Adding here the chat/answer regards the third question made by Laura Fitzgerald in the chat now.

If we use the OCP ouath how to provide an alternative for the user which is running it in Kube?

First, at all, I'd like to highlight that the best approach should use the ks8 to setup the OAuth which should make it works for both as the following references.

• https://appscode.com/products/voyager/9.0.0/guides/ingress/security/oauth/
• https://alikhil.github.io/2018/05/oauth2-proxy-for-kubernetes-services/
• https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md

However, if we move forward with the approach to use OCP oauth then we can:

Describe in the README that is a pre-requirement install the OAuth OCP proxy in kube. See the doc which is telling that will work in both.

IMHO, we should not use OCP at all and at least avoid it as possible since the Kubernetes API will keep it compatible for both, however, if we are not able to do it for just one detail in the future we can add manual steps to make work with kubernetes or will be fewer changes to do it.