Cerbos
Talk to an engineer
Cerbos PDP
Documentation Code Issue Tracker Discussion Forum
Cerbos Hub
Sign up Documentation
Support
Community Slack Discussion Forum Email (help@cerbos.dev)
Cerbos website

Cerbos

  • Getting started
    • What is Cerbos?
    • Quickstart
    • Tutorial
      • Intro
      • Running locally
      • Resource definition
      • Calling Cerbos
      • Testing policies
      • Adding conditions
      • Derived roles
      • Principal policies
      • Attribute schema
      • Integrating Cerbos
    • Installation
      • Binaries
      • Container
      • Helm chart
  • Cerbos API
    • Using the API
    • Admin API
  • Policies
    • Policy authoring
    • Derived roles
    • Resource policies
    • Principal policies
    • Role policies
    • Scoped policies
    • Scope permissions
    • Conditions
    • Variables and constants
    • Outputs
    • Schemas
    • Validating and testing
    • Best practices
  • Configuration
    • Audit
    • AuxData
    • Engine
    • Observability (metrics and traces)
    • Schema
    • Server
    • Storage
    • Telemetry
  • Deployment patterns
    • Cloud platforms
    • Kubernetes service
    • Kubernetes sidecar
    • Kubernetes daemonset
    • Serverless/FaaS environments
    • Systemd service
  • CLI
    • cerbos
    • cerbosctl
  • Recipes
    • Example apps
      • Photo-share application
      • Demo of securing a REST API with Cerbos
      • Modelling a multi-tenant SaaS with Cerbos
      • Admin API demo with Go and React
    • Authentication integration
      • Auth0
      • FusionAuth
      • JWT
      • Magic
      • Okta
      • AWS Cognito
    • ORM integration
      • Prisma
      • SQLAlchemy
    • Checking permissions in your UI
    • AI integration
      • RAG authorization
  • Release Notes
    • v0.43.0
    • v0.42.0
    • v0.41.0
    • Archives
      • v0.40.0
      • v0.39.0
      • v0.38.1
      • v0.37.0
      • v0.36.0
      • v0.35.1
      • v0.34.0
      • v0.33.0
      • v0.32.0
      • v0.31.0
      • v0.30.0
      • v0.29.0
      • v0.28.0
      • v0.27.0
      • v0.26.0
      • v0.25.0
      • v0.24.0
      • v0.23.1
      • v0.23.0
      • v0.22.0
      • v0.21.0
      • v0.20.0
      • v0.19.1
      • v0.19.0
      • v0.18.0
      • v0.17.0
      • v0.16.0
      • v0.15.1
      • v0.15.0
      • v0.14.0
      • v0.13.0
      • v0.12.0
      • v0.11.0
      • v0.10.0
      • v0.9.1
      • v0.9.0
      • v0.8.0
      • v0.7.0
      • v0.6.0
      • v0.5.0
  • Glossary
    • Glossary of Cerbos terms
  • Engineering
    • Why Cerbos runs as a separate process
Cerbos 0.43.0
  • Cerbos
    • 0.44.0-prerelease
    • 0.43.0
    • 0.42.0
    • 0.41.0
    • 0.40.0
    • 0.39.0
    • 0.38.1
    • 0.37.0
    • 0.36.0
    • 0.35.1
    • 0.34.0
    • 0.33.0
    • 0.32.0
  • Cerbos Hub
  • Cerbos
  • Deployment patterns
  • Kubernetes daemonset
0.44.0-prerelease 0.43.0 0.42.0 0.41.0 0.40.0 0.39.0 0.38.1 0.37.0 0.36.0 0.35.1 0.34.0 0.33.0 0.32.0
Edit this Page

Deploy Cerbos as DaemonSet

You can use the Cerbos Helm chart to deploy Cerbos as a daemonset inside your Kubernetes cluster by setting the Helm type value to daemonset. By default, the internal traffic policy is set to Local. You can change this by setting service.internalTrafficPolicy explicitly.

Refer to the Helm chart instructions to learn more about using the Cerbos Helm chart.

Kubernetes sidecar Serverless/FaaS environments
Cerbos   Copyright (C) 2020-2025 Zenauth Ltd.

[cky_video_placeholder_title]