Self-managed Kubernetes cluster on AWS using Kubeadm in a single availability zone, with five Spring Boot microservices deployed across a private application subnet behind an ALB. Traffic flows from Route 53 through WAF and Internet Gateway to the load balancer, which distributes requests to containerized services that connect to dedicated RDS databases, shared application database, DynamoDB session store, and ElastiCache Redis. Observability is provided by a dedicated subnet running Prometheus, Grafana, and Loki for metrics, dashboards, and log aggregation, with integration to CloudWatch, X-Ray, and CloudTrail for comprehensive monitoring. This architecture demonstrates production-grade security with VPC endpoints for ECR and S3, Secrets Manager with KMS encryption, and network segmentation across public, application, data, and observability subnets. Fork this diagram on Diagrams.so to customize instance types, add multi-AZ failover, or adapt the observability stack to your monitoring requirements.