Red Hat OpenShift to AKS migration expertise. Triggers on "OpenShift", "Red Hat", "OCP", "Routes", "DeploymentConfig", "SCC".
| OpenShift Concept | AKS Equivalent |
|---|---|
Routes (route.openshift.io/v1) | Kubernetes Ingress resource + annotations (NGINX/AGIC) |
| Route TLS termination (edge, passthrough, re-encrypt) | Ingress TLS configuration with cert-manager |
Route host field | Ingress rules[].host field |
| Router sharding | Ingress class-based routing on AKS |
| HAProxy router annotations | NGINX/AGIC ingress annotations |
| OpenShift Concept |
|---|
| AKS Equivalent |
|---|
DeploymentConfig (apps.openshift.io/v1) | Deployment (apps/v1) |
| DeploymentConfig image change triggers | Flux/ArgoCD image automation or ACR webhooks |
| DeploymentConfig config change triggers | Standard Deployment rollout on ConfigMap/Secret change (via Reloader or hash annotations) |
| DeploymentConfig lifecycle hooks (pre/mid/post) | Init containers, Jobs, or Helm hooks |
DeploymentConfig rolling params (maxSurge, maxUnavailable) | Deployment strategy.rollingUpdate (same fields) |
| DeploymentConfig recreate strategy with pre/post hooks | Deployment recreate strategy + Jobs for hooks |
| OpenShift Concept | AKS Equivalent |
|---|---|
| SecurityContextConstraints (SCC) | Pod Security Standards (PSS) — restricted, baseline, privileged |
restricted SCC | PSS restricted profile |
anyuid SCC | PSS baseline profile with runAsUser override |
privileged SCC | PSS privileged profile (use sparingly) |
SCC runAsUser, seLinuxContext strategies | Pod securityContext fields |
| Custom SCCs | Custom admission policies (Gatekeeper/OPA or Kyverno) |
| OpenShift Concept | AKS Equivalent |
|---|---|
| S2I (Source-to-Image) builds | Standard Dockerfile builds, Cloud Native Buildpacks, or ACR Tasks |
BuildConfig (build.openshift.io/v1) | GitHub Actions / Azure Pipelines + Dockerfile |
ImageStreams (image.openshift.io/v1) | Standard container image references (ACR repository + tag/digest) |
| ImageStream tags and triggers | ACR tags, digests, and webhook notifications |
Internal registry (image-registry.openshift-image-registry.svc) | Azure Container Registry (ACR) |
| OpenShift Concept | AKS Equivalent |
|---|---|
OpenShift Templates (template.openshift.io/v1) | Helm charts or Kustomize overlays |
Template parameters (${PARAM}) | Helm values ({{ .Values.param }}) or Kustomize patches |
oc process template instantiation | helm install / kustomize build |
| OpenShift Concept | AKS Equivalent |
|---|---|
| OpenShift OAuth server | Microsoft Entra ID integration |
| HTPasswd identity provider | Entra ID users/groups |
| LDAP identity provider | Entra ID with LDAP sync or direct Entra integration |
| OpenShift Groups | Entra ID security groups with AKS RBAC bindings |
oc adm policy role bindings | kubectl RBAC with Entra ID subjects |
| OpenShift Concept | AKS Equivalent |
|---|---|
| OperatorHub / OLM (Operator Lifecycle Manager) | AKS marketplace extensions or manual operator deployment |
| CatalogSource | Helm repositories or OCI artifact registries |
| Subscription (OLM) | Helm release or AKS extension |
project.openshift.io annotations; standard Kubernetes namespaces suffice.oc CLI commands in scripts: Replace with kubectl equivalents.app.openshift.io/* labels or convert to standard app.kubernetes.io/* labels.root or a specific UID on AKS (or configure PSS accordingly).The following patterns in source manifests indicate OpenShift origin:
route.openshift.io API groupapps.openshift.io API group (DeploymentConfig)security.openshift.io API group (SCC)build.openshift.io API group (BuildConfig)image.openshift.io API group (ImageStream)template.openshift.io API groupproject.openshift.io API groupimage-registry.openshift-image-registry.svc in image references