It s probably because of the target group swimming cap best for OpenShift product, but indeed default policies are more strict there than on Kubernetes. For example, most of container images available on forbids to run a container as root and even many of official images don t meet this requirement. That s why people are sometimes confused and angry because they cannot run simple apps like they used to on Kubernetes. There s an easy way to disable that policy, but still it shows a different approach to security.

For someone coming straight from Kubernetes world who used Helm and its charts, OpenShift swimming cap amazon templates as the main method of deployment whole stack of resources is just too simple. Helm charts use sophisticated templates and package versioning that OpenShift templates are missing. It makes deployment harder on swimming cap girl OpenShift and in most cases you need some external wrappers (like I do) to make it more flexible and useful in more complex scenarios than just simple, one pod application deployments.

It has some drawbacks, but also one significant advantage over Kubernetes Deployment - you can use hooks to prepare your environment for an update - e.g. by changing database schema. It s a nifty feature that is swimming cap kids hard to implement with Deployment (and no, InitContainers are not the same, as it s hard to coordinate it with many instances running). Deployment, however, is better when dealing with multiple, concurrent updates - DeploymentConfig doesn t support concurrent updates at all and in Kubernetes you can have many of them and it will manage to scale them properly.

This a minor difference, but on OpenShift there are projects which are nothing more than just Kubernetes namespaces with additional features. Besides trivial things such as description and display name (trust me - they can be helpful when you have dozens swimming caps target of them), projects add some default objects. Currently a few roles ( RoleBinding objects to be precise) are created alongside with a project, but you can modify default project template and use it to provision other objects.

A good example would be network policies that close your project for external traffic so that is isolated and secure by default - if you want to permit some kind of traffic you would do so by creating additional policies explicitly. In a similar way you could provide default quotas or LimitRange objects and make your new projects pre-configured according to your organization rules.