The significant of Sidecar Containers (KEP-753)

Date: 2024-01-30

Table of contents

1. Sidecar container definition

A sidecar container is a companion container placed in the same Pod as main container. It provide auxiliary features such as logs, proxies, syncing, security or monitoring.

Sidecar container communicate with main contain through http/gRPC over localhost, or shared volumn.

2. Old school sidecar

Traditional sidecar containers are regular containers declared in spec.containers and start up concurrently and shut down concurrently with main container.

In this below example, "proxy" is a sidecar container support main "app" container

apiVersion: v1
kind: Pod
spec:
  containers:
  - name: app
    image: app:latest
  - name: proxy
    image: envoy:latest

Due to being a regular container, traditional sidecar containers have multiple weaknesses.

Firstly, they might start after the main app and shutdown before it. This would cause app to lose proxy, lose db connection, etc.

Secondly, being a regular container, their readiness affect Pod's readiness. They could block readiness or their crash makes the Pod unready. This violates user intuition.

Some of the popular hacks were introduced to overcome this sitation:

  • On startup, delay main container start up until proxy container is ready.
until curl localhost:15000/ready; do
  sleep 1
done
exec ./app
  • During shutdown, use preStop hook to delay the termination of sidecar containers
lifecycle:
  preStop:
    exec:
      command: ["sh", "-c", "sleep 10"]

This hack depends on arbitrary sleep intervals. Therefore it is inherently unreliable. The delay may be too short to succeed. Or it could be excessively long, resuting in wasting time.

3. Sidecar containers (KEP-753)

Kubenetes 1.28 introduce an new "native" sidecar containers that help solves above problems.

The new type of sidecar containers start and be ready before the main containers start. They also start shutdown after main containers shutdown.

The new way to config "proxy" and "app" container

apiVersion: v1
kind: Pod
spec:
  initContainers:
  - name: proxy
    image: envoy:latest
    restartPolicy: Always     
  containers:
  - name: app
    image: app:latest

4. Conclusion

Historically, the traditional sidecar model had numberous limitations. And people often had to rely on unreliable workarounds.

A new sidecar container in kubenetes 1.28 helped to resolve the issues.