The particular use case in this RFE is for customer offering OCP services beyond cluster operators.
CU wants to route/tag/handle certain logs as infrastructure so they are not visible as applications in Loki tenant.
We currently have namespaces that provide infrastructure components e.g. cert-manager that are not in a kube-, openshift- or default namespace. Therefore, they will be logged in the "application" tenant of Loki.
The definition where logs are sent to is here:
Firstly, it is possible to send metrics from self deployed namespaces to the internal Prometheus of OpenShift, with a label “openshift.io/cluster-monitoring: 'true' ". This works independently of the naming scheme of “openshift*”, “kube*,”default” . Therefore, I don't understand why it is not possible to configure something similar for logging. A label with the same functionality for logging would be perfect.
Apart from that, the cert-manager is not the only component we need to be able to functionally offer our service to our customers. In our minimal spec we need at least External Secrets, Vault, KeyCloak and Grafana. There are simply too many individual components that are different for every OCP user. So, why don't you give us the power to decide in which tenant these logs should go. For example, we currently use rook ceph as our storage system via OpenShift Data Foundation. Yes, theoretically rook ceph is logged into infrastructure because it is a journal log. In reality, the logs are in application.
By the way, it would also be great if we could customize the Vector config. We would need this to send the logs of our clients to the correct tenant namespace in Loki. To be more precise, it would be easier to use a regex in the vector config than to specify every namespace for each client in which the tenant should be logged.