diff --git a/cli/Dockerfile b/cli/Dockerfile
index ace6b14a98f0802bb5deabdb52d937aeb7d7be1e..ff61c5b8c005ecff16090742c2aeffe2b8641c88 100644
--- a/cli/Dockerfile
+++ b/cli/Dockerfile
@@ -53,15 +53,6 @@ ENV SOPS_RELEASE=${SOPS_RELEASE}
 RUN curl -L https://github.com/mozilla/sops/releases/download/${SOPS_RELEASE}/sops-${SOPS_RELEASE}.linux > ./sops \
     && install -o root -g root -m 0755 sops /usr/local/bin/sops
 
-# Cilium CLI cache
-FROM docker.io/library/fedora:34 as cilium
-ARG CILIUM_RELEASE=latest
-ENV CILIUM_RELEASE=${CILIUM_RELEASE}
-
-RUN curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/${CILIUM_RELEASE}/download/cilium-linux-amd64.tar.gz{,.sha256sum} && \
-  sha256sum --check cilium-linux-amd64.tar.gz.sha256sum && \
-  tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
-
 # Actual start of container build
 FROM docker.io/library/fedora:34
 
@@ -101,14 +92,12 @@ COPY --from=hcloud /usr/local/bin/hcloud /usr/local/bin/hcloud
 COPY --from=helm /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=flux /usr/local/bin/flux /usr/local/bin/flux
 COPY --from=sops /usr/local/bin/sops /usr/local/bin/sops
-COPY --from=cilium /usr/local/bin/cilium /usr/local/bin/cilium
 
 RUN true \
     && echo "command -v flux >/dev/null && . <(flux completion bash)" >> /root/.bashrc \
     && echo "command -v kubectl >/dev/null && . <(kubectl completion bash)" >> /root/.bashrc \
     && echo "command -v helm >/dev/null && . <(helm completion bash)" >> /root/.bashrc \
     && echo "command -v hcloud >/dev/null && . <(hcloud completion bash)" >> /root/.bashrc \
-    && echo "command -v cilium >/dev/null && . <(cilium completion bash)" >> /root/.bashrc \
     && true
 
 # Create workspace
diff --git a/infrastructure/cilium/kustomization.yaml b/infrastructure/cilium/kustomization.yaml
deleted file mode 100644
index 7da405581f5d2452017bc318b2b1b1e5fd4e055d..0000000000000000000000000000000000000000
--- a/infrastructure/cilium/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: kube-system
-resources:
-  - repository.yaml
-  - release.yaml
diff --git a/infrastructure/cilium/release.yaml b/infrastructure/cilium/release.yaml
deleted file mode 100644
index 0725c9acded2cea2ee863e0c64af00eaf6eb7870..0000000000000000000000000000000000000000
--- a/infrastructure/cilium/release.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: cilium
-  namespace: kube-system
-spec:
-  releaseName: cilium
-  chart:
-    spec:
-      chart: cilium
-      sourceRef:
-        kind: HelmRepository
-        name: cilium
-      version: 1.10.4
-  interval: 5m
-  values:
-    l7Proxy: false
-    encryption:
-      enabled: true
-      type: wireguard
-    hubble:
-      relay:
-        enabled: false
-      ui:
-        enabled: false
-    prometheus:
-      enabled: true
-    operator:
-      prometheus:
-        enabled: true
diff --git a/infrastructure/cilium/repository.yaml b/infrastructure/cilium/repository.yaml
deleted file mode 100644
index 16b7b954066068ea5bd70d9fd0fa349ecfa93824..0000000000000000000000000000000000000000
--- a/infrastructure/cilium/repository.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: HelmRepository
-metadata:
-  name: cilium
-spec:
-  interval: 30m
-  url: https://helm.cilium.io/
diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml
index 6c97dbb921ac26fa918d74239c606d0a68f0de1c..8d3320ce61a30f8fd6d5a46290dace185f23a941 100644
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -1,7 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - cilium
   # kyverno
   - hcloud-csi
   - rook
diff --git a/terraform/firewall.tf b/terraform/firewall.tf
index 2bec9c95f03210815cd00d7ab6b00276202e0da7..39e8b028ebaaccd37281e4a13382634ad9529c1b 100644
--- a/terraform/firewall.tf
+++ b/terraform/firewall.tf
@@ -54,34 +54,6 @@ resource "hcloud_firewall" "k8s-node" {
       port            = "9000-9999"
       source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
   }
-  rule {
-    description     = "Prometheus operator metrics"
-    direction       = "in"
-    protocol        = "tcp"
-    port            = "8472"
-    source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
-  }
-  rule {
-    description     = "Cilium VXLAN"
-    direction       = "in"
-    protocol        = "udp"
-    port            = "8472"
-    source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
-  }
-  rule {
-    description     = "Cilium health checks"
-    direction       = "in"
-    protocol        = "tcp"
-    port            = "4240"
-    source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
-  }
-  rule {
-    description     = "Cilium Wireguard"
-    direction       = "in"
-    protocol        = "udp"
-    port            = "51871"
-    source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
-  }
 }