Abstract

Kubernetes has revolutionized micro-service hosting by automating the deployment, scaling, and management of containers across clusters. Its flexibility and portability have made it the de-facto platform for cloud-native applications. However, the widespread practice of creating a separate cluster for each team, application, or customer has led to cluster sprawl. Each cluster carries a baseline resource overhead, causing many small clusters to remain under-utilized and difficult to manage. Conversely, consolidating workloads into a single multi-tenant cluster can improve utilization but introduces challenges related to security, fairness, governance, and observability. Misconfigurations such as overly permissive access or missing network policies can compromise isolation, exposing every tenant to risk. This paper analyzes the risks of both fragmented and consolidated approaches and proposes a layered isolation architecture that retains the benefits of consolidation while mitigating multi-tenancy risks. The analysis describes how namespacing, RBAC, resource quotas, network policies, service meshes with mutual TLS (mTLS), admission control, and optional dedicated node pools can be composed to provide strong logical isolation within a single cluster. Recent research shows that virtual clusters that are running per-tenant control-plane components on top of a host cluster are an emerging tool for achieving hard multi-tenancy [1]. A reference architecture is presented along with guidance on governance, observability, and cost optimization. The proposed design is evaluated against current multi-tenancy practices, and future research directions are identified.

References

• A. Oliva, Multi‑Tenancy in Kubernetes Clusters, Master’s thesis, Politecnico di Torino, 2024.
• R. Bezdicek, S. Malik, F. Casciano, A. Tapia, “Three Tenancy Models for Kubernetes,” Kubernetes Multi‑Tenancy Working Group Blog, April 2021.
• Kubernetes Documentation, “Multi‑tenancy Best Practices,” Kubernetes v1.34, 2025 (accessed Oct 2025).
• A. Beltre, P. Saha, M. Govindaraju, “KubeSphere: An Approach to Multi‑Tenant Fair Scheduling for Kubernetes Clusters,” in Proceedings of the 2019 IEEE Cloud Summit.
• R. Molleti, Highly Scalable and Secure Kubernetes Multi‑Tenancy Architecture for FinTech, Journal of Engineering and Applied Sciences Technology 4 (2) (2022) 1–5.
• H. G. Gowda, “Managing Multi‑Tenant Kubernetes Clusters for AEM and HCL Commerce: A Best Practices Study,” International Journal of Novel Research and Development 8 (8) (2023) 672–684.
• CrowdStrike, “Kubernetes Logging Guide: The Basics,” CrowdStrike blog, 2023. This guide recommends collecting logs from every node and sending them to a central location outside the cluster for persistence and analysis.
• A. Robert, “Kubernetes Guardrails: Building Auditing and Accountability for Secure, Reliable Clusters,” hoop.dev, 2025. The article emphasises that effective guardrails include immutable audit logs stored outside the cluster.