A flexible authorization service that enforces Kyverno policies for Envoy proxies and plain HTTP services. This authz server enables you to apply Kyverno's powerful policy engine to secure and control access to your APIs and services.
The Kyverno Authz Server provides authorization capabilities in two modes:
Integrates with Envoy's External Authorization filter (v1.7.0+) to make authorization decisions based on Kyverno policies. Perfect for service mesh architectures and API gateway deployments.
Works as a standalone HTTP authorization server that can protect any HTTP service. Your application forwards authorization requests to the authz server, which evaluates them against Kyverno policies and returns allow/deny decisions.
WARNING:
Installation and reference documents are available here
For detailed information on our planned features and upcoming updates, please view our Roadmap.
We are here to help!
👉 For feature requests and bugs, file an issue.
👉 For discussions or questions, join the Kyverno Slack channel.
👉 To get notified on updates ⭐️ star this repository.
Thanks for your interest in contributing to Kyverno! Here are some steps to help get you started:
✔ Look through the good first issues list. Add a comment with /assign to request the assignment of the issue.
✔ Check out the Kyverno Community page for other ways to get involved.
Copyright 2023, the Kyverno project. All rights reserved. kyverno-authz is licensed under the Apache License 2.0.