diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index a24c6173c..8b1159ba6 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -677,7 +677,7 @@ downloads:
     - k8s-cluster
 
   cilium:
-    enabled: "{{ kube_network_plugin == 'cilium' }}"
+    enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
     container: true
     repo: "{{ cilium_image_repo }}"
     tag: "{{ cilium_image_tag }}"
@@ -686,7 +686,7 @@ downloads:
     - k8s-cluster
 
   cilium_init:
-    enabled: "{{ kube_network_plugin == 'cilium' }}"
+    enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
     container: true
     repo: "{{ cilium_init_image_repo }}"
     tag: "{{ cilium_init_image_tag }}"
@@ -695,7 +695,7 @@ downloads:
     - k8s-cluster
 
   cilium_operator:
-    enabled: "{{ kube_network_plugin == 'cilium' }}"
+    enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
     container: true
     repo: "{{ cilium_operator_image_repo }}"
     tag: "{{ cilium_operator_image_tag }}"
diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml
index c208839d3..b5d1c0473 100644
--- a/roles/kubernetes-apps/network_plugin/meta/main.yml
+++ b/roles/kubernetes-apps/network_plugin/meta/main.yml
@@ -1,7 +1,7 @@
 ---
 dependencies:
   - role: kubernetes-apps/network_plugin/cilium
-    when: kube_network_plugin == 'cilium'
+    when: kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
     tags:
       - cilium
 
diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
index 8ae9922f9..987a4643a 100644
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -130,7 +130,7 @@
   assert:
     that: ansible_kernel.split('-')[0] is version('4.9.17', '>=')
   when:
-    - kube_network_plugin == 'cilium'
+    - kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
     - not ignore_assert_errors
 
 - name: Stop if bad hostname
diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml
index fa4361fb1..dce905dee 100755
--- a/roles/network_plugin/cilium/defaults/main.yml
+++ b/roles/network_plugin/cilium/defaults/main.yml
@@ -33,3 +33,7 @@ cilium_monitor_aggregation: medium
 cilium_preallocate_bpf_maps: false
 cilium_tofqdns_enable_poller: false
 cilium_enable_legacy_services: false
+
+# Deploy cilium even if kube_network_plugin is not cilium.
+# This enables to deploy cilium alongside another CNI to replace kube-proxy.
+cilium_deploy_additionally: false
diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml
index 779bdfc5d..66b283e33 100644
--- a/roles/network_plugin/meta/main.yml
+++ b/roles/network_plugin/meta/main.yml
@@ -1,7 +1,7 @@
 ---
 dependencies:
   - role: network_plugin/cilium
-    when: kube_network_plugin == 'cilium'
+    when: kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
     tags:
       - cilium