There are pros and cons to either approach, so not one correct answer to your question. Multiple clusters per environment will enable you to test different cluster config changes, provide a greater degree of segregation between workloads, and allow you to dedicate resources with less configuration in k8s. Namespace isolation reduces the number of cluster configs you need to manage (e.g. k8s cluster secrets, etc.) but won't enable you to test things like changed in k8s cluster security without affecting both dev and prod.
With a good ci pipeline method/gitops, you will reduce the amount of effort and potential for error in config parity across clusters. PKS provisioned k8s clusters with NSX CNP and namespace firewalling enable considerable isolation between workloads, but it will not address the topics I've listed above. If your goal is to have the most flexibility and resilience in testing, my opinion is that multiple clusters is a better option. With PKS, you could even create a dev and test cluster as part of your ci pipeline, and then tear them down after promotion to prod.
We have Pivotal Container Services and BOSH running on our VMWare vSAN. We chose to deploy multiple K8S clusters - Development, QA, Application Engineering & Infrastructure. This is working well for us so far. It still allows individual members of each team to have their own namespace within their teams cluster.