With the explosive growth of Kubernetes adoption, Container Network Interfaces (CNIs) have become critical components for configuring and securing container networks, but a comprehensive analysis of their security capabilities and performance impact is noticeably lacking. Our study conducts a comprehensive security analysis of the major CNI plugins (Cilium, Calico, WeaveNet, Kube-router, and Antrea) in cloud-native environments with Kubernetes through extensive evaluation of Layer 3/4 policy processing, policy complexity scaling, pod scalability, and Layer 7 policy processing. The experimental results show that eBPF-based Cilium maintains 8.9K Mbps throughput under complex L3/4 policies, but drops to 94 Mbps with L7 processing, while Antrea achieves 6.6K Mbps at L7 through HTTP filtering, with performance degrading as policy complexity increases. Under high concurrent pod loads, iptables-based CNIs show a 60-70% reduction in throughput, while Cilium maintains performance within 10% of baseline. These results reveal critical trade-offs between architectural choices and security capabilities, and provide practical guidelines for CNI selection based on specific operational and security requirements in cloud-native environments.