Designing a Stable Backend Architecture: CI/CD, Federated Monitoring, Logging, Documentation, and Traffic Management on Kubernetes

Introduction

Our clusters were constantly on the brink of failure; after three months of investigation we identified five root causes: an unstable release process, lack of a monitoring platform, missing logging system, insufficient operational documentation, and unclear request routing.

Solution Overview

Unstable Release Process

We rebuilt the release pipeline by fully containerizing services and establishing a Kubernetes‑centric CI/CD workflow.

Release Process Details

The process includes three steps: test cases, image packaging, and pod updates. Deployment involves creating namespaces, image‑pull secrets, persistent volumes, deployments, services, and ingress. Images are stored in an internal Alibaba Cloud repository accessed via VPC, avoiding public network latency.

Service Deployment Diagram

Federated Monitoring Platform

We built a reliable, multi‑cluster monitoring system based on Prometheus, supplemented by shell/Go scripts and Sentry for alerting via WeChat or email. The platform aggregates OS‑level, application‑level, and business‑level metrics, providing pre‑failure alerts across all clusters.

Logging System

To address log scarcity in a fully Kubernetes‑ized environment, we adopted Elasticsearch as the core log collection system, storing logs centrally to enable long‑term retention, search, and analysis.

Operational Documentation

We created a documentation hub using Yuque to centralize operation manuals, scripts, and troubleshooting guides, ensuring that all operational steps are recorded and easily accessible.

Request Routing Clarification

We re‑designed traffic flow by integrating Kong as the edge gateway and Istio for service‑to‑service authentication and authorization, providing a unified view of north‑south and east‑west traffic.

Conclusion

By integrating a Kubernetes‑centric CI/CD pipeline, a Prometheus‑based federated monitoring platform, an Elasticsearch logging system, a Yuque documentation center, and Kong/Istio traffic management, we can achieve high availability and reliability for services running on Kubernetes clusters.