diff --git a/ceph-osd/templates/job-post-apply.yaml b/ceph-osd/templates/job-post-apply.yaml
index ad85d47a5..48f7e486f 100644
--- a/ceph-osd/templates/job-post-apply.yaml
+++ b/ceph-osd/templates/job-post-apply.yaml
@@ -76,7 +76,7 @@ spec:
       labels:
 {{ tuple $envAll "ceph-upgrade" "post-apply" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
     spec:
-{{ dict "envAll" $envAll "application" "post-apply" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ dict "envAll" $envAll "application" "post_apply" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
       restartPolicy: OnFailure
       nodeSelector:
@@ -87,7 +87,7 @@ spec:
         - name: ceph-osd-post-apply
 {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "post-apply" "container" "ceph_osd_post_apply" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+{{ dict "envAll" $envAll "application" "post_apply" "container" "ceph_osd_post_apply" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           env:
             - name: CLUSTER
               value: "ceph"
diff --git a/ceph-osd/values.yaml b/ceph-osd/values.yaml
index 6a4b2d308..dd5cde5b1 100644
--- a/ceph-osd/values.yaml
+++ b/ceph-osd/values.yaml
@@ -78,6 +78,13 @@ pod:
         ceph_osd_bootstrap:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
+    post_apply:
+      pod:
+        runAsUser: 65534
+      container:
+        ceph_osd_post_apply:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
     test:
       pod:
         runAsUser: 65534
diff --git a/ceph-rgw/templates/pod-helm-tests.yaml b/ceph-rgw/templates/pod-helm-tests.yaml
index a973694b8..8eec5b295 100644
--- a/ceph-rgw/templates/pod-helm-tests.yaml
+++ b/ceph-rgw/templates/pod-helm-tests.yaml
@@ -27,6 +27,7 @@ metadata:
     "helm.sh/hook": test-success
 {{ dict "envAll" $envAll "podName" "ceph-rgw-test" "containerNames" (list "ceph-rgw-ks-validation" "ceph-rgw-s3-validation") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
+{{ dict "envAll" $envAll "application" "rgw_test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
   restartPolicy: Never
   serviceAccountName: {{ $serviceAccountName }}
   nodeSelector:
@@ -36,6 +37,7 @@ spec:
     - name: ceph-rgw-ks-validation
 {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }}
 {{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+{{ dict "envAll" $envAll "application" "rgw_test" "container" "ceph_rgw_ks_validation" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
       env:
 {{- with $env := dict "ksUserSecret" .Values.secrets.identity.user_rgw }}
 {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
diff --git a/ceph-rgw/values.yaml b/ceph-rgw/values.yaml
index 1a232a504..4d2c37f1c 100644
--- a/ceph-rgw/values.yaml
+++ b/ceph-rgw/values.yaml
@@ -92,6 +92,13 @@ pod:
         create_s3_admin:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
+    rgw_test:
+      pod:
+        runAsUser: 64045
+      rgw_test:
+        ceph_rgw_ks_validation:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
     bootstrap:
       pod:
         runAsUser: 65534