In recent years, along with containers, the cloud community has rapidly taken up Kubernetes, the de facto industry standard container orchestration system. All major cloud providers currently offer Kubernetesbased Containers as a Service (CaaS). However, when CaaS is offered to multiple independent consumers, or tenants, a multi-instance approach is used, in which each tenant receives its own separate cluster, which imposes significant overhead due to employing virtual machines for isolation. If CaaS is to be offered not only in the cloud, but also in the edge cloud, where resources are limited, another solution is required. In this paper, drawing upon the scientific literature, we provide a novel classification of Kubernetes multitenancy into three approaches: multi-instance through multiple clusters, multi-instance through multiple control planes, and single-instance native. We propose a single-instance multitenancy framework, meaning tenants are served out of a shared control plane in a single cluster. Our empirical findings show that the singleinstance approach imposes a markedly decreased overhead than the other two. However, it entails a tradeoff in workload isolation owing to tenants sharing the compute nodes. There are still means to compensate for such weakened isolation, and we describe how our framework does it. The framework is publicly available as liberally-licensed, free, open-source software that extends Kubernetes. It is in production use within the EdgeNet testbed for researchers.INDEX TERMS Edge computing, cloud computing, Containers as a Service, multitenancy, Kubernetes