diff --git a/stable/democratic-csi/templates/psp.yaml b/stable/democratic-csi/templates/psp.yaml
new file mode 100644
index 0000000..9a64f9b
--- /dev/null
+++ b/stable/democratic-csi/templates/psp.yaml
@@ -0,0 +1,78 @@
+{{- if .Values.enablePSP }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "democratic-csi.fullname" . }}-psp
+    app.kubernetes.io/name: {{ include "democratic-csi.name" . }}
+    helm.sh/chart: {{ include "democratic-csi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  privileged: true
+  allowPrivilegeEscalation: true
+  requiredDropCapabilities:
+  - NET_RAW
+  allowedCapabilities:
+  - SYS_ADMIN
+  hostNetwork: false
+  hostIPC: false
+  hostPID: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - configMap
+  - downwardAPI
+  - emptyDir
+  - secret
+  - projected
+  - hostPath
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "democratic-csi.fullname" . }}-role
+    app.kubernetes.io/name: {{ include "democratic-csi.name" . }}
+    helm.sh/chart: {{ include "democratic-csi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups:
+  - policy
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+  resourceNames:
+  - {{ include "democratic-csi.fullname" . }}-psp
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "democratic-csi.fullname" . }}-psp-binding
+    app.kubernetes.io/name: {{ include "democratic-csi.name" . }}
+    helm.sh/chart: {{ include "democratic-csi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "democratic-csi.fullname" . }}-psp-role
+subjects:
+- kind: ServiceAccount
+  name: {{ include "democratic-csi.fullname" . }}-controller-sa
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: {{ include "democratic-csi.fullname" . }}-node-sa
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: default
+  namespace: {{ .Release.Namespace }}
+{{- end }}
\ No newline at end of file
diff --git a/stable/democratic-csi/values.yaml b/stable/democratic-csi/values.yaml
index 04bb90b..2848630 100644
--- a/stable/democratic-csi/values.yaml
+++ b/stable/democratic-csi/values.yaml
@@ -309,3 +309,6 @@ volumeSnapshotClasses: []
 csiProxy:
   enabled: true
   image: docker.io/democraticcsi/csi-grpc-proxy:v0.4.2
+
+# Configure a pod security policy to allow privileged pods
+enablePSP: false
\ No newline at end of file