In case of cloud managed kubernetes, whether AWS EKS, Azure AKS or Google GKE, the option to use customer managed key always comes at the cost of storing the customer master key in the cloud provider's own vault/KMS (e.g. aws kms or azure vault). In this case the cloud provider still has access to customer encryption key (or at least it resides in the cloud environment).
What would be an ideal implementation for deploying the application in k8s environment and encrypting the storage with customer provided key but the knowledge of the keys should only be at customer side i.e. not stored anywhere inside the cloud provider due to privacy concerns?
You could use a 3rd party kubernetes storage provider like portworx that will take you across clusters and keep data encrypted. https://docs.portworx.com/portworx-install-with-kubernetes/storage-operations/create-pvcs/create-encrypted-pvcs/