[q3k]

> By having a dedicated Kuberntes cluster you reduce the blast radius.

Kubernetes supports resource requests and resources quotas to combat this. You should be protecting your production workloads this way anyway.

> In your shared cluster scenario you would be limited by the size of your cluster.

On the other, with a shared cluster, it makes sense to dedicate more resources to it, and share it across both developers and CI systems.

[BenElgar]

> Kubernetes supports resource requests and resources quotas to combat this. You should be protecting your production workloads this way anyway.

That's certainly good advice and would significantly reduce the likelihood of issues but it doesn't handle all cases. For instance it's not particularly easy to quota network bandwidth.

Ultimately all of these problems are likely solvable—we just think that Krucible is easier, simpler and safer.

[nrmitchi]

There are certain things that just can't be tested while scoped to a namespace; many CRDs are a good example of that. If your service rollout contains a CRD, an it is rolled out to the same cluster as production, you are going to impact production.