Run from container

docker run --rm --name cerbos -p 3592:3592 ghcr.io/cerbos/cerbos:0.10.0

By default, the container is configured to listen on ports 3592 (HTTP) and 3593 (gRPC) and watch for policy files on the volume mounted at /policies. You can override these by creating a new configuration file.

Create a directory to hold the config file and policies.

mkdir -p cerbos-quickstart/policies

Create a config file.

cat > cerbos-quickstart/conf.yaml <<EOF
server:
  httpListenAddr: ":3592"

storage:
  driver: "disk"
  disk:
    directory: /quickstart/policies
    watchForChanges: true
EOF

Launch the container with the new config file.

docker run --rm --name cerbos -d -v $(pwd)/cerbos-quickstart:/quickstart -p 3592:3592 ghcr.io/cerbos/cerbos:0.10.0 server --config=/quickstart/conf.yaml