https://github.com/kyverno/kyverno-authz

Kyverno policies based authorization ❤️
https://github.com/kyverno/kyverno-authz

authorization envoy http istio kyverno mesh

Last synced: 5 months ago
JSON representation

Kyverno policies based authorization ❤️

• Host: GitHub
• URL: https://github.com/kyverno/kyverno-authz
• Owner: kyverno
• License: apache-2.0
• Created: 2025-11-05T06:53:12.000Z (7 months ago)
• Default Branch: main
• Last Pushed: 2026-01-13T09:25:59.000Z (5 months ago)
• Last Synced: 2026-01-13T10:35:21.670Z (5 months ago)
• Topics: authorization, envoy, http, istio, kyverno, mesh
• Language: Go
• Homepage: https://kyverno.github.io/kyverno-authz/
• Size: 13.9 MB
• Stars: 8
• Watchers: 0
• Forks: 5
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: CODEOWNERS

Awesome Lists containing this project

README

          
# kyverno-authz

A flexible authorization service that enforces Kyverno policies for **Envoy proxies** and **plain HTTP services**. This authz server enables you to apply Kyverno's powerful policy engine to secure and control access to your APIs and services.

## Overview 

The Kyverno Authz Server provides authorization capabilities in two modes:

### 🔌 Envoy Integration

Integrates with [Envoy](https://www.envoyproxy.io/docs/envoy/latest/intro/what_is_envoy)'s [External Authorization filter](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ext_authz_filter.html) (v1.7.0+) to make authorization decisions based on Kyverno policies. Perfect for service mesh architectures and API gateway deployments.

### 🌐 HTTP Authorization Server

Works as a standalone HTTP authorization server that can protect any HTTP service. Your application forwards authorization requests to the authz server, which evaluates them against Kyverno policies and returns allow/deny decisions.

**WARNING: ⚠️ kyverno-authz is in development stage.**

## 📙 Documentation

Installation and reference documents are available [here](https://kyverno.github.io/kyverno-authz)

👉 **[Quick Start](https://kyverno.github.io/kyverno-authz/latest/quick-start/)**

👉 **[Kubernetes Installation](https://kyverno.github.io/kyverno-authz/latest/quick-start/kube-install/)**

👉 **[Local Installation](https://kyverno.github.io/kyverno-authz/latest/quick-start/local-install/)**

## RoadMap

For detailed information on our planned features and upcoming updates, please [view our Roadmap](./ROADMAP.md).

## 🙋‍♂️ Getting Help

We are here to help!

👉 For feature requests and bugs, file an [issue](https://github.com/kyverno/kyverno-authz/issues).

👉 For discussions or questions, join the [Kyverno Slack channel](https://slack.k8s.io/#kyverno).

👉 To get notified on updates ⭐️ [star this repository](https://github.com/kyverno/kyverno-authz/stargazers).

## ➕ Contributing

Thanks for your interest in contributing to Kyverno! Here are some steps to help get you started:

✔ Look through the [good first issues](https://github.com/kyverno/kyverno-authz/labels/good%20first%20issue) list. Add a comment with `/assign` to request the assignment of the issue.

✔ Check out the Kyverno [Community page](https://kyverno.io/community/) for other ways to get involved.

## License

Copyright 2023, the Kyverno project. All rights reserved. kyverno-authz is licensed under the [Apache License 2.0](LICENSE).