This is a very good discussion.
The ‘classic’ HPC answer is to us ea job scheduler such as Slurm.
I guess I would ask them what their current method of deploying Docker containers is.
The answer is likely to be Kubernetes.
Personally I rather like Singularity containers - which are inherently secure and you can ‘read in’ a Docker container
I rather like the concepts of Nomad also, and Singularity fits with it