Patch Version Release Notes

• HTTPS is supported for Service/ingress health checks.

• CCE supports Pod Identity, which provides secure and dynamic identity credentials for pods.
• Services and Ingresses support QUIC listeners.

• Traffic mirroring is supported in the advanced forwarding policies of LoadBalancer ingresses.
• Cluster certificate expiration alerts and updates are supported.
• Image password-free download can be configured for node pools. Workloads running on nodes can automatically download images using the agency permissions of the nodes.
• Pod CIDR reservation can be enabled (O&M > Network Settings) for clusters that use the VPC network model to prevent conflicts between new subnet CIDR blocks and container CIDR blocks.

• Service accounts that use TokenRequest support enhanced node authentication.
• The number of nodes in a scaling group was optimized, and the actual number of ready nodes can be displayed.

• HTTPS is supported for Service/ingress health checks.

• CCE supports Pod Identity, which provides secure and dynamic identity credentials for pods.
• Services and Ingresses support QUIC listeners.

• You can enable the kubelet's port 127.0.0.1:10255 in the node pool configuration to expose metrics over HTTP. This configuration is disabled by default.
• You can enable container-isolated resource view in the node pool configuration. Containers only access and manage their own assigned resources.

• LoadBalancer ingresses with shared load balancers associated can be redirected from HTTP to HTTPS.
• CCE standard clusters support custom agencies for cluster-level access control.

• HTTPS is supported for Service/ingress health checks.

• CCE supports Pod Identity, which provides secure and dynamic identity credentials for pods.
• Services and Ingresses support QUIC listeners.

• Service pod scheduling can be deferred until node post-installation scripts complete.
• DataPlane V2 is available for newly created CCE clusters that use the VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters.
• AK/SK automatic updates are supported for parallel file systems of OBS.
• During the creation of a LoadBalancer Service, you can configure specific IP addresses for the ELB backend.

• AppArmor can be used to restrict container access to resources.

• Streaming encoding is supported, significantly reducing memory pressure on control plane nodes caused by LIST requests.
• The cce-pause container image can be protected against accidental deletion.
• The system labels used by the NodeLocal DNSCache add-on can be protected against accidental deletion.

• HTTPS is supported for Service/ingress health checks.

• CCE supports Pod Identity, which provides secure and dynamic identity credentials for pods.
• Services and Ingresses support QUIC listeners.

• Service pod scheduling can be deferred until node post-installation scripts complete.
• DataPlane V2 is available for newly created CCE clusters that use the VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters.
• AK/SK automatic updates are supported for parallel file systems of OBS.
• During the creation of a LoadBalancer Service, you can configure specific IP addresses for the ELB backend.

• AppArmor can be used to restrict container access to resources.

• Streaming encoding is supported, significantly reducing memory pressure on control plane nodes caused by LIST requests.
• The cce-pause container image can be protected against accidental deletion.
• The system labels used by the NodeLocal DNSCache add-on can be protected against accidental deletion.

• Nodes added during a node pool scale-out can be automatically bound with EIPs.
• ELB ingresses allow you to specify backend server groups for forwarding.

• LoadBalancer ingresses support more advanced forwarding actions and return fixed responses.
• DataPlane V2 is available for CCE Turbo clusters. After DataPlane V2 is enabled, you can configure network policies for these clusters.

• During a cluster upgrade, you can scale out the nodes in the cluster.
• You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.

• HTTPS is supported for Service/ingress health checks.

• CCE supports Pod Identity, which provides secure and dynamic identity credentials for pods.
• Services and Ingresses support QUIC listeners.

• Nodes added during a node pool scale-out can be automatically bound with EIPs.
• ELB ingresses allow you to specify backend server groups for forwarding.

• LoadBalancer ingresses support more advanced forwarding actions and return fixed responses.
• DataPlane V2 is available for newly created CCE standard and Turbo clusters that use VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters.

• During a cluster upgrade, you can scale out the nodes in the cluster.
• You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.

• LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
• LoadBalancer ingresses support cross-origin access.

• You can change a node password when updating its node pool.
• A node can be attached with no data disks.
• When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
• The default image address can be specified for Docker node pools.

• When deleting a cluster, CCE enables you to select which log groups to delete.
• When a node is created using a private image, the image password can be retained.
• CCE supports GPU rendering.

• HTTPS is supported for Service/ingress health checks.

• CCE supports Pod Identity, which provides secure and dynamic identity credentials for pods.
• Services and Ingresses support QUIC listeners.

• Nodes added during a node pool scale-out can be automatically bound with EIPs.
• ELB ingresses allow you to specify backend server groups for forwarding.

• LoadBalancer ingresses support more advanced forwarding actions and return fixed responses.
• DataPlane V2 is available for newly created CCE standard and Turbo clusters that use VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters.

• During a cluster upgrade, you can scale out the nodes in the cluster.
• You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.

• LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.

• You can change a node password when updating its node pool.
• A node can be attached with no data disks.
• When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
• The default image address can be specified for Docker node pools.

• CCE ingresses support traffic distribution based on custom HTTP headers.
• Scaling priority policies can be configured for third-party workloads.
• You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
• You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.

• An in-progress node drainage can be canceled.
• When updating a node pool, you can change its agency name, prefix, and suffix.
• Kubernetes labels and taints of a node are retained after the node is reset.
• Both the Kubernetes service account token volume projection and the load scaling controller can be configured.

• HTTPS is supported for Service/ingress health checks.

• CCE supports Pod Identity, which provides secure and dynamic identity credentials for pods.
• Services and Ingresses support QUIC listeners.

• Nodes added during a node pool scale-out can be automatically bound with EIPs.
• ELB ingresses allow you to specify backend server groups for forwarding.

• LoadBalancer ingresses support more advanced forwarding actions and return fixed responses.
• DataPlane V2 is available for newly created CCE standard and Turbo clusters that use VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters.

• During a cluster upgrade, you can scale out the nodes in the cluster.
• You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.

• LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.

• You can change a node password when updating its node pool.
• A node can be attached with no data disks.
• When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
• The default image address can be specified for Docker node pools.

• CCE ingresses support traffic distribution based on custom HTTP headers.
• Scaling priority policies can be configured for third-party workloads.
• You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
• You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.

• An in-progress node drainage can be canceled.
• When updating a node pool, you can change its agency name, prefix, and suffix.
• Kubernetes labels and taints of a node are retained after the node is reset.
• Both the Kubernetes service account token volume projection and the load scaling controller can be configured.

LoadBalancer Services and ingresses allow you to:

• Configure SNI.
• Enable HTTP/2.
• Configure idle timeout, request timeout, and response timeout.

• You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.

• The prefix and suffix of a node name can be customized in node pools.
• In CCE Turbo clusters, you can create container networks for workloads and specify pod subnets.
• LoadBalancer ingresses support gRPC.
• LoadBalancer Services allow you to specify a private IP address for a load balancer during Service creation using YAML.

• Accelerated the startup speed for creating a large number of secure containers in a CCE Turbo cluster.
• Improved the stability when secure containers are repeatedly created or deleted in a CCE Turbo cluster.

• Nodes added during a node pool scale-out can be automatically bound with EIPs.
• ELB ingresses allow you to specify backend server groups for forwarding.

• LoadBalancer ingresses support more advanced forwarding actions and return fixed responses.
• DataPlane V2 is available for newly created CCE standard and Turbo clusters that use VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters.

• During a cluster upgrade, you can scale out the nodes in the cluster.
• You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.

• LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.

• You can change a node password when updating its node pool.
• A node can be attached with no data disks.
• When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
• The default image address can be specified for Docker node pools.

• CCE ingresses support traffic distribution based on custom HTTP headers.
• Scaling priority policies can be configured for third-party workloads.
• You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
• You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.

• An in-progress node drainage can be canceled.
• When updating a node pool, you can change its agency name, prefix, and suffix.
• Kubernetes labels and taints of a node are retained after the node is reset.
• Both the Kubernetes service account token volume projection and the load scaling controller can be configured.

LoadBalancer Services and ingresses allow you to:

• Configure SNI.
• Enable HTTP/2.
• Configure idle timeout, request timeout, and response timeout.

• Volcano supports node pool affinity scheduling.
• Volcano supports workload rescheduling.

• Both soft eviction and hard eviction are supported in node pool configurations.

• Nodes added during a node pool scale-out can be automatically bound with EIPs.
• ELB ingresses allow you to specify backend server groups for forwarding.

• LoadBalancer ingresses support more advanced forwarding actions and return fixed responses.
• DataPlane V2 is available for newly created CCE standard and Turbo clusters that use VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters.

• During a cluster upgrade, you can scale out the nodes in the cluster.
• You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.

• LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.

• You can change a node password when updating its node pool.
• A node can be attached with no data disks.
• When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
• The default image address can be specified for Docker node pools.

• CCE ingresses support traffic distribution based on custom HTTP headers.
• Scaling priority policies can be configured for third-party workloads.
• You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
• You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.

• An in-progress node drainage can be canceled.
• When updating a node pool, you can change its agency name, prefix, and suffix.
• Kubernetes labels and taints of a node are retained after the node is reset.
• Both the Kubernetes service account token volume projection and the load scaling controller can be configured.

LoadBalancer Services and ingresses allow you to:

• Configure SNI.
• Enable HTTP/2.
• Configure idle timeout, request timeout, and response timeout.

• Volcano supports node pool affinity scheduling.
• Volcano supports workload rescheduling.

• Both soft eviction and hard eviction are supported in node pool configurations.

• LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.

• You can change a node password when updating its node pool.
• A node can be attached with no data disks.
• When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
• The default image address can be specified for Docker node pools.

• CCE ingresses support traffic distribution based on custom HTTP headers.
• Scaling priority policies can be configured for third-party workloads.
• You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
• You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.

• An in-progress node drainage can be canceled.
• When updating a node pool, you can change its agency name, prefix, and suffix.
• Kubernetes labels and taints of a node are retained after the node is reset.
• Both the Kubernetes service account token volume projection and the load scaling controller can be configured.

LoadBalancer Services and ingresses allow you to:

• Configure SNI.
• Enable HTTP/2.
• Configure idle timeout, request timeout, and response timeout.

• Volcano supports node pool affinity scheduling.
• Volcano supports workload rescheduling.

• Both soft eviction and hard eviction are supported in node pool configurations.
• TMS tags can be added to automatically created EVS disks to facilitate cost management.

• Enhanced Docker reliability during upgrades.
• Optimized node time synchronization.

• Fault detection and isolation are supported on GPU nodes.
• Security groups can be customized by cluster.
• CCE Turbo clusters support network interface pre-binding by node.
• containerd is supported.

• Upgraded the etcd version of the master node to the Kubernetes version 3.5.6.
• Optimized scheduling so that pods are evenly distributed across AZs after pods are scaled in.
• Optimized the memory usage of kube-apiserver when CRDs are frequently updated.

• CVE-2022-3294
• CVE-2022-3162
• CVE-2022-3172
• CVE-2021-25749

• Volcano supports node pool affinity scheduling.
• Volcano supports workload rescheduling.

• Both soft eviction and hard eviction are supported in node pool configurations.

• Enhanced Docker reliability during upgrades.
• Optimized node time synchronization.
• Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.

• Fault detection and isolation are supported on GPU nodes.
• Security groups can be customized by cluster.
• CCE Turbo clusters support network interface pre-binding by node.

• CVE-2022-3294
• CVE-2022-3162
• CVE-2022-3172

• Volcano supports node pool affinity scheduling.
• Volcano supports workload rescheduling.

• Both soft eviction and hard eviction are supported in node pool configurations.

• Cloud Native Network 2.0 allows you to specify subnets for a namespace.
• Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
• Optimized the performance of CCE Turbo clusters in allocating network interfaces if not all network interfaces are pre-bound.

• Fault detection and isolation are supported on GPU nodes.
• Security groups can be customized by cluster.
• CCE Turbo clusters support network interface pre-binding by node.

• Scheduling is optimized on taint nodes.
• Enhanced the long-term running stability of containerd when cores are bound.
• Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
• Optimized the memory usage of kube-apiserver when CRDs are frequently updated.

• CVE-2022-3294
• CVE-2022-3162
• CVE-2022-3172

• CVE-2021-25741
• CVE-2021-25737