Sidecar Pattern

Jan 1, 0001

Definition

The Sidecar Pattern is a design pattern commonly used in microservices architecture where a secondary container, known as a sidecar, runs alongside the main application container within the same pod. This pattern is used to enhance the functionality of the main application by offloading certain tasks such as logging, monitoring, or proxying requests. The sidecar container shares the same network namespace and can communicate with the main application container, providing a modular way to extend application capabilities without altering the main application code.

Secure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: secure-sidecar-example
spec:
  containers:
  - name: main-app
    image: myapp:latest
    securityContext:
      runAsNonRoot: true
      capabilities:
        drop:
        - ALL
  - name: sidecar
    image: sidecar-proxy:latest
    securityContext:
      runAsNonRoot: true
      readOnlyRootFilesystem: true
      capabilities:
        drop:
        - ALL
  securityContext:
    fsGroup: 2000

Insecure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: insecure-sidecar-example
spec:
  containers:
  - name: main-app
    image: myapp:latest
  - name: sidecar
    image: sidecar-proxy:latest
    securityContext:
      runAsRoot: true
      capabilities:
        add:
        - NET_ADMIN

Sidecar Pattern

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter