OpenSearch Kubernetes Operator 3.0 Alpha delivers production-ready stability with quorum-safe rolling restarts, multi-namespace support, TLS hot reloading, and gRPC support.

We're excited to announce the alpha release of OpenSearch Kubernetes Operator 3.0 - a release that fundamentally transforms the reliability and production-readiness of running OpenSearch on Kubernetes.

If you've been running OpenSearch in Kubernetes with previous operator versions, you've likely experienced the pain points firsthand: upgrade deadlocks, split-brain scenarios during rolling restarts, cluster instability during error states, and a host of edge cases that made production operations more stressful than they needed to be. This release changes that.

Today we are releasing 3.0 Alpha, on the way to release a fully stable and tested 3.0 GA in a few weeks.

Why This Release Matters

Previous versions of the OpenSearch Kubernetes Operator had significant stability and resiliency issues. We've seen these problems across our customer environments running OpenSearch on Kubernetes at various scales and configurations. Clusters would get into problematic states during upgrades, rolling restarts could violate quorum safety, and recovery from error conditions was often unreliable.

OpenSearch Kubernetes Operator 3.0 represents a substantial rewrite focused on one goal—making the operator production-ready. With over 100 meaningful changes, this release addresses critical bugs, implements long-requested features, and adds support for exciting new OpenSearch 3.0 capabilities like the gRPC API.

Key Improvements

Quorum-Safe Operations

The operator now performs intelligent, safe rolling restarts across node pools while maintaining cluster quorum throughout. This prevents split-brain scenarios and downtime, significantly improving upgrade reliability in complex deployments like multi-AZ and multi-tier environments. SmartScaler is now enabled by default, bringing these protections to all users out of the box.

Multi-Namespace and Multi-Tenant Support

A long-awaited feature is finally here. You can now manage clusters across multiple namespaces, with namespace-scoped RBAC support in Helm charts. This dramatically improves multi-tenant deployments and organizational separation.

TLS Certificate Hot Reloading

No more pod restarts for certificate rotation. Clusters automatically reload TLS certificates, enabling seamless rotation aligned with your organization's security policies. Certificate durations are now configurable, and we've added a DisableSSL option for development and testing environments.

Enhanced Flexibility

Init-containers and sidecars are now fully supported for both OpenSearch and Dashboard pods. This enables custom initialization workflows, log shipping, monitoring agents, and service mesh integration—all the production patterns you'd expect.

We've also added NFS volume support, custom PVC labels and annotations, topology spread constraints, and host aliases for custom DNS resolution.

OpenSearch 3.0 Support

The gRPC port is now exposed and fully configurable, allowing you to take full advantage of the new gRPC support introduced in OpenSearch 3.0. The operator also properly handles searchable snapshots and other recent OpenSearch additions.

Critical Bug Fixes

This release resolves numerous issues that caused production headaches:

  • Deadlocks when upgrading to OpenSearch 3.0
  • Unnecessary full cluster restarts
  • Version constraint checking failures for pre-release versions
  • Node version mismatch detection problems during upgrades
  • Issues with additionalConfig and environment variable application
  • Admin certificate generation and SSL verification mode handling
  • JVM heap size parameters not being applied
  • Illegal Pod spec updates causing recreation loops

API Migration: opensearch.opster.io to opensearch.org

The operator is transitioning from opensearch.opster.io/v1 to opensearch.org/v1, aligning with the OpenSearch project branding. Both API groups are supported in this release, with automatic migration handling the transition seamlessly. The old API group will be deprecated over the next 2-3 major releases before removal.

Breaking Changes to Review

Before upgrading, be aware of these defaults that have changed:

  • SmartScaler is now enabled by default
  • Security TLS is enabled by default for transport and REST API
  • SetVMMaxMapCount now defaults to true
  • Validation webhooks are active and will reject invalid configurations
  • kube-rbac-proxy has been removed (update custom monitoring configurations)
  • Default password must be set explicitly or auto-generated

The Team Behind This Release

This release wouldn't have been possible without the dedicated work of the BigData Boutique team, led by Itamar Syn-Hershko, an OpenSearch Ambassador. Jose Barato, Ryan Patterson, and Lior Friedler invested significant effort in the substantial rewrites required to achieve stability across various conditions. We also want to acknowledge veteran maintainer Prudhvi Godithi and the OpenSearch community contributors who tested and provided feedback throughout development.

Enterprise Support for OpenSearch on Kubernetes

At BigData Boutique, we deliver this work as part of our commitment to customers running OpenSearch on Kubernetes for production workloads. We provide enterprise support for OpenSearch including the Kubernetes Operator, helping organizations confidently run search and analytics infrastructure at scale.

If you're running OpenSearch in production and need reliable operations, expert guidance, or enterprise support, we're here to help.

Getting Started

This alpha release is what we believe to be a stable version for existing users to try. We recommend:

  1. Start with lower environments first
  2. Test the migration in non-production
  3. Progress to production as your confidence grows

In the weeks following this release, assuming no major issues are discovered, we'll release a Beta. Two weeks after no release-blockers are found in beta, we'll ship OpenSearch Kubernetes Operator 3.0 GA.

If you already have an older operator version deployed - make sure to follow the migration guide.

Get Involved

We've put significant effort into building and testing this operator, and we look forward to your feedback. Here's how to participate:

Take the new operator for a spin. We're confident you'll find it to be a significant improvement over previous versions.