Nutanix NCP-CN Dumps

The NKP documentation recommends using a combination of RBAC assignments and exported manifests to manage access across multiple clusters. By exporting the role assignments to YAML, the engineer can consistently apply these settings across the different environments, ensuring the new team has the necessary resources and limits. This approach is especially useful for environments with multiple clusters and standardized configurations.

The Nutanix Kubernetes Platform (NKP) integratesVelero, an open-source tool, for backup and restore operations as part of its Day 2 operations. The NKPA course explains that after configuring a Backup Storage Location (e.g., an AWS S3 bucket) and creating a backup, administrators can view details of the backup using the Velero CLI. The correct command to view the details of a backup named testbackup isvelero backup describe testbackup. This command provides a detailed description of the backup, including its status, resources included, and storage location.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “To inspect a Velero backup in NKP, use the velero backup describe command to display detailed information about the backup, such as its creation time, expiration, and included resources.” The backup name (testbackup) is specified as created by the team, and no prefix like aws-velero- is indicated in the question, making option C the correct choice.

Incorrect Options:

A. kubectl get backupstoragelocations -n ${testbackup} -o yaml: This command retrieves Backup Storage Location objects, not backup details. The namespace ${testbackup} is also incorrect, as Velero resources are typically in a specific namespace (e.g., velero).

B. velero backup describe aws-velero-testbackup: The backup name is testbackup, not aws-velero-testbackup. The NKPA course does not indicate any prefix for the backup name.

D. kubectl get backupstoragelocations -n ${WORKSPACE_NAMESPACE} -o yaml: This retrieves Backup Storage Locations, not the backup itself, and does not provide backup details.

The NKPA 6.10 documentation confirms that the proper method to customize application deployment (including disabling Velero) is by generating a configuration file using thenkp install kommander --initcommand. The file can then be modified to set custom specs and disable Velero, and finally deployed using the nkp install kommander command.

Exact extract:

“Generate a custom configuration file using --init, modify it for your specific environment (including disabling Velero), and deploy with the same nkp install kommander command.”

Comprehensive and Detailed Explanation:

The correct procedure for deleting an NKP cluster involves using the nkp delete cluster command with the appropriate cluster name and namespace. This ensures that not only the Kubernetes resources but also the corresponding NKP resources (e.g., nodepools, Kommander integration) are deleted cleanly and consistently. Simply deleting the VMs does not clean up the associated NKP management objects. This approach is detailed in the NKP documentation for cluster lifecycle management, emphasizing the need to use the provided CLI commands for full removal.

The NKPA course explains that NKP provides a role-based access control (RBAC) system to manage permissions within its platform, in addition to Kubernetes-native RBAC. For a development team needing limited permissions to perform specific tasks (deploying applications, scaling deployments, viewing logs and metrics) within a specific namespace, the appropriate access type in the NKP GUI is anNKP Role.

NKP Roles are predefined or custom roles within the NKP platform that map to Kubernetes RBAC permissions but are managed through the NKP UI for ease of use. They allow granular control over actions within a workspace or namespace, ensuring the team can perform their tasks (e.g., deploy, scale, get logs) without having access to other environments or cluster-wide resources. For example, an NKP Role like “Developer” or a custom role can be configured to grant edit permissions in the team’s namespace while restricting access elsewhere. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “In the NKP GUI, configure an NKP Role to grant limited permissions to a development team, allowing actions like deploying applications and viewing logs within their namespace while preventing unauthorized changes in other environments.”

Incorrect Options:

B. Cluster Role: A Kubernetes Cluster Role grants permissions across all namespaces, which is too broad for the team’s limited access requirement.

C. Cluster Admin: This grants full administrative access to the entire cluster, far exceeding the team’s needs and violating the principle of least privilege.

D. Kommander Role: Kommander is a management component in NKP, but “Kommander Role” is not a specific access type in the NKP GUI for this purpose.

The NKPA course details the process of creating an NKP cluster on vSphere using the NKP CLI, including the configuration of multiple node pools with specific worker node counts and CPU settings. The correct approach involves creating the cluster with the initial node pool and then adding additional node pools separately.

The steps inOption Aalign with this process:

nkp create cluster vsphere --worker-replicas 6 --worker-cpus 10: This command creates the NKP cluster on vSphere with the first node pool, consisting of 6 worker nodes, each with 10 CPUs.

nkp create nodepool vsphere --worker-replicas 3 --worker-cpus 8: This adds the second node pool to the cluster with 3 worker nodes, each with 8 CPUs.

nkp create nodepool vsphere --worker-replicas 3 --worker-cpus 6: This adds the third node pool with 3 worker nodes, each with 6 CPUs.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “To create an NKP cluster with multiple node pools on vSphere, use nkp create cluster vsphere to define the first node pool, then add additional node pools with nkp create nodepool vsphere, specifying --worker-replicas and --worker-cpus for each pool.” This method ensures precise control over each node pool’s configuration.

Incorrect Options:

B: The second nkp create nodepool command uses --replicas and --cpus, which are not the correct flags. The NKPA course specifies --worker-replicas and --worker-cpus.

C: The --node-pools, --worker-replicas 6,3,3, and --worker-cpus 10,8,6 flags are not supported in a single nkp create cluster command. Node pools must be created separately.

D: There is no nkp create nodepools command; the correct command is nkp create nodepool. Additionally, --replicas and --cpus are incorrect flags.

The error states:

lua

Copy

Could not find or access '/home/.../nkp-image-builder-.../playbooks/.../artifacts/1.29.6_ubuntu_22.04_x86_64.tar.gz'

This indicates that theOS package bundle(artifacts/1.29.6_ubuntu_22.04_x86_64.tar.gz) has not been created or is missing. Creating the OS package bundle is a prerequisite step in the NIB workflow.

Key Reference:

Nutanix Kubernetes Platform Administration (NKPA) 6.10 – “Creating OS Package Bundles for NIB”

NCP-CN 6.10 Study Guide – “NIB Preparation Prerequisites”

=======

The NKPA course explains that to access a Kubernetes cluster managed by NKP, such as iot-1 in the workspace iot-plant-3, a kubeconfig file is required to authenticate and interact with the cluster’s API server. If the kubeconfig file is missing, the engineer can generate it using the NKP CLI. The correct command isnkp get kubeconfig -c iot-1 -w iot-plant-3 > iot-1.conf(Option B).

This command retrieves the kubeconfig for the specified cluster (-c iot-1) in the specified workspace (-w iot-plant-3) and redirects the output to a file named iot-1.conf. The engineer can then use this kubeconfig file with kubectl (e.g., kubectl --kubeconfig=iot-1.conf get pods) to review the deployment. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “To generate a kubeconfig file for an NKP-managed cluster, use nkp get kubeconfig -c -w , which retrieves the necessary credentials for cluster access.”

Incorrect Options:

A. kubectl get kubeconfig: kubectl does not have a get kubeconfig subcommand, and it cannot generate kubeconfig files for NKP clusters.

C. kubectl get secret iot-1 -n kommander: While secrets in the kommander namespace may store credentials, this command does not format them as a kubeconfig file.

D. nkp get configmaps: This is not a valid command for retrieving kubeconfig files; ConfigMaps do not store kubeconfig data in this context.

TheSecure Tunnelfeature in NKP relies on HTTPS (TCP port 443) to establish secure, encrypted connections between the attached cluster and the management cluster, enabling fleet management even in restricted network environments.

Exact extract:

“Secure Tunnel uses TCP/443 (HTTPS) for establishing a secure connection between the attached cluster and NKP.”

According to theNKPA 6.10 documentation, thePre-provisioned infrastructure provider (CAPPP)requires the user to provide aninventory fileof the servers that will become the cluster nodes. This inventory file contains connection information (IP addresses, credentials, etc.) for each pre-provisioned node, enabling the Cluster API to connect and configure these servers directly during cluster creation.

The Nutanix Kubernetes Platform (NKP) leverages Cluster API (CAPI) to manage the lifecycle of Kubernetes clusters. When preparing machine images for NKP deployment, the Nutanix Image Builder (NIB) or Kubernetes Image Builder (KIB) process is used to create custom machine images that are compatible with NKP’s infrastructure requirements. According to the NKPA course, the primary purpose of this process is to createCAPI-compliant imagesthat can be used as the base for NKP cluster nodes.

The NKPA course explains that NKP uses CAPI to provision and manage Kubernetes clusters, and CAPI requires machine images that meet specific criteria, such as including the necessary Kubernetes components, container runtimes, and operating system configurations. The NIB/KIB process ensures that the images are pre-configured with these components, making them suitable for use as NKP worker and control plane nodes. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “The Nutanix Image Builder (NIB) or Kubernetes Image Builder (KIB) is used to create CAPI-compliant machine images that include the required OS, Kubernetes binaries, and dependencies for NKP cluster nodes.”

These images are typically based on supported operating systems like Rocky Linux or Ubuntu, as provided by Nutanix, and are customized to include the container runtime (e.g., containerd), kubeadm, and other dependencies required for CAPI-based cluster provisioning. The resulting images are stored in a location accessible to the NKP deployment process, such as a local registry or Nutanix Prism Central.

Incorrect Options:

A. Hardening an OS image with client-supplied hardening scripts: While hardening the OS is a good practice, it is not the primary purpose of the NIB/KIB process. The NKPA course notes that hardening can be applied as part of image customization, but the core goal is to ensure CAPI compliance, not just hardening.

B. Creating a custom user account for NKP admins to ensure access to NKP nodes: The NIB/KIB process does not focus on creating user accounts. User access is managed through Kubernetes RBAC or external identity providers, as covered in the NKPA course’s authentication section.

C. Tagging the image to be used specifically for NKP: Tagging may occur as part of image management, but it is not the primary purpose. The NKPA course emphasizes CAPI compliance over tagging.

To create a FIPS-compliant NKP deployment in an air-gapped environment, the following must be done:

Verify the OS (RHEL) itself is in FIPS mode.

When building the image,include both the offline fips and fips overridesto ensure the image and components are built in compliance.

When deploying the cluster, includeFIPS-specific referencesfor both Kubernetes and etcd components.

Exact extract:

“For FIPS deployments, ensure the OS is in FIPS mode, and include both offline fips and fips overrides during image creation to ensure compliant images and deployment.”

As per theNKPA 6.10 documentationand cluster autoscaler behavior, when nodes are scaled down in NKP (or any CAPI-managed environment), the node isdeletedfrom the infrastructure provider (vSphere, AWS, Nutanix, etc.). This effectively removes it from both the cluster and the underlying hypervisor or cloud provider, thus freeing up resources and reducing costs.

The NKPA course specifies that the Nutanix Image Builder (NIB), used for creating custom machine images for NKP cluster nodes, supports specific Linux distributions that are compatible with Nutanix infrastructure and Kubernetes requirements. For NKP v2.12.x, the supported distributions for NIB areUbuntuandRocky Linux, as these are tested and optimized for NKP deployments, ensuring stability and compatibility with Cluster API (CAPI) and Nutanix AHV.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “NKP Image Builder (NIB) supports Ubuntu and Rocky Linux as base distributions for creating custom images for NKP cluster nodes, ensuring compatibility with Kubernetes and Nutanix infrastructure.” Ubuntu provides a widely-used, well-supported base with long-term support (LTS) versions, while Rocky Linux is a CentOS replacement that Nutanix has adopted for its reliability and enterprise focus, especially after CentOS 8’s end-of-life in 2021.

Incorrect Options:

B. Fedora: Fedora is not a supported distribution for NIB in NKP, as it is more suited for bleeding-edge development rather than production Kubernetes environments.

D. CentOS: CentOS 8 reached end-of-life in December 2021, and Nutanix has shifted to Rocky Linux as its replacement for NKP image building. The course does not list CentOS as a supported option for NIB in NKP v2.12.x.

The NKPA course highlights thatNKP Insightsis the platform’s integrated solution for observability and analytics, providing predictive analytics to detect current and future anomalies in Kubernetes clusters. NKP Insights leverages machine learning to analyze metrics, logs, and events, identifying performance issues and potential failures proactively. After deploying a new cluster, the administrator can enable NKP Insights as a platform application in the workspace to meet the predictive analytics requirement.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “NKP Insights provides predictive analytics and anomaly detection for Kubernetes clusters, enabling administrators to monitor and optimize cluster performance.” This is deployed via the NKP UI or CLI by enabling the Insights application in the workspace.

Incorrect Options:

B. NCM Intelligent Ops: Nutanix Cloud Manager (NCM) Intelligent Ops is for broader infrastructure management, not Kubernetes-specific analytics.

C. Nutanix Pulse: Pulse is a telemetry service for Nutanix support, not for analytics.

D. NKP AI Navigator: This is not a recognized NKP component in the NKPA documentation.

TheNKPA 6.10 documentationclarifies that the supported and recommended method to delete an entirenode pool(including its worker nodes) in an NKP cluster is by using the nkp delete nodepool command. This command removes the specified node pool and all associated resources from the cluster in a controlled and supported manner.

Key reference from the documentation:

“Use nkp delete nodepool --cluster-name= to safely remove the node pool and its associated resources.”

Manual VM deletion via ACLI or NCLI is not recommended because it bypasses the Kubernetes and NKP resource lifecycle, potentially leaving orphaned resources or inconsistent cluster states.

The error message:

python

Copy

failed to list clusters: command "docker ps -a --filter label=io.x-k8s.kind.cluster --format '{{.Label "io.x-k8s.kind.cluster"}}'" failed with error: exit status 1

indicates that the command failed while attempting to listdockercontainers with the given filter. The kind tool (used for creating a bootstrap cluster) depends on Docker as the container runtime.

Root cause:

If Docker is not running or a compatible container runtime is not available (such as containerd), the kind tool cannot list or interact with the required containers, resulting in this error.

Key Reference:

“When creating bootstrap clusters, the kind tool requires Docker to be installed and running. If Docker is not running, errors will be encountered listing or interacting with containers.”

According to theNKPA 6.10 documentation, the critical system components for NKP nodes are:

kubelet

containerdThese components are deployed in the standard Linux path:/var/lib.

Exact extract from the documentation:

“The kubelet and containerd services require disk space in /var/lib on the host operating system. It’s essential to allocate sufficient storage in /var/lib to accommodate these core Kubernetes components.”

The Kubernetes Image Builder (KIB) is used to create CAPI-compliant machine images for NKP cluster nodes, often leveraging tools likePackerto build AMIs for AWS. When the KIB process fails, troubleshooting requires detailed logs to identify the root cause. The NKPA course recommends increasing the verbosity of the KIB command to capture detailed output, including AWS CLI commands and their responses.

The correct troubleshooting step is torerun the KIB command with the verbosity level set to debug. This is typically done using the --verbose or -v flag (e.g., -v debug) to enable debug-level logging, which includes all AWS CLI commands, their outputs, and errors, written to a log file for review. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “To troubleshoot KIB failures, rerun the command with debug verbosity (-v debug) to log all operations, including AWS CLI interactions, to an exported log file for detailed analysis.” This approach helps pinpoint issues like permission errors, misconfigurations, or failures in image bundle uploads.

Incorrect Options:

A. Rerun with pause parameter: KIB does not support a pause parameter for step-by-step review, as per the NKPA course.

C. Instruct Packer not to delete the cloned AMI: While preserving the AMI can help, the course prioritizes debug logging for initial troubleshooting. Packer’s --on-error=abort flag exists, but it’s less direct than debug logs.

D. Instruct Ansible not to delete the cloned AMI: KIB primarily uses Packer, not Ansible, for AMI creation, making this option incorrect.

As per theNKPA 6.10 documentationunder “NKP Insights Prerequisites”, one of the essential requirements for deploying NKP Insights is thatcert-manageris installed and properly configured in the target workload cluster. Cert-manager provides the necessary certificates for secure communication and observability between the cluster components and the NKP Insights platform.

The documentation specifies:

“NKP Insights requires cert-manager to be installed on the target workload cluster. If cert-manager is not enabled, the cluster will be shown as unavailable (grayed out) for NKP Insights deployment.”

Without cert-manager, the Insights operator cannot validate or securely deploy its components, resulting in the cluster being unavailable for selection during the Insights enablement process.

For deployments in air-gapped environments where there is no external Internet connectivity, the --airgapped parameter is required. This instructs the NKP deployment to rely solely on internal resources, using pre-staged images and local container registries, ensuring that no external network dependencies cause deployment failures.

As per theNKPA 6.10 documentationunder “Application Backup and Recovery with Velero,” Velero is the out-of-the-box backup and restore solution integrated with NKP. To schedule application backups at a specific frequency (in this case, every six hours, equivalent to four times daily), the recommended approach is to use theVelero CLIto create a backup schedule.

The procedure involves:

Using the Velero CLI to create ascheduled backuptargeting the specificKubernetes namespace(victory-finance) rather than the entire workspace.

Specifying the frequency as --schedule="0 */6 * * *" (every six hours).

Providing the cluster’s kubeconfig for authentication.

Exact extract from the documentation:

“Velero’s CLI can be used to create backup schedules for application-specific workloads. Use the namespace parameter to target the namespace where the applications are deployed, and set the cron-like schedule to the desired frequency.”

The NKPA course explains that NKP uses Grafana Loki as part of its logging stack to implement a multi-tenant logging system, allowing teams to access their logs securely within their respective namespaces. The exhibit indicates two namespaces, tenant-innovation and tenant-analytics, each with a ConfigMap for logging configuration. The requirement is to set a retention period of 30 days for tenant-innovation and 7 days for tenant-analytics.

The correct YAML output (Option A) configures Loki’s retention period using ConfigMaps in the appropriate namespaces:

For tenant-innovation, the ConfigMap logging-innovation-config in the tenant-innovation namespace sets retention_period: 30d.

For tenant-analytics, the ConfigMap logging-analytics-config in the tenant-analytics namespace sets retention_period: 7d.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “In NKP, configure multi-tenant logging with Grafana Loki by creating a ConfigMap per namespace, specifying retention periods under loki.structuredConfig.limits_config.retention_period (e.g., 30d for 30 days, 7d for 7 days).” The d suffix denotes days, aligning with the requirement for 30 days and 7 days retention periods.

Incorrect Options:

B: The second ConfigMap incorrectly uses the tenant-innovation namespace instead of tenant-analytics, breaking the multi-tenant isolation.

C: The retention periods are set to 30h and 7h (hours), not 30d and 7d (days), which does not meet the requirement.

D: Both ConfigMaps use a generic tenant namespace, which does not match the specific namespaces (tenant-innovation, tenant-analytics) shown in the exhibit.

As stated in theNKPA 6.10 documentation, when using external storage (such as AWS S3) withLokifor log storage, AWS credentials must be provided securely. This typically involves creating a KubernetesSecretcontaining the static AWS credentials (access key ID and secret access key), which are referenced in the override ConfigMap to authenticate Loki’s S3 storage backend.

Key reference from documentation:

“For Loki to store logs in an S3 bucket, AWS credentials must be created as a Kubernetes secret and referenced in the storage configuration.”

As outlined in theNKPA 6.10 documentationunder "Customizing Resource Requests and Limits for Logging," to override the default resource values for the logging operator, a ConfigMap named logging-operator-logging-overrides in the kommander namespace is used. The values.yaml in the ConfigMap should precisely define fluentd resource limits and requests in a valid YAML format.

The correct YAML format is:

yaml

Copy

apiVersion: v1

kind: ConfigMap

metadata:

name: logging-operator-logging-overrides

namespace: kommander

data:

values.yaml: |

fluentd:

resources:

limits:

cpu: 4

memory: 4Gi

requests:

cpu: 4

memory: 4Gi

This ensures that the desired CPU and memory resources are correctly applied for the fluentd daemon, avoiding parsing errors and meeting the high-demand logging needs.

The NKPA course specifies that air-gapped deployments and centralized fleet management of multiple clusters are advanced features of NKP, requiring theNKP Ultimatelicense tier. The Ultimate tier includes support for air-gapped environments (via Air-Gapped Bundles) and fleet management capabilities, such as attaching and managing multiple clusters under a single management plane, which is critical for the national defense company’s scenario.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “The NKP Ultimate license tier is required for air-gapped deployments and centralized management of multiple Kubernetes clusters, providing the necessary tools for secure, isolated environments.” This ensures the company can deploy and manage their three clusters in an air-gapped setup while maintaining strict data security.

Incorrect Options:

A. NKP Starter: The Starter tier lacks air-gapped and fleet management features.

C. NKP Pro: The Pro tier may support some advanced features but not air-gapped deployments or full fleet management.

D. NKP UI: This is not a license tier; it’s a UI component of NKP.

In an air-gapped NKP deployment, the Konvoy bootstrap image (used to create the bootstrap cluster) must be available locally on the bastion host or in a private registry. The NKPA course specifies that after extracting the NKP Air-Gapped Bundle, the bootstrap image (e.g., konvoy-bootstrap-image-.tar) is a tarball that needs to be loaded into the Docker daemon on the bastion host before creating the bootstrap cluster.

The most viable command isdocker load -i konvoy-bootstrap-image-<version>.tar(Option A). This command loads the tarball into the local Docker daemon on the bastion host, making the image available for the nkp create bootstrap command to use. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “In an air-gapped environment, load the Konvoy bootstrap image on the bastion host using docker load -i to make it available for creating the bootstrap cluster.” After loading, the engineer can optionally tag and push the image to the private registry if needed, but the question focuses on loading the image on the host, which this command accomplishes.

Incorrect Options:

B. docker image tag: This command is syntactically incorrect (version appears twice, and .tar is not part of a tag). Tagging is a subsequent step after loading, not the primary action to load the image.

C. nkp push bundle: This is not a valid command for loading an image; it’s closer to a bundle management action, but the syntax is incorrect.

D. nkp load image: There is no nkp load image command in NKP; loading images is done via docker load.

When an attached cluster (e.g., an external cluster like EKS) is stuck in a 'deleting' state in the NKP UI, it indicates an issue with the reconciliation process in the NKP management cluster. The NKPA course explains that attached clusters are represented in NKP as KommanderCluster custom resources in the management cluster. To resolve a stuck deletion, the engineer must manually delete the KommanderCluster resource using kubectl in the context of the NKP management cluster.

The correct command iskubectl delete kommandercluster, executed in the context of the NKP management cluster (not the attached cluster). For example: kubectl delete kommandercluster -n . The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “If an attached cluster is stuck in a ‘deleting’ state, delete the corresponding KommanderCluster resource in the NKP management cluster using kubectl delete kommandercluster to remove it from management.” This ensures the cluster is fully detached and removed from the UI.

Incorrect Options:

A. kubectl delete cluster: There is no cluster resource type in this context; the correct resource is kommandercluster.

B. nkp delete kommandercluster: The nkp CLI does not have a delete kommandercluster subcommand.

D. nkp delete cluster in the attached cluster: This command is for deleting NKP-managed clusters, not detaching external clusters, and it should be run from the management cluster context.

The Nutanix Kubernetes Platform (NKP) uses the Kubernetes Image Builder (KIB) or Nutanix Image Builder (NIB) to create custom machine images for NKP management and worker nodes. These images are tailored to include specific versions of Kubernetes, container runtimes (e.g., containerd), and other dependencies. The NKPA course specifies that KIB relies on Ansible playbooks to configure the image, and the versions of packages like Kubernetes and containerd are defined in Ansible configuration files.

The correct location to verify the package versions isansible/group_vars/all/defaults.yaml. This file contains the default variables used by Ansible during the image-building process, including the versions of Kubernetes and containerd. For example, it may include entries like kubernetes_version: 1.30.5 and containerd_version: 1.7.22. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “To ensure the correct versions of Kubernetes and containerd are used in KIB, check the ansible/group_vars/all/defaults.yaml file, which specifies the package versions for the image build.” The engineer can review and modify this file to confirm that the security team’s authorized versions (Kubernetes 1.30.5 and containerd 1.7.22) are being used.

Incorrect Options:

A. config/pulumi/vars/pulumi.kib.config: Pulumi is an infrastructure-as-code tool, but it is not used by KIB for specifying package versions. The NKPA course does not reference this file.

B. terraform/vars/default/terraform.tfvars: Terraform is used for infrastructure provisioning, not for defining software versions in KIB images.

D. The custom image's .env file: KIB does not use a .env file for version configuration; Ansible variables are used instead.

Comprehensive and Detailed Explanation:

The NKP Pro licensing tier includes Fleet Management, which enables centralized lifecycle management of multiple Kubernetes clusters. This feature is critical for managing larger environments, providing visibility and control over fleet-wide configurations and updates. Other features, like AI OPS and advanced observability, are typically associated with higher tiers (e.g., Ultimate).

The exhibit shows the NKP UI with the "Create Cluster" option grayed out in a new workspace, indicating that a prerequisite for cluster creation is missing. The NKPA course explains that to create a new Kubernetes cluster in a workspace, anInfrastructure Providermust be configured for that workspace. An Infrastructure Provider defines the underlying infrastructure (e.g., Nutanix AHV, AWS, vSphere) where the cluster will be provisioned, and without it, the Create Cluster option remains disabled in the UI.

The NKP Ultimate license supports creating clusters across various infrastructures, but the workspace must be associated with an Infrastructure Provider to enable cluster creation. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “Before creating a cluster in a new workspace, ensure an Infrastructure Provider is configured for the workspace in the NKP UI; otherwise, the Create Cluster option will be grayed out.” The engineer should navigate to the Infrastructure Providers section in the NKP UI (typically under the Global or Administration view), create a provider (e.g., for Nutanix AHV, AWS, or vSphere), and associate it with the workspace. Once this is done, the Create Cluster option will become available.

Incorrect Options:

A. Create the cluster only using YAML and not the GUI: The issue is not with the GUI itself but with the missing Infrastructure Provider, which affects both GUI and CLI cluster creation. YAML alone does not resolve this.

B. Attach existing clusters instead of creating a new cluster: Attaching existing clusters is an alternative but does not address the requirement to create a new cluster.

D. Ensure NKP is upgraded to a minimum version of 2.12: The NKP Ultimate license implies a recent version, and the course does not indicate that version 2.12 is specifically required for this functionality. The issue is configuration-related, not version-related.

The exhibit indicates an error during the creation of a bootstrap cluster using the nkp create bootstrap command in an air-gapped environment. The NKPA course explains that a bootstrap cluster is a temporary Kubernetes cluster used to initialize Cluster API (CAPI) components for provisioning the target NKP cluster. In an air-gapped environment, all required resources, including container images, must be available locally since there is no Internet access to pull them from public registries.

The most likely reason for the error is thatthe bootstrap cluster image needs to be loaded prior to creating the bootstrap cluster(Option B). The course specifies that in air-gapped deployments, the bootstrap cluster image (typically a kind or k3s image used by CAPI) must be pre-loaded into a local container registry or the bastion host before running nkp create bootstrap. This image is part of the Air-Gapped Bundle provided by Nutanix, which includes all necessary container images for NKP deployment. Without pre-loading this image, the nkp create bootstrap command fails because it cannot pull the required image.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “In an air-gapped NKP deployment, ensure the bootstrap cluster image (e.g., kindest/node) is loaded into a local registry or host before executing nkp create bootstrap, as the command requires this image to create the temporary cluster.” The engineer must extract the bootstrap image from the Air-Gapped Bundle, load it using docker load or similar, and configure the local registry to make it accessible during the bootstrap process.

Incorrect Options:

A. The CAPI provisioning method needs to be specified as nkp create bootstrap nutanix: The nkp create bootstrap command does not require a provisioning method like nutanix at this stage; the provider (e.g., CAPX for Nutanix) is specified during the actual cluster creation (nkp create cluster), not bootstrap creation.

C. The Ubuntu 22.04 OS image needs to be NIB-prepped prior to creating the bootstrap: The Ubuntu 22.04 image is for the target NKP cluster nodes, not the bootstrap cluster, which uses a pre-built image (e.g., kind). NIB-prepping this image is a later step.

D. The nkp create bootstrap command needs to be executed as root: While some commands may require elevated privileges, the NKPA course does not specify that nkp create bootstrap must be run as root. The error is more likely related to missing images in an air-gapped setup.