Nutanix NCP-CN Dumps

The documentation confirms that when a new license is activated to upgrade to a higher tier, users must log out and log back in for the license changes to take effect. This ensures that updated entitlements are loaded into the UI and CLI environment.

Exact extract from documentation:

“After applying a new license for a higher-tier product, log out and log back in to see and activate the newly available features.”

For deployments in air-gapped environments where there is no external Internet connectivity, the --airgapped parameter is required. This instructs the NKP deployment to rely solely on internal resources, using pre-staged images and local container registries, ensuring that no external network dependencies cause deployment failures.

A bastion host in a dark site environment serves as a secure entry point for managing the NKP deployment, providing access to the cluster infrastructure without direct Internet connectivity. The NKPA course outlines the prerequisites for preparing a Linux VM as a bastion host, focusing on secure access and time synchronization, which are critical for air-gapped Kubernetes deployments.

Get or create SSH Keys (Option B):The bastion host requires SSH keys to enable secure, passwordless access to the NKP cluster nodes and other infrastructure components (e.g., Nutanix AHV hosts). The NKPA course specifies that SSH keys must be generated or obtained and configured on the bastion host to facilitate secure communication during deployment and management tasks. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “For a bastion host in an NKP dark site deployment, ensure SSH keys are created or obtained to enable secure access to cluster nodes and infrastructure.” The engineer can generate SSH keys using ssh-keygen and distribute the public key to the target systems.

Enable NTP Service (Option D):Time synchronization is essential in Kubernetes clusters to ensure consistent logging, certificate management, and scheduling. In a dark site with no Internet access, the bastion host must be configured to synchronize time with an internal NTP (Network Time Protocol) server or act as an NTP server itself. The NKPA course emphasizes enabling the NTP service on the bastion host to maintain accurate time across the air-gapped environment. The NCP-CN 6.10 Study Guide notes: “Enable the NTP service on the bastion host to ensure time synchronization in a dark site NKP deployment, as Kubernetes requires accurate time for proper operation.” The engineer can enable NTP using commands like systemctl enable ntpd and configure it to use an internal time source.

Incorrect Options:

A. Install LDAP Server: LDAP is used for centralized authentication, but it is not a requirement for a bastion host in an NKP dark site deployment. The course focuses on SSH access instead.

C. Install Docker: While Docker is needed on Kubernetes nodes for container runtimes, the bastion host’s role is to provide secure access and management, not to run containers.

The Secure Tunnel feature in NKP relies on HTTPS (TCP port 443) to establish secure, encrypted connections between the attached cluster and the management cluster, enabling fleet management even in restricted network environments.

Exact extract:

“Secure Tunnel uses TCP/443 (HTTPS) for establishing a secure connection between the attached cluster and NKP.”

The NKPA course explains that to access a Kubernetes cluster managed by NKP, such as iot-1 in the workspace iot-plant-3, a kubeconfig file is required to authenticate and interact with the cluster’s API server. If the kubeconfig file is missing, the engineer can generate it using the NKP CLI. The correct command is nkp get kubeconfig -c iot-1 -w iot-plant-3 > iot-1.conf (Option B).

This command retrieves the kubeconfig for the specified cluster (-c iot-1) in the specified workspace (-w iot-plant-3) and redirects the output to a file named iot-1.conf. The engineer can then use this kubeconfig file with kubectl (e.g., kubectl --kubeconfig=iot-1.conf get pods) to review the deployment. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “To generate a kubeconfig file for an NKP-managed cluster, use nkp get kubeconfig -c -w , which retrieves the necessary credentials for cluster access.”

Incorrect Options:

A. kubectl get kubeconfig: kubectl does not have a get kubeconfig subcommand, and it cannot generate kubeconfig files for NKP clusters.

C. kubectl get secret iot-1 -n kommander: While secrets in the kommander namespace may store credentials, this command does not format them as a kubeconfig file.

D. nkp get configmaps: This is not a valid command for retrieving kubeconfig files; ConfigMaps do not store kubeconfig data in this context.

The exhibit shows the NKP UI with a list of clusters, including "arca," "demo," and "production," each with a three-dot menu on the right side. The NKPA course explains that to delete a cluster directly from the NKP UI, the engineer should use the Delete option available in the cluster’s three-dot menu. This action initiates the deletion process, removing the cluster from NKP management and freeing up any associated licenses (e.g., CPU core-based licenses, as per NKP licensing).

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “To delete a cluster in NKP via the UI, navigate to the cluster list, click the three-dot menu for the target cluster (e.g., demo), and select ‘Delete’ to remove the cluster and its resources.” The UI in the exhibit aligns with this process, showing the three-dot menu next to the "demo" cluster, which includes the Delete option. This is the most straightforward method to delete the demo cluster and reallocate resources to the arca cluster.

Incorrect Options:

A. Download kubeconfig and use kubectl delete cluster: kubectl delete cluster is not a valid command for deleting NKP clusters. NKP uses the nkp CLI or UI for cluster deletion.

C. Select Detach and ask the cluster owner to delete: Detach is for external clusters (e.g., EKS), not NKP-managed clusters like "demo," which is on Nutanix infrastructure. Detaching does not delete the cluster.

D. SSH to kommander cluster and execute kubectl delete cluster: Kommander is a management component, but kubectl delete cluster is not a valid command for NKP cluster deletion.

The NKPA course explains that NKP’s fleet management capabilities allow centralized policy federation and management of multiple Kubernetes clusters from a single pane of glass, while workspaces provide isolation for different teams or groups. To meet the requirement of federating policy while separating clusters by group, the IT team needs the NKP Ultimate license, which includes advanced fleet management features.

With NKP Ultimate, the IT team can:

Create three workspaces (one for each group: Fin VD, Fin Insurance, Fin Travel).

Assign the corresponding Kubernetes clusters to each workspace, ensuring isolation between groups.

Use NKP’s fleet management to apply policies (e.g., RBAC, monitoring, logging) across all clusters from a single pane of glass, such as the NKP UI or CLI.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “NKP Ultimate provides fleet management for centralized policy federation across multiple clusters, using workspaces to isolate clusters for different teams or groups.” This setup ensures that each group’s clusters are separated while maintaining centralized policy management, aligning with the IT team’s requirements.

Incorrect Options:

B. NKP Starter: The Starter license lacks fleet management and workspace isolation features, making it unsuitable for this scenario.

C. NKP Pro with projects: Projects are sub-divisions within workspaces for resource allocation, not for cluster isolation or fleet management. NKP Pro may not include full fleet management capabilities.

D. NKP Pro with workspaces: While NKP Pro supports workspaces, it may not provide the full fleet management needed for centralized policy federation across all clusters. NKP Ultimate is the better fit.

The NKPA course explains that NKP uses Grafana Loki as part of its logging stack to implement a multi-tenant logging system, allowing teams to access their logs securely within their respective namespaces. The exhibit indicates two namespaces, tenant-innovation and tenant-analytics, each with a ConfigMap for logging configuration. The requirement is to set a retention period of 30 days for tenant-innovation and 7 days for tenant-analytics.

The correct YAML output (Option A) configures Loki’s retention period using ConfigMaps in the appropriate namespaces:

For tenant-innovation, the ConfigMap logging-innovation-config in the tenant-innovation namespace sets retention_period: 30d.

For tenant-analytics, the ConfigMap logging-analytics-config in the tenant-analytics namespace sets retention_period: 7d.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “In NKP, configure multi-tenant logging with Grafana Loki by creating a ConfigMap per namespace, specifying retention periods under loki.structuredConfig.limits_config.retention_period (e.g., 30d for 30 days, 7d for 7 days).” The d suffix denotes days, aligning with the requirement for 30 days and 7 days retention periods.

Incorrect Options:

B: The second ConfigMap incorrectly uses the tenant-innovation namespace instead of tenant-analytics, breaking the multi-tenant isolation.

C: The retention periods are set to 30h and 7h (hours), not 30d and 7d (days), which does not meet the requirement.

D: Both ConfigMaps use a generic tenant namespace, which does not match the specific namespaces (tenant-innovation, tenant-analytics) shown in the exhibit.

The NKPA course explains that NKP’s monitoring stack includes Prometheus for metrics collection and storage, and Fluent Bit for log collection and forwarding. To retain system resource utilization data over several months, the company must focus on Prometheus, as it is responsible for storing time-series metrics data, such as CPU, memory, and network utilization, which are critical for long-term trend analysis.

To handle the increased workload from the online retail application, the Platform Engineer should adjust Prometheus by increasing its container resource limits and memory settings to ensure it can process and store more metrics, and increasing its storage to retain data for several months. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “For long-term metrics retention in NKP, scale the Prometheus deployment by increasing its resource limits (CPU and memory) and expanding its persistent storage to accommodate larger time-series data.” This involves editing the Prometheus deployment’s resource settings (e.g., via kubectl edit deployment) and updating the PersistentVolumeClaim (PVC) to allocate more storage.

Incorrect Options:

A. Adjust the number of replicas for Fluent Bit: Fluent Bit handles logs, not metrics. Increasing replicas does not address long-term metrics storage.

B. Adjust the number of replicas for Prometheus: Increasing replicas improves availability but does not directly address storage or resource needs for metrics retention.

C. Adjust the resource settings for Fluent Bit: Fluent Bit is for log collection, not metrics storage, and is not relevant for this use case.

For creating custom images for vSphere (and other supported platforms), Konvoy Image Builder (KIB) is the officially supported tool for NKP. It can create images with custom configurations, package versions, and pre-bundled artifacts.

Key Reference:

“Konvoy Image Builder (KIB) is the Nutanix-recommended tool for building NKP cluster node images for vSphere, AWS, Azure, and other environments.”

As per the “Nutanix Kubernetes Platform Administration (NKPA)” documentation, during the preparation of the environment for an air-gapped deployment, the first task involves installing critical software packages on the bastion host. The bastion host acts as a jump host in a secure network and requires tools such as yum-utils, bzip2, and wget to facilitate the retrieval and processing of required images and configuration files.

Specifically, in the NKPA 6.10 course under "Preparing the Air-gapped Environment", the documentation clearly states:

"The initial step for configuring the bastion host includes installing required pre-requisites like yum-utils, bzip2, and wget. This ensures that the host has the basic tools to download and manage required container images and other dependencies."

This step is explicitly called out as the first actionable item before proceeding to more advanced tasks like configuring public IP access or creating a bootstrap cluster. The need for these pre-requisite packages is foundational, as they are required to handle image downloading and manipulation in the subsequent steps of the air-gapped installation process.

According to the NKPA 6.10 documentation, licensing in an NKP cluster is constrained by the total number of vCPUs assigned to all nodes (workers and control planes). In this scenario, the cluster has a maximum of 150 vCPUs available.

The existing output shows 10 worker nodes, each with 8 vCPUs (10×8=80 vCPUs) and 3 control plane nodes, each with 4 vCPUs (3×4=12 vCPUs).

Current vCPU usage: 80 + 12 = 92 vCPUs.

Remaining vCPUs: 150 - 92 = 58 vCPUs.

Option A:

Adding 6 control plane nodes (6×4=24 vCPUs).

This would increase control planes to 9 total (3 existing + 6 new). Control plane nodes would consume 9×4=36 vCPUs.

Worker nodes remain at 80 vCPUs.

Total vCPU usage: 36 + 80 = 116 vCPUs (still under 150 vCPUs).

However, it’s unusual and unnecessary to have 9 control planes in a typical NKP setup. NKPA and NCP-CN best practices indicate typically no more than 3 or 5 control planes for HA. Therefore, this is technically possible but not recommended or standard practice. So not selected.

Option B:

Expanding the existing worker nodepool by 8 nodes (8×8=64 vCPUs).

This would add 64 vCPUs to the current 92 vCPUs:

92 + 64 = 156 vCPUs → exceeds licensing limit.

Correction: The question specifies “expand up to 8 nodes,” so it’s possible to expand by only 7 nodes (7×8=56 vCPUs).

92 + 56 = 148 vCPUs → within licensing limits.

Thus, expanding by up to 7 nodes is valid.

Option C:

Creating a new worker nodepool with 10 nodes (10×8=80 vCPUs).

This would add 80 vCPUs to the existing 92 vCPUs:

92 + 80 = 172 vCPUs → exceeds 150 vCPU licensing limit.

Not valid.

Option D:

Expanding the original worker nodepool by up to 4 nodes (4×8=32 vCPUs) = +32 vCPUs.

Adding a new nodepool of 6 nodes with 4 vCPUs/node (6×4=24 vCPUs) = +24 vCPUs.

Total increase: 32 + 24 = 56 vCPUs.

Total vCPU usage: 92 + 56 = 148 vCPUs → within the 150 vCPU limit.

Thus, valid.

Extract Reference:

NKPA 6.10 – “Cluster Sizing and Licensing”

Nutanix Kubernetes Platform Administration (NKPA) – Licensing Considerations

"The total number of vCPUs for all nodes (control planes and workers) must not exceed the licensed vCPU capacity of the NKP deployment."

This confirms that Options B and D are the two valid approaches to expand the cluster while remaining compliant with licensing constraints.

According to the NKPA 6.10 documentation, the critical system components for NKP nodes are:

kubelet

containerdThese components are deployed in the standard Linux path: /var/lib.

Exact extract from the documentation:

“The kubelet and containerd services require disk space in /var/lib on the host operating system. It’s essential to allocate sufficient storage in /var/lib to accommodate these core Kubernetes components.”

The NKPA course details NKP’s monitoring stack for collecting and analyzing metrics across attached and managed clusters, which is critical for troubleshooting issues like out-of-memory errors. The engineer needs to collect centralized metrics and set up alerting to identify performance issues. The correct approach is to use Prometheus for metrics collection and Thanos Query for alerting (Option C).

Utilize Prometheus to collect and present centralized metrics on NKP attached and managed clusters: Prometheus is NKP’s default metrics collection tool, deployed as a platform application. It scrapes metrics (e.g., CPU, memory usage) from nodes, pods, and services across all clusters in a workspace, centralizing them for analysis. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “Prometheus is used in NKP to collect and present centralized metrics from attached and managed clusters, enabling detailed performance analysis.” This is ideal for identifying differences in memory usage causing the out-of-memory errors.

Configure Thanos Query to monitor and send out alerts based on the metric thresholds that have been configured within it: Thanos Query, part of NKP’s monitoring stack, aggregates Prometheus metrics across clusters and provides a unified query interface. It also integrates with Alertmanager to send alerts based on configured thresholds (e.g., memory usage > 90%). The NKPA course notes: “Use Thanos Query to monitor metrics across NKP clusters and configure alerts with Alertmanager to notify engineers of performance issues like out-of-memory errors.” This setup helps the engineer proactively address the issue.

Incorrect Options:

A & B. Utilize Fluentd and Fluent Bit: Fluentd and Fluent Bit are logging tools in NKP, used for collecting logs, not metrics. Metrics collection requires Prometheus.

D. Utilize Thanos to collect and present centralized metrics: Thanos does not collect metrics directly; it extends Prometheus by providing long-term storage and query aggregation. Prometheus is the primary collection tool.

NKP Platform Applications (e.g., Rook Ceph, Prometheus, Fluent Bit) are pre-integrated tools that can be deployed to Kubernetes clusters within a workspace to provide services like storage, monitoring, and logging. The NKPA course specifies that to deploy a platform application to all clusters in a workspace from the command line, the engineer uses the nkp create appdeployment command. This command creates an application deployment resource that targets the specified workspace and clusters.

The required parameters include the application ID (to identify the platform application), the version (to specify the desired version of the application), and the NKP workspace (to define the scope of clusters). For example: nkp create appdeployment --app-id prometheus --version 2.30.0 --workspace fin-vd. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “Use the nkp create appdeployment command to deploy platform applications, specifying the application ID, version, and target workspace to apply the deployment across all clusters in that workspace.”

Incorrect Options:

B. nkp deploy platform-app: This is not a valid NKP command. The correct command is nkp create appdeployment.

C. nkp deploy app: This is not a recognized command in the NKPA documentation.

D. kubectl create appdeployment: kubectl interacts with Kubernetes resources, not NKP-specific platform applications.

The NKPA course specifies that the Nutanix Image Builder (NIB), used for creating custom machine images for NKP cluster nodes, supports specific Linux distributions that are compatible with Nutanix infrastructure and Kubernetes requirements. For NKP v2.12.x, the supported distributions for NIB are Ubuntu and Rocky Linux, as these are tested and optimized for NKP deployments, ensuring stability and compatibility with Cluster API (CAPI) and Nutanix AHV.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “NKP Image Builder (NIB) supports Ubuntu and Rocky Linux as base distributions for creating custom images for NKP cluster nodes, ensuring compatibility with Kubernetes and Nutanix infrastructure.” Ubuntu provides a widely-used, well-supported base with long-term support (LTS) versions, while Rocky Linux is a CentOS replacement that Nutanix has adopted for its reliability and enterprise focus, especially after CentOS 8’s end-of-life in 2021.

Incorrect Options:

B. Fedora: Fedora is not a supported distribution for NIB in NKP, as it is more suited for bleeding-edge development rather than production Kubernetes environments.

D. CentOS: CentOS 8 reached end-of-life in December 2021, and Nutanix has shifted to Rocky Linux as its replacement for NKP image building. The course does not list CentOS as a supported option for NIB in NKP v2.12.x.

The NKPA course details the process of deploying an NKP cluster, which begins with creating a bootstrap cluster to initialize the Cluster API (CAPI) components. The bootstrap cluster is a temporary Kubernetes cluster used to manage the provisioning of the target NKP cluster. If an error occurs and the KUBECONFIG file is missing, the engineer must recreate the bootstrap cluster and generate a new KUBECONFIG file.

The correct command, as specified in the NKPA course, is nkp create bootstrap --kubeconfig bootstrap-cluster.conf. The nkp CLI is the Nutanix-specific tool for managing NKP deployments, and the create bootstrap subcommand initializes the bootstrap cluster while generating the KUBECONFIG file with the specified name (bootstrap-cluster.conf). The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “The nkp create bootstrap command is used to create a temporary bootstrap cluster for CAPI-based NKP deployments, with the --kubeconfig flag specifying the output KUBECONFIG file.”

Incorrect Options:

A. nutanix create bootstrap --kubeconfig bootstrap-cluster.conf: There is no nutanix CLI command for NKP bootstrap creation. The correct tool is nkp.

B. kubectl create bootstrap --kubeconfig bootstrap-cluster.conf: kubectl is used for interacting with Kubernetes clusters, not for creating bootstrap clusters. The NKPA course does not support this command.

D. d2iq create bootstrap --kubeconfig bootstrap-cluster.conf: D2iQ is a separate Kubernetes platform, and its CLI is not used for NKP deployments.

The NKPA course outlines the default behaviors of NKP when deploying workload clusters within a workspace, regardless of the provisioning environment (e.g., AWS, Nutanix, Azure). When a workload cluster is deployed in AWS, NKP ensures consistency across the workspace by applying the following default behaviors:

The NKP workload cluster will receive all of the GitOps sources that have been assigned to the NKP workspace (Option A): NKP uses GitOps with Flux to manage cluster configurations and applications. The course explains that GitOps sources (e.g., Git repositories) assigned to a workspace are automatically applied to all clusters in that workspace, ensuring consistent configuration and application deployment. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “New workload clusters inherit all GitOps sources configured for the workspace, enabling Flux to synchronize configurations from the specified repositories.”

The NKP workload cluster will be deployed all of the applications that have been enabled on this NKP workspace (Option D): NKP Platform Applications (e.g., Prometheus, Rook Ceph) enabled in the workspace are automatically deployed to new workload clusters. The NKPA course notes: “When a workload cluster is created, NKP deploys all platform applications enabled in the workspace to ensure consistent functionality across clusters.”

Incorrect Options:

B. The NKP workload cluster will receive all of the NKP RBAC policy: RBAC policies are defined at the workspace or project level and applied to users or groups, not automatically to clusters. Clusters inherit RBAC through user access, not as a default deployment behavior.

C. The NKP workload cluster will also be assigned to all of the NKP projects: Clusters are assigned to specific projects manually, not automatically to all projects in a workspace.

NKPA 6.10 recommends leveraging workspaces to isolate different tenants (clients) in a multi-tenant environment. LDAP connectors can be scoped to individual workspaces, allowing separate authentication and RBAC configurations per client.

Key reference from documentation:

“In multi-tenant scenarios, create a dedicated workspace for each tenant and configure a unique LDAP connector within that workspace to integrate their identity source.”

The NKPA course recommends using a S3-compatible API for backup and restore operations in production NKP environments, as it integrates with Velero, NKP’s backup and restore tool. Velero supports S3-compatible storage (e.g., AWS S3, Nutanix Objects, or MinIO) as a backup storage location, allowing persistent data, including volumes and cluster resources, to be backed up and restored during disaster recovery scenarios. This approach ensures compatibility with cloud-native backup workflows and provides scalability and reliability for production use cases.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “For production backup and restore in NKP, use Velero with an S3-compatible API to store backups, ensuring persistent data availability during disaster recovery.” Nutanix Objects, which provides an S3-compatible API, is often used in Nutanix environments for this purpose, but any S3-compatible storage (e.g., an off-site S3 bucket) can be configured.

Incorrect Options:

A. Protection Domain: Protection Domains are a Nutanix AOS feature for VM-level replication, not for Kubernetes backup/restore.

B. Rook Ceph: Rook Ceph provides persistent storage for NKP clusters but is not a backup solution; it can be backed up using Velero with S3 storage.

C. External Storage Class: Storage Classes define how volumes are provisioned, not how they are backed up or restored.

The NKPA course addresses performance issues in NKP clusters, such as high CPU and memory consumption on worker nodes, by recommending scaling options to distribute workloads more effectively. The Kubernetes cluster in the scenario has 4 workers, each with 8 vCPUs and 32 GB RAM, and is running out of resources. The most effective solution is to add more workers to the cluster to increase overall capacity and balance the load, rather than modifying existing workers or reducing application replicas.

The correct action is to add one more worker using the command nkp scale nodepools ${NODEPOOL_NAME} --replicas=5 --cluster-name=${CLUSTER_NAME} -n ${CLUSTER_WORKSPACE} (Option D). This command scales the specified node pool to 5 replicas (from the current 4), adding one additional worker to the cluster. The new worker will have the same configuration (8 vCPUs, 32 GB RAM) as the existing workers, providing additional capacity to alleviate resource contention. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “To address performance issues due to resource exhaustion in an NKP cluster, scale out by adding workers using nkp scale nodepools --replicas --cluster-name -n .”

Incorrect Options:

A. Call tech support to investigate: While support can help, the issue is clearly resource exhaustion, which can be resolved by scaling the cluster—a task the Platform Engineer can perform directly.

B. Ask developers to lower application replicas: Reducing replicas may decrease resource usage but could impact application availability or performance, which is not ideal for a development cluster.

C. Add more CPU and memory to workers with nkp scale --cpu 16 --memory 64: The nkp scale command does not support --cpu and --memory flags for resizing existing workers. Resizing VMs typically requires updating the node pool configuration and replacing nodes, which is more complex than adding new workers.

The primary benefit of a private registry is to ensure security and privacy for container images, especially when dealing with sensitive data and compliance requirements (such as financial or government use cases). While secure connections to public registries like DockerHub or GitHub container registries are possible, using a private registry ensures full control over image access and auditing.

Key reference:

“Private registries ensure images remain within the security and compliance boundaries of the enterprise, avoiding potential risks associated with public SaaS registries.”

NKP uses Cluster API (CAPI) to provision and manage Kubernetes clusters across supported infrastructures, including Nutanix AHV, vSphere, AWS, and GCP. CAPI components, such as controllers and providers, are deployed to manage the lifecycle of clusters on these platforms. However, when NKP attaches to a managed Kubernetes service like Azure Kubernetes Service (AKS), CAPI components are not deployed because AKS is managed by Azure, and NKP only integrates with the cluster for fleet management, not provisioning.

The NKPA course explains: “For managed Kubernetes services like AKS, NKP attaches the cluster to its management plane without deploying CAPI components, as the underlying infrastructure is managed by the cloud provider.” The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide reinforces this: “CAPI is used for NKP-managed clusters on Nutanix, vSphere, AWS, and GCP, but not for attached managed services like AKS.”

Incorrect Options:

A. vSphere: NKP deploys CAPI components (e.g., CAPV provider) to manage vSphere-based clusters.

B. GCP: NKP deploys CAPI components (e.g., CAPG provider) for GCP-based clusters.

C. Nutanix: NKP deploys CAPI components (e.g., CAPA provider for AHV) for Nutanix AHV clusters.

As per the NKPA 6.10 documentation, the standard and supported approach for installing Kommander on an NKP cluster is using the NKP CLI. The CLI provides commands for deploying Kommander and associated platform components as part of the cluster lifecycle management workflow.

Key Reference:

“The recommended approach to deploy Kommander is by using the nkp CLI, which ensures compatibility and streamlined installation with the rest of the Nutanix Kubernetes Platform stack.”

Continuous Deployment (CD) is the practice of automatically deploying new software releases across environments after a successful build and testing phase. In the context of NKP, enabling CD ensures that software changes are consistently and reliably rolled out to all clusters associated with a project, ensuring operational uniformity and rapid feature adoption.

Comprehensive and Detailed Explanation From General Kubernetes Knowledge:

Since this question involves AWS EKS and Azure AKS specifics outside the NKP context, and web search is unavailable, I will rely on general Kubernetes knowledge as of my last update. Using a custom image for EKS and AKS worker nodes means replacing the default, optimized images provided by AWS and Azure, which are pre-configured with components tailored for their managed Kubernetes services.

The primary functionality lost by using a custom image in both EKS and AKS is built-in autoscaling and security capabilities (Option C):

Autoscaling: Both EKS and AKS rely on their default node images to integrate with their native autoscaling mechanisms, such as the EKS Cluster Autoscaler (which uses AWS Auto Scaling Groups) and AKS Cluster Autoscaler (which integrates with Azure Virtual Machine Scale Sets). Custom images may lack the necessary agents or configurations (e.g., AWS SSM Agent, Azure VM extensions) to communicate with these autoscaling services, requiring manual configuration.

Security Capabilities: Default images include pre-configured security features, such as AWS’s integration with IAM roles for service accounts (IRSA) and Azure’s integration with Azure Active Directory (AAD) for RBAC. Custom images may not include these integrations, potentially breaking security features like automatic credential rotation or managed identity support unless manually configured.

Incorrect Options:

A. Native monitoring tools, logging, and alerting: Monitoring and logging (e.g., AWS CloudWatch, Azure Monitor) are managed at the control plane level, not the node image level, so these features are generally unaffected by custom images.

B. Cluster networking and load balancing: Networking (e.g., AWS VPC CNI, Azure CNI) and load balancing (e.g., AWS ALB, Azure Load Balancer) are configured by the control plane and CNI plugins, not the node image.

D. Ability to use GPUs and persistent storage: GPU support and persistent storage (e.g., EBS, Azure Disk) depend on drivers and CSI plugins, which can be installed on custom images without losing functionality.

When mirroring the NKP bundle to a private registry, the recommended method is to use the nkp bundle push or similar commands with the --to-registry option, specifying the target registry along with the credentials (--to-registry-username and --to-registry-password).

Key reference from documentation:

“Use the --to-registry flag along with --to-registry-username and --to-registry-password to push the NKP bundle to a private registry.”

In an air-gapped NKP environment with no Internet access, a bastion host is a critical component for secure management. The NKPA course defines the primary purpose of a bastion host as providing a secure point for creating and operating NKP clusters. The bastion host acts as a jump server, allowing administrators to securely access the isolated environment, manage cluster deployments, and perform operations like cluster creation, scaling, and upgrades without exposing the environment to external threats.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “In a dark site NKP deployment, a bastion host serves as a secure entry point for administrators to create, manage, and operate NKP clusters, ensuring isolation from external networks.” The bastion host is configured with SSH keys and tools like the NKP CLI to facilitate secure interactions with the cluster infrastructure.

Incorrect Options:

A. To store and manage sensitive data: The bastion host is not a storage system; its role is access and management, not data storage.

C. To serve as a load balancer: A bastion host does not perform load balancing; that role is handled by Kubernetes components like MetalLB or cloud-native load balancers.

D. To act as a firewall: While a bastion host enhances security, it is not a firewall. Firewalls are separate components in the network architecture.

According to the NKPA 6.10 documentation and Nutanix licensing details, NKP Starter is bundled with the NCI Starter entitlement. This basic licensing tier includes essential capabilities for deploying and managing Kubernetes clusters within a Nutanix environment.

Key reference:

“NKP Starter is included with NCI Starter, providing foundational Kubernetes cluster lifecycle management features for small-scale or starter deployments.”

The NKPA 6.10 documentation confirms that Velero is the built-in backup and recovery solution provided as part of the NKP platform. It provides cluster-level and namespace-level backup, restore, and migration capabilities.

Exact extract from the documentation:

“Velero is the integrated, out-of-the-box backup and restore solution in NKP. It supports scheduled backups, disaster recovery, and application migration workflows.”

Comprehensive and Detailed Explanation:

The correct procedure for deleting an NKP cluster involves using the nkp delete cluster command with the appropriate cluster name and namespace. This ensures that not only the Kubernetes resources but also the corresponding NKP resources (e.g., nodepools, Kommander integration) are deleted cleanly and consistently. Simply deleting the VMs does not clean up the associated NKP management objects. This approach is detailed in the NKP documentation for cluster lifecycle management, emphasizing the need to use the provided CLI commands for full removal.

The output indicates that an AppDeployment resource named grafana-logging was created in the kommander-default-workspace namespace, which corresponds to an NKP workspace. The NKPA course explains that NKP Platform Applications, such as Grafana Logging, are deployed using the nkp create appdeployment command. This command creates an AppDeployment resource that deploys the specified application (e.g., Grafana Logging) across all clusters in a workspace.

The command in Option A, nkp create appdeployment grafana-logging --app grafana-logging-6.57.4 --workspace default-workspace, matches the output:

grafana-logging is the name of the AppDeployment.

--app grafana-logging-6.57.4 specifies the application and version.

--workspace default-workspace targets the workspace, which corresponds to the namespace kommander-default-workspace in the output (the kommander- prefix is a standard NKP namespace convention).

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “To deploy a platform application like Grafana Logging, use nkp create appdeployment --app - --workspace , which creates an AppDeployment resource in the workspace namespace.” This command aligns with the output provided.

Incorrect Options:

B. export WORKSPACE_NAMESPACE and nkp create package-bundle: There is no nkp create package-bundle command in NKP for deploying applications. The correct command is nkp create appdeployment.

C. kubectl get appdeployment: This retrieves the status of an AppDeployment, not creates it. The output indicates creation, not retrieval.

D. kubectl get helmreleases: This retrieves HelmRelease resources, not AppDeployments, and does not create the Grafana Logging deployment.