diff --git a/charts/descheduler/templates/clusterrole.yaml b/charts/descheduler/templates/clusterrole.yaml
index 2a20917365..4c17c9b2dc 100644
--- a/charts/descheduler/templates/clusterrole.yaml
+++ b/charts/descheduler/templates/clusterrole.yaml
@@ -21,4 +21,11 @@ rules:
 - apiGroups: ["scheduling.k8s.io"]
   resources: ["priorityclasses"]
   verbs: ["get", "watch", "list"]
+{{- if .Values.rbac.podSecurityPolicy.create }}
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+  - {{ template "descheduler.fullname" . }}
+{{- end }}
 {{- end -}}
diff --git a/charts/descheduler/templates/podsecuritypolicy.yaml b/charts/descheduler/templates/podsecuritypolicy.yaml
new file mode 100644
index 0000000000..66bdbcb5cc
--- /dev/null
+++ b/charts/descheduler/templates/podsecuritypolicy.yaml
@@ -0,0 +1,38 @@
+{{- if .Values.rbac.podSecurityPolicy.create -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "descheduler.fullname" . }}
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
+    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'runtime/default'
+spec:
+  privileged: false
+  allowPrivilegeEscalation: false
+  requiredDropCapabilities:
+    - ALL
+  volumes:
+    - 'configMap'
+    - 'secret'
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: true
+{{- end -}}
diff --git a/charts/descheduler/values.yaml b/charts/descheduler/values.yaml
index 61cd1ed1c5..b0c1b2ab88 100644
--- a/charts/descheduler/values.yaml
+++ b/charts/descheduler/values.yaml
@@ -50,6 +50,9 @@ priorityClassName: system-cluster-critical
 rbac:
   # Specifies whether RBAC resources should be created
   create: true
+  # Specifies whether PodSecurityPolicy should be created
+  podSecurityPolicy:
+    create: true
 
 serviceAccount:
   # Specifies whether a ServiceAccount should be created