Kubernetes Sidecar Container Patterns
Implement sidecar containers for logging, proxying, config reload, and security. Built-in sidecar support in Kubernetes 1.28+ with restartPolicy Always.
π‘ Quick Answer: Implement sidecar containers for logging, proxying, config reload, and security. Built-in sidecar support in Kubernetes 1.28+ with restartPolicy Always.
The Problem
Sidecar containers extend your application without modifying its code. Common uses: log forwarding, reverse proxying, config reloading, and TLS termination. Kubernetes 1.28+ has native sidecar support via init containers with restartPolicy: Always.
The Solution
Native Sidecar (Kubernetes 1.28+)
apiVersion: v1
kind: Pod
metadata:
name: app-with-sidecar
spec:
initContainers:
# Native sidecar β runs alongside main container
- name: log-forwarder
image: fluent/fluent-bit:3.0
restartPolicy: Always # Makes it a sidecar!
volumeMounts:
- name: logs
mountPath: /var/log/app
env:
- name: FLUENT_OUTPUT
value: "forward://fluentd.logging:24224"
containers:
- name: app
image: my-app:v1
volumeMounts:
- name: logs
mountPath: /var/log/app
volumes:
- name: logs
emptyDir: {}Pattern: Reverse Proxy Sidecar
containers:
- name: app
image: my-app:v1
ports:
- containerPort: 8080 # App on internal port
- name: nginx-proxy
image: nginx:1.25
ports:
- containerPort: 443 # HTTPS on external port
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx/conf.d
- name: tls-certs
mountPath: /etc/nginx/tls
readOnly: true
volumes:
- name: nginx-config
configMap:
name: nginx-proxy-config
- name: tls-certs
secret:
secretName: app-tlsPattern: Config Reloader Sidecar
containers:
- name: app
image: my-app:v1
volumeMounts:
- name: config
mountPath: /app/config
- name: config-reloader
image: jimmidyson/configmap-reload:v0.12.0
args:
- --volume-dir=/config
- --webhook-url=http://localhost:8080/-/reload
- --webhook-method=POST
volumeMounts:
- name: config
mountPath: /configgraph LR
A[Client] --> B[nginx sidecar :443]
B -->|TLS termination| C[app :8080]
C -->|Writes logs| D[shared volume]
E[fluent-bit sidecar] -->|Reads logs| D
E -->|Forwards| F[Fluentd/Loki]
G[config-reloader sidecar] -->|Watches| H[ConfigMap volume]
G -->|POST /reload| CBest Practices
- Start small and iterate β donβt over-engineer on day one
- Monitor and measure β you canβt improve what you donβt measure
- Automate repetitive tasks β reduce human error and toil
- Document your decisions β future you will thank present you
Key Takeaways
- This is essential knowledge for production Kubernetes operations
- Start with the simplest approach that solves your problem
- Monitor the impact of every change you make
- Share knowledge across your team with internal runbooks
Recommended
Kubernetes Recipes β The Complete Book100+ production-ready patterns with detailed explanations, best practices, and copy-paste YAML. Everything in one place.
Get the Book βLearn by Doing
CopyPasteLearn β Hands-on Cloud & DevOps CoursesMaster Kubernetes, Ansible, Terraform, and MLOps with interactive, copy-paste-run lessons. Start free.
Browse Courses β
π Deepen Your Skills β Hands-on Courses
Courses by CopyPasteLearn.com β Learn IT by Doing
Want More Kubernetes Recipes?
This recipe is from Kubernetes Recipes, our 750-page practical guide with hundreds of production-ready patterns.