Sidecar is a design pattern where a helper container runs alongside your main application container in the same pod (in Kubernetes) or host, sharing the same network and storage.

Think of it like this: Your main app does its job, and the sidecar handles cross-cutting concerns without you changing the app’s code.

Common sidecar use cases:

• Logging — sidecar collects and ships logs (e.g., Fluentd)
• Security/mTLS — sidecar handles encryption between services (e.g., Envoy in a service mesh like Istio)
• Monitoring — sidecar scrapes and exposes metrics (e.g., Prometheus exporters)
• Config sync — sidecar pulls updated configs from Vault or a config server

In Kubernetes:

pods:
  containers:
    - name: my-app        # main container
    - name: log-shipper   # sidecar container

Both share the same pod, IP, and volumes.

Interview angle:

“I’ve worked with sidecars in Kubernetes — for example, using an Envoy proxy sidecar injected automatically by Istio to handle service-to-service encryption without touching application code.”