Simplify Kubernetes Ingress Log Collection and Monitoring with One YAML

Introduction

Kubernetes Ingress provides HTTP/HTTPS layer‑7 routing and is the primary method for exposing services in a K8s cluster. Alibaba Cloud Container Service together with Log Service offers a turnkey solution that deploys log collection, analysis, and visualization for Ingress with a single YAML manifest.

Ingress Overview

Ingress is a declarative API object that defines host/path routing rules. An Ingress Controller (e.g., Nginx, Traefik, Istio, Kong) implements these rules and forwards traffic to the corresponding Service.

Log Types and Metrics

All Ingress Controllers emit three log streams:

Access Log – request URL, source IP, User‑Agent, status code, request/response sizes, latency, target Service name and its response time.

Controller Log – internal controller events.

Error Log – runtime errors.

Metrics extracted from these logs include request success rate, error ratios, latency percentiles (P95/P99/P9999), and per‑Service traffic.

Typical Analyses

Page‑view (PV) and unique‑visitor (UV) counts.

Geographic and device distribution.

HTTP error rates (4xx/5xx).

Backend service latency.

URL‑level traffic patterns.

Components Required for a Full Ingress Log Pipeline

Log‑collection agent (e.g., Fluent Bit, Logtail) with Ingress parsing rules.

Buffering queue (Redis, Kafka) to absorb traffic spikes.

Real‑time analytics engine (Elasticsearch, ClickHouse).

Visualization layer (Grafana, Kibana).

Alerting module (ElastAlert, Alertmanager) with rule definitions.

Alibaba Cloud Log Service Ingress Solution

The solution integrates the above components automatically. Applying the provided ingress‑log‑solution.yaml creates:

A Log Service Logstore for Ingress Access, Controller, and Error logs.

Parsing rules that extract the fields listed above.

Real‑time indexing into Elasticsearch‑compatible storage.

Pre‑built dashboards and alert templates.

Built‑in Dashboards

Ingress Overview – daily PV/UV, traffic volume, average latency, error ratio; minute‑level real‑time metrics.

Ingress Access Center – request‑level statistics such as UV/PV, geographic distribution, top browsers, device ratios.

Ingress Monitoring Center – success rate, error ratios, latency percentiles, status‑code distribution, top Services by traffic or errors.

Ingress Blue‑Green Release Center – side‑by‑side comparison of two Service versions (e.g., ServiceA vs ServiceB) showing PV, error ratio, success rate, latency, and traffic.

Ingress Anomaly Detection Center – machine‑learning based detection of abnormal metric spikes.

Real‑time Monitoring and Alerting

Alert creation follows three steps in the Log Service console. Example: trigger an alert when the 5xx error ratio exceeds 1 % over a five‑minute window.

# Pseudo‑SQL used in the alert rule
SELECT
  window_start,
  SUM(CASE WHEN status >= 500 THEN 1 ELSE 0 END) / COUNT(*) AS error_ratio
FROM ingress_access_log
WHERE __time__ BETWEEN now() - interval 5 minute AND now()
GROUP BY window_start
HAVING error_ratio > 0.01;

Supported notification channels include SMS, voice, email, DingTalk bot, and custom WebHook. Alert execution results are logged for audit.

Custom Analysis

If the default dashboards do not satisfy a specific requirement, users can write arbitrary Log Service SQL queries or build custom Grafana/Kibana dashboards that query the same Logstore.

Reference Documentation

https://www.aliyun.com/product/sls

https://www.aliyun.com/product/kubernetes

https://help.aliyun.com/document_detail/86532.html

https://help.aliyun.com/document_detail/48162.html

https://help.aliyun.com/document_detail/107758.html

https://kubernetes.io/docs/concepts/services-networking/ingress/

https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/