// the find
kube-logging/logging-operator
Logging operator for Kubernetes
A Kubernetes operator that automates deploying and wiring up Fluent Bit (collection) + Fluentd or syslog-ng (forwarding) as a logging pipeline, configured entirely through CRDs. CNCF Sandbox project, originally from Banzai Cloud, now maintained by kube-logging. Aimed at platform teams who want logging infrastructure defined as code alongside their app manifests.
Namespace isolation with Flow/ClusterFlow separation is well thought out — tenant A's logs genuinely cannot bleed into tenant B's pipeline without explicit ClusterFlow configuration. Supporting both Fluentd and syslog-ng as forwarders is a real differentiator; syslog-ng handles high-throughput filtering more efficiently than Fluentd in practice. Config validation via admission webhooks catches broken pipeline configs before they land in the cluster, not after Fluentd crashes at runtime. The multi-tenant routing samples (hard isolation, soft routing via LoggingRoute) cover the actual scenarios platform teams face.
Fluent Bit as the only collector option means you're stuck with its parsing quirks and limited buffer semantics — there's no path to switch to the OpenTelemetry Collector if your org is standardizing on OTLP. The dual CRD surface (Fluentd outputs vs SyslogNGOutputs for every resource type) doubles the API you need to understand and maintain; pick the wrong forwarder on day one and migrating means rewriting all your Flow/Output manifests. Debugging a broken pipeline is painful — the operator reconciles successfully but logs just disappear; you're left grepping Fluentd pods for Ruby stack traces. At 1.7k stars for a CNCF project that's been around since 2017, adoption signals that most teams are going straight to the Grafana Alloy/Loki stack instead.