diff --git a/roles/kubernetes-apps/helm/defaults/main.yml b/roles/kubernetes-apps/helm/defaults/main.yml
index 2e817452112e6ea6c59da45662bf0d54ec26f590..15e26596ae2866cd1246163c1401465771d554dd 100644
--- a/roles/kubernetes-apps/helm/defaults/main.yml
+++ b/roles/kubernetes-apps/helm/defaults/main.yml
@@ -13,6 +13,9 @@ helm_skip_refresh: false
 # Set URL for stable repository
 # helm_stable_repo_url: "https://kubernetes-charts.storage.googleapis.com"
 
+# Namespace for the Tiller Deployment.
+tiller_namespace: kube-system
+
 # Set node selector options for Tiller Deployment manifest.
 # tiller_node_selectors: "key1=val1,key2=val2"
 
diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml
index 14d6ec5fe5913feb9d3a1a7bf42cf2631e6db5be..73b0be0cfcc9f6ce93df5db40eb26a4fd195d119 100644
--- a/roles/kubernetes-apps/helm/tasks/main.yml
+++ b/roles/kubernetes-apps/helm/tasks/main.yml
@@ -7,9 +7,10 @@
 
 - name: Helm | Lay Down Helm Manifests (RBAC)
   template:
-    src: "{{item.file}}"
+    src: "{{item.file}}.j2"
     dest: "{{kube_config_dir}}/{{item.file}}"
   with_items:
+    - {name: tiller, file: tiller-namespace.yml, type: namespace}
     - {name: tiller, file: tiller-sa.yml, type: sa}
     - {name: tiller, file: tiller-clusterrolebinding.yml, type: clusterrolebinding}
   register: manifests
@@ -18,7 +19,7 @@
 - name: Helm | Apply Helm Manifests (RBAC)
   kube:
     name: "{{item.item.name}}"
-    namespace: "kube-system"
+    namespace: "{{ tiller_namespace }}"
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
@@ -28,7 +29,7 @@
 
 - name: Helm | Install/upgrade helm
   command: >
-    {{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace=kube-system
+    {{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ tiller_namespace }}
     {% if helm_skip_refresh %} --skip-refresh{% endif %}
     {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
     {% if rbac_enabled %} --service-account=tiller{% endif %}
diff --git a/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml b/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
deleted file mode 100644
index 00694181e25a01d0d479f551f6e207105e4494d2..0000000000000000000000000000000000000000
--- a/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: tiller
-  namespace: kube-system
-subjects:
-  - kind: ServiceAccount
-    name: tiller
-    namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: cluster-admin
-  apiGroup: rbac.authorization.k8s.io
diff --git a/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml.j2 b/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..9bdfdde034c35238ee9f09dddec4aaa376431a4d
--- /dev/null
+++ b/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml.j2
@@ -0,0 +1,29 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: tiller
+  namespace: {{ tiller_namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: {{ tiller_namespace }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
+{% if podsecuritypolicy_enabled %}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: psp:tiller
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: {{ tiller_namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: psp:privileged
+{% endif %}
diff --git a/roles/kubernetes-apps/helm/templates/tiller-namespace.yml.j2 b/roles/kubernetes-apps/helm/templates/tiller-namespace.yml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..455742185c2daa3dd8d8e848159adcbd4f442ec8
--- /dev/null
+++ b/roles/kubernetes-apps/helm/templates/tiller-namespace.yml.j2
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: "{{ tiller_namespace}}"
diff --git a/roles/kubernetes-apps/helm/templates/tiller-sa.yml b/roles/kubernetes-apps/helm/templates/tiller-sa.yml.j2
similarity index 76%
rename from roles/kubernetes-apps/helm/templates/tiller-sa.yml
rename to roles/kubernetes-apps/helm/templates/tiller-sa.yml.j2
index 606dbb1471598d0c1333238564c183900793cdd4..09b8157250aae2c87434cfc3f8ea43fcdafc593d 100644
--- a/roles/kubernetes-apps/helm/templates/tiller-sa.yml
+++ b/roles/kubernetes-apps/helm/templates/tiller-sa.yml.j2
@@ -3,6 +3,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: tiller
-  namespace: kube-system
+  namespace: {{ tiller_namespace }}
   labels:
     kubernetes.io/cluster-service: "true"