The NKPA course covers user authentication for NKP clusters as part of Day 2 operations, emphasizing integration with external identity providers (IdPs) to manage user access securely. NKP usesDex, an OpenID Connect (OIDC) identity provider, to facilitate authentication by acting as a connector between the Kubernetes cluster and external IdPs, such as LDAP, SAML, or OAuth-based systems.

The course explains that to set up user authentication, a Platform Engineer must configure aDex connectorto the user base’s identity provider. Dex integrates with the Kubernetes API server to enable OIDC-based authentication, allowing users to log in using their IdP credentials. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “NKP supports user authentication through Dex, which provides OIDC integration with external identity providers, enabling single sign-on (SSO) for cluster access.” The process involves deploying Dex as a platform application, configuring the IdP connector (e.g., specifying client IDs, secrets, and endpoints), and updating the Kubernetes API server to use OIDC authentication.

Incorrect Options:

A. Enable Gatekeeper and create a connector to the user base’s identity provider: Gatekeeper is a Kubernetes policy engine used for enforcing admission control policies, not for authentication. The NKPA course does not associate Gatekeeper with user authentication.

B. Disable native NKP authentication, enable Traefik, and create a connector to the user base’s identity provider: Traefik is an ingress controller for managing external traffic, not authentication. Disabling native authentication is unnecessary, as NKP supports OIDC alongside native methods. The NKPA course does not mention Traefik in the context of authentication.

C. Create a MetalLB connector to the user base’s identity provider: MetalLB is a load balancer for bare-metal Kubernetes clusters, not an authentication component. This option is irrelevant, as per the NKPA course.