K8s resource quotas vs limit ranges — where do you draw the line?

Running a multi-tenant Kubernetes cluster (~40 namespaces, shared node pools) and struggling to balance ResourceQuotas with LimitRanges. Current setup: - ResourceQuota per namespace: hard limits on CPU (20 cores) and memory (64Gi) - LimitRange per namespace: default requests/limits for containers that don't specify them - Node pool: 6x m6i.2xlarge (8 vCPU, 32Gi each) The problem: developers keep hitting quota ceilings because LimitRange defaults are generous (2 CPU, 8Gi per container). A namespace with 12 microservices hits the 20-core quota quickly even though actual utilization is ~30%. Options we're considering: 1. Lower LimitRange defaults (2 CPU → 500m CPU) — breaks existing workloads that genuinely need more 2. Implement OPA/Gatekeeper policies to enforce per-service budgets — more governance overhead 3. Move to vertical pod autoscaler + remove static limits — risky for noisy-neighbor scenarios 4. Namespace-level chargeback reporting — cultural solution, not technical How are you handling this in multi-tenant clusters? Interested in real operational experience, not textbook answers.