The difference between objects project and namespace in Openshift 4.x

kubernetesopenshiftopenshift-4

In openshift 4.x, you have an API for project which seems to be totally similar to namespace in the sense that when you create a project there a namespace created and the other way around.
I know namespace is a standard object in kubernetes and project is specific to Openshift.
So what does project brings ?

# list projects
oc get projects                                                      
NAME                                                    DISPLAY NAME   STATUS
default                                                                Active
kube-node-lease                                                        Active
kube-public                                                            Active
kube-system                                                            Active
local-storage                                                          Active
openshift                                                              Active
openshift-apiserver                                                    Active

# list namespaces
$ oc get ns
NAME                                                    STATUS   AGE
default                                                 Active   17d
kube-node-lease                                         Active   17d
kube-public                                             Active   17d
kube-system                                             Active   17d
local-storage                                           Active   16d
openshift                                               Active   17d
openshift-apiserver                                     Active   17d
openshift-apiserver-operator                            Active   17d

The list is the same except different columns

oc get project foo
Error from server (NotFound): namespaces "foo" not found
oc get ns foo
Error from server (NotFound): namespaces "foo" not found

15:30 $ oc new-project foo                          
Now using project "foo" on server "https://api.goo.tadadidou.bo:6443".
...       
$ oc get project foo
NAME   DISPLAY NAME   STATUS
foo                   Active
$ oc get ns foo
NAME   STATUS   AGE
foo    Active   70s

Even the yaml output is similar, except the value of the field Kind: which is either Project or Namespace.

Best Answer

A project is essentially the same as a namespace, but OpenShift provides additional administrative controls for projects.

If you're deploying software on OpenShift you'll basically use the project exactly the same way as a Kubernetes namespace, except a normal user can be prevented from creating their own projects, requiring a cluster administrator to do that. (It appears that your cluster allows you to create your own projects, or you're using a personal cluster such as CodeReady Containers or its predecessor Minishift.)

From the docs:

Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.

Listing or watching projects will return only projects the user has the reader role on.

An OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.

Related Topic