The Wire · Showcase
ETCD STREAMING LANDS IN APISERVER, KSM PATCHES CRITICAL GOLANG VULNS
By RepoJournal · Filed · About Kubernetes
Kubernetes apiserver is shipping etcd RangeStream support with proper metrics instrumentation, while kube-state-metrics dropped an emergency security release addressing high-severity Go vulnerabilities.
The apiserver deck landed three interconnected changes that overhaul how list operations work at the etcd layer. First, the FeatureSupportChecker now gates RangeStream availability [1], so clusters on etcd 3.7+ use streaming lists while older deployments fall back to pagination without retry loops. Metrics instrumentation follows: listStream operations now record duration and errors over the full stream consumption [2], not just the initial handshake, giving you real visibility into compaction errors mid-stream. Watch cache architecture got a structural cleanup [3] that separates watch history from storage concerns, aligning the codebase with etcd's own patterns. Meanwhile, kube-state-metrics v2.19.1 [4] ships with Go 1.26.4 and addresses CVE-2026-42504 plus several high-scoring vulnerabilities in golang.org/x/net, oauth2, sys, term, and text. The konnectivity network proxy upgraded to v0.36 [5] across the main repo, adding pending backend request timeout options and enforcing server-ca-cert validation in TCP mode. On the test-infra front, EOL Kubernetes 1.32 jobs are being dropped [6], removing 869 conformance jobs from the grid and fixing recurring kOps CI failures. Documentation updates continue across Japanese and Chinese localization [7], [8], [9].
Action items
- → Upgrade kube-state-metrics to v2.19.1 immediately kubernetes/kube-state-metrics [immediate]
- → Review etcd 3.7+ RangeStream support in your clusters; pagination fallback is automatic kubernetes/kubernetes [plan]
- → Validate listStream metrics in your observability pipeline kubernetes/kubernetes [monitor]
- → Remove any pinned k8s 1.32 jobs from internal CI configurations kubernetes/test-infra [plan]
References
- [1] Merge pull request #139542 from Jefftree/rangestream-feature-support-checker kubernetes/apiserver
- [2] Merge pull request #139601 from Jefftree/fix-liststream-metrics kubernetes/apiserver
- [3] Merge pull request #139655 from serathius/watchcache-split-structs kubernetes/apiserver
- [4] v2.19.1 ↗ kubernetes/kube-state-metrics
- [5] Merge pull request #139636 from cheftako/anp-release kubernetes/apiserver
- [6] Drop EOL Kubernetes 1.32 e2e jobs ↗ kubernetes/test-infra
- [7] [ja] Update i18n/ja.toml ↗ kubernetes/website
- [8] [ja] Unify cluster katakana notation ↗ kubernetes/website
- [9] [zh-cn]sync preview-locally ↗ kubernetes/website
FAQ
- What changed in Kubernetes on June 12, 2026?
- Kubernetes apiserver is shipping etcd RangeStream support with proper metrics instrumentation, while kube-state-metrics dropped an emergency security release addressing high-severity Go vulnerabilities.
- What should Kubernetes teams do about it?
- Upgrade kube-state-metrics to v2.19.1 immediately • Review etcd 3.7+ RangeStream support in your clusters; pagination fallback is automatic • Validate listStream metrics in your observability pipeline
- Which Kubernetes repositories shipped on June 12, 2026?
- kubernetes/apiserver, kubernetes/kube-state-metrics, kubernetes/test-infra, kubernetes/website