In network routing, there’s a distinction between control planes and data planes. Control planes dictate how data is routed over the network topology. The data plane is responsible for the actual forwarding of the data packets.

The idea of separating these two functions works well for higher abstractions like distributed systems. For a more concrete example, look at a service mesh.

The data plane in service mesh has the responsibilities of service discovery, packet routing, load balancing, and middleware like authentication/authorization. The data plane in service meshes is often Envoy.

The control plane doesn’t touch every piece of data. It provides APIs for configuration and operations over the entire data plane. Istio is a great example of a control plane.

You can apply this pattern to different types of systems as well. The Unix file system might be split into a control plane (open/close) and a data plane (read/write).

Kubernetes follows this pattern. The control plane might include the scheduler, api server, and proxy. While the data plane is defined as the set of June let’s running on each node. The control plane enforces policies and orchestrated the data plane.