OpenVoxProject · sratslla · Mar 17, 2026 · Mar 19, 2026
@@ -501,6 +501,21 @@ The following table lists the configurable parameters of the Puppetserver chart
 | `puppetboard.ingress.extraLabels`| puppetboard ingress extraLabels |``|
 | `puppetboard.ingress.hosts`| puppetboard ingress hostnames |``|
 | `puppetboard.ingress.tls`| puppetboard ingress tls configuration |``|
+| `openvoxview.enabled` | OpenVox View availability | `false`|
+| `openvoxview.name` | OpenVox View component label | `openvoxview`|
+| `openvoxview.image` | OpenVox View image | `ghcr.io/voxpupuli/openvoxview`|
+| `openvoxview.tag` | OpenVox View image tag | `latest`|
+| `openvoxview.port` | OpenVox View container port | `5000`|
+| `openvoxview.pullPolicy` | OpenVox View image pull policy | `IfNotPresent`|
+| `openvoxview.resources` | OpenVox View resource limits |``|
+| `openvoxview.extraEnv` | OpenVox View additional container env vars |``|
+| `openvoxview.extraEnvSecret` | OpenVox View additional container env vars from pre-existing secret |``|
+| `openvoxview.service.targetPort` | target port for the OpenVox View service port |`openvoxview`|
+| `openvoxview.ingress.enabled`| OpenVox View ingress creation enabled |`false`|
+| `openvoxview.ingress.annotations`| OpenVox View ingress annotations |``|
+| `openvoxview.ingress.extraLabels`| OpenVox View ingress extraLabels |``|
+| `openvoxview.ingress.hosts`| OpenVox View ingress hostnames |``|
+| `openvoxview.ingress.tls`| OpenVox View ingress tls configuration |``|
 | `hiera.name` | hiera component label | `hiera`|
 | `hiera.hieradataurl`| hieradata repo url |``|
 | `hiera.config`| hieradata yaml config |``|
@@ -621,6 +636,27 @@ jobs | grep 'port-forward' | grep 'puppetserver'
 kill %[job_numbers_above]
 ```
 
+### Example: Enabling OpenVox View
+
+To enable the OpenVox View dashboard as a sidecar on the PuppetDB pod, you can use a values file similar to:
+
+```yaml
+openvoxview:
+  enabled: true
+  image: ghcr.io/voxpupuli/openvoxview
+  tag: latest
+  port: 5000
+  ingress:
+    enabled: true
+    hosts:
+      - openvoxview.example.com
+
+puppetboard:
+  enabled: false
+```
+
+You can also enable both dashboards at the same time by setting both `openvoxview.enabled` and `puppetboard.enabled` to `true` and configuring distinct ingress hosts or paths.
+
 ## Credits
 
 * [Miroslav Hadzhiev](https://www.linkedin.com/in/mehadzhiev/), Lead Author and Owner

@@ -123,6 +123,16 @@ app.kubernetes.io/component: {{ .Values.puppetboard.name }}
 {{ include "puppetserver.common.matchLabels" . }}
 {{- end -}}
 
+{{- define "puppetserver.openvoxview.labels" -}}
+{{ include "puppetserver.openvoxview.matchLabels" . }}
+{{ include "puppetserver.common.metaLabels" . }}
+{{- end -}}
+
+{{- define "puppetserver.openvoxview.matchLabels" -}}
+app.kubernetes.io/component: {{ .Values.openvoxview.name }}
+{{ include "puppetserver.common.matchLabels" . }}
+{{- end -}}
+
 {{- define "puppetserver.puppetserver.labels" -}}
 {{ include "puppetserver.puppetserver.matchLabels" . }}
 {{ include "puppetserver.common.metaLabels" . }}

@@ -0,0 +1,53 @@
+{{- if and .Values.openvoxview.enabled .Values.openvoxview.ingress.enabled }}
+{{- $releaseName := .Release.Name -}}
+{{- $serviceName := ( include "puppetdb.fullname" . ) }}
+{{- $servicePort := .Values.openvoxview.port -}}
+{{- $pathType := .Values.openvoxview.ingress.pathType | default "ImplementationSpecific" -}}
+{{- $apiIsStable := eq (include "puppetserver.ingress.isStable" .) "true" -}}
+{{- $ingressSupportsPathType := eq (include "puppetserver.ingress.supportsPathType" .) "true" -}}
+apiVersion: {{ include "puppetserver.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  {{- if .Values.openvoxview.ingress.annotations }}
+  annotations:
+    {{ toYaml .Values.openvoxview.ingress.annotations | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "puppetserver.puppetdb.labels" . | nindent 4 }}
+    {{- range $key, $value := .Values.openvoxview.ingress.extraLabels }}
+    {{ $key }}: {{ $value }}
+    {{- end }}
+  name: {{ template "puppetdb.fullname" . }}-openvoxview
+spec:
+  {{- if $apiIsStable }}
+  {{- if .Values.openvoxview.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.openvoxview.ingress.ingressClassName }}
+  {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.openvoxview.ingress.hosts }}
+    {{- $url := splitList "/" . }}
+    - host: {{ first $url }}
+      http:
+        paths:
+          - path: {{ if gt (len $url) 1 }}{{ printf "/%s" (join "/" (rest $url)) }}{{ else }} / {{ end }}
+            {{- if $ingressSupportsPathType }}
+            pathType: {{ $pathType }}
+            {{- end }}
+            backend:
+              {{- if $apiIsStable }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{- else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{- end }}
+    {{- end -}}
+  {{- if .Values.openvoxview.ingress.tls }}
+  tls:
+    {{ toYaml .Values.openvoxview.ingress.tls | nindent 4 }}
+  {{- end -}}
+{{- end -}}
+
@@ -218,6 +218,59 @@ spec:
             - name: puppetdb-storage
               mountPath: /opt/puppetlabs/server/data/puppetdb
         {{- end }}
+        {{- if .Values.openvoxview.enabled }}
+        - name: openvoxview
+          image: "{{.Values.openvoxview.image}}:{{.Values.openvoxview.tag}}"
+          imagePullPolicy: "{{.Values.openvoxview.pullPolicy}}"
+          resources:
+            {{- toYaml .Values.openvoxview.resources | nindent 12 }}
+          env:
+            - name: LISTEN
+              value: "0.0.0.0"
+            - name: PORT
+              value: {{ .Values.openvoxview.port | quote }}
+            - name: PUPPETDB_HOST
+              value: {{ if .Values.singleCA.enabled}}{{.Values.singleCA.puppetdb.overrideHostname}}{{ else }}{{ ( include "puppetdb.fullname" . ) }}{{ end }}
+            - name: PUPPETDB_PORT
+              value: "8081"
+            - name: PUPPETDB_TLS
+              value: "true"
+            - name: PUPPETDB_TLS_IGNORE
+              value: "false"
+            - name: PUPPETDB_TLS_CA
+              value: "/opt/puppetlabs/server/data/puppetdb/certs/certs/ca.pem"
+            - name: PUPPETDB_TLS_KEY
+              value: "/opt/puppetlabs/server/data/puppetdb/certs/private_keys/openvoxdb.pem"
+            - name: PUPPETDB_TLS_CERT
+              value: "/opt/puppetlabs/server/data/puppetdb/certs/certs/openvoxdb.pem"
+            {{- range $key, $value := .Values.global.extraEnv }}
+            - name: {{ $key }}
+              value: "{{ $value }}"
+            {{- end }}
+            {{- range $key, $value := .Values.openvoxview.extraEnv }}
+            - name: {{ $key }}
+              value: "{{ $value }}"
+            {{- end }}
+          envFrom:
+          {{- if .Values.global.extraEnvSecret }}
+            - secretRef:
+                name: {{ .Values.global.extraEnvSecret }}
+          {{- end }}
+          {{- if .Values.openvoxview.extraEnvSecret }}
+            - secretRef:
+                name: {{ .Values.openvoxview.extraEnvSecret }}
+          {{- end }}
+          ports:
+            - name: openvoxview
+              containerPort: {{ .Values.openvoxview.port }}
+          securityContext:
+            {{- toYaml .Values.openvoxview.securityContext | nindent 12 }}
+            runAsUser: {{ .Values.global.securityContext.runAsUser }}
+            runAsGroup: {{ .Values.global.securityContext.runAsGroup }}
+          volumeMounts:
+            - name: puppetdb-storage
+              mountPath: /opt/puppetlabs/server/data/puppetdb
+        {{- end }}
         {{- if and .Values.singleCA.enabled .Values.singleCA.crl.asSidecar }}
         # singleCA crl script update Sidecar
         - name: update-crl

@@ -25,6 +25,11 @@ spec:
       port: {{ .Values.puppetboard.port }}
       targetPort: {{ .Values.puppetboard.service.targetPort }}
     {{- end }}
+    {{- if .Values.openvoxview.enabled }}
+    - name: openvoxview
+      port: {{ .Values.openvoxview.port }}
+      targetPort: {{ .Values.openvoxview.service.targetPort }}
+    {{- end }}
     {{- if .Values.metrics.prometheus.enabled }}
     - name: metrics
       port: {{ .Values.metrics.prometheus.port }}

@@ -985,6 +985,61 @@ puppetboard:
     #     hosts:
     #       - puppetboard.domain.com
 
+## OpenVox View Configuration
+##
+openvoxview:
+  enabled: false
+  name: openvoxview
+  image: ghcr.io/voxpupuli/openvoxview
+  tag: v1.3.0
+  port: 5000
+  pullPolicy: IfNotPresent
+  service:
+    targetPort: openvoxview
+  resources: {}
+  #  requests:
+  #    memory: 256Mi
+  #    cpu: 200m
+  #  limits:
+  #    memory: 512Mi
+  #    cpu: 500m
+  ## Additional OpenVox View container environment variables
+  ## (these are merged on top of the defaults set by the chart)
+  ##
+  extraEnv: {}
+  ## Additional OpenVox View container environment variables from a pre-existing K8s secret
+  extraEnvSecret: ""
+  securityContext:
+    runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - all
+  ingress:
+    ## If true, OpenVox View Ingress will be created
+    ##
+    enabled: false
+    ## OpenVox View Ingress annotations
+    ##
+    annotations: {}
+      # kubernetes.io/ingress.class: nginx
+    ## OpenVox View Ingress additional labels
+    ##
+    extraLabels: {}
+    ## OpenVox View Ingress hostnames with optional path
+    ## Must be provided if Ingress is enabled
+    ##
+    hosts: []
+    #   - openvoxview.domain.com
+    #   - domain.com/openvoxview
+    ## OpenVox View Ingress TLS configuration
+    ## Secrets must be manually created in the namespace
+    ##
+    tls: []
+    #   - secretName: openvoxview-server-tls
+    #     hosts:
+    #       - openvoxview.domain.com
+
 ## Hiera Configuration for Puppet Server
 ##
 hiera: