10

None

None

Fixed CVE-2024-21626 issues.

v1.25.6-r2

v1.25.10

None

Fixed the issue that configuration conflicts occasionally occur when an SNI certificate is configured on an ingress with HTTP/2 enabled.

None

v1.25.6-r0

v1.25.10

  • The prefix and suffix of a node name can be customized in node pools.
  • CCE Turbo clusters support container network configurations for workloads and allow you to specify pod subnets.
  • LoadBalancer ingresses support gRPC.
  • ELB private IP addresses can be specified when you create a LoadBalancer Service using YAML.
  • Accelerated the startup speed for creating a large number of Kata containers in a CCE Turbo cluster.
  • Improved the stability when Kata containers are repeatedly created or deleted in a CCE Turbo cluster.
  • Fixed the issue that kubelet occasionally stops responding during startup in certain scenarios.
  • Fixed the issue of repeatedly reporting flavor sold-out events when a node pool is scaled out.
  • Fixed the issue that the state of pods is changed from Succeed to Failed when kubelet is restarted in certain scenarios.

Fixed some security issues.

v1.25.5-r0

v1.25.5

  • Volcano supports node pool affinity scheduling.
  • Volcano supports workload rescheduling.

None

Fixed some security issues.

v1.25.4-r10

v1.25.5

None

Optimized the events generated during node pool scaling.

Fixed some security issues.

v1.25.4-r0

v1.25.5

  • Both soft eviction and hard eviction are supported in node pool configurations.
  • TMS tags can be added to automatically created EVS disks to facilitate cost management.

None

Fixed some security issues.

v1.25.3-r10

v1.25.5

  • CCE clusters support the dedicated load balancers that use elastic specifications.
  • The timeout interval can be configured for a load balancer.

High-frequency parameters of kube-apiserver are configurable.

Fixed some security issues.

v1.25.3-r0

v1.25.5

  • Enhanced hybrid deployment of CCE Turbo clusters: The egress network bandwidth is guaranteed by network priority. For details, see Egress Network Bandwidth Guarantee.
  • CCE Turbo clusters support the association between namespaces and container CIDR blocks. For details, see NetworkAttachmentDefinition.
  • CPU Burst is supported to prevent CPU traffic limiting from affecting latency-sensitive services. For details, see CPU Burst.

Enhanced network stability of CCE Turbo clusters when their specifications are modified.

Fixed some security issues.

v1.25.1-r0

v1.25.5

CCE clusters of v1.25 are released for the first time. For more information, see Kubernetes 1.25 Release Notes.

None

None

Version 1.23

Table 6 Release notes for the v1.23 patch

CCE Cluster Patch Version

Kubernetes Version

Feature Updates

Optimization

Vulnerability Fixing

v1.23.18-r10

v1.23.18

  • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
  • You can change a node password when updating its node pool.
  • A node can be attached with no data disks.
  • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
  • The default image address can be customized for Docker node pools.

Fixed some security issues.

v1.23.18-r2

v1.23.17

None

Enhanced system stability.

Fixed some security issues.

v1.23.18-r0

v1.23.17

  • When deleting a cluster, CCE enables you to select which log groups to delete.
  • When creating a cluster, you can select bring-your-own KMS instances for secret-encrypted etcd.
  • When a node is created using a private image, the image password can be retained.
  • CCE supports GPU rendering.

CCE can handle ELB listeners on all ports.

Fixed some security issues.

v1.23.17-r0

v1.23.17

  • RAM allows secrets to be shared between accounts.
  • Nodes can be migrated to a custom node pool.
  • FlexusX is supported.
  • The default containerd image path has been included in the management of node pool configurations.
  • On the node pool list page, you can sort node pools according to your preferences.

Fixed some security issues.

v1.23.16-r4

v1.23.17

None

The stability of ELB has been improved during upgrades that span across multiple versions.

Fixed some security issues.

v1.23.16-r2

v1.23.17

None

During cluster upgrades, the collection of container logs has been made more reliable.

Fixed some security issues.

v1.23.16-r0

v1.23.17

  • CCE ingresses support traffic distribution based on custom HTTP headers.
  • Scaling priority policies can be configured for third-party workloads.
  • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
  • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
  • An in-progress node drainage can be canceled.
  • When creating a node pool, you do not need to configure its billing mode.
  • When updating a node pool, you can change its agency name, prefix, and suffix.
  • Resetting a node on the console will reserve the node's Kubernetes labels and taints by default.
  • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.

Fixed some security issues.

v1.23.15-r0

v1.23.17

  • CCE ingress forwarding policies can be sorted by priority.
  • When configuring volumeClaimTemplates for StatefulSets, you can configure the name prefixes of PVs and underlying storage. (The Everest version must be 2.4.15 or later.)
  • A yearly/monthly-billed node pool supports multiple node flavors.
  • The default node flavor can be deleted when a node pool is updated.
  • Nodes can be managed in a custom node pool.
  • An alarm rule has been added for a CoreDNS resolution failure.
  • Nodes can be drained before they are unsubscribed from.
  • After a node pool is updated, the configuration differences of each node are displayed.

Fixed some security issues.

v1.23.14-r0

v1.23.17

  • General-purpose SSD v2 EVS disks are available.
  • LoadBalancer ingresses support grayscale release.
  • LoadBalancer ingresses allow URL redirection and rewriting, as well as HTTP-to-HTTPS redirection.

The configurations of frequently used cluster parameters and node pool parameters are publicly available.

Fixed some security issues.

v1.23.13-r0

v1.23.17

LoadBalancer Services and ingresses allow you to:
  • Configure SNI.
  • Enable HTTP/2.
  • Configure idle timeout, request timeout, and response timeout.
  • Obtain the listener port number and the number of the port requested by the client from the request header of an HTTP packet, and rewrite X-Forwarded-Host.

None

Fixed some security issues.

v1.23.12-r0

v1.23.17

  • You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.
  • CCE node images support security hardening.

None

Fixed some security issues.

v1.23.11-r4

v1.23.17

None

None

Fixed CVE-2024-21626 issues.

v1.23.11-r2

v1.23.17

None

Fixed the issue that configuration conflicts occasionally occur when an SNI certificate is configured on an ingress with HTTP/2 enabled.

None

v1.23.11-r0

v1.23.17

  • The prefix and suffix of a node name can be customized in node pools.
  • CCE Turbo clusters support container network configurations for workloads and allow you to specify pod subnets.
  • LoadBalancer ingresses support gRPC.
  • ELB private IP addresses can be specified when you create a LoadBalancer Service using YAML.
  • Accelerated the startup speed for creating a large number of Kata containers in a CCE Turbo cluster.
  • Improved the stability when Kata containers are repeatedly created or deleted in a CCE Turbo cluster.
  • Fixed the issue that Docker containers cannot be ended when journald exits unexpectedly.
  • Fixed the issue that the scheduler fails to intercept the automatic mounting of SFS 3.0 volumes during pod creation when Everest is uninstalled.
  • Fixed the issue that the usage of the /var/lib/contained disk directory is falsely high on a containerd node running EulerOS 2.9 in a v1.23 cluster.

Fixed some security issues.

v1.23.10-r0

v1.23.11

  • Volcano supports node pool affinity scheduling.
  • Volcano supports workload rescheduling.

None

Fixed some security issues.

v1.23.9-r10

v1.23.11

None

Optimized the events generated during node pool scaling.

Fixed some security issues.

v1.23.9-r0

v1.23.11

  • Both soft eviction and hard eviction are supported in node pool configurations.
  • TMS tags can be added to automatically created EVS disks to facilitate cost management.

None

Fixed some security issues.

v1.23.8-r10

v1.23.11

  • CCE clusters support the dedicated load balancers that use elastic specifications.
  • The timeout interval can be configured for a load balancer.

High-frequency parameters of kube-apiserver are configurable.

Fixed some security issues.

v1.23.8-r0

v1.23.11

  • Enhanced hybrid deployment of CCE Turbo clusters: The egress network bandwidth is guaranteed by network priority. For details, see Egress Network Bandwidth Guarantee.
  • CCE Turbo clusters support the association between namespaces and container CIDR blocks. For details, see NetworkAttachmentDefinition.
  • CPU Burst is supported to prevent CPU traffic limiting from affecting latency-sensitive services. For details, see CPU Burst.
  • Enhanced Docker reliability during upgrades.
  • Optimized node time synchronization.

Fixed some security issues.

v1.23.7-r20

v1.23.11

None

  • Enhanced the interconnection stability between Services/ingresses and load balancers.
  • Enhanced the reliability of nodes with multiple data disks attached.

Fixed some security issues.

v1.23.7-r10

v1.23.11

None

  • Enhanced Docker reliability during upgrades.
  • Enhanced the reliability of containerd upon disconnections.
  • Hardened security for scenarios where an error occurred during kernel parameter optimization.

Fixed some security issues.

v1.23.7-r0

v1.23.11

  • Services and ingresses support dedicated load balancers that are bound with a GEIP.
  • Enhanced network stability of CCE Turbo clusters when their specifications are modified.
  • Enhanced the network stability of nginx-ingress-controller when the cluster is upgraded.
  • Optimized node time synchronization.

Fixed some security issues.

v1.23.6-r0

v1.23.11

  • TCP/UDP ports can be configured for LoadBalancer Services.
  • Pod readiness gate is supported.
  • Enhanced the flow table reliability when the underlying network malfunctions.
  • Enhanced the stability of the OS with a later kernel version in restart scenarios, for example, due to unexpected power-off.
  • Optimized cAdvisor GPU/NPU metrics.

Fixed some security issues.

v1.23.5-r0

v1.23.11

  • Containers support SFS 3.0 for storage.
  • Fault detection and isolation are supported on GPU nodes.
  • Security groups can be customized by cluster.
  • CCE Turbo clusters support ENIs pre-binding by node.
  • Control plane logs can be collected.
  • Huawei-developed Huawei Cloud EulerOS 2.0 is supported.
  • containerd is supported.
  • CCE Turbo clusters support hybrid deployment and CPU tidal affinity.
  • Upgraded the etcd version of the master node to the Kubernetes version 3.5.6.
  • Optimized the Service access performance on EulerOS 2.8 nodes.
  • Optimized scheduling so that pods are evenly distributed across AZs after pods are scaled in.
  • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.

Fixed some security issues and the following CVE vulnerabilities:

v1.23.4-r10

v1.23.4

None

Optimized the memory usage of kube-apiserver when CRDs are frequently updated.

Fixed some security issues.

v1.23.4-r0

v1.23.4

Arm nodes are supported.

None

Fixed some security issues.

v1.23.3-r0

v1.23.4

  • Monitoring metrics of master nodes are made available to tenants.
  • Sub-ENI pre-binding is supported to speed up the startup of the sub-ENIs in CCE Turbo clusters.
  • Backend server weights can be configured for LoadBalancer Services.
  • CCE clusters support cross-cluster deployment.
  • CCE Turbo clusters support hybrid deployment when VM nodes are used.

Enhanced reliability when Kata containers are frequently created or deleted.

Fixed some security issues.

v1.23.1-r1

v1.23.4

Node resource reservation has been optimized so that resource exhaustion can be detected to improve node stability.

Node installation compatibility has been improved.

Fixed some security issues.

v1.23.1-r0

v1.23.4

CCE clusters of v1.23 are released for the first time. For more information, see Kubernetes 1.23 Release Notes.

None

None

Version 1.21

Table 7 Release notes for the v1.21 patch

CCE Cluster Patch Version

Kubernetes Version

Feature Updates

Optimization

Vulnerability Fixing

v1.21.15-r0

v1.21.14

  • General-purpose SSD v2 EVS disks are available.
  • LoadBalancer ingresses support grayscale release.
  • LoadBalancer ingresses allow URL redirection and rewriting, as well as HTTP-to-HTTPS redirection.

The configurations of frequently used cluster parameters and node pool parameters are publicly available.

Fixed some security issues.

v1.21.14-r0

v1.21.14

A PVC can be used to dynamically create and mount an SFS Turbo subdirectory.

None

Fixed some security issues.

v1.21.13-r0

v1.21.14

  • You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.
  • CCE node images support security hardening.

None

Fixed some security issues.

v1.21.12-r4

v1.21.14

None

None

Fixed CVE-2024-21626 issues.

v1.21.12-r2

v1.21.14

None

Fixed the issue that configuration conflicts occasionally occur when an SNI certificate is configured on an ingress with HTTP/2 enabled.

None

v1.21.12-r0

v1.21.14

The prefix and suffix of a node name can be customized in node pools.

  • Optimized the health check configuration to prevent keepalived from repeatedly restarting.
  • Optimized the security policy cache and resolved ingress retry storms.
  • Fixed the issue of an active/standby switchover failure due to I/O suspension on the master node where the main process of cloud-controller-manager is deployed.
  • Fixed the issue of incorrect pod weight due to incorrect calculation for the number of terminating pods after a weight is configured for a Service.

Fixed some security issues.

v1.21.11-r20

v1.21.14

  • Volcano supports node pool affinity scheduling.
  • Volcano supports workload rescheduling.

None

Fixed some security issues.

v1.21.11-r10

v1.21.14

None

Optimized the events generated during node pool scaling.

Fixed some security issues.

v1.21.11-r0

v1.21.14

  • Both soft eviction and hard eviction are supported in node pool configurations.
  • TMS tags can be added to automatically created EVS disks to facilitate cost management.

None

Fixed some security issues.

v1.21.10-r10

v1.21.14

  • CCE clusters support the dedicated load balancers that use elastic specifications.
  • The timeout interval can be configured for a load balancer.

High-frequency parameters of kube-apiserver are configurable.

Fixed some security issues.

v1.21.10-r0

v1.21.14

  • Enhanced Docker reliability during upgrades.
  • Optimized node time synchronization.
  • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.

Fixed some security issues.

v1.21.9-r0

v1.21.14

  • Services and ingresses support dedicated load balancers that are bound with a GEIP.

Enhanced network stability of CCE Turbo clusters when their specifications are modified.

Fixed some security issues.

v1.21.8-r0

v1.21.14

  • TCP/UDP ports can be configured for LoadBalancer Services.
  • Pod readiness gate is supported.
  • Enhanced the flow table reliability when the underlying network malfunctions.
  • Enhanced the stability of the OS with a later kernel version in restart scenarios, for example, due to unexpected power-off.
  • Optimized cAdvisor GPU/NPU metrics.

Fixed some security issues.

v1.21.7-r0

v1.21.14

  • Containers support SFS 3.0 for storage.
  • Fault detection and isolation are supported on GPU nodes.
  • Security groups can be customized by cluster.
  • CCE Turbo clusters support ENIs pre-binding by node.
  • Control plane logs can be collected.

Improved the stability of LoadBalancer Services/ingresses with a large number of connections.

Fixed some security issues and the following CVE vulnerabilities:

v1.21.6-r0

v1.21.7

Arm nodes are supported.

None

Fixed some security issues.

v1.21.5-r10

v1.21.7

None

  • Enhanced the allocation stability of a tunnel network when the nodes on the control plane are intermittently disconnected.
  • Hardened for OVS vulnerabilities.

Fixed some security issues.

v1.21.5-r0

v1.21.7

None

  • Enhanced the stability of container tunnel networks during cluster upgrades.
  • Added constraints on pod topology distribution.
  • Enhanced the stability in disconnecting links when a node on the cluster control plane is powered off.
  • Enhanced the stability when volumes are concurrently mounted for pods.

Fixed some security issues.

v1.21.4-r10

v1.21.7

None

Enhanced the stability of EulerOS 2.9 NetworkManager.

Fixed some security issues.

v1.21.4-r0

v1.21.7

None

  • Enhanced the stability of Kata containers when an ENI driver is changed.
  • Enhances the stability of accessing LoadBalancer Services during workload upgrade and node scaling.

Fixed some security issues.

v1.21.3-r10

v1.21.7

None

Enhanced the stability of Kata containers when an ENI driver is changed.

Fixed some security issues.

v1.21.3-r0

v1.21.7

None

CCE Turbo clusters support SNAT CIDR blocks.

Fixed some security issues.

v1.21.2-r10

v1.21.7

None

Enhanced the interconnection stability between Services and load balancers.

Fixed some security issues.

v1.21.2-r0

v1.21.7

Node resource reservation has been optimized so that resource exhaustion can be detected to improve node stability.

  • Improved the cluster upgrade capability and reliability.
  • Optimized the local storage of containers to improve stability.

Fixed some security issues.

v1.21.1-r2

v1.21.7

  • Container storage supports local PVs.
  • EulerOS 2.9 Kunpeng servers can be managed.
  • Both container tunnel networks and VPC networks support wide matching of an OS kernel version.
  • Optimized the node installation process to enhance the reliability of node creation.
  • Optimized the kernel parameters of CentOS and EulerOS 2.5 to improve the OS performance.

Fixed some security issues.

v1.21.1-r1

v1.21.7

None

Container networks support wide matching of an OS kernel version.

Fixed some security issues.

v1.21.1-r0

v1.21.7

CCE clusters of v1.21 are released for the first time. For more information, see Kubernetes 1.21 Release Notes.

None

None

Version 1.19

Table 8 Release notes for the v1.19 patch

CCE Cluster Patch Version

Kubernetes Version

Feature Updates

Optimization

Vulnerability Fixing

v1.19.16-r84

v1.19.16

None

None

Fixed CVE-2024-21626 issues.

v1.19.16-r82

v1.19.16

None

Fixed the issue that configuration conflicts occasionally occur when an SNI certificate is configured on an ingress with HTTP/2 enabled.

None

v1.19.16-r80

v1.19.16

None

  • Fixed the issue that a restarted BMS node is displayed as unavailable.
  • Optimized the logic for clearing VIP routes so that residual VIP routes are cleared preferentially. This prevents routes from being added again after NetworkManager is restarted.
  • Fixed the issue that backend ELB servers may fail to add when an IP address is reused during the rolling upgrade of pods in a CCE Turbo cluster that uses dedicated load balancers.
  • Resolved the issue of residual cache if a LoadBalancer Service is deleted after it is added to a health check queue.
  • Resolved the issue of continuously increasing Docker memory usage after the physical machine or switch where the master node is located is disconnected.

Fixed some security issues.

v1.19.16-r60

v1.19.16

  • Volcano supports node pool affinity scheduling.
  • Volcano supports workload rescheduling.

None

Fixed some security issues.

v1.19.16-r50

v1.19.16

None

Optimized the events generated during node pool scaling.

Fixed some security issues.

v1.19.16-r40

v1.19.16

  • Both soft eviction and hard eviction are supported in node pool configurations.
  • TMS tags can be added to automatically created EVS disks to facilitate cost management.

None

Fixed some security issues.

v1.19.16-r30

v1.19.16

  • CCE clusters support the dedicated load balancers that use elastic specifications.
  • The timeout interval can be configured for a load balancer.

High-frequency parameters of kube-apiserver are configurable.

Fixed some security issues.

v1.19.16-r20

v1.19.16

  • Cloud Native 2.0 Networks allow you to specify subnets for a namespace.
  • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
  • Optimized the performance of CCE Turbo clusters in allocating ENIs if not all ENIs are pre-bound.

Fixed some security issues.

v1.19.16-r10

v1.19.16

None

Enhanced the interconnection stability between Services/ingresses and load balancers.

Fixed some security issues.

v1.19.16-r7

v1.19.16

None

  • Enhanced Docker reliability during upgrades.
  • Optimized node time synchronization.
  • Enhanced the reliability of CCE Turbo clusters when ENIs are pre-bound.

Fixed some security issues.

v1.19.16-r6

v1.19.16

  • Services and ingresses support dedicated load balancers that are bound with a GEIP.
  • Enhanced the stability of containerd configured with QoS.
  • URL rewriting policies can be configured and modified for ingresses.
  • The memory usage of kube-controller-manager is optimized when CRD resources are frequently updated.

Fixed some security issues.

v1.19.16-r5

v1.19.16

  • TCP/UDP ports can be configured for LoadBalancer Services.
  • Pod readiness gate is supported.
  • Enhanced the flow table reliability when the underlying network malfunctions.
  • Enhanced the stability of the OS with a later kernel version in restart scenarios, for example, due to unexpected power-off.

Fixed some security issues.

v1.19.16-r4

v1.19.16

  • Containers support SFS 3.0 for storage.
  • Fault detection and isolation are supported on GPU nodes.
  • Security groups can be customized by cluster.
  • CCE Turbo clusters support ENIs pre-binding by node.
  • Scheduling is optimized on taint nodes.
  • Enhanced the long-term running stability of containerd when cores are bound.
  • Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
  • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.

Fixed some security issues and the following CVE vulnerabilities:

v1.19.16-r3

v1.19.16

None

  • The image-pull-progress-deadline startup parameter can be reserved after an upgrade.
  • CCE Turbo clusters support customized ENI pre-binding.
  • Fixed the issue of inconsistent tunnel network allocation caused by intermittent disconnection between master nodes.
  • Enhanced the stability of clusters running in a tunnel network when the nodes on the control plane are intermittently disconnected.

Fixed some security issues.

v1.19.16-r2

v1.19.16

None

  • Enhanced the stability in disconnecting links when a node on the cluster control plane is powered off.
  • Enhanced the stability when volumes are concurrently mounted for pods.

Fixed some security issues.

v1.19.16-r1

v1.19.16

None

Enhanced the stability of EulerOS 2.9 NetworkManager.

Fixed some security issues.

v1.19.16-r0

v1.19.16

None

Enhanced the stability in updating LoadBalancer Services when workloads are upgraded and nodes are scaled in or out.

Fixed some security issues and the following CVE vulnerabilities:

v1.19.10-r0

v1.19.10

CCE clusters of v1.19 are released for the first time. For more information, see Kubernetes 1.19 Release Notes.

None

None