What is the Kubernetes architecture?

Kubernetes follows a control plane + data plane architecture: Control Plane (Master): manages the cluster state. Components: (1) kube-apiserver: the front door — exposes the Kubernetes API. All communication goes through it. Validates and persists state to etcd. Horizontally scalable; (2) etcd: distributed key-value store — the single source of truth for cluster state (pod specs, deployments, secrets). Highly available consensus-based. Backup critical; (3) kube-scheduler: watches for unscheduled pods and assigns them to nodes based on resource requirements, affinity, taints/tolerations, policy; (4) kube-controller-manager: runs controller loops that reconcile desired state with actual state. Node Controller (handles node failures), Replication Controller, Endpoints Controller, Service Account Controller; (5) cloud-controller-manager: integrates with cloud provider APIs (provision load balancers, manage volumes, node registration). Worker Nodes (Data Plane): run application workloads. Components: (1) kubelet: agent on every node. Watches for pod specs assigned to the node; starts/stops/monitors containers; reports node and pod status to the control plane; (2) kube-proxy: network proxy on every node. Implements Service networking (iptables or IPVS rules for load balancing); (3) Container Runtime: software that runs containers (containerd, CRI-O, Docker). Cluster communication: all control plane components communicate via the kube-apiserver. Nodes communicate with the API server via TLS-authenticated connections.