diff --git a/e2e/internal/kubeclient/kubeclient.go b/e2e/internal/kubeclient/kubeclient.go
index dbc8f83c0..e20c9514e 100644
--- a/e2e/internal/kubeclient/kubeclient.go
+++ b/e2e/internal/kubeclient/kubeclient.go
@@ -33,6 +33,9 @@ type Kubeclient struct {
 
 	// Below fields are only populated by Setup().
 
+	// verifyDir holds the results of calling nunki verify
+	verifyDir string
+
 	namespace string
 }
 
diff --git a/e2e/internal/kubeclient/setup.go b/e2e/internal/kubeclient/setup.go
index 156e51856..f4c7e4cc8 100644
--- a/e2e/internal/kubeclient/setup.go
+++ b/e2e/internal/kubeclient/setup.go
@@ -15,14 +15,59 @@ import (
 )
 
 func (k *Kubeclient) Setup() error {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
+	defer cancel()
+
 	// TODO(burgerdev): this needs to be generated by Setup as soon as we moved apply logic here.
 	k.namespace = os.Getenv("K8S_NAMESPACE")
 	if k.namespace == "" {
 		return fmt.Errorf("environment variable K8S_NAMESPACE must be set")
 	}
-	return nil
+
+	output, err := os.MkdirTemp("", "nunki-verify.*")
+	if err != nil {
+		return fmt.Errorf("could not create temp dir: %w", err)
+	}
+	k.verifyDir = output
+
+	coordinator, cancelPortforward, err := k.PortForwardPod(ctx, "port-forwarder-coordinator", "1313")
+	if err != nil {
+		return fmt.Errorf("could not forward coordinator port: %w", err)
+	}
+	defer cancelPortforward()
+
+	verify := cmd.NewVerifyCmd()
+	verify.SetArgs([]string{
+		"--output", output,
+		"--coordinator-policy-hash=", // TODO(burgerdev): enable policy checking
+		"--coordinator", coordinator,
+	})
+	verify.SetOut(io.Discard)
+	errBuf := &bytes.Buffer{}
+	verify.SetErr(errBuf)
+
+	if err := verify.Execute(); err != nil {
+		log.Fatalf("could not verify coordinator: %v\nnunki verify logs:\n%s", err, string(errBuf.Bytes()))
+	}
+
+	var errs []error
+	for _, expected := range []string{"manifest.0.json", "coordinator-root.pem", "mesh-root.pem"} {
+		_, err := os.Stat(path.Join(output, expected))
+		if err != nil {
+			errs = append(errs, fmt.Errorf("expected verify output to contain file %q", expected))
+		}
+		// TODO(burgerdev): check the content of output files once generate and set are included here.
+	}
+	return errors.Join(errs...)
 }
 
 func (k *Kubeclient) Teardown() error {
-	return nil
+	var errs []error
+	if k.verifyDir != "" {
+		errs = append(errs, os.RemoveAll(k.verifyDir))
+	}
+
+	// TODO: tear down Kubernetes resources here once we moved apply logic to Setup()
+
+	return errors.Join(errs...)
 }