Deploy Cerbos to Kubernetes with Helm
Install and manage the Cerbos PDP on Kubernetes using the official Helm chart with production-ready defaults.
Production defaults
The chart ships with sensible defaults for resource limits, health checks, and service configuration
Configurable policy sources
Load policies from the filesystem, a Git repository, or Cerbos Hub using Helm values
Observable
Built-in support for Prometheus metrics, distributed tracing, and structured logging
What is Cerbos?
Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.
Deploying Cerbos via Helm gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.
How to deploy Cerbos with Helm
- Add the Cerbos Helm repository, Run
helm repo add cerbos https://download.cerbos.dev/helm-chartsto register the chart source. - Install the chart, Run
helm install cerbos cerbos/cerbosto deploy the Cerbos PDP into your Kubernetes cluster. - Configure via Helm values, Set your policy source, replica count, resource limits, and observability settings in a values file or with
--setflags. - Connect your application, Use a Cerbos SDK to send authorization checks from your services to the deployed PDP.
FAQ
How do I install Cerbos with Helm?
Add the Cerbos Helm chart repository, then install the chart into your cluster. The chart supports configuring policy sources, resource limits, replicas, and observability settings through standard Helm values.
Does Cerbos require any external dependencies?
No. Cerbos is fully stateless and requires no external database or message queue. Policies can be loaded from the filesystem, a Git repository, or Cerbos Hub, no additional infrastructure needed.
Can I run Cerbos as a sidecar with Helm?
The Helm chart deploys Cerbos as a standalone service by default. For sidecar deployments, add the Cerbos container directly to your application pod spec rather than using the chart.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + Helm
- Cerbos runs alongside your workloads in Helm
- No external databases or message queues required
- Built-in metrics, distributed tracing, and structured logging
- Stateless PDP instances scale horizontally
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.