Management of logging on a per project basis
Summary
CNF projects need to define their own logging flows.
Rather than doing it in the cluster values which should not depend on the projects that are hosted in the cluster, it is possible to define custom roles allowing to manage the flow and output logging resources (one for CRUD operations, one limited to viewing). Then a project can assign these roles to the users who need to configure the sending of their logs to their own logging servers, but limit this configuration to the scope of their own project.
The management of clusteroutputs and clusterflows must not be provided by these roles.
related references
- https://kube-logging.dev/docs/configuration/output/
- https://kube-logging.dev/docs/configuration/flow/