diff --git a/ceph-client/templates/job-bootstrap.yaml b/ceph-client/templates/job-bootstrap.yaml
index d1ac0ffc2..133e1135a 100644
--- a/ceph-client/templates/job-bootstrap.yaml
+++ b/ceph-client/templates/job-bootstrap.yaml
@@ -31,6 +31,9 @@ spec:
     metadata:
       labels:
 {{ tuple $envAll "ceph" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "ceph-client-bootstrap" "containerNames" (list "ceph-client-bootstrap" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
diff --git a/ceph-client/values_overrides/apparmor.yaml b/ceph-client/values_overrides/apparmor.yaml
index f4a76523c..a249dbc44 100644
--- a/ceph-client/values_overrides/apparmor.yaml
+++ b/ceph-client/values_overrides/apparmor.yaml
@@ -13,4 +13,11 @@ pod:
     ceph-rbd-pool:
       ceph-rbd-pool: runtime/default
       init: runtime/default
+    ceph-client-bootstrap:
+      ceph-client-bootstrap: runtime/default
+      init: runtime/default
+bootstrap:
+  enabled: true
+manifests:
+  job_bootstrap: true
 
diff --git a/ceph-mon/templates/job-bootstrap.yaml b/ceph-mon/templates/job-bootstrap.yaml
index ef39c0b70..92e932abb 100644
--- a/ceph-mon/templates/job-bootstrap.yaml
+++ b/ceph-mon/templates/job-bootstrap.yaml
@@ -33,7 +33,7 @@ spec:
 {{ tuple $envAll "ceph" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
-{{ dict "envAll" $envAll "podName" "ceph-bootstrap" "containerNames" (list "ceph-bootstrap") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "ceph-bootstrap" "containerNames" (list "ceph-bootstrap" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
diff --git a/ceph-mon/values_overrides/apparmor.yaml b/ceph-mon/values_overrides/apparmor.yaml
index 5306cb67b..d8c77d8e2 100644
--- a/ceph-mon/values_overrides/apparmor.yaml
+++ b/ceph-mon/values_overrides/apparmor.yaml
@@ -10,6 +10,7 @@ pod:
       init: runtime/default
     ceph-bootstrap:
       ceph-bootstrap: runtime/default
+      init: runtime/default
     ceph-storage-keys-generator:
       ceph-storage-keys-generator: runtime/default
       init: runtime/default