Multi-container pods in Kubernetes: Sidecar, ambassador and adapter patterns

Learn the three multi-container pod patterns in Kubernetes with working examples. Covers the sidecar pattern with shared volumes, plus ambassador and adapter patterns with real-world use cases.

9 lessons · 27 min · Intermediate

3 minutes reading time

Written by

Civo Team
Civo Team

Marketing Team at Civo

A pod can run more than one container. All containers in the same pod share the same network namespace and can share volumes. This tight coupling is what makes multi-container pods useful for a specific set of patterns where two processes need to work together closely.

The three patterns

multi-container-patterns

Sidecar

A sidecar container enhances or supports the main container without changing it. The main container does its job and the sidecar handles a secondary concern alongside it.

Real-world uses: a Fluentd or Filebeat sidecar reads application logs from a shared emptyDir volume and ships them to Elasticsearch. An Envoy sidecar injected by Istio handles mTLS, retries, and traffic management transparently. A git-sync sidecar continuously pulls configuration updates from a Git repository into a shared volume that the main container reads.

Ambassador

An ambassador container acts as a proxy between the main container and an external service. The main container always connects to localhost and the ambassador handles the real routing.

Real-world use: a Redis proxy ambassador handles connection pooling and routing to the correct Redis instance in a cluster. The main application always connects to localhost:6379 regardless of the Redis topology behind it. If the topology changes, only the ambassador needs updating.

Adapter

An adapter container normalises the main container's output into a standard format that an external system expects, without modifying the main container itself.

Real-world use: an adapter converts proprietary application metrics into the Prometheus exposition format. Prometheus scrapes the adapter, not the main application. The main application does not need to know about Prometheus at all.

How containers in the same pod communicate

Containers in the same pod share a network namespace. They share the same IP address and port space. A container listening on port 8080 can be reached by any other container in the same pod at localhost:8080. No service or ingress is needed for intra-pod communication.

They can also share data by mounting the same volume at different paths.

Working example: sidecar pattern

This example is the sidecar pattern. An Alpine container writes the current date and memory information to index.html on a shared emptyDir volume every few seconds. An nginx container reads from that same volume and serves the file.

apiVersion: v1
kind: Pod
metadata:
name: multi-container
spec:
volumes:
- name: shared-data
emptyDir: {}
containers:
- name: nginx-container
image: nginx
volumeMounts:
- mountPath: /usr/share/nginx/html
name: shared-data
- name: alpine-container
image: alpine
command:
- sh
- -c
- while true; do date >> /mem-info/index.html; cat /proc/meminfo >> /mem-info/index.html; sleep 5; done
volumeMounts:
- mountPath: /mem-info
name: shared-data
kubectl apply -f multi-container.yaml
kubectl get pods

Expected output:

NAME READY STATUS RESTARTS AGE
multi-container 2/2 Running 0 10s

2/2 confirms both containers are running. When a pod has multiple containers, you must specify which container you want logs from:

kubectl logs -f multi-container -c nginx-container

Exec into the nginx container:

kubectl exec -it multi-container -c nginx-container -- sh

Curl localhost to see the content being written by the Alpine container:

curl localhost

Expected output — date and memory info appended by the Alpine sidecar and served by nginx:

Thu Jan 15 10:23:01 UTC 2026
MemTotal: 16384000 kB
MemFree: 8192000 kB
...

Run curl localhost again after a few seconds and you will see a new timestamp appended. Data is being written by one container and read by the other through the shared emptyDir volume.

Exit the pod:

exit
Civo Team
Civo Team

Marketing Team at Civo

Civo is the Sovereign Cloud and AI platform designed to help developers and enterprises build without limits. We bridge the gap between the openness of the public cloud and the rigorous security of private environments, delivering full cloud parity across every deployment. As a team, we are dedicated to providing scalable compute, lightning-fast Kubernetes, and managed services that are ready in minutes. Through CivoStack Enterprise and our FlexCore appliance, we empower organizations to maintain total data sovereignty on their own hardware.

Our mission is to make the cloud faster, simpler, and fairer. By providing enterprise-grade NVIDIA GPUs and streamlined model management, we ensure that high-performance AI and machine learning are accessible to everyone. Built for transparency and performance, the Civo Team is here to give you total control over your infrastructure, your data, and your spend.

View author profile
Course complete

Nice work, you finished Kubernetes Objects: Deployments, pods, StatefulSets and more.

Your next step is up to you - keep building on what you've learned, or put it into practice on Civo.

Next Course

Kubernetes Configuration and Security: ConfigMaps, secrets and access control

4 lessons · 10 min

Learn how to manage configuration and secure your Kubernetes cluster. Covers ConfigMaps, Secrets, authentication, RBAC, and role-based access control with working examples.

Put it into practice

Spin up your first cluster on Civo

Get $250 free credit and launch a production-ready Kubernetes cluster in under 90 seconds.