diff --git a/installer/roles/kubernetes/defaults/main.yml b/installer/roles/kubernetes/defaults/main.yml
index 3bb3aacbf4..659c4c04bb 100644
--- a/installer/roles/kubernetes/defaults/main.yml
+++ b/installer/roles/kubernetes/defaults/main.yml
@@ -14,6 +14,10 @@ kubernetes_task_image: "{{ tower_package_name | default('ansible/awx_task') }}"
 kubernetes_web_version: "{{ tower_package_version | default(dockerhub_version) }}"
 kubernetes_web_image: "{{ tower_package_name | default('ansible/awx_web') }}"
 
+awx_psp_create: false
+awx_psp_name: 'awx'
+awx_psp_privileged: true
+
 web_mem_request: 1
 web_cpu_request: 500
 web_security_context_enabled: true
@@ -22,7 +26,7 @@ web_security_context_privileged: false
 task_mem_request: 2
 task_cpu_request: 1500
 task_security_context_enabled: true
-task_security_context_privileged: false
+task_security_context_privileged: true
 
 redis_mem_request: 2
 redis_cpu_request: 500
diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2
index 9334a44a50..243b235c91 100644
--- a/installer/roles/kubernetes/templates/deployment.yml.j2
+++ b/installer/roles/kubernetes/templates/deployment.yml.j2
@@ -15,6 +15,70 @@ imagePullSecrets:
   - name: "{{ kubernetes_image_pull_secrets }}"
 {% endif %}
 
+{% if awx_psp_create is defined and awx_psp_create | bool %}
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ awx_psp_name }}-psp
+spec:
+{% if awx_psp_privileged is defined %}
+  privileged: {{ awx_psp_privileged }}
+  allowPrivilegeEscalation: {{ awx_psp_privileged }}
+{% endif %}
+  requiredDropCapabilities:
+    - ALL
+  volumes:
+    - 'configMap'
+    - 'emptyDir'
+    - 'projected'
+    - 'secret'
+    - 'downwardAPI'
+    - 'persistentVolumeClaim'
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ kubernetes_namespace }}
+  name: {{ awx_psp_name }}-role
+rules:
+- apiGroups:
+  - policy
+  resources:
+  - podsecuritypolicies
+  resourceNames:
+  - {{ awx_psp_name }}-psp
+  verbs:
+  - use
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ awx_psp_name }}-role-binding
+  namespace: {{ kubernetes_namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ awx_psp_name }}-role
+subjects:
+- kind: ServiceAccount
+  name: awx
+  namespace: {{ kubernetes_namespace }}
+{% endif %}
+
 ---
 apiVersion: {{ kubernetes_deployment_api_version }}
 kind: Deployment