diff --git a/roles/network_plugin/cilium/templates/cilium-cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium-cr.yml.j2
index d9481b49f..2b16f1f86 100644
--- a/roles/network_plugin/cilium/templates/cilium-cr.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-cr.yml.j2
@@ -35,6 +35,9 @@ rules:
   - endpoints
   # to check apiserver connectivity
   - namespaces
+{% if cilium_version | regex_replace('v') is version('1.7', '<') %}
+  - componentstatuses
+{% endif %}
   verbs:
   - get
   - list
@@ -48,10 +51,12 @@ rules:
   - ciliumclusterwidenetworkpolicies/status
   - ciliumendpoints
   - ciliumendpoints/status
+{% if cilium_version | regex_replace('v') is version('1.6', '>=') %}
   - ciliumnodes
   - ciliumnodes/status
   - ciliumidentities
   - ciliumidentities/status
+{% endif %}
   verbs:
   - '*'
 ---
@@ -63,6 +68,9 @@ rules:
 - apiGroups:
   - networking.k8s.io
   resources:
+{% if cilium_version | regex_replace('v') is version('1.7', '<') %}
+  - ingresses
+{% endif %}
   - networkpolicies
   verbs:
   - get
@@ -83,10 +91,24 @@ rules:
   - services
   - nodes
   - endpoints
+{% if cilium_version | regex_replace('v') is version('1.7', '<') %}
+  - componentstatuses
+{% endif %}
   verbs:
   - get
   - list
   - watch
+{% if cilium_version | regex_replace('v') is version('1.7', '<') %}
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+{% endif %}
 - apiGroups:
   - ""
   resources:
@@ -119,13 +141,17 @@ rules:
   resources:
   - ciliumnetworkpolicies
   - ciliumnetworkpolicies/status
+{% if cilium_version | regex_replace('v') is version('1.7', '>=') %}
   - ciliumclusterwidenetworkpolicies
   - ciliumclusterwidenetworkpolicies/status
+{% endif %}
   - ciliumendpoints
   - ciliumendpoints/status
+{% if cilium_version | regex_replace('v') is version('1.6', '>=') %}
   - ciliumnodes
   - ciliumnodes/status
   - ciliumidentities
   - ciliumidentities/status
+{% endif %}
   verbs:
   - '*'