Welcome to the Logging operator documentation! The Logging operator is a core part of the Banzai Cloud One Eye observability tool for Kubernetes.

Overview 🔗︎

The Logging operator automates the deployment and configuration of a Kubernetes logging pipeline. The operator deploys and configures a Fluent Bit DaemonSet on every node to collect container and application logs from the node file system. Fluent Bit queries the Kubernetes API and enriches the logs with metadata about the pods, and transfers both the logs and the metadata to Fluentd. Fluentd receives, filters, and transfer logs to multiple outputs. Your logs will always be transferred on authenticated and encrypted channels.

This operator helps you bundle logging information with your applications: you can describe the behavior of your application in its charts, the Logging operator does the rest.

Feature highlights 🔗︎

  • Namespace isolation
  • Native Kubernetes label selectors
  • Secure communication (TLS)
  • Configuration validation
  • Multiple flow support (multiply logs for different transformations)
  • Multiple output support (store the same logs in multiple storage: S3, GCS, ES, Loki and more…)
  • Multiple logging system support (multiple Fluentd, Fluent Bit deployment on the same cluster)

Architecture 🔗︎

You can define outputs (destinations where you want to send your log messages, for example, Elasticsearch, or an Amazon S3 bucket), and flows that use filters and selectors to route log messages to the appropriate outputs. You can also define cluster-wide outputs and flows, for example, to use a centralized output that namespaced users can reference but cannot modify.

You can configure the Logging operator using the following Custom Resource Definitions.

  • logging - The logging resource defines the logging infrastructure for your cluster that collects and transports your log messages. It also contains configurations for Fluentd and Fluent-bit.
  • output - Defines an Output for a logging flow, where the log messages are sent. This is a namespaced resource. See also clusteroutput.
  • flow - Defines a logging flow using filters and outputs. Basically, the flow routes the selected log messages to the specified outputs. This is a namespaced resource. See also clusterflow.
  • clusteroutput - Defines an output that is available from all flows and clusterflows. The operator evaluates clusteroutputs in the controlNamespace only unless allowClusterResourcesFromAllNamespaces is set to true.
  • clusterflow - Defines a logging flow that collects logs from all namespaces by default. The operator evaluates clusterflows in the controlNamespace only unless allowClusterResourcesFromAllNamespaces is set to true.

For the detailed CRD documentation, see List of CRDs.

Logging operator architecture

Quickstart 🔗︎

See also our Quickstart guides.

Support 🔗︎

The Logging operator is a core part of the Banzai Cloud One Eye observability tool for Kubernetes. While the Logging operator itself is an open-source project, the Banzai Cloud One Eye product extends the functionality of the Logging operator with commercial features (for example, collecting host logs and Kubernetes events).

Community support 🔗︎

If you encounter problems while using the Logging operator the documentation does not address, open an issue or talk to us on the Banzai Cloud Slack channel #logging-operator.

Commercial support 🔗︎

If you are using the Logging operator in a production environment and require commercial support, contact Banzai Cloud, the company backing the development of the Logging operator.