Feature Request - Resource Pools

[ncresswell]

Whilst Docker provides the ability to group nodes into swarm clusters, they do not provide any way to partition a cluster into smaller resource pools.

It would be great if we can take a swam cluster and break it up into smaller "resource pools"; by this i mean take a 10 node swarm cluster and say break it into 5x 2 node resource pools. We can then assign groups of users to a resource pool, so any services (containers or services) that are deployed by that user group are restricted to only run from the nodes they are allocated (and not the entire swarm cluster).

The way i think this could be achieved is by allowing an admin to define resource pools, assigning hosts from a swarm cluster into a resource pool, and assigning that resource pool to a user group (Portainer teams). Behind the scenes, when an admin creates a resource pool, we write a host label on each host in the pool called "resourcepool" and give it a value of "name". Then whenever a user from a group that is allocated to the resource pool creates containers or services, we transparently append a placement constraint of "resourcepool==name" so as to restrict the execution to hosts with that label.

Clearly this is not a way to securely segment a Docker environment, but its a way to partition resources, and is quite similar to how UCP does it with "collections".