Run from container
This documentation is for a previous version of Cerbos. Choose 0.39.0 from the version picker at the top right or navigate to https://docs.cerbos.dev for the latest version. |
docker run --rm --name cerbos -p 3592:3592 ghcr.io/cerbos/cerbos:0.35.1
Cerbos images can be verified using sigstore tools as follows:
|
By default, the container is configured to listen on ports 3592 (HTTP) and 3593 (gRPC) and watch for policy files on the volume mounted at /policies
. You can override these by creating a new configuration file.
Create a directory to hold the config file and policies.
mkdir -p cerbos-quickstart/policies
Create a config file.
cat > cerbos-quickstart/.cerbos.yaml <<EOF
server:
httpListenAddr: ":3592"
storage:
driver: "disk"
disk:
directory: /quickstart/policies
watchForChanges: true
EOF
Launch the container with the new config file.
docker run --rm --name cerbos -d -v $(pwd)/cerbos-quickstart:/quickstart -p 3592:3592 ghcr.io/cerbos/cerbos:0.35.1 server --config=/quickstart/.cerbos.yaml
Cerbos container images are mirrored to Docker Hub and the latest version is available at docker.io/cerbos/cerbos:0.35.1 as well. |