What is a sidecar container?

A sidecar container is a secondary container that runs alongside the main application container within a single pod in container orchestration systems like Kubernetes. It provides additional functionality and support to the main container, enhancing its capabilities or separating specific concerns.

The sidecar container is deployed and managed together with the main container, sharing the same lifecycle and resources. It runs in the same networking and storage context, allowing seamless communication and data sharing between the main container and the sidecar container.

Sidecar containers can serve various purposes, such as:

  • Logging and Monitoring: A sidecar container can collect and forward logs or metrics generated by the main container to external monitoring or logging systems. It helps separate the logging and monitoring concerns from the application's core logic.

  • Security and Authentication: A sidecar container can handle security-related tasks, such as managing authentication, authorization, or encryption for the main container. It helps centralize security functionality and provides a dedicated layer of protection.

  • Proxy or Load Balancing: A sidecar container can act as a reverse proxy or load balancer, routing incoming traffic to the main container or performing additional network-related tasks, such as SSL termination or request filtering.

  • Caching or Data Processing: A sidecar container can provide caching mechanisms, such as a local in-memory cache or a distributed caching system, to optimize the performance of the main container. It can also handle data preprocessing tasks, transforming or enriching data before it reaches the main container.

  • Service Discovery and Configuration: A sidecar container can assist with service discovery by registering the main container with a service registry or managing dynamic configuration updates for the main container. It helps automate the setup and configuration of the application.

Example

Prerequisites:

To run the example I had the following tools/software installed:

I also setup a alias for kubectl using the following command:

Set-Alias -Name k -Value kubectl

Make sure minikube is up and running:

minikube start

Implementation:

In this example the 'main-container' is setup to log the date to a app.log that resides on the 'side-container' every 5 seconds using the sleep 5 command. Once the pod is up and running, we can verify no logs exist on the 'main-container' and that the 'side-container' logs show that the date is getting logged every 5 seconds.

  1. Create a file side-car.yaml with the following:
apiVersion: v1
kind: Pod
metadata:
  name: sidecar
spec:
  volumes:
  - name: shared-logs 
    emptyDir: {}
  containers:
  - name: main-container # Logs date to app.log
    image: alpine 
    command: ["/bin/sh"]
    args: ["-c", "while true; do date >> /var/log/app.log; sleep 5;done"]
    volumeMounts:
    - name: shared-logs
      mountPath: /var/log
  - name: sidecar-container # Reads content of app.log
    image: busybox
    args:
     - /bin/sh
     - -c
     - tail -fn+1 /var/log/app.log
    volumeMounts:
    - name: shared-logs
      mountPath: /var/log
  1. Apply the sidecar pod to using the following command:
k apply -f side-car.yaml
  1. Observe and verify the side car is working as expected using the following commands:
k get pod sidecar
k describe pod sidecar
k logs sidecar # defaults to main-container, but has not logs to view.
k logs sidecar -c sidecar-container
  1. Clean up your kubernetes environment using the following command:
k delete pod sidecar

References