Skip to content

You're not viewing the latest version. Click here to go to latest.

Kyverno Authz Server

Authz Server

Initializing search

kyverno/kyverno-authz

Home
Getting Started
Authz Server
Policies
Tutorials
Reference
Community

Kyverno Authz Server

kyverno/kyverno-authz

Home
Getting Started
Getting Started
- Kubernetes installation
- Local installation
- Shell Completion
- Policy Sources
- First policy
- Hello World
  Hello World
- Next Steps
Authz Server
Authz Server
- Envoy
  Envoy
- HTTP
  HTTP
Policies
Policies
- Envoy Policy Breakdown
- HTTP Policy Breakdown
- CEL extensions
  CEL extensions
Tutorials
Tutorials
Reference
Reference
Community
Community

Table of contents

Key Capabilities
Running Modes

Authz Server¶

The Kyverno Authz Server provides programmable and flexible, policy-based authorization for Envoy proxies and HTTP services.

It uses Kyverno policies written in CEL (Common Expression Language) to deliver fine-grained, context-aware access control and make a decision given an input request description.

Info

The Kyverno Authz Server runs seamlessly in Kubernetes or as a standalone service outside Kubernetes environments.

Key Capabilities¶

Dual-mode operation – Works with Envoy (gRPC) or standalone HTTP services
Programmable – Adapts to the underlying protocol (NGINX, Traefik, ...)
Policy-driven authorization – Write policies using CEL with your decision logic for fast evaluation
External data integration – Query HTTP services, fetch Kubernetes resources or OCI images data for decision-making
Lightweight sidecar model – Low-latency local enforcement with centralized policy management

Running Modes¶

Envoy Support
HTTP Support

Envoy Authz Server

Made with ❤️ by Kyverno contributors.

Made with Material for MkDocs