Control Plane
The control plane is the brain of Kubernetes. It stores cluster state, schedules workloads, and runs control loops that reconcile desired state with actual state.
Control plane = airport control tower. API server = the single radio frequency everyone talks on. etcd = the flight log book. Scheduler = the gate agent assigning planes to runways. Controller manager = the crew making sure every flight matches the schedule board.
Components: kube-apiserver (single entry point for all API operations, validates and persists to etcd), etcd (distributed key-value store, the source of truth for all cluster state), kube-scheduler (watches for unscheduled pods, picks the best node based on resources, affinity, taints), kube-controller-manager (runs all built-in controllers: deployment, replicaset, node, job, endpoint controllers in one binary), cloud-controller-manager (cloud-specific logic: LoadBalancer provisioning, node lifecycle).
The API server is stateless — all state is in etcd. etcd uses Raft consensus — requires a quorum of (n/2)+1 nodes to be available. For HA, run 3 or 5 etcd members. etcd is sensitive to disk latency — use SSDs. The scheduler is pluggable — custom schedulers can be run alongside the default. The controller manager runs a leader election to ensure only one instance is active in HA setups. All components communicate only via the API server — no direct communication between scheduler, etcd, and controllers. This is how kubectl watch works: long-polling /watch on the API server.
The control plane has four main components: (1) API server — the only component that talks to etcd, validates all requests; (2) etcd — the distributed store holding all cluster state; (3) scheduler — watches for unscheduled pods, picks nodes based on resources, affinity, taints; (4) controller manager — runs reconciliation loops for all built-in resources. The API server is the central hub — all other components and kubelets communicate through it. If etcd loses quorum, the cluster can still serve existing workloads but can't accept changes.
The control plane doesn't run workloads by default (master nodes are tainted). Losing etcd doesn't immediately kill running pods — kubelet manages pods locally. But you can't create, update, or delete anything until the control plane recovers.