CCE Patch Release Notes

Indexes

Version 1.36
Version 1.35
Version 1.34
Version 1.33
Version 1.32
Version 1.31
Version 1.30
Version 1.29
Version 1.28
Earlier Versions

Version 1.36

**Table 1** Release notes for the v1.36 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.36.1-r0	v1.36.1	CCE clusters v1.36 are released for the first time. For more information, see Kubernetes 1.36 Release Notes.	Fine-grained audit logging for access events that use IAM 5.0 agency credentials.	Fixed some security issues.

Version 1.35

**Table 2** Release notes for the v1.35 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.35.3-r10	v1.35.3	None	Fine-grained audit logging for access events that use IAM 5.0 agency credentials.	Fixed some security issues.
v1.35.3-r0	v1.35.3	None	Creation, deletion, and modification operations now record source IP addresses in kube-apiserver and audit logs.	Fixed some security issues.
v1.35.1-r2	v1.35.1	None	None	Fixed some security issues.
v1.35.1-r0	v1.35.1	CCE clusters v1.35 are released for the first time. For more information, see Kubernetes 1.35 Release Notes. LoadBalancer Services support custom backend weights for StatefulSets. Cluster certificates can be rotated during a cluster upgrade.	None	Fixed some security issues.

Version 1.34

**Table 3** Release notes for the v1.34 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.34.6-r10	v1.34.6	None	Fine-grained audit logging for access events that use IAM 5.0 agency credentials.	Fixed some security issues.
v1.34.6-r0	v1.34.6	None	Creation, deletion, and modification operations now record source IP addresses in kube-apiserver and audit logs.	Fixed some security issues.
v1.34.3-r12	v1.34.3	None	None	Fixed some security issues.
v1.34.3-r10	v1.34.3	LoadBalancer Services support custom backend weights for StatefulSets. Cluster certificates can be rotated during a cluster upgrade.	None	Fixed some security issues.
v1.34.3-r4	v1.34.3	None	None	Fixed some security issues.
v1.34.3-r2	v1.34.3	None	None	Fixed some security issues.
v1.34.3-r0	v1.34.3	HTTPS is supported for Service/ingress health checks. Cluster agents can be customized.	When purchasing a CCE node, you can reduce the system disk size to 20 GB.	Fixed some security issues.
v1.34.2-r0	v1.34.2	CCE supports pod identities, which provide secure, dynamic identity credentials for pods. CCE add-ons support custom agencies. Services and Ingresses support QUIC listeners.	In CCE Turbo clusters, you can specify the enterprise project and resource tags of an EIP when the EIP is automatically bound to a pod.	Fixed some security issues.
v1.34.1-r4	v1.34.1	None	None	Fixed some security issues.
v1.34.1-r2	v1.34.1	None	None	Fixed runc container escape vulnerabilities (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881).
v1.34.1-r0	v1.34.1	CCE clusters v1.34 are released for the first time. For more information, see Kubernetes 1.34 Release Notes. Traffic mirroring is supported in the advanced forwarding policies of LoadBalancer ingresses. Cluster certificate expiration alerts and updates are supported. Secret-free image pull can be configured for node pools. Workloads running on nodes can automatically download images using the agency permissions of the nodes. Pod CIDR reservation can be enabled (O&M > Network Settings) for clusters that use the VPC network model to prevent conflicts between new subnet CIDR blocks and container CIDR blocks.	Service accounts that use TokenRequest support enhanced node authentication. The number of nodes in a scaling group was optimized, and the actual number of ready nodes can be displayed.	None

Version 1.33

**Table 4** Release notes for the v1.33 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.33.10-r10	v1.33.10	None	Fine-grained audit logging for access events that use IAM 5.0 agency credentials.	Fixed some security issues.
v1.33.10-r0	v1.33.10	None	Creation, deletion, and modification operations now record source IP addresses in kube-apiserver and audit logs.	Fixed some security issues.
v1.33.7-r22	v1.33.7	None	None	Fixed some security issues.
v1.33.7-r20	v1.33.7	LoadBalancer Services support custom backend weights for StatefulSets. Cluster certificates can be rotated during a cluster upgrade.	None	Fixed some security issues.
v1.33.7-r14	v1.33.7	None	None	Fixed some security issues.
v1.33.7-r12	v1.33.7	None	None	Fixed some security issues.
v1.33.7-r10	v1.33.7	HTTPS is supported for Service/ingress health checks. Cluster agents can be customized.	When purchasing a CCE node, you can reduce the system disk size to 20 GB.	Fixed some security issues.
v1.33.7-r0	v1.33.7	CCE supports pod identities, which provide secure, dynamic identity credentials for pods. CCE add-ons support custom agencies. Services and Ingresses support QUIC listeners.	In CCE Turbo clusters, you can specify the enterprise project and resource tags of an EIP when the EIP is automatically bound to a pod.	Fixed some security issues.
v1.33.5-r24	v1.33.5	None	None	Fixed some security issues.
v1.33.5-r22	v1.33.5	None	None	Fixed runc container escape vulnerabilities (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881).
v1.33.5-r20	v1.33.5	Traffic mirroring is supported in the advanced forwarding policies of LoadBalancer ingresses. Cluster certificate expiration alerts and updates are supported. Secret-free image pull can be configured for node pools. Workloads running on nodes can automatically download images using the agency permissions of the nodes. Pod CIDR reservation can be enabled (O&M > Network Settings) for clusters that use the VPC network model to prevent conflicts between new subnet CIDR blocks and container CIDR blocks.	Service accounts that use TokenRequest support enhanced node authentication. The number of nodes in a scaling group was optimized, and the actual number of ready nodes can be displayed.	Fixed some security issues.
v1.33.5-r10	v1.33.5	You can modify the IPVS scheduling policy of a cluster through node pool configuration management. You can modify the system-reserved CPU, temporary storage, and PID through node pool configuration management. You can delete pod subnets for the clusters that use VPC networks. You can modify the HPA scale-in stabilization window (horizontal-pod-autoscaler-downscale-stabilization) in the cluster configuration. Two-way authentication can be configured for LoadBalancer Services and ingresses.	None	Fixed some security issues.
v1.33.5-r0	v1.33.5	You can enable the kubelet's port 127.0.0.1:10255 in the node pool configuration to expose metrics over HTTP. This configuration is disabled by default. You can enable container-isolated resource view in the node pool configuration. Containers only access and manage their own assigned resources.	None	Fixed some security issues.
v1.33.1-r0	v1.33.1	CCE clusters v1.33 are released for the first time. For more information, see Kubernetes 1.33 Release Notes. LoadBalancer ingresses associated with shared load balancers can be redirected from HTTP to HTTPS. CCE standard clusters support custom agencies for cluster-level access control.	None	None

Version 1.32

**Table 5** Release notes for the v1.32 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.32.13-r10	v1.32.13	None	Fine-grained audit logging for access events that use IAM 5.0 agency credentials.	Fixed some security issues.
v1.32.13-r0	v1.32.13	None	Creation, deletion, and modification operations now record source IP addresses in kube-apiserver and audit logs.	Fixed some security issues.
v1.32.9-r22	v1.32.9	None	None	Fixed some security issues.
v1.32.9-r20	v1.32.9	LoadBalancer Services support custom backend weights for StatefulSets. Cluster certificates can be rotated during a cluster upgrade.	None	Fixed some security issues.
v1.32.9-r14	v1.32.9	None	None	Fixed some security issues.
v1.32.9-r12	v1.32.9	None	None	Fixed some security issues.
v1.32.9-r10	v1.32.9	HTTPS is supported for Service/ingress health checks. Cluster agents can be customized.	When purchasing a CCE node, you can reduce the system disk size to 20 GB.	Fixed some security issues.
v1.32.9-r0	v1.32.9	CCE supports pod identities, which provide secure, dynamic identity credentials for pods. CCE add-ons support custom agencies. Services and Ingresses support QUIC listeners.	In CCE Turbo clusters, you can specify the enterprise project and resource tags of an EIP when the EIP is automatically bound to a pod.	Fixed some security issues.
v1.32.6-r34	v1.32.6	None	None	Fixed some security issues.
v1.32.6-r32	v1.32.6	None	None	Fixed runc container escape vulnerabilities (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881).
v1.32.6-r30	v1.32.6	Traffic mirroring is supported in the advanced forwarding policies of LoadBalancer ingresses. Cluster certificate expiration alerts and updates are supported. Secret-free image pull can be configured for node pools. Workloads running on nodes can automatically download images using the agency permissions of the nodes. Pod CIDR reservation can be enabled (O&M > Network Settings) for clusters that use the VPC network model to prevent conflicts between new subnet CIDR blocks and container CIDR blocks.	Service accounts that use TokenRequest support enhanced node authentication. The number of nodes in a scaling group was optimized, and the actual number of ready nodes can be displayed.	Fixed some security issues.
v1.32.6-r20	v1.32.6	You can modify the IPVS scheduling policy of a cluster through node pool configuration management. You can modify the system-reserved CPU, temporary storage, and PID through node pool configuration management. You can delete pod subnets for the clusters that use VPC networks. You can modify the HPA scale-in stabilization window (horizontal-pod-autoscaler-downscale-stabilization) in the cluster configuration. Two-way authentication can be configured for LoadBalancer Services and ingresses.	None	Fixed some security issues.
v1.32.6-r10	v1.32.6	You can enable the kubelet's port 127.0.0.1:10255 in the node pool configuration to expose metrics over HTTP. This configuration is disabled by default. You can enable container-isolated resource view in the node pool configuration. Containers only access and manage their own assigned resources.	None	Fixed some security issues.
v1.32.6-r0	v1.32.6	LoadBalancer ingresses associated with shared load balancers can be redirected from HTTP to HTTPS. CCE standard clusters support custom agencies for cluster-level access control.	None	Fixed some security issues.
v1.32.5-r2	v1.32.5	None	Optimized the performance of dynamic container network interface pre-binding in large CCE Turbo clusters.	Fixed some security issues.
v1.32.5-r0	v1.32.5	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.32.1-r0	v1.32.1	CCE clusters v1.32 are released for the first time. For more information, see Kubernetes 1.32 Release Notes. Service pod scheduling can be deferred until node post-installation scripts complete. DataPlane V2 is available for newly created CCE clusters that use the VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters. AK/SK automatic updates are supported for parallel file systems of OBS. The X-Real-IP field in HTTP/HTTPS request headers can be rewritten for both LoadBalancer Services and ingresses. During the creation of a LoadBalancer Service, you can configure specific IP addresses for the ELB backend. AppArmor can be used to restrict container access to resources.	Streaming encoding is supported, significantly reducing memory pressure on control plane nodes caused by LIST requests. The cce-pause container image can be protected against accidental deletion. The system labels used by the NodeLocal DNSCache add-on can be protected against accidental deletion.	None

Version 1.31

**Table 6** Release notes for the v1.31 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.31.14-r40	v1.31.14	None	Fine-grained audit logging for access events that use IAM 5.0 agency credentials.	Fixed some security issues.
v1.31.14-r30	v1.31.14	None	Creation, deletion, and modification operations now record source IP addresses in kube-apiserver and audit logs.	Fixed some security issues.
v1.31.14-r22	v1.31.14	None	None	Fixed some security issues.
v1.31.14-r20	v1.31.14	LoadBalancer Services support custom backend weights for StatefulSets. Cluster certificates can be rotated during a cluster upgrade.	None	Fixed some security issues.
v1.31.14-r14	v1.31.14	None	None	Fixed some security issues.
v1.31.14-r12	v1.31.14	None	None	Fixed some security issues.
v1.31.14-r10	v1.31.14	HTTPS is supported for Service/ingress health checks. Cluster agents can be customized.	When purchasing a CCE node, you can reduce the system disk size to 20 GB.	Fixed some security issues.
v1.31.14-r0	v1.31.14	CCE supports pod identities, which provide secure, dynamic identity credentials for pods. CCE add-ons support custom agencies. Services and Ingresses support QUIC listeners.	In CCE Turbo clusters, you can specify the enterprise project and resource tags of an EIP when the EIP is automatically bound to a pod.	Fixed some security issues.
v1.31.10-r34	v1.31.10	None	None	Fixed some security issues.
v1.31.10-r32	v1.31.10	None	None	Fixed runc container escape vulnerabilities (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881).
v1.31.10-r30	v1.31.10	Traffic mirroring is supported in the advanced forwarding policies of LoadBalancer ingresses. Cluster certificate expiration alerts and updates are supported. Secret-free image pull can be configured for node pools. Workloads running on nodes can automatically download images using the agency permissions of the nodes. Pod CIDR reservation can be enabled (O&M > Network Settings) for clusters that use the VPC network model to prevent conflicts between new subnet CIDR blocks and container CIDR blocks.	Service accounts that use TokenRequest support enhanced node authentication. The number of nodes in a scaling group was optimized, and the actual number of ready nodes can be displayed.	Fixed some security issues.
v1.31.10-r20	v1.31.10	You can modify the IPVS scheduling policy of a cluster through node pool configuration management. You can modify the system-reserved CPU, temporary storage, and PID through node pool configuration management. You can delete pod subnets for the clusters that use VPC networks. You can modify the HPA scale-in stabilization window (horizontal-pod-autoscaler-downscale-stabilization) in the cluster configuration. Two-way authentication can be configured for LoadBalancer Services and ingresses.	None	Fixed some security issues.
v1.31.10-r10	v1.31.10	You can enable the kubelet's port 127.0.0.1:10255 in the node pool configuration to expose metrics over HTTP. This configuration is disabled by default. You can enable container-isolated resource view in the node pool configuration. Containers only access and manage their own assigned resources.	None	Fixed some security issues.
v1.31.10-r0	v1.31.10	LoadBalancer ingresses associated with shared load balancers can be redirected from HTTP to HTTPS. CCE standard clusters support custom agencies for cluster-level access control.	None	Fixed some security issues.
v1.31.6-r12	v1.31.6	None	Optimized the performance of dynamic container network interface pre-binding in large CCE Turbo clusters.	Fixed some security issues.
v1.31.6-r10	v1.31.6	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.31.6-r0	v1.31.6	Service pod scheduling can be deferred until node post-installation scripts complete. DataPlane V2 is available for newly created CCE clusters that use the VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters. AK/SK automatic updates are supported for parallel file systems of OBS. The X-Real-IP field in HTTP/HTTPS request headers can be rewritten for both LoadBalancer Services and ingresses. During the creation of a LoadBalancer Service, you can configure specific IP addresses for the ELB backend. AppArmor can be used to restrict container access to resources.	Streaming encoding is supported, significantly reducing memory pressure on control plane nodes caused by LIST requests. The cce-pause container image can be protected against accidental deletion. The system labels used by the NodeLocal DNSCache add-on can be protected against accidental deletion.	Fixed some security issues.
v1.31.4-r0	v1.31.4	Yearly/Monthly nodes added during a node pool scale-out can be automatically paid. Nodes added during a node pool scale-out can be automatically bound with EIPs. ELB ingresses allow you to specify backend server groups for forwarding.	None	Fixed some security issues.
v1.31.1-r4	v1.31.1	None	Optimized the ELB timeout settings for LoadBalancer Services and ingresses. Enhanced compatibility with specialized node pool configurations during cluster upgrades. Enhanced compatibility with private images used by BMSs. Optimized the container network performance of BMSs.	Fixed some security issues.
v1.31.1-r2	v1.31.1	None	Improved the Docker runtime security.	Fixed some security issues.
v1.31.1-r0	v1.31.1	CCE clusters v1.31 are released for the first time. For more information, see Kubernetes 1.31 Release Notes. LoadBalancer ingresses support more advanced forwarding actions and return fixed responses. DataPlane V2 is available for newly created CCE Turbo clusters. After DataPlane V2 is enabled, you can configure network policies for these clusters.	During a cluster upgrade, you can scale out the nodes in the cluster. You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.	None

Version 1.30

**Table 7** Release notes for the v1.30 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.30.14-r80	v1.30.14	None	Fine-grained audit logging for access events that use IAM 5.0 agency credentials.	Fixed some security issues.
v1.30.14-r70	v1.30.14	None	Creation, deletion, and modification operations now record source IP addresses in kube-apiserver and audit logs.	Fixed some security issues.
v1.30.14-r62	v1.30.14	None	None	Fixed some security issues.
v1.30.14-r60	v1.30.14	LoadBalancer Services support custom backend weights for StatefulSets. Cluster certificates can be rotated during a cluster upgrade.	None	Fixed some security issues.
v1.30.14-r54	v1.30.14	None	None	Fixed some security issues.
v1.30.14-r52	v1.30.14	None	None	Fixed some security issues.
v1.30.14-r50	v1.30.14	HTTPS is supported for Service/ingress health checks. Cluster agents can be customized.	When purchasing a CCE node, you can reduce the system disk size to 20 GB.	Fixed some security issues.
v1.30.14-r40	v1.30.14	CCE supports pod identities, which provide secure, dynamic identity credentials for pods. CCE add-ons support custom agencies. Services and Ingresses support QUIC listeners.	In CCE Turbo clusters, you can specify the enterprise project and resource tags of an EIP when the EIP is automatically bound to a pod.	Fixed some security issues.
v1.30.14-r34	v1.30.14	None	None	Fixed some security issues.
v1.30.14-r32	v1.30.14	None	None	Fixed runc container escape vulnerabilities (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881).
v1.30.14-r30	v1.30.14	Traffic mirroring is supported in the advanced forwarding policies of LoadBalancer ingresses. Cluster certificate expiration alerts and updates are supported. Secret-free image pull can be configured for node pools. Workloads running on nodes can automatically download images using the agency permissions of the nodes. Pod CIDR reservation can be enabled (O&M > Network Settings) for clusters that use the VPC network model to prevent conflicts between new subnet CIDR blocks and container CIDR blocks.	Service accounts that use TokenRequest support enhanced node authentication. The number of nodes in a scaling group was optimized, and the actual number of ready nodes can be displayed.	Fixed some security issues.
v1.30.14-r20	v1.30.14	You can modify the IPVS scheduling policy of a cluster through node pool configuration management. You can modify the system-reserved CPU, temporary storage, and PID through node pool configuration management. You can delete pod subnets for the clusters that use VPC networks. You can modify the HPA scale-in stabilization window (horizontal-pod-autoscaler-downscale-stabilization) in the cluster configuration. Two-way authentication can be configured for LoadBalancer Services and ingresses.	None	Fixed some security issues.
v1.30.14-r10	v1.30.14	You can enable the kubelet's port 127.0.0.1:10255 in the node pool configuration to expose metrics over HTTP. This configuration is disabled by default. You can enable container-isolated resource view in the node pool configuration. Containers only access and manage their own assigned resources.	None	Fixed some security issues.
v1.30.14-r0	v1.30.14	LoadBalancer ingresses associated with shared load balancers can be redirected from HTTP to HTTPS. CCE standard clusters support custom agencies for cluster-level access control.	None	Fixed some security issues.
v1.30.10-r12	v1.30.10	None	Optimized the performance of dynamic container network interface pre-binding in large CCE Turbo clusters.	Fixed some security issues.
v1.30.10-r10	v1.30.10	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.30.10-r0	v1.30.10	Service pod scheduling can be deferred until node post-installation scripts complete. DataPlane V2 is available for newly created CCE clusters that use the VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters. AK/SK automatic updates are supported for parallel file systems of OBS. The X-Real-IP field in HTTP/HTTPS request headers can be rewritten for both LoadBalancer Services and ingresses. During the creation of a LoadBalancer Service, you can configure specific IP addresses for the ELB backend.	Streaming encoding is supported, significantly reducing memory pressure on control plane nodes caused by LIST requests. The cce-pause container image can be protected against accidental deletion. The system labels used by the NodeLocal DNSCache add-on can be protected against accidental deletion.	Fixed some security issues.
v1.30.6-r10	v1.30.6	Yearly/Monthly nodes added during a node pool scale-out can be automatically paid. Nodes added during a node pool scale-out can be automatically bound with EIPs. ELB ingresses allow you to specify backend server groups for forwarding.	None	Fixed some security issues.
v1.30.6-r4	v1.30.6	None	Optimized the ELB timeout settings for LoadBalancer Services and ingresses. Enhanced compatibility with specialized node pool configurations during cluster upgrades. Enhanced compatibility with private images used by BMSs. Optimized the container network performance of BMSs.	Fixed some security issues.
v1.30.6-r2	v1.30.6	None	Improved the Docker runtime security.	Fixed some security issues.
v1.30.6-r0	v1.30.6	LoadBalancer ingresses support more advanced forwarding actions and return fixed responses. DataPlane V2 is available for newly created CCE Turbo clusters. After DataPlane V2 is enabled, you can configure network policies for these clusters.	During a cluster upgrade, you can scale out the nodes in the cluster. You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.	Fixed some security issues.
v1.30.4-r4	v1.30.4	None	Improved the stability of cluster upgrades. Optimized clusters' overload protection.	Fixed some security issues.
v1.30.4-r2	v1.30.4	None	Fixed the issue of chart upload failures in certain situations.	Fixed some security issues.
v1.30.4-r0	v1.30.4	LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies. LoadBalancer ingresses support cross-origin access.	You can change a node password when updating its node pool. A node can be attached with no data disks. When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests. The default image address can be specified for Docker node pools.	Fixed some security issues.
v1.30.1-r2	v1.30.2	None	Enhanced system stability.	Fixed some security issues.
v1.30.1-r0	v1.30.2	CCE clusters v1.30 are released for the first time. For more information, see Kubernetes 1.30 Release Notes. When you delete a cluster, CCE allows you to select which log groups to delete. When creating a cluster, you can select bring-your-own KMS instances for secret-encrypted etcd. When a node is created using a private image, the image password can be retained. CCE supports GPU rendering.	CCE supports ELB listeners on any port.	Fixed some security issues.

Version 1.29

**Table 8** Release notes for the v1.29 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.29.15-r80	v1.29.15	None	Fine-grained audit logging for access events that use IAM 5.0 agency credentials.	Fixed some security issues.
v1.29.15-r70	v1.29.15	None	Creation, deletion, and modification operations now record source IP addresses in kube-apiserver and audit logs.	Fixed some security issues.
v1.29.15-r62	v1.29.15	None	None	Fixed some security issues.
v1.29.15-r60	v1.29.15	LoadBalancer Services support custom backend weights for StatefulSets. Cluster certificates can be rotated during a cluster upgrade.	None	Fixed some security issues.
v1.29.15-r54	v1.29.15	None	None	Fixed some security issues.
v1.29.15-r52	v1.29.15	None	None	Fixed some security issues.
v1.29.15-r50	v1.29.15	HTTPS is supported for Service/ingress health checks. Cluster agents can be customized.	When purchasing a CCE node, you can reduce the system disk size to 20 GB.	Fixed some security issues.
v1.29.15-r40	v1.29.15	CCE supports pod identities, which provide secure, dynamic identity credentials for pods. CCE add-ons support custom agencies. Services and Ingresses support QUIC listeners.	In CCE Turbo clusters, you can specify the enterprise project and resource tags of an EIP when the EIP is automatically bound to a pod.	Fixed some security issues.
v1.29.15-r34	v1.29.15	None	None	Fixed some security issues.
v1.29.15-r32	v1.29.15	None	None	Fixed runc container escape vulnerabilities (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881).
v1.29.15-r30	v1.29.15	Traffic mirroring is supported in the advanced forwarding policies of LoadBalancer ingresses. Cluster certificate expiration alerts and updates are supported. Secret-free image pull can be configured for node pools. Workloads running on nodes can automatically download images using the agency permissions of the nodes. Pod CIDR reservation can be enabled (O&M > Network Settings) for clusters that use the VPC network model to prevent conflicts between new subnet CIDR blocks and container CIDR blocks.	Service accounts that use TokenRequest support enhanced node authentication. The number of nodes in a scaling group was optimized, and the actual number of ready nodes can be displayed.	Fixed some security issues.
v1.29.15-r20	v1.29.15	You can modify the IPVS scheduling policy of a cluster through node pool configuration management. You can modify the system-reserved CPU, temporary storage, and PID through node pool configuration management. You can delete pod subnets for the clusters that use VPC networks. You can modify the HPA scale-in stabilization window (horizontal-pod-autoscaler-downscale-stabilization) in the cluster configuration. Two-way authentication can be configured for LoadBalancer Services and ingresses.	None	Fixed some security issues.
v1.29.15-r10	v1.29.15	You can enable the kubelet's port 127.0.0.1:10255 in the node pool configuration to expose metrics over HTTP. This configuration is disabled by default. You can enable container-isolated resource view in the node pool configuration. Containers only access and manage their own assigned resources.	None	Fixed some security issues.
v1.29.15-r0	v1.29.15	LoadBalancer ingresses associated with shared load balancers can be redirected from HTTP to HTTPS. CCE standard clusters support custom agencies for cluster-level access control.	None	Fixed some security issues.
v1.29.13-r12	v1.29.13	None	Optimized the performance of dynamic container network interface pre-binding in large CCE Turbo clusters.	Fixed some security issues.
v1.29.13-r10	v1.29.13	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.29.13-r0	v1.29.13	Service pod scheduling can be deferred until node post-installation scripts complete. DataPlane V2 is available for newly created CCE clusters that use the VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters. AK/SK automatic updates are supported for parallel file systems of OBS. The X-Real-IP field in HTTP/HTTPS request headers can be rewritten for both LoadBalancer Services and ingresses. During the creation of a LoadBalancer Service, you can configure specific IP addresses for the ELB backend.	Streaming encoding is supported, significantly reducing memory pressure on control plane nodes caused by LIST requests. The cce-pause container image can be protected against accidental deletion. The system labels used by the NodeLocal DNSCache add-on can be protected against accidental deletion.	Fixed some security issues.
v1.29.10-r10	v1.29.10	Yearly/Monthly nodes added during a node pool scale-out can be automatically paid. Nodes added during a node pool scale-out can be automatically bound with EIPs. ELB ingresses allow you to specify backend server groups for forwarding.	None	Fixed some security issues.
v1.29.10-r4	v1.29.10	None	Optimized the ELB timeout settings for LoadBalancer Services and ingresses. Enhanced compatibility with specialized node pool configurations during cluster upgrades. Enhanced compatibility with private images used by BMSs. Optimized the container network performance of BMSs.	Fixed some security issues.
v1.29.10-r2	v1.29.10	None	Improved the Docker runtime security.	Fixed some security issues.
v1.29.10-r0	v1.29.10	LoadBalancer ingresses support more advanced forwarding actions and return fixed responses. DataPlane V2 is available for newly created CCE Turbo clusters. After DataPlane V2 is enabled, you can configure network policies for these clusters.	During a cluster upgrade, you can scale out the nodes in the cluster. You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.	Fixed some security issues.
v1.29.8-r4	v1.29.8	None	Improved the stability of cluster upgrades. Optimized clusters' overload protection.	Fixed some security issues.
v1.29.8-r2	v1.29.8	None	Fixed the issue of chart upload failures in certain situations.	Fixed some security issues.
v1.29.8-r0	v1.29.8	LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies. LoadBalancer ingresses support cross-origin access.	You can change a node password when updating its node pool. A node can be attached with no data disks. When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests. The default image address can be specified for Docker node pools.	Fixed some security issues.
v1.29.4-r2	v1.29.3	None	Enhanced system stability.	Fixed some security issues.
v1.29.4-r0	v1.29.3	When you delete a cluster, CCE allows you to select which log groups to delete. When creating a cluster, you can select bring-your-own KMS instances for secret-encrypted etcd. When a node is created using a private image, the image password can be retained. CCE supports GPU rendering.	CCE supports ELB listeners on any port.	Fixed some security issues.
v1.29.3-r0	v1.29.3	RAM allows secrets to be shared between accounts. Nodes can be migrated to a custom node pool. FlexusX is supported.	The default containerd image path has been included in the management of node pool configurations. On the node pool list page, you can sort node pools according to your preferences.	Fixed some security issues.
v1.29.2-r4	v1.29.3	None	The stability of ELB has been improved during upgrades that span across multiple versions.	Fixed some security issues.
v1.29.2-r2	v1.29.3	None	During cluster upgrades, the collection of container logs has been made more reliable.	Fixed some security issues.
v1.29.2-r0	v1.29.3	CCE ingresses support traffic distribution based on custom HTTP headers. Scaling priority policies can be configured for third-party workloads. You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters. You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.	An in-progress node drainage can be canceled. When creating a node pool, you do not need to configure its billing mode. When updating a node pool, you can change its agency name, prefix, and suffix. Resetting a node on the console will reserve the node's Kubernetes labels and taints by default. Both the Kubernetes service account token volume projection and the load scaling controller can be configured.	Fixed some security issues.
v1.29.1-r10	v1.29.1	CCE ingress forwarding policies can be sorted by priority. When configuring volumeClaimTemplates for StatefulSets, you can configure the name prefixes of PVs and underlying storage. (The Everest version must be 2.4.15 or later.) A yearly/monthly node pool supports multiple node flavors. The default node flavor can be deleted when a node pool is updated. Nodes can be managed in a custom node pool.	An alarm rule has been added for a CoreDNS resolution failure. Nodes can be drained before they are unsubscribed from. After a node pool is updated, the configuration differences of each node are displayed.	Fixed some security issues.
v1.29.1-r0	v1.29.1	CCE clusters v1.29 are released for the first time. For more information, see Kubernetes 1.29 Release Notes.	None	None

Version 1.28

**Table 9** Release notes for the v1.28 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.28.15-r94	v1.28.15	None	None	Fixed some security issues.
v1.28.15-r92	v1.28.15	None	None	Fixed some security issues.
v1.28.15-r90	v1.28.15	HTTPS is supported for Service/ingress health checks. Cluster agents can be customized.	When purchasing a CCE node, you can reduce the system disk size to 20 GB.	Fixed some security issues.
v1.28.15-r80	v1.28.15	CCE supports pod identities, which provide secure, dynamic identity credentials for pods. CCE add-ons support custom agencies. Services and Ingresses support QUIC listeners.	In CCE Turbo clusters, you can specify the enterprise project and resource tags of an EIP when the EIP is automatically bound to a pod.	Fixed some security issues.
v1.28.15-r74	v1.28.15	None	None	Fixed some security issues.
v1.28.15-r72	v1.28.15	None	None	Fixed runc container escape vulnerabilities (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881).
v1.28.15-r70	v1.28.15	Traffic mirroring is supported in the advanced forwarding policies of LoadBalancer ingresses. Cluster certificate expiration alerts and updates are supported. Secret-free image pull can be configured for node pools. Workloads running on nodes can automatically download images using the agency permissions of the nodes. Pod CIDR reservation can be enabled (O&M > Network Settings) for clusters that use the VPC network model to prevent conflicts between new subnet CIDR blocks and container CIDR blocks.	Service accounts that use TokenRequest support enhanced node authentication. The number of nodes in a scaling group was optimized, and the actual number of ready nodes can be displayed.	Fixed some security issues.
v1.28.15-r60	v1.28.15	You can modify the IPVS scheduling policy of a cluster through node pool configuration management. You can modify the system-reserved CPU, temporary storage, and PID through node pool configuration management. You can delete pod subnets for the clusters that use VPC networks. You can modify the HPA scale-in stabilization window (horizontal-pod-autoscaler-downscale-stabilization) in the cluster configuration. Two-way authentication can be configured for LoadBalancer Services and ingresses.	None	Fixed some security issues.
v1.28.15-r50	v1.28.15	You can enable the kubelet's port 127.0.0.1:10255 in the node pool configuration to expose metrics over HTTP. This configuration is disabled by default. You can enable container-isolated resource view in the node pool configuration. Containers only access and manage their own assigned resources.	None	Fixed some security issues.
v1.28.15-r40	v1.28.15	LoadBalancer ingresses associated with shared load balancers can be redirected from HTTP to HTTPS. CCE standard clusters support custom agencies for cluster-level access control.	None	Fixed some security issues.
v1.28.15-r32	v1.28.15	None	Optimized the performance of dynamic container network interface pre-binding in large CCE Turbo clusters.	Fixed some security issues.
v1.28.15-r30	v1.28.15	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.28.15-r20	v1.28.15	Service pod scheduling can be deferred until node post-installation scripts complete. DataPlane V2 is available for newly created CCE clusters that use the VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters. AK/SK automatic updates are supported for parallel file systems of OBS. The X-Real-IP field in HTTP/HTTPS request headers can be rewritten for both LoadBalancer Services and ingresses. During the creation of a LoadBalancer Service, you can configure specific IP addresses for the ELB backend.	Streaming encoding is supported, significantly reducing memory pressure on control plane nodes caused by LIST requests. The cce-pause container image can be protected against accidental deletion. The system labels used by the NodeLocal DNSCache add-on can be protected against accidental deletion.	Fixed some security issues.
v1.28.15-r10	v1.28.15	Yearly/Monthly nodes added during a node pool scale-out can be automatically paid. Nodes added during a node pool scale-out can be automatically bound with EIPs. ELB ingresses allow you to specify backend server groups for forwarding.	None	Fixed some security issues.
v1.28.15-r4	v1.28.15	None	Optimized the ELB timeout settings for LoadBalancer Services and ingresses. Enhanced compatibility with specialized node pool configurations during cluster upgrades. Enhanced compatibility with private images used by BMSs. Optimized the container network performance of BMSs.	Fixed some security issues.
v1.28.15-r2	v1.28.15	None	Improved the Docker runtime security.	Fixed some security issues.
v1.28.15-r0	v1.28.15	LoadBalancer ingresses support more advanced forwarding actions and return fixed responses. DataPlane V2 is available for newly created CCE Turbo clusters. After DataPlane V2 is enabled, you can configure network policies for these clusters.	During a cluster upgrade, you can scale out the nodes in the cluster. You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.	Fixed some security issues.
v1.28.13-r4	v1.28.13	None	Improved the stability of cluster upgrades. Optimized clusters' overload protection.	Fixed some security issues.
v1.28.13-r2	v1.28.13	None	Fixed the issue of chart upload failures in certain situations.	Fixed some security issues.
v1.28.13-r0	v1.28.13	LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies. LoadBalancer ingresses support cross-origin access.	You can change a node password when updating its node pool. A node can be attached with no data disks. When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests. The default image address can be specified for Docker node pools.	Fixed some security issues.
v1.28.8-r2	v1.28.8	None	Enhanced system stability.	Fixed some security issues.
v1.28.8-r0	v1.28.8	When you delete a cluster, CCE allows you to select which log groups to delete. When creating a cluster, you can select bring-your-own KMS instances for secret-encrypted etcd. When a node is created using a private image, the image password can be retained. CCE supports GPU rendering.	CCE supports ELB listeners on any port.	Fixed some security issues.
v1.28.7-r2	v1.28.8	RAM allows secrets to be shared between accounts. Nodes can be migrated to a custom node pool. FlexusX is supported.	The default containerd image path has been included in the management of node pool configurations. On the node pool list page, you can sort node pools according to your preferences.	Fixed some security issues.
v1.28.6-r4	v1.28.8	None	The stability of ELB has been improved during upgrades that span across multiple versions.	Fixed some security issues.
v1.28.6-r2	v1.28.8	None	During cluster upgrades, the collection of container logs has been made more reliable.	Fixed some security issues.
v1.28.6-r0	v1.28.8	CCE ingresses support traffic distribution based on custom HTTP headers. Scaling priority policies can be configured for third-party workloads. You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters. You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.	An in-progress node drainage can be canceled. When creating a node pool, you do not need to configure its billing mode. When updating a node pool, you can change its agency name, prefix, and suffix. Resetting a node on the console will reserve the node's Kubernetes labels and taints by default. Both the Kubernetes service account token volume projection and the load scaling controller can be configured.	Fixed some security issues.
v1.28.5-r0	v1.28.5	CCE ingress forwarding policies can be sorted by priority. When configuring volumeClaimTemplates for StatefulSets, you can configure the name prefixes of PVs and underlying storage. (The Everest version must be 2.4.15 or later.) A yearly/monthly node pool supports multiple node flavors. The default node flavor can be deleted when a node pool is updated. Nodes can be managed in a custom node pool.	An alarm rule has been added for a CoreDNS resolution failure. Nodes can be drained before they are unsubscribed from. After a node pool is updated, the configuration differences of each node are displayed.	Fixed some security issues.
v1.28.4-r0	v1.28.5	Docker can be selected when you create a node. General Purpose SSD v2 EVS disks are available. LoadBalancer ingresses support grayscale releases. LoadBalancer ingresses allow URL redirection and rewriting, as well as HTTP-to-HTTPS redirection.	The configurations of frequently used cluster parameters and node pool parameters are publicly available.	Fixed some security issues.
v1.28.3-r0	v1.28.3	LoadBalancer Services and ingresses allow you to: Configure SNI. Enable HTTP/2. Configure idle timeout, request timeout, and response timeout. Obtain the listener port number and the number of the port requested by the client from the request header of an HTTP packet, and rewrite X-Forwarded-Host.	None	Fixed some security issues.
v1.28.2-r0	v1.28.3	You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress. CCE node images support security hardening.	None	Fixed some security issues.
v1.28.1-r4	v1.28.3	None	None	Fixed CVE-2024-21626 issues.
v1.28.1-r2	v1.28.3	None	Fixed the issue that configuration conflicts occasionally occur when an SNI certificate is configured on an ingress with HTTP/2 enabled.	None
v1.28.1-r0	v1.28.3	CCE clusters v1.28 are released for the first time. For more information, see Kubernetes 1.28 Release Notes. The prefix and suffix of a node name can be customized in node pools. CCE Turbo clusters support container network configurations for workloads and allow you to specify pod subnets. LoadBalancer ingresses support gRPC. ELB private IP addresses can be specified when you create a LoadBalancer Service using YAML.	Accelerated the startup speed for creating a large number of secure containers in a CCE Turbo cluster. Improved the stability when secure containers are repeatedly created or deleted in a CCE Turbo cluster.	None

Earlier Versions

The following describes earlier cluster versions.

Version 1.27

**Table 10** Release notes for the v1.27 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.27.16-r60	v1.27.16	You can enable the kubelet's port 127.0.0.1:10255 in the node pool configuration to expose metrics over HTTP. This configuration is disabled by default. You can enable container-isolated resource view in the node pool configuration. Containers only access and manage their own assigned resources.	None	Fixed some security issues.
v1.27.16-r50	v1.27.16	LoadBalancer ingresses associated with shared load balancers can be redirected from HTTP to HTTPS. CCE standard clusters support custom agencies for cluster-level access control.	None	Fixed some security issues.
v1.27.16-r42	v1.27.16	None	Optimized the performance of dynamic container network interface pre-binding in large CCE Turbo clusters.	Fixed some security issues.
v1.27.16-r40	v1.27.16	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.27.16-r30	v1.27.16	Service pod scheduling can be deferred until node post-installation scripts complete. DataPlane V2 is available for newly created CCE clusters that use the VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters. AK/SK automatic updates are supported for parallel file systems of OBS. The X-Real-IP field in HTTP/HTTPS request headers can be rewritten for both LoadBalancer Services and ingresses. During the creation of a LoadBalancer Service, you can configure specific IP addresses for the ELB backend.	Streaming encoding is supported, significantly reducing memory pressure on control plane nodes caused by LIST requests. The cce-pause container image can be protected against accidental deletion. The system labels used by the NodeLocal DNSCache add-on can be protected against accidental deletion.	Fixed some security issues.
v1.27.16-r20	v1.27.16	Yearly/Monthly nodes added during a node pool scale-out can be automatically paid. Nodes added during a node pool scale-out can be automatically bound with EIPs. ELB ingresses allow you to specify backend server groups for forwarding.	None	Fixed some security issues.
v1.27.16-r14	v1.27.16	None	Optimized the ELB timeout settings for LoadBalancer Services and ingresses. Enhanced compatibility with specialized node pool configurations during cluster upgrades. Enhanced compatibility with private images used by BMSs. Optimized the container network performance of BMSs.	Fixed some security issues.
v1.27.16-r12	v1.27.16	None	Improved the Docker runtime security.	Fixed some security issues.
v1.27.16-r10	v1.27.16	LoadBalancer ingresses support more advanced forwarding actions and return fixed responses. DataPlane V2 is available for newly created CCE Turbo clusters. After DataPlane V2 is enabled, you can configure network policies for these clusters.	During a cluster upgrade, you can scale out the nodes in the cluster. You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.	Fixed some security issues.
v1.27.16-r4	v1.27.16	None	Improved the stability of cluster upgrades. Optimized clusters' overload protection.	Fixed some security issues.
v1.27.16-r2	v1.27.16	None	Fixed the issue of chart upload failures in certain situations.	Fixed some security issues.
v1.27.16-r0	v1.27.16	LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies. LoadBalancer ingresses support cross-origin access.	You can change a node password when updating its node pool. A node can be attached with no data disks. When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests. The default image address can be specified for Docker node pools.	Fixed some security issues.
v1.27.10-r2	v1.27.12	None	Enhanced system stability.	Fixed some security issues.
v1.27.10-r0	v1.27.12	When you delete a cluster, CCE allows you to select which log groups to delete. When creating a cluster, you can select bring-your-own KMS instances for secret-encrypted etcd. When a node is created using a private image, the image password can be retained. CCE supports GPU rendering.	CCE supports ELB listeners on any port.	Fixed some security issues.
v1.27.9-r0	v1.27.12	RAM allows secrets to be shared between accounts. Nodes can be migrated to a custom node pool. FlexusX is supported.	The default containerd image path has been included in the management of node pool configurations. On the node pool list page, you can sort node pools according to your preferences.	Fixed some security issues.
v1.27.8-r4	v1.27.12	None	The stability of ELB has been improved during upgrades that span across multiple versions.	Fixed some security issues.
v1.27.8-r2	v1.27.12	None	During cluster upgrades, the collection of container logs has been made more reliable.	Fixed some security issues.
v1.27.8-r0	v1.27.12	CCE ingresses support traffic distribution based on custom HTTP headers. Scaling priority policies can be configured for third-party workloads. You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters. You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.	An in-progress node drainage can be canceled. When creating a node pool, you do not need to configure its billing mode. When updating a node pool, you can change its agency name, prefix, and suffix. Resetting a node on the console will reserve the node's Kubernetes labels and taints by default. Both the Kubernetes service account token volume projection and the load scaling controller can be configured.	Fixed some security issues.
v1.27.7-r0	v1.27.9	CCE ingress forwarding policies can be sorted by priority. When configuring volumeClaimTemplates for StatefulSets, you can configure the name prefixes of PVs and underlying storage. (The Everest version must be 2.4.15 or later.) A yearly/monthly node pool supports multiple node flavors. The default node flavor can be deleted when a node pool is updated. Nodes can be managed in a custom node pool.	An alarm rule has been added for a CoreDNS resolution failure. Nodes can be drained before they are unsubscribed from. After a node pool is updated, the configuration differences of each node are displayed.	Fixed some security issues.
v1.27.6-r0	v1.27.9	Docker can be selected when you create a node. General Purpose SSD v2 EVS disks are available. LoadBalancer ingresses support grayscale releases. LoadBalancer ingresses allow URL redirection and rewriting, as well as HTTP-to-HTTPS redirection.	The configurations of frequently used cluster parameters and node pool parameters are publicly available.	Fixed some security issues.
v1.27.5-r0	v1.27.4	LoadBalancer Services and ingresses allow you to: Configure SNI. Enable HTTP/2. Configure idle timeout, request timeout, and response timeout. Obtain the listener port number and the number of the port requested by the client from the request header of an HTTP packet, and rewrite X-Forwarded-Host.	None	Fixed some security issues.
v1.27.4-r0	v1.27.4	You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress. CCE node images support security hardening.	None	Fixed some security issues.
v1.27.3-r4	v1.27.4	None	None	Fixed CVE-2024-21626 issues.
v1.27.3-r2	v1.27.4	None	Fixed the issue that configuration conflicts occasionally occur when an SNI certificate is configured on an ingress with HTTP/2 enabled.	None
v1.27.3-r0	v1.27.4	The prefix and suffix of a node name can be customized in node pools. CCE Turbo clusters support container network configurations for workloads and allow you to specify pod subnets. LoadBalancer ingresses support gRPC. ELB private IP addresses can be specified when you create a LoadBalancer Service using YAML.	Accelerated the startup speed for creating a large number of secure containers in a CCE Turbo cluster. Improved the stability when secure containers are repeatedly created or deleted in a CCE Turbo cluster. Added certificate verification when an ingress object is created. This prevents the ingress certificates already available on the ELB from being overwritten. Fixed the issue of repeatedly reporting flavor sold-out events when a node pool is scaled out. Added the logic for mutually checking the occupation of Service and ingress ports, as well as the logic for checking the conflict of ingress paths in a cluster.	Fixed some security issues.
v1.27.2-r0	v1.27.2	Volcano supports node pool affinity scheduling. Volcano supports workload rescheduling.	None	Fixed some security issues.
v1.27.1-r10	v1.27.2	None	Optimized the events generated during node pool scaling.	Fixed some security issues.
v1.27.1-r0	v1.27.2	CCE clusters v1.27 are released for the first time. For more information, see Kubernetes 1.27 Release Notes. Both soft eviction and hard eviction are supported in node pool configurations. TMS tags can be added to automatically created EVS disks to facilitate cost management.	The cluster IP address in clusters v1.27 or later cannot be pinged due to security hardening.	None

Version 1.25

In CCE clusters v1.25, containerd is the default runtime for nodes, except for nodes running EulerOS 2.5. In addition, clusters v1.25 or later no longer support EulerOS 2.5.

**Table 11** Release notes for the v1.25 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.25.16-r40	v1.25.16	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.25.16-r30	v1.25.16	Service pod scheduling can be deferred until node post-installation scripts complete. DataPlane V2 is available for newly created CCE clusters that use the VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters. AK/SK automatic updates are supported for parallel file systems of OBS. The X-Real-IP field in HTTP/HTTPS request headers can be rewritten for both LoadBalancer Services and ingresses. During the creation of a LoadBalancer Service, you can configure specific IP addresses for the ELB backend.	Streaming encoding is supported, significantly reducing memory pressure on control plane nodes caused by LIST requests. The cce-pause container image can be protected against accidental deletion. The system labels used by the NodeLocal DNSCache add-on can be protected against accidental deletion.	Fixed some security issues.
v1.25.16-r20	v1.25.16	Yearly/Monthly nodes added during a node pool scale-out can be automatically paid. Nodes added during a node pool scale-out can be automatically bound with EIPs. ELB ingresses allow you to specify backend server groups for forwarding.	None	Fixed some security issues.
v1.25.16-r14	v1.25.16	None	Optimized the ELB timeout settings for LoadBalancer Services and ingresses. Enhanced compatibility with specialized node pool configurations during cluster upgrades. Enhanced compatibility with private images used by BMSs. Optimized the container network performance of BMSs.	Fixed some security issues.
v1.25.16-r12	v1.25.16	None	Improved the Docker runtime security.	Fixed some security issues.
v1.25.16-r10	v1.25.16	LoadBalancer ingresses support more advanced forwarding actions and return fixed responses. DataPlane V2 is available for newly created CCE Turbo clusters. After DataPlane V2 is enabled, you can configure network policies for these clusters.	During a cluster upgrade, you can scale out the nodes in the cluster. You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.	Fixed some security issues.
v1.25.16-r4	v1.25.16	None	Improved the stability of cluster upgrades. Optimized clusters' overload protection.	Fixed some security issues.
v1.25.16-r2	v1.25.16	None	Fixed the issue of chart upload failures in certain situations.	Fixed some security issues.
v1.25.16-r0	v1.25.16	LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies. LoadBalancer ingresses support cross-origin access.	You can change a node password when updating its node pool. A node can be attached with no data disks. When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests. The default image address can be specified for Docker node pools.	Fixed some security issues.
v1.25.13-r2	v1.25.16	None	Enhanced system stability.	Fixed some security issues.
v1.25.13-r0	v1.25.16	When you delete a cluster, CCE allows you to select which log groups to delete. When creating a cluster, you can select bring-your-own KMS instances for secret-encrypted etcd. When a node is created using a private image, the image password can be retained. CCE supports GPU rendering.	CCE supports ELB listeners on any port.	Fixed some security issues.
v1.25.12-r0	v1.25.16	RAM allows secrets to be shared between accounts. Nodes can be migrated to a custom node pool. FlexusX is supported.	The default containerd image path has been included in the management of node pool configurations. On the node pool list page, you can sort node pools according to your preferences.	Fixed some security issues.
v1.25.11-r4	v1.25.16	None	The stability of ELB has been improved during upgrades that span across multiple versions.	Fixed some security issues.
v1.25.11-r2	v1.25.16	None	During cluster upgrades, the collection of container logs has been made more reliable.	Fixed some security issues.
v1.25.11-r0	v1.25.16	CCE ingresses support traffic distribution based on custom HTTP headers. Scaling priority policies can be configured for third-party workloads. You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters. You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.	An in-progress node drainage can be canceled. When creating a node pool, you do not need to configure its billing mode. When updating a node pool, you can change its agency name, prefix, and suffix. Resetting a node on the console will reserve the node's Kubernetes labels and taints by default. Both the Kubernetes service account token volume projection and the load scaling controller can be configured.	Fixed some security issues.
v1.25.10-r0	v1.25.16	CCE ingress forwarding policies can be sorted by priority. When configuring volumeClaimTemplates for StatefulSets, you can configure the name prefixes of PVs and underlying storage. (The Everest version must be 2.4.15 or later.) A yearly/monthly node pool supports multiple node flavors. The default node flavor can be deleted when a node pool is updated. Nodes can be managed in a custom node pool.	An alarm rule has been added for a CoreDNS resolution failure. Nodes can be drained before they are unsubscribed from. After a node pool is updated, the configuration differences of each node are displayed.	Fixed some security issues.
v1.25.9-r0	v1.25.16	General Purpose SSD v2 EVS disks are available. LoadBalancer ingresses support grayscale releases. LoadBalancer ingresses allow URL redirection and rewriting, as well as HTTP-to-HTTPS redirection.	The configurations of frequently used cluster parameters and node pool parameters are publicly available.	Fixed some security issues.
v1.25.8-r0	v1.25.10	LoadBalancer Services and ingresses allow you to: Configure SNI. Enable HTTP/2. Configure idle timeout, request timeout, and response timeout. Obtain the listener port number and the number of the port requested by the client from the request header of an HTTP packet, and rewrite X-Forwarded-Host.	None	Fixed some security issues.
v1.25.7-r0	v1.25.10	You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress. CCE node images support security hardening.	None	Fixed some security issues.
v1.25.6-r4	v1.25.10	None	None	Fixed CVE-2024-21626 issues.
v1.25.6-r2	v1.25.10	None	Fixed the issue that configuration conflicts occasionally occur when an SNI certificate is configured on an ingress with HTTP/2 enabled.	None
v1.25.6-r0	v1.25.10	The prefix and suffix of a node name can be customized in node pools. CCE Turbo clusters support container network configurations for workloads and allow you to specify pod subnets. LoadBalancer ingresses support gRPC. ELB private IP addresses can be specified when you create a LoadBalancer Service using YAML.	Accelerated the startup speed for creating a large number of secure containers in a CCE Turbo cluster. Improved the stability when secure containers are repeatedly created or deleted in a CCE Turbo cluster. Fixed the issue that kubelet occasionally stops responding during startup in certain scenarios. Fixed the issue of repeatedly reporting flavor sold-out events when a node pool is scaled out. Fixed the issue that the state of pods is changed from Succeed to Failed when kubelet is restarted in certain scenarios.	Fixed some security issues.
v1.25.5-r0	v1.25.5	Volcano supports node pool affinity scheduling. Volcano supports workload rescheduling.	None	Fixed some security issues.
v1.25.4-r10	v1.25.5	None	Optimized the events generated during node pool scaling.	Fixed some security issues.
v1.25.4-r0	v1.25.5	Both soft eviction and hard eviction are supported in node pool configurations. TMS tags can be added to automatically created EVS disks to facilitate cost management.	None	Fixed some security issues.
v1.25.3-r10	v1.25.5	CCE clusters support the dedicated load balancers that use elastic specifications. The timeout interval can be configured for a load balancer.	High-frequency parameters of kube-apiserver are configurable.	Fixed some security issues.
v1.25.3-r0	v1.25.5	CCE Turbo network interfaces support fixed IP addresses. For details, see Configuring a Static IP Address for a Pod. CCE Turbo network interfaces support automatic allocation and binding of EIPs. For details, see Configuring a Static EIP for a Pod. Enhanced hybrid deployment of CCE Turbo clusters: The egress network bandwidth is guaranteed by network priority. For details, see Egress Network Bandwidth Guarantee. CCE Turbo clusters support the association between namespaces and container CIDR blocks. For details, see NetworkAttachmentDefinition. CPU Burst is supported to prevent CPU traffic limiting from affecting latency-sensitive services. For details, see CPU Burst.	Enhanced network stability of CCE Turbo clusters when their specifications are modified.	Fixed some security issues.
v1.25.1-r0	v1.25.5	CCE clusters v1.25 are released for the first time. For more information, see Kubernetes 1.25 Release Notes.	None	None

Version 1.23

**Table 12** Release notes for the v1.23 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.23.18-r18	v1.23.18	None	None	Fixed some security issues.
v1.23.18-r16	v1.23.18	None	None	Fixed some security issues.
v1.23.18-r14	v1.23.18	None	Improved the stability of cluster upgrades. Optimized clusters' overload protection.	Fixed some security issues.
v1.23.18-r12	v1.23.18	None	Fixed the issue of chart upload failures in certain situations.	Fixed some security issues.
v1.23.18-r10	v1.23.18	LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies. LoadBalancer ingresses support cross-origin access.	You can change a node password when updating its node pool. A node can be attached with no data disks. When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests. The default image address can be specified for Docker node pools.	Fixed some security issues.
v1.23.18-r2	v1.23.17	None	Enhanced system stability.	Fixed some security issues.
v1.23.18-r0	v1.23.17	When you delete a cluster, CCE allows you to select which log groups to delete. When creating a cluster, you can select bring-your-own KMS instances for secret-encrypted etcd. When a node is created using a private image, the image password can be retained. CCE supports GPU rendering.	CCE supports ELB listeners on any port.	Fixed some security issues.
v1.23.17-r0	v1.23.17	RAM allows secrets to be shared between accounts. Nodes can be migrated to a custom node pool. FlexusX is supported.	The default containerd image path has been included in the management of node pool configurations. On the node pool list page, you can sort node pools according to your preferences.	Fixed some security issues.
v1.23.16-r4	v1.23.17	None	The stability of ELB has been improved during upgrades that span across multiple versions.	Fixed some security issues.
v1.23.16-r2	v1.23.17	None	During cluster upgrades, the collection of container logs has been made more reliable.	Fixed some security issues.
v1.23.16-r0	v1.23.17	CCE ingresses support traffic distribution based on custom HTTP headers. Scaling priority policies can be configured for third-party workloads. You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters. You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.	An in-progress node drainage can be canceled. When creating a node pool, you do not need to configure its billing mode. When updating a node pool, you can change its agency name, prefix, and suffix. Resetting a node on the console will reserve the node's Kubernetes labels and taints by default. Both the Kubernetes service account token volume projection and the load scaling controller can be configured.	Fixed some security issues.
v1.23.15-r0	v1.23.17	CCE ingress forwarding policies can be sorted by priority. When configuring volumeClaimTemplates for StatefulSets, you can configure the name prefixes of PVs and underlying storage. (The Everest version must be 2.4.15 or later.) A yearly/monthly node pool supports multiple node flavors. The default node flavor can be deleted when a node pool is updated. Nodes can be managed in a custom node pool.	An alarm rule has been added for a CoreDNS resolution failure. Nodes can be drained before they are unsubscribed from. After a node pool is updated, the configuration differences of each node are displayed.	Fixed some security issues.
v1.23.14-r0	v1.23.17	General Purpose SSD v2 EVS disks are available. LoadBalancer ingresses support grayscale releases. LoadBalancer ingresses allow URL redirection and rewriting, as well as HTTP-to-HTTPS redirection.	The configurations of frequently used cluster parameters and node pool parameters are publicly available.	Fixed some security issues.
v1.23.13-r0	v1.23.17	LoadBalancer Services and ingresses allow you to: Configure SNI. Enable HTTP/2. Configure idle timeout, request timeout, and response timeout. Obtain the listener port number and the number of the port requested by the client from the request header of an HTTP packet, and rewrite X-Forwarded-Host.	None	Fixed some security issues.
v1.23.12-r0	v1.23.17	You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress. CCE node images support security hardening.	None	Fixed some security issues.
v1.23.11-r4	v1.23.17	None	None	Fixed CVE-2024-21626 issues.
v1.23.11-r2	v1.23.17	None	Fixed the issue that configuration conflicts occasionally occur when an SNI certificate is configured on an ingress with HTTP/2 enabled.	None
v1.23.11-r0	v1.23.17	The prefix and suffix of a node name can be customized in node pools. CCE Turbo clusters support container network configurations for workloads and allow you to specify pod subnets. LoadBalancer ingresses support gRPC. ELB private IP addresses can be specified when you create a LoadBalancer Service using YAML.	Accelerated the startup speed for creating a large number of secure containers in a CCE Turbo cluster. Improved the stability when secure containers are repeatedly created or deleted in a CCE Turbo cluster. Fixed the issue that Docker containers cannot be ended when journald exits unexpectedly. Fixed the issue that the scheduler fails to intercept the automatic mounting of SFS 3.0 volumes during pod creation when Everest is uninstalled. Fixed the issue that the usage of the /var/lib/contained disk directory is falsely high on a containerd node running EulerOS 2.9 in a v1.23 cluster.	Fixed some security issues.
v1.23.10-r0	v1.23.11	Volcano supports node pool affinity scheduling. Volcano supports workload rescheduling.	None	Fixed some security issues.
v1.23.9-r10	v1.23.11	None	Optimized the events generated during node pool scaling.	Fixed some security issues.
v1.23.9-r0	v1.23.11	Both soft eviction and hard eviction are supported in node pool configurations. TMS tags can be added to automatically created EVS disks to facilitate cost management.	None	Fixed some security issues.
v1.23.8-r10	v1.23.11	CCE clusters support the dedicated load balancers that use elastic specifications. The timeout interval can be configured for a load balancer.	High-frequency parameters of kube-apiserver are configurable.	Fixed some security issues.
v1.23.8-r0	v1.23.11	CCE Turbo network interfaces support fixed IP addresses. For details, see Configuring a Static IP Address for a Pod. CCE Turbo network interfaces support automatic allocation and binding of EIPs. For details, see Configuring a Static EIP for a Pod. Enhanced hybrid deployment of CCE Turbo clusters: The egress network bandwidth is guaranteed by network priority. For details, see Egress Network Bandwidth Guarantee. CCE Turbo clusters support the association between namespaces and container CIDR blocks. For details, see NetworkAttachmentDefinition. CPU Burst is supported to prevent CPU traffic limiting from affecting latency-sensitive services. For details, see CPU Burst.	Enhanced Docker reliability during upgrades. Optimized node time synchronization.	Fixed some security issues.
v1.23.7-r20	v1.23.11	None	Enhanced the interconnection stability between Services/ingresses and load balancers. Enhanced the reliability of nodes with multiple data disks attached.	Fixed some security issues.
v1.23.7-r10	v1.23.11	None	Enhanced Docker reliability during upgrades. Enhanced the reliability of containerd upon disconnections. Hardened security for scenarios where an error occurred during kernel parameter optimization.	Fixed some security issues.
v1.23.7-r0	v1.23.11	Services and ingresses support dedicated load balancers that are bound with a GEIP.	Enhanced network stability of CCE Turbo clusters when their specifications are modified. Enhanced the network stability of nginx-ingress-controller when the cluster is upgraded. Optimized node time synchronization.	Fixed some security issues.
v1.23.6-r0	v1.23.11	TCP/UDP ports can be configured for LoadBalancer Services. Pod readiness gate is supported.	Enhanced the flow table reliability when the underlying network malfunctions. Enhanced the stability of the OS with a later kernel version in restart scenarios, for example, due to unexpected power-off. Optimized cAdvisor GPU/NPU metrics.	Fixed some security issues.
v1.23.5-r0	v1.23.11	Containers support SFS 3.0 for storage. Fault detection and isolation are supported on GPU nodes. Security groups can be customized by cluster. CCE Turbo clusters support network interface pre-binding by node. Control plane logs can be collected. Huawei-developed Huawei Cloud EulerOS 2.0 is supported. containerd is supported. CCE Turbo clusters support hybrid deployment and CPU tidal affinity.	Upgraded the etcd version of the master node to the Kubernetes version 3.5.6. Optimized the Service access performance on EulerOS 2.8 nodes. Optimized scheduling so that pods are evenly distributed across AZs after pods are scaled in. Optimized the memory usage of kube-apiserver when CRDs are frequently updated.	Fixed some security issues and the following CVE vulnerabilities: CVE-2022-3294 CVE-2022-3162 CVE-2022-3172 CVE-2021-25749
v1.23.4-r10	v1.23.4	None	Optimized the memory usage of kube-apiserver when CRDs are frequently updated.	Fixed some security issues.
v1.23.4-r0	v1.23.4	Arm nodes are supported.	None	Fixed some security issues.
v1.23.3-r0	v1.23.4	Monitoring metrics of master nodes are made available to tenants. Supplementary network interface pre-binding is supported to speed up the startup of the supplementary network interfaces in CCE Turbo clusters. Backend server weights can be configured for LoadBalancer Services. CCE clusters support cross-cluster deployment. CCE Turbo clusters support hybrid deployment when VM nodes are used.	Enhanced reliability when secure containers are frequently created or deleted.	Fixed some security issues.
v1.23.1-r1	v1.23.4	Node resource reservation has been optimized so that resource exhaustion can be detected to improve node stability.	Node installation compatibility has been improved.	Fixed some security issues.
v1.23.1-r0	v1.23.4	CCE clusters v1.23 are released for the first time. For more information, see Kubernetes 1.23 Release Notes.	None	None

Version 1.21

**Table 13** Release notes for the v1.21 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.21.15-r0	v1.21.14	General Purpose SSD v2 EVS disks are available. LoadBalancer ingresses support grayscale releases. LoadBalancer ingresses allow URL redirection and rewriting, as well as HTTP-to-HTTPS redirection.	The configurations of frequently used cluster parameters and node pool parameters are publicly available.	Fixed some security issues.
v1.21.14-r0	v1.21.14	A PVC can be used to dynamically create and mount an SFS Turbo subdirectory.	None	Fixed some security issues.
v1.21.13-r0	v1.21.14	You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress. CCE node images support security hardening.	None	Fixed some security issues.
v1.21.12-r4	v1.21.14	None	None	Fixed CVE-2024-21626 issues.
v1.21.12-r2	v1.21.14	None	Fixed the issue that configuration conflicts occasionally occur when an SNI certificate is configured on an ingress with HTTP/2 enabled.	None
v1.21.12-r0	v1.21.14	The prefix and suffix of a node name can be customized in node pools.	Optimized the health check configuration to prevent keepalived from repeatedly restarting. Optimized the security policy cache and resolved ingress retry storms. Fixed the issue of an active/standby switchover failure due to I/O suspension on the master node where the main process of cloud-controller-manager is deployed. Fixed the issue of incorrect pod weight due to incorrect calculation for the number of terminating pods after a weight is configured for a Service.	Fixed some security issues.
v1.21.11-r20	v1.21.14	Volcano supports node pool affinity scheduling. Volcano supports workload rescheduling.	None	Fixed some security issues.
v1.21.11-r10	v1.21.14	None	Optimized the events generated during node pool scaling.	Fixed some security issues.
v1.21.11-r0	v1.21.14	Both soft eviction and hard eviction are supported in node pool configurations. TMS tags can be added to automatically created EVS disks to facilitate cost management.	None	Fixed some security issues.
v1.21.10-r10	v1.21.14	CCE clusters support the dedicated load balancers that use elastic specifications. The timeout interval can be configured for a load balancer.	High-frequency parameters of kube-apiserver are configurable.	Fixed some security issues.
v1.21.10-r0	v1.21.14	CCE Turbo network interfaces support fixed IP addresses. For details, see Configuring a Static IP Address for a Pod. CCE Turbo network interfaces support automatic allocation and binding of EIPs. For details, see Configuring a Static EIP for a Pod.	Enhanced Docker reliability during upgrades. Optimized node time synchronization. Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.	Fixed some security issues.
v1.21.9-r0	v1.21.14	Services and ingresses support dedicated load balancers that are bound with a GEIP.	Enhanced network stability of CCE Turbo clusters when their specifications are modified.	Fixed some security issues.
v1.21.8-r0	v1.21.14	TCP/UDP ports can be configured for LoadBalancer Services. Pod readiness gate is supported.	Enhanced the flow table reliability when the underlying network malfunctions. Enhanced the stability of the OS with a later kernel version in restart scenarios, for example, due to unexpected power-off. Optimized cAdvisor GPU/NPU metrics.	Fixed some security issues.
v1.21.7-r0	v1.21.14	Containers support SFS 3.0 for storage. Fault detection and isolation are supported on GPU nodes. Security groups can be customized by cluster. CCE Turbo clusters support network interface pre-binding by node. Control plane logs can be collected.	Improved the stability of LoadBalancer Services/ingresses with a large number of connections.	Fixed some security issues and the following CVE vulnerabilities: CVE-2022-3294 CVE-2022-3162 CVE-2022-3172
v1.21.6-r0	v1.21.7	Arm nodes are supported.	None	Fixed some security issues.
v1.21.5-r10	v1.21.7	None	Enhanced the allocation stability of a tunnel network when the nodes on the control plane are intermittently disconnected. Hardened for OVS vulnerabilities.	Fixed some security issues.
v1.21.5-r0	v1.21.7	None	Enhanced the stability of container tunnel networking during cluster upgrades. Added constraints on pod topology distribution. Enhanced the stability in disconnecting links when a node on the cluster control plane is powered off. Enhanced the stability when volumes are concurrently mounted for pods.	Fixed some security issues.
v1.21.4-r10	v1.21.7	None	Enhanced the stability of EulerOS 2.9 NetworkManager.	Fixed some security issues.
v1.21.4-r0	v1.21.7	None	Enhanced the stability of secure containers when a network interface driver is changed. Enhances the stability of accessing LoadBalancer Services during workload upgrade and node scaling.	Fixed some security issues.
v1.21.3-r10	v1.21.7	None	Enhanced the stability of secure containers when a network interface driver is changed.	Fixed some security issues.
v1.21.3-r0	v1.21.7	None	CCE Turbo clusters support SNAT CIDR blocks.	Fixed some security issues.
v1.21.2-r10	v1.21.7	None	Enhanced the interconnection stability between Services and load balancers.	Fixed some security issues.
v1.21.2-r0	v1.21.7	Node resource reservation has been optimized so that resource exhaustion can be detected to improve node stability.	Improved the cluster upgrade capability and reliability. Optimized the local storage of containers to improve stability.	Fixed some security issues.
v1.21.1-r2	v1.21.7	Container storage supports local PVs. EulerOS 2.9 Kunpeng servers can be managed. Both pod tunnel networks and VPC networks support wide matching of an OS kernel version.	Optimized the node installation process to enhance the reliability of node creation. Optimized the kernel parameters of CentOS and EulerOS 2.5 to improve the OS performance.	Fixed some security issues.
v1.21.1-r1	v1.21.7	None	Pod networks support wide matching of an OS kernel version.	Fixed some security issues.
v1.21.1-r0	v1.21.7	CCE clusters v1.21 are released for the first time. For more information, see Kubernetes 1.21 Release Notes.	None	None

Version 1.19

**Table 14** Release notes for the v1.19 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.19.16-r84	v1.19.16	None	None	Fixed CVE-2024-21626 issues.
v1.19.16-r82	v1.19.16	None	Fixed the issue that configuration conflicts occasionally occur when an SNI certificate is configured on an ingress with HTTP/2 enabled.	None
v1.19.16-r80	v1.19.16	None	Fixed the issue that a restarted BMS node is displayed as unavailable. Optimized the logic for clearing VIP routes so that residual VIP routes are cleared preferentially. This prevents routes from being added again after NetworkManager is restarted. Fixed the issue that backend ELB servers may fail to add when an IP address is reused during the rolling upgrade of pods in a CCE Turbo cluster that uses dedicated load balancers. Resolved the issue of residual cache if a LoadBalancer Service is deleted after it is added to a health check queue. Resolved the issue of continuously increasing Docker memory usage after the physical machine or switch where the master node is located is disconnected.	Fixed some security issues.
v1.19.16-r60	v1.19.16	Volcano supports node pool affinity scheduling. Volcano supports workload rescheduling.	None	Fixed some security issues.
v1.19.16-r50	v1.19.16	None	Optimized the events generated during node pool scaling.	Fixed some security issues.
v1.19.16-r40	v1.19.16	Both soft eviction and hard eviction are supported in node pool configurations. TMS tags can be added to automatically created EVS disks to facilitate cost management.	None	Fixed some security issues.
v1.19.16-r30	v1.19.16	CCE clusters support the dedicated load balancers that use elastic specifications. The timeout interval can be configured for a load balancer.	High-frequency parameters of kube-apiserver are configurable.	Fixed some security issues.
v1.19.16-r20	v1.19.16	CCE Turbo network interfaces support fixed IP addresses. For details, see Configuring a Static IP Address for a Pod. CCE Turbo network interfaces support automatic allocation and binding of EIPs. For details, see Configuring a Static EIP for a Pod.	Cloud Native Network 2.0 allows you to specify subnets for a namespace. Enhanced the stability of the Docker runtime for pulling images after nodes are restarted. Optimized the performance of CCE Turbo clusters in allocating network interfaces if not all network interfaces are pre-bound.	Fixed some security issues.
v1.19.16-r10	v1.19.16	None	Enhanced the interconnection stability between Services/ingresses and load balancers.	Fixed some security issues.
v1.19.16-r7	v1.19.16	None	Enhanced Docker reliability during upgrades. Optimized node time synchronization. Enhanced the reliability of CCE Turbo clusters when network interfaces are pre-bound.	Fixed some security issues.
v1.19.16-r6	v1.19.16	Services and ingresses support dedicated load balancers that are bound with a GEIP.	Enhanced the stability of containerd configured with QoS. URL rewriting policies can be configured and modified for ingresses. The memory usage of kube-controller-manager is optimized when CRD resources are frequently updated.	Fixed some security issues.
v1.19.16-r5	v1.19.16	TCP/UDP ports can be configured for LoadBalancer Services. Pod readiness gate is supported.	Enhanced the flow table reliability when the underlying network malfunctions. Enhanced the stability of the OS with a later kernel version in restart scenarios, for example, due to unexpected power-off.	Fixed some security issues.
v1.19.16-r4	v1.19.16	Containers support SFS 3.0 for storage. Fault detection and isolation are supported on GPU nodes. Security groups can be customized by cluster. CCE Turbo clusters support network interface pre-binding by node.	Scheduling is optimized on taint nodes. Enhanced the long-term running stability of containerd when cores are bound. Improved the stability of LoadBalancer Services/ingresses with a large number of connections. Optimized the memory usage of kube-apiserver when CRDs are frequently updated.	Fixed some security issues and the following CVE vulnerabilities: CVE-2022-3294 CVE-2022-3162 CVE-2022-3172
v1.19.16-r3	v1.19.16	None	The image-pull-progress-deadline startup parameter can be reserved after an upgrade. CCE Turbo clusters support customized network interface pre-binding. Fixed the issue of inconsistent tunnel network allocation due to intermittent disconnections between master nodes. Enhanced the stability of clusters running in a tunnel network when the nodes on the control plane are intermittently disconnected.	Fixed some security issues.
v1.19.16-r2	v1.19.16	None	Enhanced the stability in disconnecting links when a node on the cluster control plane is powered off. Enhanced the stability when volumes are concurrently mounted for pods.	Fixed some security issues.
v1.19.16-r1	v1.19.16	None	Enhanced the stability of EulerOS 2.9 NetworkManager.	Fixed some security issues.
v1.19.16-r0	v1.19.16	None	Enhanced the stability in updating LoadBalancer Services when workloads are upgraded and nodes are scaled in or out.	Fixed some security issues and the following CVE vulnerabilities: CVE-2021-25741 CVE-2021-25737
v1.19.10-r0	v1.19.10	CCE clusters v1.19 are released for the first time. For more information, see Kubernetes 1.19 Release Notes.	None	None

Parent Topic: Cluster Version Release Notes

Previous topic: Release Notes for Kubernetes 1.9 (EOM) and Earlier Versions

Next topic: Buying a Cluster

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot