diff --git a/.zuul.yaml b/.zuul.yaml
index 0633bad4..ba839ccc 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -23,14 +23,12 @@
         - airship-drydock-chart-build-latest-htk
         - airship-drydock-docker-build-gate-ubuntu_xenial
         - airship-drydock-docker-build-gate-ubuntu_bionic
-
     gate:
       jobs:
         - airship-drydock-omni-test
         - airship-drydock-chart-build-gate
         - airship-drydock-docker-build-gate-ubuntu_xenial
         - airship-drydock-docker-build-gate-ubuntu_bionic
-
     post:
       jobs:
         - airship-drydock-docker-publish-ubuntu_xenial
@@ -41,7 +39,7 @@
     name: airship-drydock-single-node
     nodes:
       - name: primary
-        label: ubuntu-xenial
+        label: ubuntu-bionic
 
 - job:
     name: airship-drydock-omni-test
@@ -49,7 +47,9 @@
       Run a set of lightweight lints and tests
       (pep8, Helm chart lint, Sphinx build, Python unit tests, Bandit scan)
     run: tools/gate/playbooks/omni_test.yaml
-    timeout: 900
+    required-projects:
+      - openstack/openstack-helm-infra
+    timeout: 3600
     nodeset: airship-drydock-single-node
 
 - job:
@@ -141,7 +141,6 @@
           commit: true
         static:
           - latest
-
 - secret:
     name: airship_drydock_quay_creds
     data:
diff --git a/charts/drydock/templates/deployment.yaml b/charts/drydock/templates/deployment.yaml
index dfd19ad0..8ea6f206 100644
--- a/charts/drydock/templates/deployment.yaml
+++ b/charts/drydock/templates/deployment.yaml
@@ -37,6 +37,7 @@ spec:
 {{ $labels | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "drydock-api" "containerNames" (list "drydock-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
diff --git a/charts/drydock/values.yaml b/charts/drydock/values.yaml
index 4bea69b1..d0abad35 100644
--- a/charts/drydock/values.yaml
+++ b/charts/drydock/values.yaml
@@ -58,6 +58,10 @@ network:
         nginx.ingress.kubernetes.io/rewrite-target: /
 
 pod:
+  mandatory_access_control:
+    type: apparmor
+    drydock-api:
+      drydock-api: runtime/default
   security_context:
     drydock:
       pod:
diff --git a/tools/gate/playbooks/omni_test.yaml b/tools/gate/playbooks/omni_test.yaml
index d62be2e0..d67c3014 100644
--- a/tools/gate/playbooks/omni_test.yaml
+++ b/tools/gate/playbooks/omni_test.yaml
@@ -47,3 +47,10 @@
         target: run_drydock
       register: result
       become: true
+    - name: Setup Apparmor
+      shell: |
+        set -xe;
+        ./tools/deployment/apparmor/001-setup-apparmor-profiles.sh
+      args:
+        chdir: "{{ zuul.projects['opendev.org/openstack/openstack-helm-infra'].src_dir }}"
+        executable: /bin/bash