Will everything run in a single cluster? How will we handle cluster failures? Will we replicate data elsewhere? If a cluster goes down due to power loss, how will the system handle it?

Running all services in a single cluster simplifies deployment but introduces a single point of failure. A more resilient design uses multiple clusters or zones, each with its own control plane and worker nodes. Data should be replicated across clusters using synchronous or asynchronous replication depending on consistency requirements. For critical services, use a multi-master or leader‑follower pattern with automatic failover. If a cluster loses power, a health‑check probe will mark nodes as dead, and traffic will be routed to healthy clusters via a load balancer or service mesh. Data replication ensures that the lost cluster’s state can be recovered by the surviving cluster. Additionally, implement a backup strategy (snapshots, point‑in‑time recovery) and a disaster‑recovery plan that can spin up a new cluster in a different region. This architecture balances cost, complexity, and availability, providing graceful degradation rather than a complete outage.