Glossary

Nutanix's enterprise Kubernetes platform (Konvoy + Kommander lineage from D2iQ). Deploys and manages CAPI based clusters with a curated platform application stack. Exam version 2.12.

The fleet management application on the management cluster: workspaces, projects, platform applications, attach/deploy clusters, licensing.

The permanent, self managed cluster running CAPI controllers and Kommander; creates and manages workload clusters.

A cluster NKP deploys into a workspace; Kommander owns its full lifecycle (upgrade, scale, delete).

An existing cluster (EKS, AKS, GKE, any conformant) brought under Kommander for apps/RBAC/observability; lifecycle stays with its own platform. Ultimate tier.

Fleet level anomaly and health intelligence; Ultimate tier with its own license install.

Starter: entry. Pro: production platform app stack. Ultimate: fleet management, external attach, Insights, multi tenancy. Applied in Kommander.

No internet path. Everything installs from bundles seeded into a private registry inside the gap.

Pushing the NKP bundle's images/charts into the private registry so bootstrap, management, and workload clusters can pull locally. Must precede an air-gapped install; registry must be reachable by bastion AND all nodes.

The Linux machine inside the restricted network that drives the install: NKP CLI, bundles, container runtime for the bootstrap cluster; lines of sight to Prism Central, registry, and node networks.

Temporary local kind cluster on the install host that runs CAPI controllers to create the management cluster, then pivots its state there and is deleted.

Moving CAPI state/controllers from the bootstrap cluster into the new management cluster, making it self managed (--self-managed).

CLI tools that bake node machine images (OS + containerd + kubelet + hardening) per provider, or prepare pre provisioned nodes. Air-gapped builds use internal mirrors via overrides.

Upstream project NKP builds on: clusters described as Kubernetes resources, reconciled into real infrastructure by provider controllers (CAPX for Nutanix).

The CAPI resource that IS a node pool: replica count of worker Machines from a machine template. Scaling a pool edits this.

CAPI resource owning control plane node count and Kubernetes version.

Machine: one node, paired with a provider machine resource. The template defines per VM shape (vCPU, RAM, disk, subnet, image) on Nutanix.

Cluster → KubeadmControlPlane / MachineDeployment → Machine → provider machine; describe the first unhealthy link. Provisioning stuck = provider side; NotReady nodes = CNI or image pulls.

Embedded OIDC broker federating external IdPs (LDAP, OIDC, SAML); groups map to roles; tokens serve automation.

Kommander roles govern the fleet plane (workspaces, projects, apps); cluster roles are Kubernetes RBAC inside clusters. Grants federate downward (workspace → project → cluster).

OPA based admission policy enforcement (e.g., deny privileged pods).

Logging Operator (Fluent Bit collection) + Loki (store) + Grafana (view). Enabled per workspace/cluster; multi tenant logging scopes visibility; persists to S3 style / Nutanix Unified Storage.

Backup/restore for cluster objects + PV data. Needs target object storage (credentials) and VolumeSnapshotClasses. Cron shaped schedules; restores from named backups; diagnose via backup logs.

Prometheus (metrics) + Alertmanager (alert routing) + Grafana (dashboards). Centralized metrics aggregate the fleet at the management cluster; Prometheus retention needs sized backend storage.

Scales node pools between min/max: up on unschedulable pods, down on idle nodes. Provider specific config. Distinct from HPA (pods).

Air gap: seed new bundle first. Then management cluster/Kommander, then workload clusters (CAPI rolls nodes onto new images/versions).

Top isolation box: holds clusters (deployed/attached), workspace apps, RBAC, and an infrastructure provider. Tenant/BU/environment boundary; per tenant login URLs for multi tenancy.

Team slice inside a workspace: shared namespaces on selected clusters with project RBAC, quotas/limit ranges, project apps, federation, and GitOps CD.

Stored credentials/endpoint Kommander uses to deploy managed clusters for that workspace (e.g., Prism Central).

Attachment path for clusters unreachable from the management cluster (NAT/firewall): an outbound tunnel from the attached side.

Detach releases an attached cluster (keeps running). Delete destroys a managed cluster and its provider resources (nkp delete cluster or GUI).

Kommander's curated app catalog (monitoring, logging, backup, ingress, policy). Have DEPENDENCIES; configured at global vs cluster scope (narrower wins); managed via UI or CLI.

Identical Kubernetes objects stamped and kept in sync across a project's member clusters.

Flux based GitOps: a Git repo whose manifests sync automatically to the project's clusters.