Hi everyone,
I would like to propose an enhancement for Proxmox VE: Resource Pool Quotas and Scoped Self-Service VM Provisioning.
Proxmox VE already provides users, groups, roles, ACLs, resource pools, templates, Cloud-Init, SDN and a powerful API. This works well for granting access to existing VMs and resources. However, it is currently difficult to safely allow users, customers, students or departments to create their own VMs without giving them too broad permissions.
Example use case:
A customer, student or department should be allowed to create exactly one VM inside an assigned resource pool, but only with predefined limits such as:
- 2 vCPU
- 4 GB RAM
- 40 GB disk
- one specific Cloud-Init template
- one specific storage target
- one specific bridge / SDN VNet
Currently, this usually requires an external self-service portal that enforces these limits before calling the Proxmox API. It would be very useful if Proxmox VE could enforce these limits natively through the API and optionally through the web UI.
I am not asking for a full billing or hosting platform, but for native quota and policy enforcement on top of the existing pool, ACL, SDN and API mechanisms.
Requested functionality:
1. Resource pool quotas:
- maximum number of VMs/CTs
- maximum total vCPUs
- maximum total RAM
- maximum total disk allocation
2. Allowed VM profiles / flavors:
- Small: 2 vCPU, 4 GB RAM, 40 GB disk
- Medium: 4 vCPU, 8 GB RAM, 80 GB disk
- Custom profiles defined by the administrator
3. Restrictions per pool, user or group:
- allowed templates
- allowed storage targets
- allowed bridges / SDN VNets
- allowed ISO images
- optional snapshot and backup limits
4. API and UI enforcement:
- VM creation should fail if the quota is exceeded
- invalid options should be hidden or rejected in the UI
- API calls should also be checked, not only the web UI
Expected behavior:
A user with a scoped self-service role should be able to create and manage VMs only inside the assigned resource pool and only within the configured quota and profile limits.
Benefits:
This would make Proxmox VE more suitable for lab environments, universities, MSPs, departments and enterprise private-cloud scenarios without requiring every administrator to build a custom provisioning portal.
I think this could also fit well with the existing resource pool, ACL, SDN and API concepts in Proxmox VE.
Best regards
I would like to propose an enhancement for Proxmox VE: Resource Pool Quotas and Scoped Self-Service VM Provisioning.
Proxmox VE already provides users, groups, roles, ACLs, resource pools, templates, Cloud-Init, SDN and a powerful API. This works well for granting access to existing VMs and resources. However, it is currently difficult to safely allow users, customers, students or departments to create their own VMs without giving them too broad permissions.
Example use case:
A customer, student or department should be allowed to create exactly one VM inside an assigned resource pool, but only with predefined limits such as:
- 2 vCPU
- 4 GB RAM
- 40 GB disk
- one specific Cloud-Init template
- one specific storage target
- one specific bridge / SDN VNet
Currently, this usually requires an external self-service portal that enforces these limits before calling the Proxmox API. It would be very useful if Proxmox VE could enforce these limits natively through the API and optionally through the web UI.
I am not asking for a full billing or hosting platform, but for native quota and policy enforcement on top of the existing pool, ACL, SDN and API mechanisms.
Requested functionality:
1. Resource pool quotas:
- maximum number of VMs/CTs
- maximum total vCPUs
- maximum total RAM
- maximum total disk allocation
2. Allowed VM profiles / flavors:
- Small: 2 vCPU, 4 GB RAM, 40 GB disk
- Medium: 4 vCPU, 8 GB RAM, 80 GB disk
- Custom profiles defined by the administrator
3. Restrictions per pool, user or group:
- allowed templates
- allowed storage targets
- allowed bridges / SDN VNets
- allowed ISO images
- optional snapshot and backup limits
4. API and UI enforcement:
- VM creation should fail if the quota is exceeded
- invalid options should be hidden or rejected in the UI
- API calls should also be checked, not only the web UI
Expected behavior:
A user with a scoped self-service role should be able to create and manage VMs only inside the assigned resource pool and only within the configured quota and profile limits.
Benefits:
This would make Proxmox VE more suitable for lab environments, universities, MSPs, departments and enterprise private-cloud scenarios without requiring every administrator to build a custom provisioning portal.
I think this could also fit well with the existing resource pool, ACL, SDN and API concepts in Proxmox VE.
Best regards
