Issue

• With the current means of node-selector (not taking into account the upcoming taints and tolerations feature, we could envisage to implement this with a namespace defined white-list of allowed values for a specific label.

• I would like the following options to exist on a project/namespace:

  an optional "required" node selector openshift.io/node-selector
  an optional "default" per label NodeSelector
  an optional "fallback" NodeSelector
  a label blacklist (existing feature)
  a label-value whitelist

If a pod is scheduled,
1) Its pod level and "required" node selectors are merged. If there is a conflict, the pod is rejected --> Selector S1
2) S1 is merged with all labels from the "default" node selector which have not yet been declared in S1. --> Selector S2
3) If S2 is empty, use the "fallback" node selector --> Selector S3
3) S3 is checked against the label blacklist and label-value whitelist.

So I can effectively manage which projects have access to and by default use a particular set of nodes.