diff --git a/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/PodSecurityPolicy-democratic-csi-synology-iscsi-psp.yaml b/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/PodSecurityPolicy-democratic-csi-synology-iscsi-psp.yaml
new file mode 100644
index 000000000..e6d76ed2a
--- /dev/null
+++ b/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/PodSecurityPolicy-democratic-csi-synology-iscsi-psp.yaml
@@ -0,0 +1,34 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: democratic-csi-synology-iscsi-psp
+  labels:
+    app.kubernetes.io/name: democratic-csi
+    helm.sh/chart: democratic-csi-0.15.1
+    app.kubernetes.io/instance: democratic-csi-synology-iscsi
+    app.kubernetes.io/managed-by: Helm
+spec:
+  privileged: true
+  allowPrivilegeEscalation: true
+  requiredDropCapabilities:
+    - NET_RAW
+  allowedCapabilities:
+    - SYS_ADMIN
+  hostNetwork: false
+  hostIPC: false
+  hostPID: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+    - configMap
+    - downwardAPI
+    - emptyDir
+    - secret
+    - projected
+    - hostPath
diff --git a/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/Role-democratic-csi-synology-iscsi-role.yaml b/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/Role-democratic-csi-synology-iscsi-role.yaml
new file mode 100644
index 000000000..9f10e02b6
--- /dev/null
+++ b/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/Role-democratic-csi-synology-iscsi-role.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: democratic-csi-synology-iscsi-role
+  labels:
+    app.kubernetes.io/name: democratic-csi
+    helm.sh/chart: democratic-csi-0.15.1
+    app.kubernetes.io/instance: democratic-csi-synology-iscsi
+    app.kubernetes.io/managed-by: Helm
+  namespace: democratic-csi-synology-iscsi
+rules:
+  - apiGroups:
+      - policy
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+    resourceNames:
+      - democratic-csi-synology-iscsi-psp
diff --git a/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/RoleBinding-democratic-csi-synology-iscsi-psp-binding.yaml b/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/RoleBinding-democratic-csi-synology-iscsi-psp-binding.yaml
new file mode 100644
index 000000000..fac5c92c5
--- /dev/null
+++ b/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/RoleBinding-democratic-csi-synology-iscsi-psp-binding.yaml
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: democratic-csi-synology-iscsi-psp-binding
+  labels:
+    app.kubernetes.io/name: democratic-csi
+    helm.sh/chart: democratic-csi-0.15.1
+    app.kubernetes.io/instance: democratic-csi-synology-iscsi
+    app.kubernetes.io/managed-by: Helm
+  namespace: democratic-csi-synology-iscsi
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: democratic-csi-synology-iscsi-psp-role
+subjects:
+  - kind: ServiceAccount
+    name: democratic-csi-synology-iscsi-controller-sa
+    namespace: democratic-csi-synology-iscsi
+  - kind: ServiceAccount
+    name: democratic-csi-synology-iscsi-node-sa
+    namespace: democratic-csi-synology-iscsi
+  - kind: ServiceAccount
+    name: default
+    namespace: democratic-csi-synology-iscsi