diff --git a/ceph-client/templates/job-bootstrap.yaml b/ceph-client/templates/job-bootstrap.yaml
index d1ac0ffc26..133e1135a0 100644
--- a/ceph-client/templates/job-bootstrap.yaml
+++ b/ceph-client/templates/job-bootstrap.yaml
@@ -31,6 +31,9 @@ spec:
     metadata:
       labels:
 {{ tuple $envAll "ceph" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "ceph-client-bootstrap" "containerNames" (list "ceph-client-bootstrap" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
diff --git a/ceph-client/values_overrides/apparmor.yaml b/ceph-client/values_overrides/apparmor.yaml
index f4a76523c6..a249dbc44b 100644
--- a/ceph-client/values_overrides/apparmor.yaml
+++ b/ceph-client/values_overrides/apparmor.yaml
@@ -13,4 +13,11 @@ pod:
     ceph-rbd-pool:
       ceph-rbd-pool: runtime/default
       init: runtime/default
+    ceph-client-bootstrap:
+      ceph-client-bootstrap: runtime/default
+      init: runtime/default
+bootstrap:
+  enabled: true
+manifests:
+  job_bootstrap: true
 
diff --git a/ceph-mon/templates/job-bootstrap.yaml b/ceph-mon/templates/job-bootstrap.yaml
index ef39c0b704..92e932abbe 100644
--- a/ceph-mon/templates/job-bootstrap.yaml
+++ b/ceph-mon/templates/job-bootstrap.yaml
@@ -33,7 +33,7 @@ spec:
 {{ tuple $envAll "ceph" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
-{{ dict "envAll" $envAll "podName" "ceph-bootstrap" "containerNames" (list "ceph-bootstrap") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "ceph-bootstrap" "containerNames" (list "ceph-bootstrap" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
diff --git a/ceph-mon/values_overrides/apparmor.yaml b/ceph-mon/values_overrides/apparmor.yaml
index 5306cb67be..d8c77d8e2b 100644
--- a/ceph-mon/values_overrides/apparmor.yaml
+++ b/ceph-mon/values_overrides/apparmor.yaml
@@ -10,6 +10,7 @@ pod:
       init: runtime/default
     ceph-bootstrap:
       ceph-bootstrap: runtime/default
+      init: runtime/default
     ceph-storage-keys-generator:
       ceph-storage-keys-generator: runtime/default
       init: runtime/default