Modern communication systems rely on a canonical time source to coordinate the rotation of certificates. A host that cannot determine the time will be denied service, and an attacker who can control the time source can trick hosts into trusting expired certificates.
Since good timekeeping keeps everything else on the rails, having an on-prem stratum 1 server keeps more of your own critical infrastructure under your control.
Even if you do have access, building a set of services in close proximity with each other - yet still working on separate containers or even containers on separate container hosts - still needs a single source of truth where time is concerned. This is especially important if you have time-based transactions with eventual consistency, yet the order of those hundreds to thousands of transactions per second need to be extremely reliable. Having all the parts work off a single known, trusted time server such that the timestamp of all transactions can be absolutely trusted is supremely critical in some applications.
