What is the difference between objects project and namespace in Openshift 4.x

Question

In openshift 4.x, you have an API for project which seems to be totally similar to namespace in the sense that when you create a project there a namespace created and the other way around. I know namespace is a standard object in kubernetes and project is specific to Openshift. So what does project brings ?

# list projects
oc get projects                                                      
NAME                                                    DISPLAY NAME   STATUS
default                                                                Active
kube-node-lease                                                        Active
kube-public                                                            Active
kube-system                                                            Active
local-storage                                                          Active
openshift                                                              Active
openshift-apiserver                                                    Active
list namespaces
$ oc get ns
NAME                                                    STATUS   AGE
default                                                 Active   17d
kube-node-lease                                         Active   17d
kube-public                                             Active   17d
kube-system                                             Active   17d
local-storage                                           Active   16d
openshift                                               Active   17d
openshift-apiserver                                     Active   17d
openshift-apiserver-operator                            Active   17d

The list is the same except different columns

oc get project foo
Error from server (NotFound): namespaces "foo" not found
oc get ns foo
Error from server (NotFound): namespaces "foo" not found
15:30 $ oc new-project foo

Now using project "foo" on server "https://api.goo.tadadidou.bo:6443".
...

$ oc get project foo
NAME   DISPLAY NAME   STATUS
foo                   Active
$ oc get ns foo
NAME   STATUS   AGE
foo    Active   70s

Even the yaml output is similar, except the value of the field Kind: which is either Project or Namespace.

Answer 1

A project is essentially the same as a namespace, but OpenShift provides additional administrative controls for projects.

If you're deploying software on OpenShift you'll basically use the project exactly the same way as a Kubernetes namespace, except a normal user can be prevented from creating their own projects, requiring a cluster administrator to do that. (It appears that your cluster allows you to create your own projects, or you're using a personal cluster such as CodeReady Containers or its predecessor Minishift.)

From the docs:

Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.

Listing or watching projects will return only projects the user has the reader role on.

An OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.