diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
index f7d9aba4f8..99af80eb6d 100644
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@@ -45,6 +45,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "glance-api" "containerNames" ( list "glance-perms" "glance-api" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       serviceAccountName: {{ $serviceAccountName }}
 {{ dict "envAll" $envAll "application" "glance" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/glance/templates/deployment-registry.yaml b/glance/templates/deployment-registry.yaml
index cf35545355..e4d46ea59c 100644
--- a/glance/templates/deployment-registry.yaml
+++ b/glance/templates/deployment-registry.yaml
@@ -45,6 +45,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "glance-registry" "containerNames" ( list "glance-registry" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       serviceAccountName: {{ $serviceAccountName }}
 {{ dict "envAll" $envAll "application" "glance" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/glance/values_overrides/apparmor.yaml b/glance/values_overrides/apparmor.yaml
new file mode 100644
index 0000000000..7e3fac3b0a
--- /dev/null
+++ b/glance/values_overrides/apparmor.yaml
@@ -0,0 +1,12 @@
+pod:
+  mandatory_access_control:
+    type: apparmor
+    glance-api:
+      glance-api: runtime/default
+      glance-perms: runtime/default
+      init: runtime/default
+    glance-registry:
+      glance-registry: runtime/default
+      init: runtime/default
+manifests:
+  deployment_registry: true
\ No newline at end of file