What data does Buoyant Cloud collect?

In general, Buoyant Cloud collects operational data about your Linkerd service mesh deployment and your Kubernetes workloads, such as Linkerd proxy metrics, proxy logs, workload resource consumption, Kubernetes events, etc. Buoyant Cloud does not collect application-specific data, including any data “on the wire” e.g. traffic requests or responses, or application logs.

For each user who logs in to Buoyant Cloud, Buoyant Cloud collects the following data:

  • Email address
  • Full name (data is input by user)
  • Timestamp of when the user accepted Terms of Service (TOS)
  • Timestamp of last activity
  • User Role (Admin, Editor, Viewer)

Note: “user” in this context refers solely to the users of Buoyant Cloud.

For each Kubernetes cluster on which the Buoyant Cloud agent runs, Buoyant Cloud collects the following data:

  • Agent version
  • Timestamp when first seen by to Buoyant Cloud
  • Last active timestamp
  • Buoyant Cloud user who added the agent in Buoyant Cloud
  • Metadata about each Deployment, StatefulSet, and DaemonSet (“workload”) running on the cluster, including:
    • Name, namespace, and version
    • Actual and expected number of pods
    • Current CPU and memory usage
    • Kubernetes labels and annotations
    • Kubernetes events
    • Metadata about the pods and containers in the workload, including:
      • Name
      • Current status
      • Creation time
      • Number of restarts
      • Kubernetes events
  • Certificate public key information (note: Buoyant Cloud does not have access to private keys)
  • Linkerd CRD’s, including Multiclusters ServerAuthorization, Servers, ServiceProfiles, TrafficSplits
  • Data from each Linkerd proxy, including:
  • Proxy metrics, including metrics about application traffic passing through the proxy as well as the proxy’s internal state
  • Proxy logs, when requested by the user using the “Send Diagnostics” feature. (These logs do not contain application data, but are specific to the proxy’s internal state.)
  • Proxy mTLS public key information (note: Buoyant Cloud does not have access to private keys)

At no time does Buoyant Cloud collect, process, or handle any of the following data:

  • The contents of application traffic (e.g. request headers or bodies).
  • mTLS secret keys (including pod keys, cluster issuer keys, or trust root keys)