A sidecar container is a secondary container that runs alongside the main application container within a single pod in container orchestration systems like Kubernetes. It provides additional functionality and support to the main container, enhancing its capabilities or separating specific concerns.
The sidecar container is deployed and managed together with the main container, sharing the same lifecycle and resources. It runs in the same networking and storage context, allowing seamless communication and data sharing between the main container and the sidecar container.
Sidecar containers can serve various purposes, such as:
Logging and Monitoring: A sidecar container can collect and forward logs or metrics generated by the main container to external monitoring or logging systems. It helps separate the logging and monitoring concerns from the application's core logic.
Security and Authentication: A sidecar container can handle security-related tasks, such as managing authentication, authorization, or encryption for the main container. It helps centralize security functionality and provides a dedicated layer of protection.
Proxy or Load Balancing: A sidecar container can act as a reverse proxy or load balancer, routing incoming traffic to the main container or performing additional network-related tasks, such as SSL termination or request filtering.
Caching or Data Processing: A sidecar container can provide caching mechanisms, such as a local in-memory cache or a distributed caching system, to optimize the performance of the main container. It can also handle data preprocessing tasks, transforming or enriching data before it reaches the main container.
Service Discovery and Configuration: A sidecar container can assist with service discovery by registering the main container with a service registry or managing dynamic configuration updates for the main container. It helps automate the setup and configuration of the application.
To run the example I had the following tools/software installed:
I also setup a alias for kubectl using the following command:
Set-Alias -Name k -Value kubectl
Make sure minikube is up and running:
minikube start
In this example the 'main-container' is setup to log the date to a app.log that resides on the 'side-container' every 5 seconds using the sleep 5 command. Once the pod is up and running, we can verify no logs exist on the 'main-container' and that the 'side-container' logs show that the date is getting logged every 5 seconds.
side-car.yaml with the following:apiVersion: v1
kind: Pod
metadata:
name: sidecar
spec:
volumes:
- name: shared-logs
emptyDir: {}
containers:
- name: main-container # Logs date to app.log
image: alpine
command: ["/bin/sh"]
args: ["-c", "while true; do date >> /var/log/app.log; sleep 5;done"]
volumeMounts:
- name: shared-logs
mountPath: /var/log
- name: sidecar-container # Reads content of app.log
image: busybox
args:
- /bin/sh
- -c
- tail -fn+1 /var/log/app.log
volumeMounts:
- name: shared-logs
mountPath: /var/log
k apply -f side-car.yaml
k get pod sidecar
k describe pod sidecar
k logs sidecar # defaults to main-container, but has not logs to view.
k logs sidecar -c sidecar-container
k delete pod sidecar