cilium is a Commodore component to manage the Cilium networkplugin.

See the parameters reference for further details on how to use the component to configure and deploy Cilium.

Metrics scraping

By default, the component enables the metrics endpoint for the Cilium agent. The component assumes that prometheus-operator will be present on the target cluster, and creates a ServiceMonitor resource for the agent metrics endpoint.

See the Cilium docs for available agent metrics.

Aggregated permissions

The component creates the following ClusterRoles which are aggregated to the cluster’s default ClusterRoles:

Name Resources Aggregated to




  • view

  • edit

  • admin



  • edit

  • admin


All resources in


This enables users to view[1] ciliumnetworkpolicy and ciliumendpoint resources in their namespaces. Users which have edit or admin permissions in a namespace, can additionally create, modify, and delete ciliumnetworkpolicy resources in that namespace. Finally, users which have cluster-reader permissions can view[1] at all resources in in all namespaces.

1. View permission grants RBAC verbs get, list and watch