diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
index 9023e09c7107981bcbb0152ecea83cf9fe596e14..a1704844dd7fd65fac0e7febdbffb460ff334bde 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
@@ -243,3 +243,22 @@
 
 # -- Whether to enable CNP status updates.
 # cilium_disable_cnp_status_updates: true
+
+# A list of extra rules variables to add to clusterrole for cilium operator, formatted like:
+#   cilium_clusterrole_rules_operator_extra_vars:
+#     - apiGroups:
+#       - '""'
+#       resources:
+#       - pods
+#       verbs:
+#       - delete
+#     - apiGroups:
+#       - '""'
+#       resources:
+#       - nodes
+#       verbs:
+#       - list
+#       - watch
+#       resourceNames:
+#       - toto
+# cilium_clusterrole_rules_operator_extra_vars: []
diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml
index 29dd08350ebd06dbed165944a32761b08f127124..b6f68c9c01bc6ec9b5d9f8a81c37965538910716 100644
--- a/roles/network_plugin/cilium/defaults/main.yml
+++ b/roles/network_plugin/cilium/defaults/main.yml
@@ -290,3 +290,22 @@ cilium_certgen_args:
   hubble-relay-client-cert-validity-duration: 94608000s
   hubble-relay-client-cert-secret-name: hubble-relay-client-certs
   hubble-relay-server-cert-generate: false
+
+# A list of extra rules variables to add to clusterrole for cilium operator, formatted like:
+#   cilium_clusterrole_rules_operator_extra_vars:
+#     - apiGroups:
+#       - '""'
+#       resources:
+#       - pods
+#       verbs:
+#       - delete
+#     - apiGroups:
+#       - '""'
+#       resources:
+#       - nodes
+#       verbs:
+#       - list
+#       - watch
+#       resourceNames:
+#       - toto
+cilium_clusterrole_rules_operator_extra_vars: []
diff --git a/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2
index 044695022ff1052755a08f083b9403930122146c..642a66702d4a90c08cabf6ab39c5b848f1b32f7f 100644
--- a/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2
@@ -147,3 +147,23 @@ rules:
   - ciliumnetworkpolicies.cilium.io
   - ciliumnodes.cilium.io
 {% endif %}
+{% for rules in cilium_clusterrole_rules_operator_extra_vars %}
+- apiGroups:
+{% for api in rules['apiGroups'] %}
+  - {{ api }}
+{% endfor %}
+  resources:
+{% for resource in rules['resources'] %}
+  - {{ resource }}
+{% endfor %}
+  verbs:
+{% for verb in rules['verbs'] %}
+  - {{ verb }}
+{% endfor %}
+{% if 'resourceNames' in rules %}
+  resourceNames:
+{% for resourceName in rules['resourceNames'] %}
+  - {{ resourceName }}
+{% endfor %}
+{% endif %}
+{% endfor %}