A sidecar proxy is an application design pattern which abstracts certain features, such as inter-service communications, monitoring and security, away from the main architecture to ease the tracking and maintenance of the application as a whole. Just as a sidecar is attached to a motorcycle, a sidecar proxy is attached to a parent application to extend or add functionality. Sidecar proxies are typically used within the service mesh control plane (CP), microservices or containers.
A service mesh is divided into a data plane (DP) and a control plane. The service mesh DP is responsible for the communication of services within the mesh and can provide features such as load balancing, encryption and failure recovery through a separate, dedicated layer of infrastructure. A sidecar proxy is attached to the CP, which manages and configures each sidecar in relation to its designated service. All network traffic from an individual service is filtered through the sidecar proxy, which operates as its own infrastructure layer.
In a container, the sidecar proxy is attached to each application container, virtual machine (VM) or orchestration pod. For example, if an organization is developing an application which uses multiple containers, a sidecar can be attached to each individual container to abstract any security processes. This then makes it easier to access or change the security features without changing the rest of the application. Furthermore, if an organization is using Kubernetes to monitor containerized applications, the containers can be grouped together in a pod that shares a common namespace and then a separate sidecar container can be used to visualize how each container in the same pod is operating.
Sidecars allow developers to readily monitor and maintain their applications at a quick, organized glance by separating features from a microservice or container. Benefits of the sidecar pattern also include reduced complexity of code, minimized code duplication and loose coupling between individual application entities.