All integrations
GKE
Deployment

Deploy Cerbos on Google Kubernetes Engine

Run the Cerbos PDP on GKE using the official Helm chart or Kubernetes manifests.

Helm or manifests

Helm or manifests

Deploy with the official Cerbos Helm chart or standard Kubernetes manifests, whichever fits your workflow

Horizontal scaling

Horizontal scaling

Cerbos is stateless and scales horizontally with replicas, no coordination required between instances

Workload Identity

Workload Identity

Use GKE Workload Identity to securely access policy sources stored in Google Cloud services

What is Cerbos?

Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.

Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.

Deploying Cerbos via Google Kubernetes Engine gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.

Policy-as-codeHuman-readable YAML policies managed like source codeScalable PDPStateless policy decision point with sub-millisecond latencyCentralized managementManage, test, and deploy policies from a single control plane

How to deploy Cerbos on Google Kubernetes Engine

  1. Install with Helm or apply manifests, Use helm install cerbos cerbos/cerbos or apply Kubernetes manifests to deploy the PDP into your GKE cluster.
  2. Configure policy loading, Point Cerbos at a ConfigMap, Git repository, or Cerbos Hub bundle for policy storage.
  3. Expose the service, Create a Kubernetes Service to make the PDP available to your application pods.
  4. Connect your services, Use a Cerbos SDK to send authorization checks from your application pods to the PDP.

FAQ

How do I deploy Cerbos on GKE?

Use the official Cerbos Helm chart or apply Kubernetes manifests to deploy the PDP into your GKE cluster. Cerbos runs as a Deployment with a Service, or as a sidecar container in your application pods.

Does Cerbos require any external dependencies?

No. Cerbos is fully stateless and requires no database or message queue. Policies can be loaded from a ConfigMap, Git repository, or Cerbos Hub.

Does Cerbos work with GKE Autopilot?

Yes. Cerbos runs as a standard container and is compatible with GKE Autopilot without modification.

Learn more about Cerbos

How Cerbos worksCerbos PDPCerbos HubWebinars and ebooksFeatures & use casesSuccess stories

Related integrations

View all integrations →
Amazon EC2
Amazon EC2Standalone binary or container PDP on EC2 with full instance control
Deployment
Amazon ECS
Amazon Elastic Container ServiceStateless PDP container running as an ECS task or Fargate sidecar
Deployment
Amazon EKS
Amazon Elastic Kubernetes ServiceHelm-managed Cerbos on EKS with IRSA and Fargate support
Deployment
Amazon Elastic Beanstalk
Amazon Elastic BeanstalkMulti-container Cerbos sidecar that auto-scales with Beanstalk instances
Deployment
Amazon Lambda
AWS LambdaEmbedded in-process PDP for serverless authorization with no network hop
Deployment
AKS
Azure Kubernetes ServiceCerbos on AKS with workload identity and Helm-based lifecycle management
Deployment

Cerbos + Google Kubernetes Engine

  • Cerbos runs alongside your workloads in Google Kubernetes Engine
  • No external databases or message queues required
  • Built-in metrics, distributed tracing, and structured logging
  • Stateless PDP instances scale horizontally
Book a free policy workshopTry the Playground