This article presents a comprehensive analysis of the set of threats that are characteristic of heterogeneous Kubernetes deployments. The work aims to systematize and examine these threats, as well as to develop an integrated security model suitable for practical implementation. The methodological foundation consisted of a rigorous literature review encompassing both academic papers and engineering reports from major cloud providers. Special attention was given to publications on container isolation, inter-pod network policy, secrets management, and data encryption protocols. Based on this analysis, a multi-layer threat map is presented, detailing the attack vectors at each layer. The proposed protective measures are integrated into a unified DevSecOps lifecycle framework and can be automated within CI/CD pipelines. The conclusions drawn and the model developed are intended for security engineers, DevOps teams, and cloud platform architects who need to design and maintain multi-tenant Kubernetes clusters with a guaranteed level of data protection.

Kubernetes, data security, multi-tenancy, isolation, threat model, encryption, access control

Cloud Native Computing Foundation. (2024). CNCF annual survey 2023: The state of cloud native development. Retrieved from https://www.cncf.io/reports/cncf-annual-survey-2023/ (date accessed: 17.05.2025).

Palo Alto Networks. (2024). 2024 state of cloud native security report [Report]. Retrieved from https://www.paloaltonetworks.com/resources/research/state-of-cloud-native-security-2024 (date accessed: 20.05.2025).

Haq, M. S., et al. (2024). SoK: A comprehensive analysis and evaluation of Docker container attack and defense mechanisms. In 2024 IEEE Symposium on Security and Privacy (SP) (pp. 4573–4590). IEEE. https://doi.org/10.1109/SP54263.2024.00268

Berenberg, A., & Calder, B. (2022). Deployment archetypes for cloud applications. ACM Computing Surveys, 55(3), 1–48. https://doi.org/10.1145/3498336

Superbo, G. (2022). Hard multi-tenancy Kubernetes approaches in a local 5G deployment: Testing and evaluation of the available solutions, 43 – 60.

Morić, Z., Dakić, V., & Čavala, T. (2025). Security hardening and compliance assessment of Kubernetes control plane and workloads. Journal of Cybersecurity and Privacy, 5(2). https://doi.org/10.3390/jcp5020030

Dos Santos, R. F. (2025). Applying zero trust to Kubernetes clusters. ARIS2 – Advanced Research on Information Systems Security, 5(1), 57–71. https://doi.org/10.56394/aris2.v5i1.58

Nutalapati, P. (2021). Service mesh in Kubernetes: Implementing Istio for enhanced observability and security. Journal of Scientific and Engineering Research, 8(11), 200–206.

Shethiya, A. S. (2024). Ensuring optimal performance in secure multi-tenant cloud deployments. Spectrum of Research, 4(2), 1–7.

Kosińska, J., & Tobiasz, M. (2022). Detection of cluster anomalies with ML techniques. IEEE Access, 10, 110742–110753. https://doi.org/10.1109/ACCESS.2022.3216080.

Dip Bharatbhai Patel. (2025). Comparing Neural Networks and Traditional Algorithms in Fraud Detection. The American Journal of Applied Sciences, 7(07), 128–132. https://doi.org/10.37547/tajas/Volume07Issue07-13