diff --git a/.zuul.yaml b/.zuul.yaml
index 304510c..dfe6acd 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -73,6 +73,7 @@
     vars:
       zuul_osh_infra_relative_path: ../../openstack/openstack-helm-infra/
       gate_scripts:
+        - "{{ zuul_osh_infra_relative_path }}./tools/deployment/apparmor/001-setup-apparmor-profiles.sh"
         - "{{ zuul_osh_infra_relative_path }}./tools/deployment/common/005-deploy-k8s.sh"
         - ./tools/gate/scripts/010-build-charts.sh
         - sudo ./tools/gate/scripts/020-test-divingbell.sh
diff --git a/divingbell/templates/daemonset-apparmor.yaml b/divingbell/templates/daemonset-apparmor.yaml
index 40f0581..a39df94 100644
--- a/divingbell/templates/daemonset-apparmor.yaml
+++ b/divingbell/templates/daemonset-apparmor.yaml
@@ -37,6 +37,7 @@ spec:
 {{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "divingbell-apparmor" "containerNames" (list "apparmor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       hostNetwork: true
       hostPID: true
diff --git a/divingbell/templates/daemonset-apt.yaml b/divingbell/templates/daemonset-apt.yaml
index 9b3d3ff..8ca4b01 100644
--- a/divingbell/templates/daemonset-apt.yaml
+++ b/divingbell/templates/daemonset-apt.yaml
@@ -37,6 +37,7 @@ spec:
 {{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "divingbell-apt" "containerNames" (list "apt") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       hostNetwork: true
       hostPID: true
diff --git a/divingbell/templates/daemonset-ethtool.yaml b/divingbell/templates/daemonset-ethtool.yaml
index 75e84fb..aead688 100644
--- a/divingbell/templates/daemonset-ethtool.yaml
+++ b/divingbell/templates/daemonset-ethtool.yaml
@@ -37,6 +37,7 @@ spec:
 {{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "divingbell-ethtool" "containerNames" (list "ethtool") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       hostNetwork: true
       hostPID: true
diff --git a/divingbell/templates/daemonset-exec.yaml b/divingbell/templates/daemonset-exec.yaml
index 87a585c..ce7ee06 100644
--- a/divingbell/templates/daemonset-exec.yaml
+++ b/divingbell/templates/daemonset-exec.yaml
@@ -37,6 +37,7 @@ spec:
 {{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "divingbell-exec" "containerNames" (list "exec") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       hostNetwork: true
       hostPID: true
diff --git a/divingbell/templates/daemonset-limits.yaml b/divingbell/templates/daemonset-limits.yaml
index e142e3d..fb77403 100644
--- a/divingbell/templates/daemonset-limits.yaml
+++ b/divingbell/templates/daemonset-limits.yaml
@@ -37,6 +37,7 @@ spec:
 {{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "divingbell-limits" "containerNames" (list "limits") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       hostNetwork: true
       hostPID: true
diff --git a/divingbell/templates/daemonset-mounts.yaml b/divingbell/templates/daemonset-mounts.yaml
index e88951c..f6d2156 100644
--- a/divingbell/templates/daemonset-mounts.yaml
+++ b/divingbell/templates/daemonset-mounts.yaml
@@ -37,6 +37,7 @@ spec:
 {{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "divingbell-mounts" "containerNames" (list "mounts") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       hostNetwork: true
       hostPID: true
diff --git a/divingbell/templates/daemonset-perm.yaml b/divingbell/templates/daemonset-perm.yaml
index 30cd7f6..b064144 100644
--- a/divingbell/templates/daemonset-perm.yaml
+++ b/divingbell/templates/daemonset-perm.yaml
@@ -37,6 +37,7 @@ spec:
 {{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "divingbell-perm" "containerNames" (list "perm") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       hostNetwork: true
       hostPID: true
diff --git a/divingbell/templates/daemonset-sysctl.yaml b/divingbell/templates/daemonset-sysctl.yaml
index 1030e9d..724ed88 100644
--- a/divingbell/templates/daemonset-sysctl.yaml
+++ b/divingbell/templates/daemonset-sysctl.yaml
@@ -37,6 +37,7 @@ spec:
 {{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "divingbell-sysctl" "containerNames" (list "sysctl") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       hostNetwork: true
       hostPID: true
diff --git a/divingbell/templates/daemonset-uamlite.yaml b/divingbell/templates/daemonset-uamlite.yaml
index 31f1a78..89e860b 100644
--- a/divingbell/templates/daemonset-uamlite.yaml
+++ b/divingbell/templates/daemonset-uamlite.yaml
@@ -37,6 +37,7 @@ spec:
 {{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "divingbell-uamlite" "containerNames" (list "uamlite") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       hostNetwork: true
       hostPID: true
diff --git a/divingbell/values.yaml b/divingbell/values.yaml
index 46aaac6..e186436 100644
--- a/divingbell/values.yaml
+++ b/divingbell/values.yaml
@@ -96,6 +96,26 @@ conf:
 #      item: 'core'
 #      value: 0
 pod:
+  mandatory_access_control:
+    type: apparmor
+    divingbell-apparmor:
+      apparmor: runtime/default
+    divingbell-apt:
+      apt: runtime/default
+    divingbell-ethtool:
+      ethtool: runtime/default
+    divingbell-exec:
+      exec: runtime/default
+    divingbell-limits:
+      limits: runtime/default
+    divingbell-mounts:
+      mounts: runtime/default
+    divingbell-perm:
+      perm: runtime/default
+    divingbell-sysctl:
+      sysctl: runtime/default
+    divingbell-uamlite:
+      uamlite: runtime/default
   lifecycle:
     upgrades:
       daemonsets:
diff --git a/tools/gate/scripts/020-test-divingbell.sh b/tools/gate/scripts/020-test-divingbell.sh
index d053b94..0cba92c 100755
--- a/tools/gate/scripts/020-test-divingbell.sh
+++ b/tools/gate/scripts/020-test-divingbell.sh
@@ -281,6 +281,7 @@ EXEC_DIR=/var/${NAME}/exec
 EXPECTED_NUMBER_OF_DAEMONSETS=17
 type lshw || apt -y install lshw
 type apparmor_parser || apt -y install apparmor
+type ethtool || apt -y install ethtool
 nic_info="$(lshw -class network)"
 physical_nic=''
 IFS=$'\n'