The lightweight k3s Kubernetes cluster comes with Traefik as Ingress router which disables access logging per default. To enable it, you have to configure 2 resources.

Let Kubernetes preserve the Source IP

The internal Kubernetes IP routing through the Traefik DaemonSet will replace the source IP by the node’s internal IP. To prevent that and keep the original visitors source IP, patch the Service kube-system.traefik.

spec:
  externalTrafficPolicy: Local

That setting will route the traffic directly to the nodes with running Traefik pods.

Enable Traefik access logging

But more important is to enable the actual access logging in the Traefik configuration. To do so, patch the HelmChart CRD kube-system.traefik with the following content:

spec:
  valuesContent: |-
    logs:
      access:
        enabled: true
        fields:
          headers:
            defaultmode: keep

That will also keep the header information intact, which is useful for UserAgent detection.

More configuration options can be found in the official Traefik helm chart.

Now you can use the Traefik pod access logs for collecting cluster-wide metrics using VictoriaLogs.