We found ourselves in a very interesting position this morning on ci.jenkins.io!

We have a "Max Jenkins Agents limit" set to 50, and it turns out that when an influx of one type of Pipeline comes in, and requests an Agent matching a specific label, a denial of service can occur for other Pipelines which require other labels.

For example, if a pull request is merged on a repository which has 60 open pull requests, 60 new builds will (correctly) be queued. If those Pipelines are poorly configured, or run for an exceedingly long time, then a denial of service will occur for all other Pipelines on the system.

I would propose a solution would be to include optional per-template limits which ensure that no more than X of a specific template can be provisioned in the system