The lightweight k3s Kubernetes cluster comes with Traefik as Ingress router which disables access logging per default. To enable it, you have to configure 2 resources.

Let Kubernetes preserve the Source IP

The internal Kubernetes IP routing through the Traefik DaemonSet will replace the source IP by the node’s internal IP. To prevent that and keep the original visitors source IP, patch the Service kube-system.traefik.

spec:
  externalTrafficPolicy: Local

That setting will route the traffic directly to the nodes with running Traefik pods.

Enable Traefik access logging

But more important is to enable the actual access logging in the Traefik configuration following the Traefik configuration guide Create a file on the K3s cluster head named /var/lib/rancher/k3s/server/manifests/traefik-config.yaml with the following content:

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    logs:
      access:
        enabled: true
        fields:
          headers:
            defaultmode: keep

That will also keep the header information intact, which is useful for UserAgent detection.

More configuration options can be found in the official Traefik helm chart.

Now you can use the Traefik pod access logs for collecting cluster-wide metrics using VictoriaLogs.