openshift-examples icon indicating copy to clipboard operation
openshift-examples copied to clipboard
verified publisher icon debianmaster

Differene bw Namesapces & Projects

Open debianmaster opened this issue 8 years ago • 0 comments

@enjk wrote

Projects provide for easier multi tenancy by:

  • Having stricter validation than namespaces (i.e. you cannot annotate a project other than a handful of predefined keys meaning you can assert a privileged user or component set that data)
  • Projects are actually indirectly created by the server by a request mechanism. Thus you do not need to give users the ability to create projects directly.
  • A cluster admin can inject a template for project creation (so you can have a predefined way to set up projects across your cluster).
  • The project list is a special endpoint that determines what projects you should be able to see. This is not possible to express via RBAC (i.e. list namespaces means you can see all namespaces).
  • Note that all of this was built in the early days of Kubernetes, and thus may be less important now.

debianmaster avatar Oct 26 '17 06:10 debianmaster