This project is no longer maintained!
The project was transferred to https://github.com/kyverno/kyverno-authz.
A flexible authorization service that enforces Kyverno policies for Envoy proxies and plain HTTP services. This plugin enables you to apply Kyverno's powerful policy engine to secure and control access to your APIs and services.
The Kyverno Envoy plugin provides authorization capabilities in two modes:
Integrates with Envoy's External Authorization filter (v1.7.0+) to make authorization decisions based on Kyverno policies. Perfect for service mesh architectures and API gateway deployments.
Works as a standalone HTTP authorization server that can protect any HTTP service. Your application forwards authorization requests to the plugin, which evaluates them against Kyverno policies and returns allow/deny decisions.
WARNING:
Kyverno Envoy plugin installation and reference documents are available here
For detailed information on our planned features and upcoming updates, please view our Roadmap.
We are here to help!
👉 For feature requests and bugs, file an issue.
👉 For discussions or questions, join the Kyverno Slack channel.
👉 To get notified on updates ⭐️ star this repository.
Thanks for your interest in contributing to Kyverno! Here are some steps to help get you started:
✔ Look through the good first issues list. Add a comment with /assign to request the assignment of the issue.
✔ Check out the Kyverno Community page for other ways to get involved.
Copyright 2023, the Kyverno project. All rights reserved. kyverno-envoy-plugin is licensed under the Apache License 2.0.