diff --git a/pkg/log/log.go b/pkg/log/log.go
index 8d6876a447..9768814eed 100644
--- a/pkg/log/log.go
+++ b/pkg/log/log.go
@@ -6,6 +6,7 @@ import (
 	"github.com/go-logr/logr"
 	"github.com/go-logr/zapr"
 	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
 
@@ -13,8 +14,10 @@ import (
 var Logger logr.Logger
 
 func init() {
-	// Build a zap development logger.
-	zapLogger, err := zap.NewDevelopment(zap.AddCallerSkip(1), zap.AddStacktrace(zap.FatalLevel))
+	// Build a zap development logger with INFO level.
+	config := zap.NewDevelopmentConfig()
+	config.Level = zap.NewAtomicLevelAt(zapcore.InfoLevel)
+	zapLogger, err := config.Build(zap.AddCallerSkip(1), zap.AddStacktrace(zap.FatalLevel))
 	if err != nil {
 		panic(fmt.Sprintf("error building logger: %v", err))
 	}
diff --git a/pkg/operator/controller/canary-certificate/controller.go b/pkg/operator/controller/canary-certificate/controller.go
index 0f20eac158..3387289e20 100644
--- a/pkg/operator/controller/canary-certificate/controller.go
+++ b/pkg/operator/controller/canary-certificate/controller.go
@@ -206,6 +206,7 @@ func (r *reconciler) createCanaryCertificate(ctx context.Context, certificate *c
 		return err
 	}
 
+	log.Info("Created canary certificate secret", "namespace", certificate.Namespace, "name", certificate.Name)
 	r.recorder.Event(certificate, "Normal", "CreatedCanaryCertificate", "created canary certificate")
 	return nil
 }
@@ -220,6 +221,7 @@ func (r *reconciler) updateCanaryCertificate(ctx context.Context, current, desir
 	if err := r.client.Update(ctx, updated); err != nil {
 		return false, err
 	}
+	log.Info("Updated canary certificate secret", "namespace", updated.Namespace, "name", updated.Name)
 	r.recorder.Event(updated, "Normal", "UpdatedCanaryCertificate", "updated canary certificate")
 	return true, nil
 }
diff --git a/pkg/operator/controller/canary/daemonset.go b/pkg/operator/controller/canary/daemonset.go
index a565eed264..3368dd04ef 100644
--- a/pkg/operator/controller/canary/daemonset.go
+++ b/pkg/operator/controller/canary/daemonset.go
@@ -119,6 +119,7 @@ func (r *reconciler) updateCanaryDaemonSet(ctx context.Context, current, desired
 		if len(short) > 8 {
 			short = short[:8]
 		}
+		log.Info("Updated canary-serving-cert-hash annotation on the canary daemonset", "namespace", updated.Namespace, "name", updated.Name, "hash", short)
 		if r.recorder != nil {
 			r.recorder.Eventf(updated, "Normal", "CanaryCertRotated", "Canary serving cert rotated, updated pod template annotation hash: %s", short)
 		}
diff --git a/pkg/operator/controller/certificate-publisher/publish_ca.go b/pkg/operator/controller/certificate-publisher/publish_ca.go
index 148ec6d856..cf647e89e3 100644
--- a/pkg/operator/controller/certificate-publisher/publish_ca.go
+++ b/pkg/operator/controller/certificate-publisher/publish_ca.go
@@ -40,6 +40,7 @@ func (r *reconciler) ensureConfigMap(name types.NamespacedName, desired *corev1.
 		if deleted, err := r.deleteRouterCAConfigMap(current); err != nil {
 			return fmt.Errorf("failed to ensure %q in %q was unpublished: %v", name.Name, name.Namespace, err)
 		} else if deleted {
+			log.Info("Unpublished router CA configmap", "name", name.Name, "namespace", name.Namespace)
 			r.recorder.Eventf(current, "Normal", "UnpublishedRouterCA", "Unpublished %q in %q", name.Name, name.Namespace)
 		}
 	case desired != nil && current == nil:
@@ -50,12 +51,14 @@ func (r *reconciler) ensureConfigMap(name types.NamespacedName, desired *corev1.
 			if err != nil {
 				return err
 			}
+			log.Info("Published router CA configmap", "name", desired.Name, "namespace", desired.Namespace)
 			r.recorder.Eventf(new, "Normal", "PublishedRouterCA", "Published %q in %q", desired.Name, desired.Namespace)
 		}
 	case desired != nil && current != nil:
 		if updated, err := r.updateRouterCAConfigMap(current, desired); err != nil {
 			return fmt.Errorf("failed to update published %q in %q: %v", desired.Name, desired.Namespace, err)
 		} else if updated {
+			log.Info("Updated published router CA configmap", "name", desired.Name, "namespace", desired.Namespace)
 			r.recorder.Eventf(current, "Normal", "UpdatedPublishedRouterCA", "Updated the published %q in %q", desired.Name, desired.Namespace)
 		}
 	}
diff --git a/pkg/operator/controller/certificate-publisher/publish_certs.go b/pkg/operator/controller/certificate-publisher/publish_certs.go
index 99e0086119..fb78c6f308 100644
--- a/pkg/operator/controller/certificate-publisher/publish_certs.go
+++ b/pkg/operator/controller/certificate-publisher/publish_certs.go
@@ -34,6 +34,7 @@ func (r *reconciler) ensureRouterCertsGlobalSecret(secrets []corev1.Secret, ingr
 		if deleted, err := r.deleteRouterCertsGlobalSecret(current); err != nil {
 			return fmt.Errorf("failed to ensure router certificates secret was unpublished: %v", err)
 		} else if deleted {
+			log.Info("Unpublished router certificates secret", "namespace", current.Namespace, "name", current.Name)
 			r.recorder.Eventf(current, "Normal", "UnpublishedRouterCertificates", "Unpublished router certificates")
 		}
 	case desired != nil && current == nil:
@@ -44,12 +45,14 @@ func (r *reconciler) ensureRouterCertsGlobalSecret(secrets []corev1.Secret, ingr
 			if err != nil {
 				return err
 			}
+			log.Info("Published router certificates secret", "namespace", new.Namespace, "name", new.Name)
 			r.recorder.Eventf(new, "Normal", "PublishedRouterCertificates", "Published router certificates")
 		}
 	case desired != nil && current != nil:
 		if updated, err := r.updateRouterCertsGlobalSecret(current, desired); err != nil {
 			return fmt.Errorf("failed to update published router certificates secret: %v", err)
 		} else if updated {
+			log.Info("Updated published router certificates secret", "namespace", current.Namespace, "name", current.Name)
 			r.recorder.Eventf(current, "Normal", "UpdatedPublishedRouterCertificates", "Updated the published router certificates")
 		}
 	}
diff --git a/pkg/operator/controller/certificate/ca.go b/pkg/operator/controller/certificate/ca.go
index 561e43f71b..eaf907df16 100644
--- a/pkg/operator/controller/certificate/ca.go
+++ b/pkg/operator/controller/certificate/ca.go
@@ -38,6 +38,7 @@ func (r *reconciler) ensureRouterCASecret() (*corev1.Secret, error) {
 		if err != nil {
 			return nil, err
 		}
+		log.Info("Created default wildcard CA certificate secret", "namespace", new.Namespace, "name", new.Name)
 		r.recorder.Event(new, "Normal", "CreatedWildcardCACert", "Created a default wildcard CA certificate")
 		return new, nil
 
diff --git a/pkg/operator/controller/certificate/default_cert.go b/pkg/operator/controller/certificate/default_cert.go
index 8ab2886ef7..a807b88965 100644
--- a/pkg/operator/controller/certificate/default_cert.go
+++ b/pkg/operator/controller/certificate/default_cert.go
@@ -48,6 +48,7 @@ func (r *reconciler) ensureDefaultCertificateForIngress(caSecret *corev1.Secret,
 		if deleted, err := r.deleteRouterDefaultCertificate(current); err != nil {
 			return true, fmt.Errorf("failed to delete default certificate: %v", err)
 		} else if deleted {
+			log.Info("Deleted default wildcard certificate secret", "namespace", current.Namespace, "name", current.Name)
 			r.recorder.Eventf(ci, "Normal", "DeletedDefaultCertificate", "Deleted default wildcard certificate %q", current.Name)
 			return false, nil
 		}
@@ -55,6 +56,7 @@ func (r *reconciler) ensureDefaultCertificateForIngress(caSecret *corev1.Secret,
 		if created, err := r.createRouterDefaultCertificate(desired); err != nil {
 			return false, fmt.Errorf("failed to create default certificate: %v", err)
 		} else if created {
+			log.Info("Created default wildcard certificate secret", "namespace", desired.Namespace, "name", desired.Name)
 			r.recorder.Eventf(ci, "Normal", "CreatedDefaultCertificate", "Created default wildcard certificate %q", desired.Name)
 			return true, nil
 		}
diff --git a/pkg/operator/controller/dns/controller.go b/pkg/operator/controller/dns/controller.go
index 245fd2dcbc..458a6f495a 100644
--- a/pkg/operator/controller/dns/controller.go
+++ b/pkg/operator/controller/dns/controller.go
@@ -166,6 +166,7 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) (
 	// zero TTLs, simply ignore the record until the TTL is updated by the ingresscontroller controller. Report
 	// this through events so we can detect problems with our migration.
 	if record.Spec.RecordTTL <= 0 {
+		log.Info("DNSRecord missing TTL, skipping until updated", "namespace", record.Namespace, "name", record.Name)
 		r.recorder.Eventf(record, "Warning", "ZeroTTL", "Record is missing TTL and will be temporarily ignored; the TTL will be automatically updated and the record will be retried.")
 		return reconcile.Result{}, nil
 	}
diff --git a/pkg/operator/controller/gateway-status/controller.go b/pkg/operator/controller/gateway-status/controller.go
index 28f52ff262..5b86dd7ffb 100644
--- a/pkg/operator/controller/gateway-status/controller.go
+++ b/pkg/operator/controller/gateway-status/controller.go
@@ -170,7 +170,7 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) (
 	} else if len(childSvcs.Items) > 0 {
 		childSvc = childSvcs.Items[0].DeepCopy()
 	} else {
-		log.V(1).Info("no service was found for gateway")
+		log.Info("no service was found for gateway")
 	}
 
 	// Because we will have multiple DNS records per Gateway (one per listener)
@@ -180,7 +180,7 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) (
 		log.Error(err, "error fetching the dnsrecords from gateway")
 		errs = append(errs, fmt.Errorf("failed to list dnsrecords for gateway %s/%s: %w", gateway.Namespace, gateway.Name, err))
 	} else if len(childDNSRecords.Items) == 0 {
-		log.V(1).Info("no dnsrecords found for gateway")
+		log.Info("no dnsrecords found for gateway")
 	}
 
 	// hostnameToDNSRecord will be used to verify that, given a listener, when it has a hostname
diff --git a/pkg/operator/controller/ingress/controller.go b/pkg/operator/controller/ingress/controller.go
index 177abec10c..f51f930a9b 100644
--- a/pkg/operator/controller/ingress/controller.go
+++ b/pkg/operator/controller/ingress/controller.go
@@ -331,12 +331,14 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) (
 		if err := r.admit(ingress, ingressConfig, platformStatus, dnsConfig, alreadyAdmitted); err != nil {
 			switch err := err.(type) {
 			case *admissionRejection:
+				log.Info("IngressController rejected", "namespace", ingress.Namespace, "name", ingress.Name, "reason", err.Reason)
 				r.recorder.Event(ingress, "Warning", "Rejected", err.Reason)
 				return reconcile.Result{}, nil
 			default:
 				return reconcile.Result{}, fmt.Errorf("failed to admit ingresscontroller: %v", err)
 			}
 		}
+		log.Info("IngressController admitted", "namespace", ingress.Namespace, "name", ingress.Name)
 		r.recorder.Event(ingress, "Normal", "Admitted", "ingresscontroller passed validation")
 		// Just re-queue for simplicity
 		return reconcile.Result{Requeue: true}, nil
@@ -403,6 +405,7 @@ func (r *reconciler) admit(current *operatorv1.IngressController, ingressConfig
 	updated.Status.ObservedGeneration = updated.Generation
 
 	if !domainMatchesBaseDomain {
+		log.Info("Domain does not match base domain, DNS management disabled", "namespace", updated.Namespace, "name", updated.Name, "domain", updated.Status.Domain, "baseDomain", dnsConfig.Spec.BaseDomain)
 		r.recorder.Eventf(updated, "Warning", "DomainNotMatching", fmt.Sprintf("Domain [%s] of ingresscontroller does not match the baseDomain [%s] of the cluster DNS config, so DNS management is not supported.", updated.Status.Domain, dnsConfig.Spec.BaseDomain))
 	}