A sidecar is a separate container that runs alongside an application container in a Kubernetes pod – a helper application of sorts. Typically, the sidecar is responsible for offloading functions required by all apps within a service mesh – SSL/mTLS, traffic routing, high availability, and so on – from the apps themselves, and implementing deployment testing patterns such as circuit breaker, canary, and blue‑green. Sidecars are sometimes used to aggregate and format log messages from multiple app instances into a single file.
As data‑plane components, sidecars are typically managed by some type of control plane within the service mesh. While the sidecar routes application traffic and provides other data‑plane services, the control plane injects sidecars into a pod when necessary and performs administrative tasks, for example renewing mTLS certificates and pushing them to the appropriate sidecars as needed.
How Can NGINX Help?
In NGINX Service Mesh (NSM), NGINX Plus is the sidecar managed by the NSM control plane. NGINX Plus is included as a free component of NSM and purchased licenses are not required to run NGINX Plus as the NSM sidecar for east‑west (E/W) traffic management.