NSX-T NCP Pod Security Policy (PSP) missing capability AUDIT

search cancel

NSX-T NCP Pod Security Policy (PSP) missing capability AUDIT_WRITE

book

Article ID: 322449

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

Running NCP 3.1.1.
The yaml file used to configure NCP is missing a capability entry under policy PSP (PodSecurityPolicy).
The ncp-psp PodSecurityPolicy does not have AUDIT_WRITE capability, like below:

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: ncp-psp
spec:
hostNetwork: true
hostIPC: false
hostPID: false
privileged: false
defaultAddCapabilities: null

Environment

VMware NSX-T Data Center

Cause

This capability was incorrectly omitted from the configuration file.

Resolution

This issue is resolved in NCP 3.1.2.

Workaround:
You can manually add the capability to the file like the following:
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: ncp-psp
spec:
hostNetwork: true
hostIPC: false
hostPID: false
privileged: false
defaultAddCapabilities: null
allowedCapabilities:
- AUDIT_WRITE

Feedback

thumb_up Yes

thumb_down No