͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

Forwarded this email? Subscribe here for more

You are now 171,001+ subscribers strong.

Let’s try to reach 172k subscribers by 20 September.

Share this post & I'll send you some rewards for the referrals.

How Sidecar Pattern Works ✨

#89: Break Into Design Patterns (4 Minutes)

Neo Kim

Sep 18

READ IN APP

Get my system design playbook for FREE on newsletter signup:

This post outlines the sidecar pattern. You will find references at the bottom of this page if you want to go deeper.

Share this post & I'll send you some rewards for the referrals.

Once upon a time, a single server was enough to run an entire site.

The clients connected to it over the internet.

But as the internet grew, traffic to some sites skyrocketed.

And it became hard to scale those sites reliably.

So they installed more servers and added logic for logging, monitoring, and security.

Yet it became difficult to update the app’s code without affecting its reliability.

So they set up a sidecar.

It’s a design pattern. And runs a small service alongside the app to help with tasks such as logging, monitoring, or security.

Imagine a motorcycle with a sidecar. The driver steers the vehicle, while the sidecar passenger carries the map, radio, or bag.

Similarly, the sidecar pattern decouples the operational features from the app’s logic.

Onward.

CodeRabbit: Free AI Code Reviews in CLI (Sponsor)

CodeRabbit CLI is an AI code review tool that runs directly in your terminal. It provides intelligent code analysis, catches issues early, and integrates seamlessly with AI coding agents like Claude Code, Codex CLI, Cursor CLI, and Gemini to ensure your code is production-ready before it ships.

Enables pre-commit reviews of both staged and unstaged changes, creating a multi-layered review process.
Fits into existing Git workflows. Review uncommitted changes, staged files, specific commits, or entire branches without disrupting your current development process.
Reviews specific files, directories, uncommitted changes, staged changes, or entire commits based on your needs.
Supports programming languages including JavaScript, TypeScript, Python, Java, C#, C++, Ruby, Rust, Go, PHP, and more.
Offers free AI code reviews with rate limits so developers can experience senior-level reviews at no cost.
Flags hallucinations, code smells, security issues, and performance problems.
Supports guidelines for other AI generators, AST Grep rules, and path-based instructions.

Install CodeRabbit CLI

Sidecar Pattern

Let’s dive in:

1. Architecture

Here’s how it works:

The app runs the core logic and handles requests.
Although detached, the sidecar and app share the same storage and networking environment.
Sidecar runs alongside the app, handling tasks such as logging, monitoring, and security.
They communicate with each other through a local network or shared resources, such as a configuration file or shared memory.
The sidecar and app start, stop, and scale together for reliability.

Also it’s possible to update or replace the sidecar without affecting the app.

There are 2 ways to deploy a sidecar:

As a separate container alongside the app.
As a separate process on the same server.

Yet the way a sidecar gets deployed depends on the use case and infrastructure setup.

Let’s keep going!

2. Use Cases

Here are three popular use cases of the sidecar pattern:

Traffic Proxy

The sidecar acts as a traffic manager. It controls incoming and outgoing requests for the app.

Here’s how:

Imagine the app wants to call another service, for example, the payments API.
It sends a request to the sidecar instead of calling the API directly.
The sidecar then forwards the request to the correct API.
It also automatically retries if the request fails due to a timeout or other error.

Besides the sidecar decrypts the incoming traffic before sending it to the app.

This avoids the need for retry logic or security logic inside the app itself.

It’s also used to add HTTPS support to legacy services.

A popular implementation of the sidecar traffic proxy is Envoy. It usually gets deployed as a separate container alongside the app.

Logging and Monitoring

Log management and monitoring increase the app complexity.

A sidecar solves this problem by collecting logs and sending them to a central system.

Sidecar Pattern for Logging and Monitoring

Here’s how:

The app writes logs to its local file, standard output, or a stream.
Sidecar collects these logs from the app and combines them if needed.
It then sends those logs to a central system, such as Elasticsearch or Splunk.

It lets the developer view all logs in a single place without changing the app’s code.

A popular implementation of the sidecar for logging and monitoring is Fluentd. It’s possible to deploy it as a separate process or container alongside the app.

Security Management

It’s unsafe for an app to store sensitive data, such as passwords or API tokens.

A sidecar solves this problem by managing sensitive data for the app.

Here’s how:

The sidecar gets secrets, such as passwords or certificates, from a secure system.
It then provides them to the app at runtime through a file, environment variable, or shared memory.

This technique keeps the secrets separate from the app’s code for security.

A popular implementation of the sidecar for security management is Vault Agent.

3. Tradeoffs

Here’s how the sidecar pattern helps with a microservices architecture:

Sidecar handles extra tasks, while the microservice contains only business logic. Thus keeping it simple.
Each microservice has the same sidecar setup. Thus ensuring consistent logging, monitoring, or security features.
A sidecar usually runs outside the app. So it doesn’t matter if one microservice runs java and another runs python. Thus making it language independent.

Yet everything comes with a tradeoff, and the sidecar too.

Here are some of them:

It consumes extra CPU, memory, and network capacity.
It adds extra latency to each request.
It introduces the risk of hidden failures because a functional app may look broken just from a sidecar failure.
It increases operational complexity as it’s necessary to configure, monitor, and update the sidecar.
It brings synchronization challenges as the app and sidecar should start, stop, and scale together.

The sidecar pattern became popular with microservices architecture.

Yet a monolithic app can also use it to handle operational tasks for reliability.

The sidecar pattern is useful if the app runs in different languages and frameworks. But avoid using it if the app has resource limitations and needs fast communication.

Subscribe to get simplified case studies delivered straight to your inbox:

Author Neo Kim; System design case studies — **👋 Find me on LinkedIn | Twitter | Threads | Instagram**

Want to advertise in this newsletter? 📰

If your company wants to reach a 170K+ tech audience, advertise with me.

Thank you for supporting this newsletter.

You are now 171,001+ readers strong, very close to 172k. Let’s try to get 172k readers by 20 September. Consider sharing this post with your friends and get rewards.

Y’all are the best.

Sidecar pattern - Azure
Sidecar pattern - MOSN
Sidecar pattern - DZone
Kubernetes Sidecars - A comprehensive guide - Plural
What's so bad about sidecars, anyway? - Cerbos
Block diagrams created with Eraser

Unlock access to every deep dive article by becoming a paid subscriber:

Comment

Restack

How Sidecar Pattern Works ✨

#89: Break Into Design Patterns (4 Minutes)

CodeRabbit: Free AI Code Reviews in CLI (Sponsor)

Sidecar Pattern

1. Architecture

2. Use Cases

3. Tradeoffs

References