diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 97e93647..099d9993 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -41,7 +41,7 @@ vault_version: 0.8.1
 weave_version: 2.2.0
 pod_infra_version: 3.0
 contiv_version: 1.1.7
-cilium_version: "v1.0.0-rc7"
+cilium_version: "v1.0.0-rc8"
 
 # Download URLs
 istioctl_download_url: "https://storage.googleapis.com/istio-release/releases/{{ istio_version }}/istioctl/istioctl-linux"
diff --git a/roles/network_plugin/cilium/templates/cilium-cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium-cr.yml.j2
index 8eae0e8e..11fd0108 100755
--- a/roles/network_plugin/cilium/templates/cilium-cr.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-cr.yml.j2
@@ -54,9 +54,11 @@ rules:
   - get
   - list
   - watch
+  - update
 - apiGroups:
   - cilium.io
   resources:
   - ciliumnetworkpolicies
+  - ciliumendpoints
   verbs:
   - "*"
diff --git a/tests/files/gce_centos7-cilium.yml b/tests/files/gce_centos7-cilium.yml
index ca682f7e..ec46a213 100644
--- a/tests/files/gce_centos7-cilium.yml
+++ b/tests/files/gce_centos7-cilium.yml
@@ -7,5 +7,6 @@ mode: default
 # Deployment settings
 kube_network_plugin: cilium
 deploy_netchecker: true
+enable_network_policy: true
 kubedns_min_replicas: 1
 cloud_provider: gce
diff --git a/tests/files/gce_coreos-cilium.yml b/tests/files/gce_coreos-cilium.yml
index a0900397..1778929f 100644
--- a/tests/files/gce_coreos-cilium.yml
+++ b/tests/files/gce_coreos-cilium.yml
@@ -9,5 +9,6 @@ kube_network_plugin: cilium
 bootstrap_os: coreos
 resolvconf_mode: host_resolvconf # this is required as long as the coreos stable channel uses docker < 1.12
 deploy_netchecker: true
+enable_network_policy: true
 kubedns_min_replicas: 1
 cloud_provider: gce
diff --git a/tests/files/gce_rhel7-cilium.yml b/tests/files/gce_rhel7-cilium.yml
index d67658a6..0994d009 100644
--- a/tests/files/gce_rhel7-cilium.yml
+++ b/tests/files/gce_rhel7-cilium.yml
@@ -6,5 +6,6 @@ mode: default
 # Deployment settings
 kube_network_plugin: cilium
 deploy_netchecker: true
+enable_network_policy: true
 kubedns_min_replicas: 1
 cloud_provider: gce
diff --git a/tests/files/gce_ubuntu-cilium-sep.yml b/tests/files/gce_ubuntu-cilium-sep.yml
index e7150a27..0c064774 100644
--- a/tests/files/gce_ubuntu-cilium-sep.yml
+++ b/tests/files/gce_ubuntu-cilium-sep.yml
@@ -6,6 +6,7 @@ mode: separate
 # Deployment settings
 kube_network_plugin: cilium
 deploy_netchecker: true
+enable_network_policy: true
 kubedns_min_replicas: 1
 cloud_provider: gce