diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index a24c6173c972b0567745b767cec99d7afedc4b96..8b1159ba6e19e034542ce3714321e07211e47cb6 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -677,7 +677,7 @@ downloads:
     - k8s-cluster
 
   cilium:
-    enabled: "{{ kube_network_plugin == 'cilium' }}"
+    enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
     container: true
     repo: "{{ cilium_image_repo }}"
     tag: "{{ cilium_image_tag }}"
@@ -686,7 +686,7 @@ downloads:
     - k8s-cluster
 
   cilium_init:
-    enabled: "{{ kube_network_plugin == 'cilium' }}"
+    enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
     container: true
     repo: "{{ cilium_init_image_repo }}"
     tag: "{{ cilium_init_image_tag }}"
@@ -695,7 +695,7 @@ downloads:
     - k8s-cluster
 
   cilium_operator:
-    enabled: "{{ kube_network_plugin == 'cilium' }}"
+    enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
     container: true
     repo: "{{ cilium_operator_image_repo }}"
     tag: "{{ cilium_operator_image_tag }}"
diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml
index c208839d37539e0dedd747134f428cddae737cb9..b5d1c04734a1e3d66a2a8c349e299a4ec21ed2ae 100644
--- a/roles/kubernetes-apps/network_plugin/meta/main.yml
+++ b/roles/kubernetes-apps/network_plugin/meta/main.yml
@@ -1,7 +1,7 @@
 ---
 dependencies:
   - role: kubernetes-apps/network_plugin/cilium
-    when: kube_network_plugin == 'cilium'
+    when: kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
     tags:
       - cilium
 
diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
index 8ae9922f93295a8e0d34010f356add074ae0a071..987a4643a54370dfe2834b7318c83ac394b559c7 100644
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -130,7 +130,7 @@
   assert:
     that: ansible_kernel.split('-')[0] is version('4.9.17', '>=')
   when:
-    - kube_network_plugin == 'cilium'
+    - kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
     - not ignore_assert_errors
 
 - name: Stop if bad hostname
diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml
index fa4361fb18bcde92a032def7ff129f396c732d4b..dce905deec1f5219123be4ec5d8b7a0d3f4b206a 100755
--- a/roles/network_plugin/cilium/defaults/main.yml
+++ b/roles/network_plugin/cilium/defaults/main.yml
@@ -33,3 +33,7 @@ cilium_monitor_aggregation: medium
 cilium_preallocate_bpf_maps: false
 cilium_tofqdns_enable_poller: false
 cilium_enable_legacy_services: false
+
+# Deploy cilium even if kube_network_plugin is not cilium.
+# This enables to deploy cilium alongside another CNI to replace kube-proxy.
+cilium_deploy_additionally: false
diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml
index 779bdfc5d8f0d96122851ee80e32fde7e05dc104..66b283e336045e5a0bb986ecdc397beeedce5bd5 100644
--- a/roles/network_plugin/meta/main.yml
+++ b/roles/network_plugin/meta/main.yml
@@ -1,7 +1,7 @@
 ---
 dependencies:
   - role: network_plugin/cilium
-    when: kube_network_plugin == 'cilium'
+    when: kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
     tags:
       - cilium