A risk of defining Phabricator clusters within Phabricator is that anyone with permission to edit said services in Almanac can adjust the cluster -- at best taking the cluster down, and at worst, e.g., configuring the master database to replicate to some external, attacker-controlled device (this won't be possible for a long time, but similar attacks will be possible sooner.).
I think the best approach for this is to allow services to be locked, forbidding all edits from the web UI. So you configure a cluster service, lock it from the CLI, and then can use it safely. These locks could be soft to avoid getting in the way too much (you can use unlocked services, we just warn you that you should lock services in use).
Locking a service should lock all connected bindings, interfaces and devices. Interfaces and devices may need to hold a lock-level: if a device is part of several services, all services must be unlocked before the device can be modified.
We need this (or some similar tech) for Phacility to prevent installs from going into Almanac and breaking their own cluster by changing things around randomly. It's possible we could accomplish this more cleanly in the long run with Spaces or maybe just policies, but having an extra layer of immutability won't hurt even when those are running.