All integrations
Helm
Deployment

Deploy Cerbos to Kubernetes with Helm

Install and manage the Cerbos PDP on Kubernetes using the official Helm chart with production-ready defaults.

Production defaults

Production defaults

The chart ships with sensible defaults for resource limits, health checks, and service configuration

Configurable policy sources

Configurable policy sources

Load policies from the filesystem, a Git repository, or Cerbos Hub using Helm values

Observable

Observable

Built-in support for Prometheus metrics, distributed tracing, and structured logging

What is Cerbos?

Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.

Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.

Deploying Cerbos via Helm gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.

Policy-as-codeHuman-readable YAML policies managed like source codeScalable PDPStateless policy decision point with sub-millisecond latencyCentralized managementManage, test, and deploy policies from a single control plane

How to deploy Cerbos with Helm

  1. Add the Cerbos Helm repository, Run helm repo add cerbos https://download.cerbos.dev/helm-charts to register the chart source.
  2. Install the chart, Run helm install cerbos cerbos/cerbos to deploy the Cerbos PDP into your Kubernetes cluster.
  3. Configure via Helm values, Set your policy source, replica count, resource limits, and observability settings in a values file or with --set flags.
  4. Connect your application, Use a Cerbos SDK to send authorization checks from your services to the deployed PDP.

FAQ

How do I install Cerbos with Helm?

Add the Cerbos Helm chart repository, then install the chart into your cluster. The chart supports configuring policy sources, resource limits, replicas, and observability settings through standard Helm values.

Does Cerbos require any external dependencies?

No. Cerbos is fully stateless and requires no external database or message queue. Policies can be loaded from the filesystem, a Git repository, or Cerbos Hub, no additional infrastructure needed.

Can I run Cerbos as a sidecar with Helm?

The Helm chart deploys Cerbos as a standalone service by default. For sidecar deployments, add the Cerbos container directly to your application pod spec rather than using the chart.

Learn more about Cerbos

How Cerbos worksCerbos PDPCerbos HubWebinars and ebooksFeatures & use casesSuccess stories

Related integrations

View all integrations →
Amazon EC2
Amazon EC2Standalone binary or container PDP on EC2 with full instance control
Deployment
Amazon ECS
Amazon Elastic Container ServiceStateless PDP container running as an ECS task or Fargate sidecar
Deployment
Amazon EKS
Amazon Elastic Kubernetes ServiceHelm-managed Cerbos on EKS with IRSA and Fargate support
Deployment
Amazon Elastic Beanstalk
Amazon Elastic BeanstalkMulti-container Cerbos sidecar that auto-scales with Beanstalk instances
Deployment
Amazon Lambda
AWS LambdaEmbedded in-process PDP for serverless authorization with no network hop
Deployment
AKS
Azure Kubernetes ServiceCerbos on AKS with workload identity and Helm-based lifecycle management
Deployment

Cerbos + Helm

  • Cerbos runs alongside your workloads in Helm
  • No external databases or message queues required
  • Built-in metrics, distributed tracing, and structured logging
  • Stateless PDP instances scale horizontally
Book a free policy workshopTry the Playground