buoyant.io

What data does Buoyant Cloud collect?

In general, Buoyant Cloud collects operational data about your Linkerd service mesh deployment and your Kubernetes workloads, such as Linkerd proxy metrics, proxy logs, workload resource consumption, Kubernetes events, etc. Buoyant Cloud does not collect application-specific data, including any data “on the wire” e.g. traffic requests or responses, or application logs.

Account data

For each user who logs in to Buoyant Cloud, Buoyant Cloud collects the following data:

  • Email address
  • Full name (data is input by user)
  • Timestamp of when the user accepted Terms of Service (TOS)
  • Timestamp of last activity
  • User Role (Admin, Editor, Viewer)

Note: “user” in this context refers solely to the users of Buoyant Cloud.

Cluster data

For each Kubernetes cluster on which the Buoyant Cloud agent runs, Buoyant Cloud collects the following data:

Data about the Buoyant Cloud agent itself

  • Agent version
  • Timestamp when first seen by to Buoyant Cloud
  • Last active timestamp
  • Buoyant Cloud user who added the agent in Buoyant Cloud

Data about the Kubernetes cluster

  • Metadata about each Deployment, StatefulSet, and DaemonSet (“workload”) running on the cluster, including:
    • Name, namespace, and version
    • Actual and expected number of pods
    • Current CPU and memory usage
    • Kubernetes labels and annotations
    • Kubernetes events
    • Metadata about the pods and containers in the workload, including:
      • Name
      • Current status
      • Creation time
      • Number of restarts
      • Kubernetes events

Data about the Linkerd installation

  • Certificate public key information (note: Buoyant Cloud does not have access to private keys)
  • Linkerd CRD’s, including Multiclusters ServerAuthorization, Servers, ServiceProfiles, TrafficSplits
  • Data from each Linkerd proxy, including:
  • Proxy metrics, including metrics about application traffic passing through the proxy as well as the proxy’s internal state
  • Proxy logs, when requested by the user using the “Send Diagnostics” feature. (These logs do not contain application data, but are specific to the proxy’s internal state.)
  • Proxy mTLS public key information (note: Buoyant Cloud does not have access to private keys)

Data that Buoyant Cloud does NOT collect

At no time does Buoyant Cloud collect, process, or handle any of the following data:

  • The contents of application traffic (e.g. request headers or bodies).
  • mTLS secret keys (including pod keys, cluster issuer keys, or trust root keys)