Cloud native adoption in financial and other regulated sectors demands a balance between agility, compliance, and data confidentiality. This session presents a case study on building a Kubernetes-based confidential computing platform for a major financial organization. Using Cluster API (CAPI) management clusters, we provision bare-metal child clusters running Confidential Containers to deliver hardware-based isolation and attestation. A custom mutating admission webhook transparently injects confidential runtime classes and annotations, enabling developers to deploy workloads unchanged, while Kyverno enforces policy and compliance at scale. We’ll dive into the architecture, integration challenges, and lessons learned from operationalizing confidential workloads across multi-tenant, regulated environments.