What is a sidecar proxy?
A sidecar proxy is an application design pattern which abstracts certain features, such as inter-service communications, monitoring and security, away from the main architecture to ease the tracking and maintenance of an application. Just as a sidecar is attached to a motorcycle, a sidecar proxy is attached to a parent application to extend or add functionality. Sidecar proxies are typically used within the service mesh control plane (CP), microservices or containers.
How a sidecar proxy works
A service mesh is divided into a data plane (DP) and a control plane. The service mesh DP is responsible for the communication of services within the mesh and can provide features such as load balancing, encryption and failure recovery through a separate, dedicated infrastructure layer. A sidecar proxy is attached to the CP, which manages and configures each sidecar in relation to its designated service. All network traffic from an individual service is filtered through the sidecar proxy, which operates as its own infrastructure layer.
In a container, the sidecar proxy is attached to each application container, VM or orchestration pod. For example, if an organization is developing an application which uses multiple containers, a sidecar can be attached to each individual container to abstract any security processes. This makes it easier to access or change security features without changing the rest of the application.
Furthermore, if an organization is using Kubernetes to monitor containerized applications, the containers can be grouped together in a pod that shares a common namespace and then a separate sidecar container can visualize how each container in the same pod is operating.
Sidecars enable developers to readily monitor and maintain their applications at a quick, organized glance by separating features from a microservice or container. Benefits of the sidecar pattern also include reduced code complexity, minimized code duplication and loose coupling between individual application entities.