diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 97e93647ca2bd2373289525e2e22797ba30a0c6a..099d9993cbed14e02f0477fb0d9fa9892137d63a 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -41,7 +41,7 @@ vault_version: 0.8.1
 weave_version: 2.2.0
 pod_infra_version: 3.0
 contiv_version: 1.1.7
-cilium_version: "v1.0.0-rc7"
+cilium_version: "v1.0.0-rc8"
 
 # Download URLs
 istioctl_download_url: "https://storage.googleapis.com/istio-release/releases/{{ istio_version }}/istioctl/istioctl-linux"
diff --git a/roles/network_plugin/cilium/templates/cilium-cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium-cr.yml.j2
index 8eae0e8edb61a9cc3f3941e8cb0faf9512e26d55..11fd0108752328d011b3d65a393381ba19fc59c5 100755
--- a/roles/network_plugin/cilium/templates/cilium-cr.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-cr.yml.j2
@@ -54,9 +54,11 @@ rules:
   - get
   - list
   - watch
+  - update
 - apiGroups:
   - cilium.io
   resources:
   - ciliumnetworkpolicies
+  - ciliumendpoints
   verbs:
   - "*"
diff --git a/tests/files/gce_centos7-cilium.yml b/tests/files/gce_centos7-cilium.yml
index ca682f7ed91328d037a96c51e57f435e8c31a84a..ec46a213d65abcfbd0636138e05b6acd041533a9 100644
--- a/tests/files/gce_centos7-cilium.yml
+++ b/tests/files/gce_centos7-cilium.yml
@@ -7,5 +7,6 @@ mode: default
 # Deployment settings
 kube_network_plugin: cilium
 deploy_netchecker: true
+enable_network_policy: true
 kubedns_min_replicas: 1
 cloud_provider: gce
diff --git a/tests/files/gce_coreos-cilium.yml b/tests/files/gce_coreos-cilium.yml
index a090039700411f85b16ea4dacbd4e3cb7fb55a6c..1778929f09bf3289bf6becd867d432e4a159f4c5 100644
--- a/tests/files/gce_coreos-cilium.yml
+++ b/tests/files/gce_coreos-cilium.yml
@@ -9,5 +9,6 @@ kube_network_plugin: cilium
 bootstrap_os: coreos
 resolvconf_mode: host_resolvconf # this is required as long as the coreos stable channel uses docker < 1.12
 deploy_netchecker: true
+enable_network_policy: true
 kubedns_min_replicas: 1
 cloud_provider: gce
diff --git a/tests/files/gce_rhel7-cilium.yml b/tests/files/gce_rhel7-cilium.yml
index d67658a6c34ead1069d7b7a85cc04c7ca665ec5b..0994d0099968e866d51b514e3c5c3e1bff5ce709 100644
--- a/tests/files/gce_rhel7-cilium.yml
+++ b/tests/files/gce_rhel7-cilium.yml
@@ -6,5 +6,6 @@ mode: default
 # Deployment settings
 kube_network_plugin: cilium
 deploy_netchecker: true
+enable_network_policy: true
 kubedns_min_replicas: 1
 cloud_provider: gce
diff --git a/tests/files/gce_ubuntu-cilium-sep.yml b/tests/files/gce_ubuntu-cilium-sep.yml
index e7150a27ec5f48004e37d69a9833a7d5290df1ff..0c0647743922dee61e1914754fb618068edc942f 100644
--- a/tests/files/gce_ubuntu-cilium-sep.yml
+++ b/tests/files/gce_ubuntu-cilium-sep.yml
@@ -6,6 +6,7 @@ mode: separate
 # Deployment settings
 kube_network_plugin: cilium
 deploy_netchecker: true
+enable_network_policy: true
 kubedns_min_replicas: 1
 cloud_provider: gce