Recipe for an HTTPS Sidecar

Image from epicurious.com

This paper serves the purpose of reference for the well-known sidecar pattern of Kubernetes.

Goal

Implement the HTTPS interface for a container application that doesn’t have https implemented.

Solution

Run a Nginx container beside the app in the same pod. The Nginx web server listens on the HTTPS port, and reverse proxy the request to the actual app in the same pod.

Sample App

A toy app to illustrate the idea. The golang app is listed as below. Notice that no https is implemented.

package main
import (
 "fmt"
 "log"
 "net/http"
 "os"
 "time"
)
func hello(w http.ResponseWriter, r *http.Request) {
 fmt.Fprintf(w, "Hello!")
}
func date(w http.ResponseWriter, r *http.Request) {
 fmt.Fprintf(w, "time now: %s", time.Now().Format("15:04:05"))
}
func main() {
 http.HandleFunc("/", hello)
 http.HandleFunc("/date", date)
 port := os.Getenv("LISTENING_PORT")
 if port == "" {
  port = "8080"
 }
 log.Printf("listening on port:%s", port)
 err := http.ListenAndServe("localhost:"+port, nil)
 if err != nil {
  log.Fatalf("Failed to start server:%v", err)
 }
}