diff --git a/deploy/cephfs/kubernetes/csi-provisioner-psp.yaml b/deploy/cephfs/kubernetes/csi-provisioner-psp.yaml
index ee465ef30..82ba30874 100644
--- a/deploy/cephfs/kubernetes/csi-provisioner-psp.yaml
+++ b/deploy/cephfs/kubernetes/csi-provisioner-psp.yaml
@@ -4,12 +4,8 @@ kind: PodSecurityPolicy
 metadata:
   name: cephfs-csi-provisioner-psp
 spec:
-  allowPrivilegeEscalation: true
-  allowedCapabilities:
-    - 'SYS_ADMIN'
   fsGroup:
     rule: RunAsAny
-  privileged: true
   runAsUser:
     rule: RunAsAny
   seLinux:
@@ -21,7 +17,6 @@ spec:
     - 'emptyDir'
     - 'projected'
     - 'secret'
-    - 'downwardAPI'
     - 'hostPath'
   allowedHostPaths:
     - pathPrefix: '/dev'