[chocolatera1n]

At some smaller companies I have worked at we used Terraform and Helm for everything. We had a strict policy that anything beyond dev had to be deployed by a robot owned by our security operations team. We already had multiple test and staging environments so that developers can remain unblocked. When an enterprise customer required a dedicated instance we created an additional set of environments from our existing templates.

The environments looked like: - platformcodename-$customerid-test0 - platformcodename-$customerid-test1 - platformcodename-$customerid-stage0 - platformcodename-$customerid-prod

and so on. At one of these places we were doing multi-cloud so each of these environments were a GCP Project and AWS subaccount. At another where we were on bare-metal put single-tenant customers in their own Kubernetes namespace (we were strong on genuine multi-tenancy), then we had a very special customer that we put on a dedicated Kubernetes cluster accompanied by a dedicated storage cluster.

If you have robust DevOps this should be an easy problem to solve. I have to admit upfront I am probably biased to what "robust DevOps" means because of how many people I have recently encountered with "DevOps" in their title who shy away from stuff DevOps has been traditionally expected to do. Maybe I should think up a different role description for myself.