TechOps Examples
Posts
Kubernetes Sidecar Containers Breakdown

Kubernetes Sidecar Containers Breakdown

Govardhana M K
June 07, 2025

TechOps Examples

Hey — It's Govardhana MK 👋

Welcome to another technical edition.

Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.

Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities, and articles.

👀 Remote Jobs

Littlebird AI is hiring a Senior Backend Engineer
Remote Location: Worldwide
Plasma is hiring a Senior Site Reliability Engineer
Remote Location: EMEA

📚️ Resources

The Machine Learning Zoomcamp - teaches foundational and advanced ML concepts

Overview of Amazon RDS Blue/Green Deployments

One-page reference Python cheatsheet

Looking to promote your company, product, service, or event to 47,000+ Cloud Native Professionals? Let's work together. Advertise With Us

🧠 DEEP DIVE USE CASE

Kubernetes Sidecar Containers Breakdown

While sidecar containers are widely talked about in the Kubernetes world, I’ve seen many engineers confuse them with init containers. Both run inside the same pod, but their purpose and behavior are not the same.

Init containers run before your main app starts. They finish one by one. If even one fails, your pod won’t start.

Real cases I’ve used:

Waiting for a MySQL database to become reachable using a curl or nc based script.
Copying static configuration files into a shared volume that the app will mount.
Pulling secrets from Vault, decoding them, and storing them into a mounted path.
Fixing volume permissions before the app mounts it as read-write.

They are ideal for blocking setup logic, especially when you want to isolate it in purpose built images rather than adding logic to the app itself.

Sidecars run alongside your app container and stay alive throughout the pod lifecycle. They share volumes and network with the app and are designed to offload operational work.

Real cases I’ve implemented:

A log shipper like Fluent Bit reading app logs from a shared volume and pushing to Loki.
A cert-refresh agent that talks to cert-manager and injects renewed TLS certs without restarting the app.
An Envoy proxy sidecar that adds mTLS, retries, and metrics in a service mesh setup.
A backup sidecar that syncs files to S3 every few minutes while the app keeps writing to disk.

The key here is that sidecars are not startup helpers. They are co-runners. They support the app at runtime by handling things the app shouldn’t be bothered with.

This difference is important before we move forward to understand:

Kubernetes Sidecar Architecture
Service Mesh Sidecar Use Case Example
How to Get the Best Out of Sidecars

I am giving away 50% OFF on all annual plans of membership offerings for a limited time.

A membership will unlock access to read these deep dive editions like this on Thursdays and Saturdays.

Get twice the value at half the price.

1. Kubernetes Sidecar Architecture

Upgrade to Paid to read the rest.

Become a paying subscriber to get access to this post and other subscriber-only content.

Upgrade

Already a paying subscriber? Sign In.

Paid subscriptions get you:

• Access to archieve of 170+ use cases
• Deep Dive use case editions (Thursdays and Saturdays)
• Access to Private Discord Community
• Invitations to monthly Zoom calls for use case discussions and industry leaders meetups
• Quarterly 1:1 'Ask Me Anything' power session