Install and manage the Cerbos PDP on Kubernetes using the official Helm chart with production-ready defaults.
The chart ships with sensible defaults for resource limits, health checks, and service configuration
Load policies from the filesystem, a Git repository, or Cerbos Hub using Helm values
Built-in support for Prometheus metrics, distributed tracing, and structured logging
Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.
Deploying Cerbos via Helm gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.
helm repo add cerbos https://download.cerbos.dev/helm-charts to register the chart source.helm install cerbos cerbos/cerbos to deploy the Cerbos PDP into your Kubernetes cluster.--set flags.Add the Cerbos Helm chart repository, then install the chart into your cluster. The chart supports configuring policy sources, resource limits, replicas, and observability settings through standard Helm values.
No. Cerbos is fully stateless and requires no external database or message queue. Policies can be loaded from the filesystem, a Git repository, or Cerbos Hub, no additional infrastructure needed.
The Helm chart deploys Cerbos as a standalone service by default. For sidecar deployments, add the Cerbos container directly to your application pod spec rather than using the chart.



What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.