OpenShift: The difference between Project and Namespace
3 min read | by Jordi Prats
In OpenShift instead of working with Namespaces it uses Projects, but by creating a Project it going to create a Namespace under the hood. What's the difference?
$ oc get project
NAME DISPLAY NAME STATUS
(...)
demo Active
$ oc get ns
NAME STATUS AGE
(...)
demo Active 29d
OpenShift Project and Kubernetes Namespace are basically the same: A Project is a Kubernetes namespace with additional annotations (an functionality) to provide multi tenancy:
- A cluster admin can inject a template for project creation and other customizations
- More granular permissions. For example, you can configure it so that a given user can only see a subset of all the projects (with RBAC on Namespaces you can only limit the ability to list all the namespaces or none of them)
To create a Project we can see how it reaches a difference API endpoint as well:
$ oc new-project oc-project-test --loglevel=6
I0901 19:29:42.164692 95791 loader.go:372] Config loaded from file: /Users/pet2cattle/.kube/config
I0901 19:29:42.508231 95791 round_trippers.go:553] GET https://console-openshift-console.apps-crc.testing:6443/apis/project.openshift.io/v1/projectrequests 200 OK in 342 milliseconds
I0901 19:29:42.665034 95791 round_trippers.go:553] POST https://console-openshift-console.apps-crc.testing:6443/apis/project.openshift.io/v1/projectrequests 201 Created in 156 milliseconds
I0901 19:29:42.746506 95791 round_trippers.go:553] GET https://console-openshift-console.apps-crc.testing:6443/apis/user.openshift.io/v1/users/~ 200 OK in 78 milliseconds
I0901 19:29:42.749829 95791 loader.go:372] Config loaded from file: /Users/pet2cattle/.kube/config
I0901 19:29:42.753068 95791 loader.go:372] Config loaded from file: /Users/pet2cattle/.kube/config
I0901 19:29:42.754725 95791 loader.go:372] Config loaded from file: /Users/pet2cattle/.kube/config
I0901 19:29:42.761395 95791 loader.go:372] Config loaded from file: /Users/pet2cattle/.kube/config
I0901 19:29:42.764730 95791 loader.go:372] Config loaded from file: /Users/pet2cattle/.kube/config
I0901 19:29:42.768099 95791 loader.go:372] Config loaded from file: /Users/pet2cattle/.kube/config
Now using project "oc-project-test" on server "https://console-openshift-console.apps-crc.testing:6443".
You can add applications to this project with the 'new-app' command. For example, try:
oc new-app rails-postgresql-example
to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application:
kubectl create deployment hello-node --image=k8s.gcr.io/e2e-test-images/agnhost:2.33 -- /agnhost serve-hostname
If we create a namespace we would use this one instead:
$ kubectl create ns ns-test -v=6
I0901 19:31:31.383061 96241 loader.go:372] Config loaded from file: /Users/pet2cattle/.kube/config
I0901 19:31:31.910906 96241 round_trippers.go:553] POST https://console-openshift-console.apps-crc.testing:6443/api/v1/namespaces?fieldManager=kubectl-create&fieldValidation=Strict 201 Created in 526 milliseconds
namespace/ns-test created
But this can be considered just an implementation detail, at the end of the day we can consider them equivalent with minor differences
We can even delete a namespace referencing it as a project:
``` { hl_lines="1 3" } $ oc delete project oc-project-test project.project.openshift.io "oc-project-test" deleted $ oc delete project ns-test project.project.openshift.io "ns-test" deleted ````
Posted on 02/09/2022