Skip to content

CLI tooling replacement for r10k/g10k with native OCI support #138

New issue
New issue
Open
Open
CLI tooling replacement for r10k/g10k with native OCI support#138
Labels
ideaJust an Idea
@slauger

Description

@slauger
slauger
opened on Mar 17, 2026

Summary

A standalone Go-based CLI tool that replaces r10k and g10k for deploying Puppet environments and modules. Unlike existing tools, it should natively support building OCI images from Puppet code for use with openvox-operator.

Motivation

Both r10k and g10k have served the Puppet community well, but come with limitations:

  • r10k requires a Ruby runtime and uses the Puppetfile DSL — a Ruby-based format that is hard to parse, validate, or generate from other tooling
  • g10k is written in Go but still relies on the Puppetfile format and lacks OCI/container integration
  • Neither tool supports building OCI images from deployed environments, which is needed for Kubernetes-native Puppet workflows (e.g. OCI image volumes in K8s 1.35+)

A modern replacement should be a single static binary with no runtime dependencies, use a clean YAML-based configuration, and integrate natively with container registries.

Proposed Features

  • YAML-based configuration — no Puppetfile, no Ruby DSL, clean and machine-readable
  • Git-first workflow — bare clone caching, parallel fetches, atomic deploys
  • Offline-capable — separate mirror and deploy phases, decouple network access from deployment
  • OCI image building — package Puppet environments as OCI images, push to container registries
  • Lockfile support — deterministic, reproducible deployments with version pinning
  • Diff/dry-run mode — show what would change before deploying

Relation to openvox-operator

The openvox-operator supports mounting Puppet code via OCI image volumes. This tool would be the build-side counterpart — packaging Puppet code into OCI images that the operator can consume. Together they form a complete GitOps pipeline for Puppet on Kubernetes:

  1. openvox-code build packages environments as OCI images
  2. openvox-operator deploys them immutably via image volumes

Scope

This is a standalone project in a separate repository: slauger/openvox-code. This issue tracks the requirement from the operator side and links to the related work.

Related

  • slauger/openvox-code — the repository for this tool
  • #20 — CLI tool for manual certificate signing via CA REST API

Metadata

Metadata

Assignees

No one assigned

    Labels

    ideaJust an Idea

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions