As for the rest of your question, I’m going to paste a response from a colleague that I hope gives you some additional information.
as far as the [namespace] split, namespaces generally don’t work well as a prod/test separation mechanism, they’re more for RBAC. there are a bunch of things in kubernetes that aren’t namespaced and you’ll have a hard time trying to disentangle those. separate clusters is my standard recommended approach for managing that.
[the] rest is kinda open-ended depending on how they handle DNS. you can’t readily have separate instances each handling *.example.com simultaneously
Thanks Rick, I appreciate the feedback. Do you know of any examples of the wildcard cert configuration on the Kong Gateway? I have reviewed the document link you provided and was hoping there were some examples.