ArchitectureDiagram.ai logoArchitectureDiagram.ai
Back to blog

Kubernetes Architecture Diagram Examples (with AI Prompts, 2026)

Real Kubernetes architecture diagram examples - control plane, multi-tenant clusters, Istio service mesh, GitOps, and more. Copy the AI prompts and generate your own in seconds.

R
Ryan·Senior AI Engineer
·

Kubernetes architecture diagrams visualise the structure of a Kubernetes deployment - the control plane, worker nodes, networking, ingress, service mesh, persistent storage, and the workloads themselves. Done well, a Kubernetes diagram answers questions a kubectl-only walkthrough cannot: where do requests enter the cluster, how do pods find each other, where are secrets sourced, what crosses namespace or cluster boundaries. This post collects ten production-grade Kubernetes architecture diagram examples with copy-paste AI prompts so you can generate the same diagrams for your own clusters in seconds.

Drawing Kubernetes diagrams by hand is among the most tedious tasks in platform engineering. The shape vocabulary is large (pods, deployments, services, ingresses, configmaps, secrets, PVCs, CRDs), the layouts are dense, and the pace of change makes maintenance painful. AI generators turn each of these examples into a 30-second task instead of an afternoon's work in draw.io.

1. The Kubernetes control plane

Every Kubernetes architecture diagram set should start with the control plane: the API server, etcd, scheduler, controller manager, and the kubelet on each worker node.

Prompt: "Kubernetes control plane diagram. Components: kube-apiserver, etcd cluster (3 nodes), kube-scheduler, kube-controller-manager, cloud-controller-manager. Three worker nodes, each running kubelet, kube-proxy, and a container runtime (containerd). Show the API server as the central hub. Add a load balancer in front of the API server."

2. Single-cluster web app

The bread-and-butter Kubernetes deployment: a web app fronted by an ingress controller, served by a Deployment with a horizontal pod autoscaler.

Prompt: "Kubernetes web app architecture. NGINX Ingress Controller behind a cloud Load Balancer. Ingress routes to a ClusterIP Service. Service backs a Deployment of 3 web pods with HorizontalPodAutoscaler (CPU 70%). Pods read configuration from a ConfigMap and database credentials from a Secret. Pods talk to a managed Postgres outside the cluster via a private endpoint."

3. Multi-tenant cluster with namespaces

Prompt: "Multi-tenant Kubernetes cluster. Three namespaces: team-a, team-b, team-c. Each namespace has its own Deployments, Services, and ResourceQuotas. NetworkPolicies enforce default-deny between namespaces with explicit allow rules to shared services. A cluster-shared Ingress Controller in the ingress-nginx namespace routes by hostname to the appropriate team namespace. Cluster-shared cert-manager and external-secrets controllers in their own namespaces."

4. Istio service mesh

Prompt: "Kubernetes cluster with Istio service mesh. Istio control plane (istiod) in the istio-system namespace. Three microservices in the apps namespace: orders, payments, inventory. Each pod has an istio-proxy sidecar. Ingress Gateway in the istio-ingress namespace handles incoming traffic with mTLS. Egress Gateway controls outbound calls. Traffic between services uses mTLS. Show telemetry flowing to Prometheus and traces to Jaeger."

5. GitOps with Argo CD

Prompt: "Kubernetes GitOps with Argo CD. Developer pushes Kubernetes manifests to a Git repo. Argo CD running in the cluster watches the repo. When manifests change, Argo CD syncs the cluster state to match. Show three environments (dev, staging, prod) as separate clusters, each with its own Argo CD instance and its own Git folder. Image updates flow via a separate Image Updater watching the registry."

6. Stateful workload with persistent volumes

Prompt: "Stateful Kubernetes workload. PostgreSQL StatefulSet with three replicas. Each pod has its own PersistentVolumeClaim bound to a PersistentVolume backed by a cloud SSD. A Headless Service for direct pod addressing. A separate ClusterIP Service for read traffic load-balanced across replicas. Show the StorageClass with provisioner and reclaimPolicy. Backups via Velero to object storage."

7. CI/CD pipeline running in cluster

Prompt: "CI/CD pipeline running in Kubernetes. Tekton or Jenkins X controller in the build namespace creates Pods on demand for each pipeline run. Pods clone the repo, run unit tests, build a container image with kaniko or buildah, push to a private container registry, run integration tests, and apply Helm or kustomize manifests. Pipeline events publish to a notifications service that posts to Slack."

8. Observability stack

Prompt: "Kubernetes observability stack in the monitoring namespace. Prometheus scrapes metrics from kube-state-metrics, node-exporter, and pod metrics endpoints. Grafana reads from Prometheus and Loki. Loki ingests logs via Promtail DaemonSet. OTel Collector receives traces from instrumented apps and forwards to Tempo. Alertmanager fans out alerts to PagerDuty and Slack."

9. Multi-cluster federation

Prompt: "Multi-cluster Kubernetes deployment. Two clusters: cluster-east (us-east-1) and cluster-west (us-west-2). Global load balancer with health checks routing traffic by latency. Each cluster runs the same set of services. Service mesh (Istio multi-cluster) for cross-cluster mTLS. Shared Argo CD on the east cluster manages both. State replication via the application layer, not the cluster."

10. Serverless on Kubernetes (Knative)

Prompt: "Knative serverless on Kubernetes. Knative Serving in the knative-serving namespace. Knative Service object scales pods from zero to N based on incoming requests. Activator buffers requests during cold starts. Autoscaler watches request metrics. Knative Eventing in knative-eventing namespace with a Kafka Broker and Triggers routing CloudEvents to functions. Show how request-driven scaling reduces cost at low traffic."

Best practices for Kubernetes diagrams

  • Show namespaces as containers - namespaces are the most important grouping in Kubernetes; drawing them as visible boundaries clarifies the diagram immediately
  • Distinguish controller from workload - separate the platform components (ingress controller, cert-manager, Argo CD) from the application workloads
  • Annotate in-cluster vs external - mark which components run inside the cluster and which are external (managed databases, cloud load balancers, registries)
  • Show network policy boundaries - if NetworkPolicies are in use, draw the policy boundaries. They are usually invisible in production until something breaks
  • Keep one cluster per diagram - cross-cluster diagrams quickly become unreadable. Prefer one cluster per diagram with a separate "multi-cluster overview" diagram

Frequently asked questions

What level of detail should a Kubernetes architecture diagram have?

Match the audience. For an exec review, show the cluster, ingress, and major workloads. For an architecture review, add namespaces, StatefulSets vs Deployments, and persistent volumes. For an on-call walkthrough, add controllers, sidecars, and observability.

Should I diagram every CRD?

No. Show the controllers and CRDs that define behaviour visible to engineers (Argo CD applications, cert-manager Issuers, Istio VirtualServices). Skip ones that only exist as plumbing.

Can AI generate Helm chart or Kustomize-aware diagrams?

Yes - paste the relevant manifests or the rendered helm template output into the prompt. The model interprets the manifests and produces a matching diagram.

Try it

Read the related guides on Kubernetes architecture use cases, microservice architecture patterns, or open ArchitectureDiagram.ai and paste any of the prompts above to generate your own Kubernetes diagram in seconds.

Ready to try it yourself?

Start Creating - Free