diff --git a/deploy/chart/templates/_helpers.tpl b/deploy/chart/templates/_helpers.tpl
index c581eec4c8b4c0085773769d17f56f0b9500af1f..cd58f3ddb86725e957380a627203061004bd3374 100644
--- a/deploy/chart/templates/_helpers.tpl
+++ b/deploy/chart/templates/_helpers.tpl
@@ -65,3 +65,7 @@ Create the name of the provisioner to use.
 cluster.local/{{ template "local-path-provisioner.fullname" . -}}
 {{- end -}}
 {{- end -}}
+
+{{- define "local-path-provisioner.secret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }}
+{{- end }}
diff --git a/deploy/chart/templates/deployment.yaml b/deploy/chart/templates/deployment.yaml
index 4a13638b714ac0547d70ae9d02f3debb2ab24a41..ad42ae01b08d2b6c48afce91fddb286b86423403 100644
--- a/deploy/chart/templates/deployment.yaml
+++ b/deploy/chart/templates/deployment.yaml
@@ -23,7 +23,11 @@ spec:
       serviceAccountName: {{ template "local-path-provisioner.serviceAccountName" . }}
       containers:
         - name: {{ .Chart.Name }}
+        {{- if .Values.privateRegistry.registryUrl }}
+          image: "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        {{- else }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        {{- end }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           command:
             - local-path-provisioner
@@ -31,10 +35,16 @@ spec:
             - start
             - --config
             - /etc/config/config.json
+            - --service-account-name
+            - {{ template "local-path-provisioner.serviceAccountName" . }}
             - --provisioner-name
             - {{ template "local-path-provisioner.provisionerName" . }}
             - --helper-image
+          {{- if .Values.privateRegistry.registryUrl }}
+            - "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.helperImage.repository }}:{{ .Values.helperImage.tag }}"
+          {{- else }}
             - "{{ .Values.helperImage.repository }}:{{ .Values.helperImage.tag }}"
+          {{- end }}
             - --configmap-name
             - {{ .Values.configmap.name }}
           volumeMounts:
diff --git a/deploy/chart/templates/registry-secret.yaml b/deploy/chart/templates/registry-secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..eb33897cbe34b36e39ef6138cccb396af69ade3e
--- /dev/null
+++ b/deploy/chart/templates/registry-secret.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.defaultSettings.registrySecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.defaultSettings.registrySecret }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "local-path-provisioner.secret" . }}
+{{- end }}
\ No newline at end of file
diff --git a/deploy/chart/templates/serviceaccount.yaml b/deploy/chart/templates/serviceaccount.yaml
index 19faf0d59847707f604ab0c97aef84cdff539e96..59fc05d922ff2c63bd06d7f18f2f94e0c5e46643 100644
--- a/deploy/chart/templates/serviceaccount.yaml
+++ b/deploy/chart/templates/serviceaccount.yaml
@@ -5,4 +5,8 @@ metadata:
   name: {{ include "local-path-provisioner.fullname" . }}
   labels:
 {{ include "local-path-provisioner.labels" . | indent 4 }}
+{{- if .Values.defaultSettings.registrySecret }}
+imagePullSecrets:
+  - name: {{ .Values.defaultSettings.registrySecret }}
+{{- end }}
 {{- end }}
diff --git a/deploy/chart/values.yaml b/deploy/chart/values.yaml
index 8f202c2391d880adfffaf955e737111223e3134f..1cad6d422df5aacf90c308c3a724601b990982bc 100644
--- a/deploy/chart/values.yaml
+++ b/deploy/chart/values.yaml
@@ -11,6 +11,14 @@ helperImage:
   repository: busybox
   tag: latest
 
+defaultSettings:
+  registrySecret: ~
+
+privateRegistry:
+  registryUrl: ~
+  registryUser: ~
+  registryPasswd: ~
+
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
diff --git a/main.go b/main.go
index 8fa7d50cfc410c1f974e1fd9c46046632efd17f7..1d67665eb38f2a36a9820530d2ba69c6f0ee6f0e 100644
--- a/main.go
+++ b/main.go
@@ -31,6 +31,8 @@ var (
 	FlagHelperImage        = "helper-image"
 	EnvHelperImage         = "HELPER_IMAGE"
 	DefaultHelperImage     = "busybox"
+	FlagServiceAccountName = "service-account-name"
+	EnvServiceAccountName  = "SERVICE_ACCOUNT_NAME"
 	FlagKubeconfig         = "kubeconfig"
 	DefaultConfigFileKey   = "config.json"
 	DefaultConfigMapName   = "local-path-config"
@@ -92,6 +94,11 @@ func StartCmd() cli.Command {
 				Usage: "Required. Specify configmap name.",
 				Value: DefaultConfigMapName,
 			},
+			cli.StringFlag{
+				Name:   FlagServiceAccountName,
+				Usage:  "Required. The ServiceAccountName for deployment",
+				EnvVar: EnvServiceAccountName,
+			},
 		},
 		Action: func(c *cli.Context) {
 			if err := startDaemon(c); err != nil {
@@ -186,7 +193,12 @@ func startDaemon(c *cli.Context) error {
 		return fmt.Errorf("invalid empty flag %v", FlagHelperImage)
 	}
 
-	provisioner, err := NewProvisioner(stopCh, kubeClient, configFile, namespace, helperImage, configMapName)
+	serviceAccountName := c.String(FlagServiceAccountName)
+	if serviceAccountName == "" {
+		return fmt.Errorf("invalid empty flag %v", FlagServiceAccountName)
+	}
+
+	provisioner, err := NewProvisioner(stopCh, kubeClient, configFile, namespace, helperImage, configMapName, serviceAccountName)
 	if err != nil {
 		return err
 	}
diff --git a/provisioner.go b/provisioner.go
index d36f2945af684969d29577bfc98db01be1000485..b3380e7224008157166ed4d03cf95d41475ed895 100644
--- a/provisioner.go
+++ b/provisioner.go
@@ -39,10 +39,11 @@ var (
 )
 
 type LocalPathProvisioner struct {
-	stopCh      chan struct{}
-	kubeClient  *clientset.Clientset
-	namespace   string
-	helperImage string
+	stopCh             chan struct{}
+	kubeClient         *clientset.Clientset
+	namespace          string
+	helperImage        string
+	serviceAccountName string
 
 	config        *Config
 	configData    *ConfigData
@@ -68,13 +69,14 @@ type Config struct {
 	NodePathMap map[string]*NodePathMap
 }
 
-func NewProvisioner(stopCh chan struct{}, kubeClient *clientset.Clientset, configFile, namespace, helperImage, configMapName string) (*LocalPathProvisioner, error) {
+func NewProvisioner(stopCh chan struct{}, kubeClient *clientset.Clientset, configFile, namespace, helperImage, configMapName string, serviceAccountName string) (*LocalPathProvisioner, error) {
 	p := &LocalPathProvisioner{
 		stopCh: stopCh,
 
-		kubeClient:  kubeClient,
-		namespace:   namespace,
-		helperImage: helperImage,
+		kubeClient:         kubeClient,
+		namespace:          namespace,
+		helperImage:        helperImage,
+		serviceAccountName: serviceAccountName,
 
 		// config will be updated shortly by p.refreshConfig()
 		config:        nil,
@@ -328,8 +330,9 @@ func (p *LocalPathProvisioner) createHelperPod(action ActionType, cmdsForPath []
 			Namespace: p.namespace,
 		},
 		Spec: v1.PodSpec{
-			RestartPolicy: v1.RestartPolicyNever,
-			NodeName:      node,
+			RestartPolicy:      v1.RestartPolicyNever,
+			NodeName:           node,
+			ServiceAccountName: p.serviceAccountName,
 			Tolerations: []v1.Toleration{
 				{
 					Operator: v1.TolerationOpExists,