# Sample endpoints.yaml configuration for Central.
#
# # CAREFUL: If the following line is uncommented, do not expose the default endpoint on port 8443 by default.
# # This will break normal operation.
# disableDefault: true # if true, do not serve on :8443 (1)
endpoints: (2)
# Serve plaintext HTTP only on port 8080
- listen: ":8080" (3)
# Backend protocols, possible values are 'http' and 'grpc'. If unset or empty, assume both.
protocols: (4)
- http
tls: (5)
# Disable TLS. If this is not specified, assume TLS is enabled.
disable: true (6)
# Serve HTTP and gRPC for sensors only on port 8444
- listen: ":8444" (3)
tls: (5)
# Which TLS certificates to serve, possible values are 'service' (For service certificates that Red Hat Advanced Cluster Security for Kubernetes generates)
# and 'default' (user-configured default TLS certificate). If unset or empty, assume both.
serverCerts: (7)
- default
- service
# Client authentication settings.
clientAuth: (8)
# Enforce TLS client authentication. If unset, do not enforce, only request certificates
# opportunistically.
required: true (9)
# Which TLS client CAs to serve, possible values are 'service' (CA for service
# certificates that Red Hat Advanced Cluster Security for Kubernetes generates) and 'user' (CAs for PKI auth providers). If unset or empty, assume both.
certAuthorities: (10)
# if not set, assume ["user", "service"]
- service