Kubernetes clusters in dynamic cloud environments are highly susceptible to failures, network partitions, and asynchrony, leading to state inconsistencies and service outages—necessitating efficient and precise root cause analysis (RCA). Existing RCA approaches struggle with the diversity, evolution, contextual complexity, and polymorphism of system events. To address these challenges, we propose an automated RCA framework integrating graph-structured modeling with large language models (LLMs). Our method introduces a novel dual-graph architecture—StateGraph and MetaGraph—that jointly captures dynamic, polymorphic fault semantics. It further incorporates retrieval-augmented generation (RAG), a temporal-spatial graph database, and expert-knowledge-infused prompt engineering to enable context-aware reasoning. Evaluated on real-world production Kubernetes clusters, our framework localizes root causes in an average of two minutes with 90% accuracy and discovers several previously undocumented failure patterns for the first time.

Kubernetes, a notably complex and distributed system, utilizes an array of controllers to uphold cluster management logic through state reconciliation. Nevertheless, maintaining state consistency presents significant challenges due to unexpected failures, network disruptions, and asynchronous issues, especially within dynamic cloud environments. These challenges result in operational disruptions and economic losses, underscoring the necessity for robust root cause analysis (RCA) to enhance Kubernetes reliability. The development of large language models (LLMs) presents a promising direction for RCA. However, existing methodologies encounter several obstacles, including the diverse and evolving nature of Kubernetes incidents, the intricate context of incidents, and the polymorphic nature of these incidents. In this paper, we introduce SynergyRCA, an innovative tool that leverages LLMs with retrieval augmentation from graph databases and enhancement with expert prompts. SynergyRCA constructs a StateGraph to capture spatial and temporal relationships and utilizes a MetaGraph to outline entity connections. Upon the occurrence of an incident, an LLM predicts the most pertinent resource, and SynergyRCA queries the MetaGraph and StateGraph to deliver context-specific insights for RCA. We evaluate SynergyRCA using datasets from two production Kubernetes clusters, highlighting its capacity to identify numerous root causes, including novel ones, with high efficiency and precision. SynergyRCA demonstrates the ability to identify root causes in an average time of about two minutes and achieves an impressive precision of approximately 0.90.