diff --git a/nova/templates/job-bootstrap.yaml b/nova/templates/job-bootstrap.yaml
index 2a77ba6a1d..d42ba57c0f 100644
--- a/nova/templates/job-bootstrap.yaml
+++ b/nova/templates/job-bootstrap.yaml
@@ -46,6 +46,7 @@ spec:
 {{- if $envAll.Values.bootstrap.wait_for_computes.enabled }}
         - name: nova-wait-for-computes-init
 {{ tuple $envAll "nova_wait_for_computes_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ dict "envAll" $envAll "application" "bootstrap" "container" "nova_wait_for_computes_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /bin/bash
             - -c
diff --git a/nova/templates/job-cell-setup.yaml b/nova/templates/job-cell-setup.yaml
index 72953304a5..b8f0eed8b5 100644
--- a/nova/templates/job-cell-setup.yaml
+++ b/nova/templates/job-cell-setup.yaml
@@ -41,6 +41,7 @@ spec:
         - name: nova-cell-setup-init
 {{ tuple $envAll "nova_cell_setup_init" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.jobs.cell_setup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "nova_cell_setup" "container" "nova_cell_setup_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           env:
 {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
 {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
@@ -59,6 +60,7 @@ spec:
         - name: nova-cell-setup
 {{ tuple $envAll "nova_cell_setup" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.jobs.cell_setup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "nova_cell_setup" "container" "nova_cell_setup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/cell-setup.sh
           volumeMounts:
diff --git a/nova/values.yaml b/nova/values.yaml
index 7be618fe38..c7c8d9e704 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -2412,9 +2412,22 @@ pod:
       pod:
         runAsUser: 42424
       container:
+        nova_wait_for_computes_init:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
         bootstrap:
           readOnlyRootFilesystem: true
           allowPrivilegeEscalation: false
+    nova_cell_setup:
+      pod:
+        runAsUser: 42424
+      container:
+        nova_cell_setup_init:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+        nova_cell_setup:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
     cell_setup:
       pod:
         runAsUser: 42424