diff --git a/deploy/helm/charts/Chart.yaml b/deploy/helm/charts/Chart.yaml
index 0459bc46..7f5b30a6 100644
--- a/deploy/helm/charts/Chart.yaml
+++ b/deploy/helm/charts/Chart.yaml
@@ -4,7 +4,7 @@ description: CStor-Operator helm chart for Kubernetes
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 2.5.2
+version: 2.5.3
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 appVersion: 2.5.0
diff --git a/deploy/helm/charts/templates/csi-node.yaml b/deploy/helm/charts/templates/csi-node.yaml
index 3acb8c1f..c30f9d38 100644
--- a/deploy/helm/charts/templates/csi-node.yaml
+++ b/deploy/helm/charts/templates/csi-node.yaml
@@ -55,8 +55,6 @@ spec:
         - name: {{ .Values.cstorCSIPlugin.name }}
           securityContext:
             privileged: true
-            capabilities:
-              add: ["CAP_MKNOD", "CAP_SYS_ADMIN", "SYS_ADMIN"]
             allowPrivilegeEscalation: true
           image: "{{ .Values.cstorCSIPlugin.image.registry }}{{ .Values.cstorCSIPlugin.image.repository }}:{{ .Values.cstorCSIPlugin.image.tag }}"
           imagePullPolicy: {{ .Values.cstorCSIPlugin.image.pullPolicy }}
diff --git a/deploy/helm/charts/templates/psp.yaml b/deploy/helm/charts/templates/psp.yaml
new file mode 100644
index 00000000..f3ff690d
--- /dev/null
+++ b/deploy/helm/charts/templates/psp.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "cstor.fullname" . }}-psp
+  {{- with .Values.csiNode.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cstor.csiNode.labels" . | nindent 4 }}
+spec:
+  privileged: true
+  allowPrivilegeEscalation: true
+  allowedCapabilities: ['*']
+  volumes: ['*']
+  hostNetwork: true
+  hostIPC: true
+  hostPID: true
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
+{{- end }}