diff --git a/roles/network_plugin/cilium/tasks/check.yml b/roles/network_plugin/cilium/tasks/check.yml
index 7471fe36d..34bab4252 100644
--- a/roles/network_plugin/cilium/tasks/check.yml
+++ b/roles/network_plugin/cilium/tasks/check.yml
@@ -67,3 +67,19 @@
     that: "cilium_hubble_event_buffer_capacity in [1, 3, 7, 15, 31, 63, 127, 255, 511, 1023, 2047, 4095, 8191, 16383, 32767, 65535]"
     msg: "Error: cilium_hubble_event_buffer_capacity:{{ cilium_hubble_event_buffer_capacity }} is not a power of 2 minus 1 and it should be between 1 and 65535."
   when: cilium_hubble_event_buffer_capacity is defined
+
+# Cilium < 1.20 only supports Gateway API v1.4.1; v1.5+ standard channel drops
+# TLSRoute v1alpha2 (served=false) which makes cilium-operator CrashLoopBackOff.
+# Fix is in Cilium 1.20+ (cilium/cilium#45251) and will not be backported.
+- name: Stop if cilium_gateway_api_enabled is incompatible with the Gateway API CRD bundle
+  assert:
+    that:
+      - gateway_api_version is version('1.5.0', '<') or gateway_api_channel != 'standard'
+    msg: |
+      Cilium < 1.20 only supports Gateway API v1.4.1, see
+      https://docs.cilium.io/en/stable/network/servicemesh/gateway-api/gateway-api/.
+      Pin gateway_api_version: '1.4.1', or set gateway_api_channel: 'experimental'.
+  when:
+    - cilium_gateway_api_enabled
+    - gateway_api_enabled
+    - cilium_version is version('1.20.0', '<')