Veto/docs

Azure AKS BYOC install

Install Veto BYOC on Azure Kubernetes Service.

helm install veto-operator oci://ghcr.io/plawio/charts/veto-operator --namespace veto-operator-system --create-namespace --set vetoCluster.create=true --set vetoCluster.storage.driver=sqlite --set networkPolicy.kubeApiCIDR=<your-aks-api-cidr>

Run Veto with your own AKS identities, private networking, and registry controls. Plaw does not use Azure Lighthouse, managed identity federation, or any Azure impersonation path into your tenant.

The customer plane initiates outbound HTTPS only: GHCR image pulls, the counters-only license heartbeat to license.veto.so, and optional anonymous telemetry if enabled. No policy bodies, decisions, tool-call arguments, agent IDs, user IDs, Slack content, prompts, env vars, or secrets leave the customer plane.

GCP GKE BYOC install

Install Veto BYOC on Google Kubernetes Engine.

Air-gapped BYOC install

Install Veto with no runtime egress.

On this page

No Headings
Edit this pageFeedback