diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml
index 64a7cc7d..1b324a38 100644
--- a/prometheus-openstack-exporter/templates/deployment.yaml
+++ b/prometheus-openstack-exporter/templates/deployment.yaml
@@ -39,6 +39,8 @@ spec:
     metadata:
       labels:
 {{ tuple $envAll "prometheus-openstack-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ dict "envAll" $envAll "podName" "prometheus-openstack-exporter" "containerNames" (list "openstack-metrics-exporter") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "openstack_exporter" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
diff --git a/prometheus-openstack-exporter/values.yaml b/prometheus-openstack-exporter/values.yaml
index 621cd524..5fe24092 100644
--- a/prometheus-openstack-exporter/values.yaml
+++ b/prometheus-openstack-exporter/values.yaml
@@ -38,6 +38,10 @@ labels:
     node_selector_value: enabled
 
 pod:
+  mandatory_access_control:
+    type: apparmor
+    openstack-metrics-exporter:
+      openstack-metrics-exporter: localhost/docker-default
   user:
     openstack_exporter:
       uid: 65534
@@ -87,7 +91,6 @@ pod:
         limits:
           memory: "1024Mi"
           cpu: "2000m"
-
 dependencies:
   dynamic:
     common: