Multi-site active-passive Kubernetes architecture with geographically distributed data centers, each running a complete Kubernetes cluster with control plane, worker nodes, and stateful services. The active DC site (10.0.0.0/8) handles production traffic through WAF, load balancer, and reverse proxy, while the passive DR site (10.1.0.0/8) maintains synchronized replicas of Kubernetes clusters, PostgreSQL HA with PgBouncer, Redis clusters, Kafka, and MinIO object storage. Network segmentation uses four VLANs per site—Managed Zone for Kubernetes workloads (Accounting, API, Merchant, Admin, Auth, Notification), Utility Zone for logging, Security Management Zone for monitoring and auth services, and Secure Zone for Kafka and data persistence. This architecture ensures zero-data-loss failover with synchronized PostgreSQL primaries, distributed Redis caches, and event streaming via Kafka across both sites. Fork and customize this diagram on Diagrams.so to adapt VLAN ranges, add additional worker nodes, or modify firewall policies for your compliance requirements.