Write a PREreview

Kubernetes has become one of the most important platforms for deploying and managing modern cloud-native applications. Its ability to automate container orchestration, scale services, and support distributed workloads has made it a central technology in enterprise cloud infrastructure. However, as more organizations place multiple users, teams, applications, and business units inside shared Kubernetes clusters, the challenges of multi-tenancy, privacy, and security become increasingly serious. Although Kubernetes provides native mechanisms such as namespaces, Role-Based Access Control (RBAC), network policies, resource quotas, and admission controllers, these mechanisms mainly provide logical separation. In highly regulated, hostile, or mutually distrusting environments, such soft boundaries may not be sufficient. Recent research has therefore explored stronger approaches, including virtual clusters, hardware-based Trusted Execution Environments (TEEs), eBPF-based runtime monitoring, service mesh encryption, formal policy verification, and automated misconfiguration detection. This paper presents a comprehensive review of Kubernetes multi-tenancy, privacy, and security research published between 2021 and 2026. The review is organized into three major pillars: multi-tenant isolation, privacy protection, and cluster security. For each pillar, this paper discusses the technical evolution of the field, summarizes representative studies, and compares the main approaches based on isolation strength, overhead, maturity, automation level, and practical limitations. The paper also identifies cross-cutting primitives, including eBPF, RBAC, network policy, admission control, and formal verification, that appear repeatedly across the three pillars. Finally, the paper discusses open research challenges and highlights future directions for building more secure, privacy-aware, and resource-efficient Kubernetes environments.