Merge pull request #11890 from VannTen/download_graphql_checksums_2

Adapt checksums and versions to new hashes updater
2025-12-13 21:34:40 +03:00 · 2025-03-09 20:19:45 -07:00
parent 7c611890c3 299178e587
commit 5d7236ea5f
37 changed files with 1177 additions and 1476 deletions
--- a/README.md
+++ b/README.md
@@ -111,39 +111,39 @@ Note:
 <!-- BEGIN ANSIBLE MANAGED BLOCK -->

 - Core
-  - [kubernetes](https://github.com/kubernetes/kubernetes) v1.32.2
-  - [etcd](https://github.com/etcd-io/etcd) v3.5.16
-  - [docker](https://www.docker.com/) v26.1
-  - [containerd](https://containerd.io/) v2.0.3
-  - [cri-o](http://cri-o.io/) v1.32.0 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
+  - [kubernetes](https://github.com/kubernetes/kubernetes) 1.32.2
+  - [etcd](https://github.com/etcd-io/etcd) 3.5.16
+  - [docker](https://www.docker.com/) 26.1
+  - [containerd](https://containerd.io/) 2.0.3
+  - [cri-o](http://cri-o.io/) 1.32.0 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
 - Network Plugin
-  - [cni-plugins](https://github.com/containernetworking/plugins) v1.4.0
-  - [calico](https://github.com/projectcalico/calico) v3.29.2
-  - [cilium](https://github.com/cilium/cilium) v1.15.9
-  - [flannel](https://github.com/flannel-io/flannel) v0.22.0
-  - [kube-ovn](https://github.com/alauda/kube-ovn) v1.12.21
-  - [kube-router](https://github.com/cloudnativelabs/kube-router) v2.0.0
-  - [multus](https://github.com/k8snetworkplumbingwg/multus-cni) v4.1.0
-  - [weave](https://github.com/rajch/weave) v2.8.7
-  - [kube-vip](https://github.com/kube-vip/kube-vip) v0.8.0
+  - [cni-plugins](https://github.com/containernetworking/plugins) 1.4.0
+  - [calico](https://github.com/projectcalico/calico) 3.29.2
+  - [cilium](https://github.com/cilium/cilium) 1.15.9
+  - [flannel](https://github.com/flannel-io/flannel) 0.22.0
+  - [kube-ovn](https://github.com/alauda/kube-ovn) 1.12.21
+  - [kube-router](https://github.com/cloudnativelabs/kube-router) 2.0.0
+  - [multus](https://github.com/k8snetworkplumbingwg/multus-cni) 4.1.0
+  - [weave](https://github.com/rajch/weave) 2.8.7
+  - [kube-vip](https://github.com/kube-vip/kube-vip) 0.8.0
 - Application
-  - [cert-manager](https://github.com/jetstack/cert-manager) v1.15.3
-  - [coredns](https://github.com/coredns/coredns) v1.11.3
-  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.12.0
-  - [argocd](https://argoproj.github.io/) v2.11.0
-  - [helm](https://helm.sh/) v3.16.4
-  - [metallb](https://metallb.universe.tf/)  v0.13.9
-  - [registry](https://github.com/distribution/distribution) v2.8.1
+  - [cert-manager](https://github.com/jetstack/cert-manager) 1.15.3
+  - [coredns](https://github.com/coredns/coredns) 1.11.3
+  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) 1.12.0
+  - [argocd](https://argoproj.github.io/) 2.11.0
+  - [helm](https://helm.sh/) 3.16.4
+  - [metallb](https://metallb.universe.tf/) 0.13.9
+  - [registry](https://github.com/distribution/distribution) 2.8.1
 - Storage Plugin
-  - [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11
-  - [rbd-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.1-k8s1.11
-  - [aws-ebs-csi-plugin](https://github.com/kubernetes-sigs/aws-ebs-csi-driver) v0.5.0
-  - [azure-csi-plugin](https://github.com/kubernetes-sigs/azuredisk-csi-driver) v1.10.0
-  - [cinder-csi-plugin](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/cinder-csi-plugin/using-cinder-csi-plugin.md) v1.30.0
-  - [gcp-pd-csi-plugin](https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver) v1.9.2
-  - [local-path-provisioner](https://github.com/rancher/local-path-provisioner) v0.0.24
-  - [local-volume-provisioner](https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner) v2.5.0
-  - [node-feature-discovery](https://github.com/kubernetes-sigs/node-feature-discovery) v0.16.4
+  - [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) 2.1.0-k8s1.11
+  - [rbd-provisioner](https://github.com/kubernetes-incubator/external-storage) 2.1.1-k8s1.11
+  - [aws-ebs-csi-plugin](https://github.com/kubernetes-sigs/aws-ebs-csi-driver) 0.5.0
+  - [azure-csi-plugin](https://github.com/kubernetes-sigs/azuredisk-csi-driver) 1.10.0
+  - [cinder-csi-plugin](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/cinder-csi-plugin/using-cinder-csi-plugin.md) 1.30.0
+  - [gcp-pd-csi-plugin](https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver) 1.9.2
+  - [local-path-provisioner](https://github.com/rancher/local-path-provisioner) 0.0.24
+  - [local-volume-provisioner](https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner) 2.5.0
+  - [node-feature-discovery](https://github.com/kubernetes-sigs/node-feature-discovery) 0.16.4

 <!-- END ANSIBLE MANAGED BLOCK -->

--- a/roles/container-engine/cri-o/defaults/main.yml
+++ b/roles/container-engine/cri-o/defaults/main.yml
@@ -37,7 +37,7 @@ crio_signature_policy: "{% if ansible_os_family == 'ClearLinux' %}/usr/share/def

 crio_stream_port: "10010"

-crio_required_version: "{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"
+crio_required_version: "{{ kube_version | regex_replace('^(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"

 crio_root: "/var/lib/containers/storage"

--- a/roles/container-engine/cri-o/tasks/load_vars.yml
+++ b/roles/container-engine/cri-o/tasks/load_vars.yml
@@ -1,8 +1,8 @@
 ---
 - name: Cri-o | include vars/v1.29.yml
  include_vars: v1.29.yml
-  when: crio_version is version("v1.29.0", operator=">=")
+  when: crio_version is version("1.29.0", operator=">=")

 - name: Cri-o | include vars/v1.31.yml
  include_vars: v1.31.yml
-  when: crio_version is version("v1.31.0", operator=">=")
+  when: crio_version is version("1.31.0", operator=">=")
--- a/roles/container-engine/cri-o/tasks/reset.yml
+++ b/roles/container-engine/cri-o/tasks/reset.yml
@@ -19,7 +19,7 @@

 - name: CRI-O | Remove cri-o apt repo
  apt_repository:
-    repo: "deb {{ crio_download_crio }}{{ crio_version }}/{{ crio_kubic_debian_repo_name }}/ /"
+    repo: "deb {{ crio_download_crio }}v{{ crio_version }}/{{ crio_kubic_debian_repo_name }}/ /"
    state: absent
    filename: devel-kubic-libcontainers-stable-cri-o
  when: crio_kubic_debian_repo_name is defined
@@ -36,7 +36,7 @@

 - name: CRI-O | Remove CRI-O kubic yum repo
  yum_repository:
-    name: "devel_kubic_libcontainers_stable_cri-o_{{ crio_version }}"
+    name: "devel_kubic_libcontainers_stable_cri-o_v{{ crio_version }}"
    state: absent
  when:
    - ansible_os_family == "RedHat"
--- a/roles/container-engine/cri-o/templates/crio.conf.j2
+++ b/roles/container-engine/cri-o/templates/crio.conf.j2
@@ -374,7 +374,7 @@ enable_metrics = {{ crio_enable_metrics | bool | lower }}
 # The port on which the metrics server will listen.
 metrics_port = {{ crio_metrics_port }}

-{% if nri_enabled and crio_version is version('v1.26.0', operator='>=') %}
+{% if nri_enabled and crio_version is version('1.26.0', operator='>=') %}
 [crio.nri]

 enable_nri=true
--- a/roles/download/tasks/download_file.yml
+++ b/roles/download/tasks/download_file.yml
@@ -62,7 +62,7 @@
      dest: "{{ file_path_cached if download_force_cache else download.dest }}"
      owner: "{{ omit if download_localhost else (download.owner | default(omit)) }}"
      mode: "{{ omit if download_localhost else (download.mode | default(omit)) }}"
-      checksum: "{{ 'sha256:' + download.sha256 if download.sha256 else omit }}"
+      checksum: "{{ download.checksum }}"
      validate_certs: "{{ download_validate_certs }}"
      url_username: "{{ download.username | default(omit) }}"
      url_password: "{{ download.password | default(omit) }}"
--- a/roles/download/templates/kubeadm-images.yaml.j2
+++ b/roles/download/templates/kubeadm-images.yaml.j2
@@ -6,7 +6,7 @@ nodeRegistration:
 apiVersion: kubeadm.k8s.io/{{ kubeadm_config_api_version }}
 kind: ClusterConfiguration
 imageRepository: {{ kube_image_repo }}
-kubernetesVersion: {{ kube_version }}
+kubernetesVersion: v{{ kube_version }}
 etcd:
 {% if etcd_deployment_type == "kubeadm" %}
  local:
--- a/roles/etcd/tasks/install_host.yml
+++ b/roles/etcd/tasks/install_host.yml
@@ -3,6 +3,7 @@
  command: "{{ bin_dir }}/etcd --version"
  register: etcd_current_host_version
  # There's a chance this play could run before etcd is installed at all
+  # TODO: figure out whether this happens. "A chance" is not enough information
  ignore_errors: true
  when: etcd_cluster_setup

@@ -11,18 +12,18 @@
  notify: Restart etcd
  when:
    - etcd_cluster_setup
-    - etcd_version.lstrip('v') not in etcd_current_host_version.stdout | default('')
+    - etcd_version not in etcd_current_host_version.stdout | default('')

 - name: Restart etcd-events if necessary
  command: /bin/true
  notify: Restart etcd-events
  when:
    - etcd_events_cluster_setup
-    - etcd_version.lstrip('v') not in etcd_current_host_version.stdout | default('')
+    - etcd_version not in etcd_current_host_version.stdout | default('')

 - name: Install | Copy etcd binary from download dir
  copy:
-    src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
+    src: "{{ local_release_dir }}/etcd-v{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
    dest: "{{ bin_dir }}/{{ item }}"
    mode: "0755"
    remote_src: true
--- a/roles/etcdctl_etcdutl/tasks/main.yml
+++ b/roles/etcdctl_etcdutl/tasks/main.yml
@@ -29,7 +29,7 @@

 - name: Copy etcdctl and etcdutl binary from download dir
  copy:
-    src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
+    src: "{{ local_release_dir }}/etcd-v{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
    dest: "{{ bin_dir }}/{{ item }}"
    mode: "0755"
    remote_src: true
--- a/roles/kubernetes-apps/argocd/defaults/main.yml
+++ b/roles/kubernetes-apps/argocd/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 argocd_enabled: false
-argocd_version: v2.11.0
+argocd_version: 2.11.0
 argocd_namespace: argocd
 # argocd_admin_password:
-argocd_install_url: "https://raw.githubusercontent.com/argoproj/argo-cd/{{ argocd_version }}/manifests/install.yaml"
+argocd_install_url: "https://raw.githubusercontent.com/argoproj/argo-cd/v{{ argocd_version }}/manifests/install.yaml"
--- a/roles/kubernetes-apps/gateway_api/defaults/main.yml
+++ b/roles/kubernetes-apps/gateway_api/defaults/main.yml
@@ -1,4 +1,4 @@
 ---
 gateway_api_enabled: false
-gateway_api_version: v1.1.0
+gateway_api_version: 1.1.0
 gateway_api_experimental_channel: false
--- a/roles/kubernetes-apps/meta/main.yml
+++ b/roles/kubernetes-apps/meta/main.yml
@@ -121,7 +121,7 @@ dependencies:
  - role: kubernetes-apps/scheduler_plugins
    when:
      - scheduler_plugins_enabled
-      - kube_major_version is version('v1.29', '<')
+      - kube_major_version is version('1.29', '<')
      - inventory_hostname == groups['kube_control_plane'][0]
    tags:
      - scheduler_plugins
--- a/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2
+++ b/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2
@@ -1716,7 +1716,7 @@ spec:
          value: memberlist
        - name: METALLB_DEPLOYMENT
          value: controller
-        image: "{{ metallb_controller_image_repo }}:{{ metallb_version }}"
+        image: "{{ metallb_controller_image_repo }}:v{{ metallb_version }}"
        livenessProbe:
          failureThreshold: 3
          httpGet:
@@ -1824,7 +1824,7 @@ spec:
            secretKeyRef:
              key: secretkey
              name: memberlist
-        image: "{{ metallb_speaker_image_repo }}:{{ metallb_version }}"
+        image: "{{ metallb_speaker_image_repo }}:v{{ metallb_version }}"
        livenessProbe:
          failureThreshold: 3
          httpGet:
--- a/roles/kubernetes/control-plane/defaults/main/main.yml
+++ b/roles/kubernetes/control-plane/defaults/main/main.yml
@@ -110,11 +110,11 @@ kube_apiserver_admission_event_rate_limits: {}
 ## PodSecurityAdmission plugin configuration
 kube_pod_security_use_default: false
 kube_pod_security_default_enforce: baseline
-kube_pod_security_default_enforce_version: "{{ kube_major_version }}"
+kube_pod_security_default_enforce_version: "v{{ kube_major_version }}"
 kube_pod_security_default_audit: restricted
-kube_pod_security_default_audit_version: "{{ kube_major_version }}"
+kube_pod_security_default_audit_version: "v{{ kube_major_version }}"
 kube_pod_security_default_warn: restricted
-kube_pod_security_default_warn_version: "{{ kube_major_version }}"
+kube_pod_security_default_warn_version: "v{{ kube_major_version }}"
 kube_pod_security_exemptions_usernames: []
 kube_pod_security_exemptions_runtime_class_names: []
 kube_pod_security_exemptions_namespaces:
--- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
@@ -13,7 +13,7 @@
  command: >-
    timeout -k 600s 600s
    {{ bin_dir }}/kubeadm
-    upgrade apply -y {{ kube_version }}
+    upgrade apply -y v{{ kube_version }}
    --certificate-renewal={{ kubeadm_upgrade_auto_cert_renewal }}
    --ignore-preflight-errors={{ kubeadm_ignore_preflight_errors | join(',') }}
    --allow-experimental-upgrades
@@ -34,7 +34,7 @@
  command: >-
    timeout -k 600s 600s
    {{ bin_dir }}/kubeadm
-    upgrade apply -y {{ kube_version }}
+    upgrade apply -y v{{ kube_version }}
    --certificate-renewal={{ kubeadm_upgrade_auto_cert_renewal }}
    --ignore-preflight-errors={{ kubeadm_ignore_preflight_errors | join(',') }}
    --allow-experimental-upgrades
--- a/roles/kubernetes/control-plane/tasks/main.yml
+++ b/roles/kubernetes/control-plane/tasks/main.yml
@@ -25,7 +25,7 @@
    mode: "0640"
  vars:
    authz_config:
-      apiVersion: apiserver.config.k8s.io/{{ 'v1alpha1' if kube_version is version('v1.30.0', '<') else 'v1beta1' if kube_version is version('v1.32.0', '<') else 'v1' }}
+      apiVersion: apiserver.config.k8s.io/{{ 'v1alpha1' if kube_version is version('1.30.0', '<') else 'v1beta1' if kube_version is version('1.32.0', '<') else 'v1' }}
      kind: AuthorizationConfiguration
      authorizers: "{{ kube_apiserver_authorization_config_authorizers }}"
  when: kube_apiserver_use_authorization_config_file
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
@@ -104,7 +104,7 @@ featureGates:
  {{ feature | replace("=", ": ") }}
 {%   endfor %}
 {% endif %}
-kubernetesVersion: {{ kube_version }}
+kubernetesVersion: v{{ kube_version }}
 {% if kubeadm_config_api_fqdn is defined %}
 controlPlaneEndpoint: "{{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}"
 {% else %}
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2
@@ -116,7 +116,7 @@ featureGates:
  {{ feature | replace("=", ": ") }}
 {%   endfor %}
 {% endif %}
-kubernetesVersion: {{ kube_version }}
+kubernetesVersion: v{{ kube_version }}
 {% if kubeadm_config_api_fqdn is defined %}
 controlPlaneEndpoint: "{{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}"
 {% else %}
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -61,7 +61,7 @@ eviction_hard_control_plane: {}
 kubelet_status_update_frequency: 10s

 # kube-vip
-kube_vip_version: v0.8.0
+kube_vip_version: 0.8.0

 kube_vip_arp_enabled: false
 kube_vip_interface:
--- a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
@@ -1,4 +1,49 @@
 ---
+- name: Stop if some versions have a 'v' left at the start
+  # TODO: drop this task after 2.28.0 is released
+  # The 'not defined' tests are exception for applications which version in not defined
+  # in kubespray-defaults, only in their own roles.
+  assert:
+    msg: |
+      All version string used in kubespray have been normalized to not use a leading 'v'.
+      This check will be dropped in the next minor release.
+    that:
+      - argocd_version is not defined or not argocd_version.startswith('v')
+      - not aws_ebs_csi_plugin_version.startswith('v')
+      - not azure_csi_plugin_version.startswith('v')
+      - not calico_version.startswith('v')
+      - not calico_apiserver_version.startswith('v')
+      - not calico_ctl_version.startswith('v')
+      - not calico_typha_version.startswith('v')
+      - not cephfs_provisioner_version.startswith('v')
+      - not cert_manager_version.startswith('v')
+      - not cilium_cli_version.startswith('v')
+      - not cilium_version.startswith('v')
+      - not cinder_csi_plugin_version.startswith('v')
+      - not cni_version.startswith('v')
+      - not dnsautoscaler_version.startswith('v')
+      - not etcd_version.startswith('v')
+      - not flannel_cni_version.startswith('v')
+      - not flannel_version.startswith('v')
+      - gateway_api_version is not defined or not gateway_api_version.startswith('v')
+      - not gcp_pd_csi_plugin_version.startswith('v')
+      - not helm_version.startswith('v')
+      - not kube_ovn_version.startswith('v')
+      - not kube_router_version.startswith('v')
+      - not kube_version.startswith('v')
+      - kube_vip_version is not defined or not kube_vip_version.startswith('v')
+      - not local_path_provisioner_version.startswith('v')
+      - not local_volume_provisioner_version.startswith('v')
+      - not metallb_version.startswith('v')
+      - not metrics_server_version.startswith('v')
+      - not multus_version.startswith('v')
+      - not netcheck_version.startswith('v')
+      - not pod_infra_version.startswith('v')
+      - not rbd_provisioner_version.startswith('v')
+      - not runc_version.startswith('v')
+      - not skopeo_version.startswith('v')
+      - not yq_version.startswith('v')
+
 - name: Stop if any host not in '--limit' does not have a fact cache
  vars:
    uncached_hosts: "{{ hostvars | dict2items | selectattr('value.ansible_default_ipv6', 'undefined') | selectattr('value.ansible_default_ipv4', 'undefined') | map(attribute='key') }}"
--- a/roles/kubespray-defaults/defaults/main/checksums.yml
+++ b/roles/kubespray-defaults/defaults/main/checksums.yml
--- a/roles/kubespray-defaults/defaults/main/download.yml
+++ b/roles/kubespray-defaults/defaults/main/download.yml
@@ -108,55 +108,55 @@ calico_apiserver_version: "{{ calico_version }}"
 typha_enabled: false
 calico_apiserver_enabled: false

-flannel_version: "v0.22.0"
-flannel_cni_version: "v1.1.2"
+flannel_version: 0.22.0
+flannel_cni_version: 1.1.2
 weave_version: 2.8.7
 cni_version: "{{ (cni_binary_checksums['amd64'] | dict2items)[0].key }}"

-cilium_version: "v1.15.9"
+cilium_version: "1.15.9"
 cilium_cli_version: "{{ (ciliumcli_binary_checksums['amd64'] | dict2items)[0].key }}"
 cilium_enable_hubble: false

-kube_ovn_version: "v1.12.21"
-kube_ovn_dpdk_version: "19.11-{{ kube_ovn_version }}"
-kube_router_version: "v2.0.0"
-multus_version: "v4.1.0"
+kube_ovn_version: "1.12.21"
+kube_ovn_dpdk_version: "19.11-v{{ kube_ovn_version }}"
+kube_router_version: "2.0.0"
+multus_version: "4.1.0"
 helm_version: "{{ (helm_archive_checksums['amd64'] | dict2items)[0].key }}"
 nerdctl_version: "{{ (nerdctl_archive_checksums['amd64'] | dict2items)[0].key }}"
 skopeo_version: "{{ (skopeo_binary_checksums['amd64'] | dict2items)[0].key }}"

 # Get kubernetes major version (i.e. 1.17.4 => 1.17)
-kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}"
+kube_major_version: "{{ (kube_version | split('.'))[:-1] | join('.') }}"

 pod_infra_supported_versions:
-  v1.32: "3.10"
-  v1.31: "3.10"
-  v1.30: "3.9"
+  '1.32': '3.10'
+  '1.31': '3.10'
+  '1.30': '3.9'
 pod_infra_version: "{{ pod_infra_supported_versions[kube_major_version] }}"

 etcd_supported_versions:
-  v1.32: "v3.5.16"
-  v1.31: "v3.5.16"
-  v1.30: "v3.5.16"
+  '1.32': 3.5.16
+  '1.31': 3.5.16
+  '1.30': 3.5.16
 etcd_version: "{{ etcd_supported_versions[kube_major_version] }}"

 crictl_supported_versions:
-  v1.32: "v1.32.0"
-  v1.31: "v1.31.1"
-  v1.30: "v1.30.1"
+  '1.32': 1.32.0
+  '1.31': 1.31.1
+  '1.30': 1.30.1
 crictl_version: "{{ crictl_supported_versions[kube_major_version] }}"

 crio_supported_versions:
-  v1.32: v1.32.0
-  v1.31: v1.31.3
-  v1.30: v1.30.3
+  '1.32': 1.32.0
+  '1.31': 1.31.3
+  '1.30': 1.30.3
 crio_version: "{{ crio_supported_versions[kube_major_version] }}"

 # Scheduler plugins doesn't build for K8s 1.29 yet
 scheduler_plugins_supported_versions:
-  v1.31: 0
-  v1.30: 0
-  v1.29: 0
+  '1.31': 0
+  '1.30': 0
+  '1.29': 0
 scheduler_plugins_version: "{{ scheduler_plugins_supported_versions[kube_major_version] }}"

 yq_version: "{{ (yq_checksums['amd64'] | dict2items)[0].key }}"
@@ -167,18 +167,18 @@ storage_googleapis_url: https://storage.googleapis.com
 get_helm_url: https://get.helm.sh

 # Download URLs
-kubelet_download_url: "{{ dl_k8s_io_url }}/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubelet"
-kubectl_download_url: "{{ dl_k8s_io_url }}/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubectl"
-kubeadm_download_url: "{{ dl_k8s_io_url }}/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubeadm"
-etcd_download_url: "{{ github_url }}/etcd-io/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-{{ image_arch }}.tar.gz"
-cni_download_url: "{{ github_url }}/containernetworking/plugins/releases/download/{{ cni_version }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
-calicoctl_download_url: "{{ github_url }}/projectcalico/calico/releases/download/{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
-calico_crds_download_url: "{{ github_url }}/projectcalico/calico/archive/{{ calico_version }}.tar.gz"
-ciliumcli_download_url: "{{ github_url }}/cilium/cilium-cli/releases/download/{{ cilium_cli_version }}/cilium-linux-{{ image_arch }}.tar.gz"
-crictl_download_url: "{{ github_url }}/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
-crio_download_url: "{{ storage_googleapis_url }}/cri-o/artifacts/cri-o.{{ image_arch }}.{{ crio_version }}.tar.gz"
-helm_download_url: "{{ get_helm_url }}/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
-runc_download_url: "{{ github_url }}/opencontainers/runc/releases/download/{{ runc_version }}/runc.{{ image_arch }}"
+kubelet_download_url: "{{ dl_k8s_io_url }}/release/v{{ kube_version }}/bin/linux/{{ image_arch }}/kubelet"
+kubectl_download_url: "{{ dl_k8s_io_url }}/release/v{{ kube_version }}/bin/linux/{{ image_arch }}/kubectl"
+kubeadm_download_url: "{{ dl_k8s_io_url }}/release/v{{ kube_version }}/bin/linux/{{ image_arch }}/kubeadm"
+etcd_download_url: "{{ github_url }}/etcd-io/etcd/releases/download/v{{ etcd_version }}/etcd-v{{ etcd_version }}-linux-{{ image_arch }}.tar.gz"
+cni_download_url: "{{ github_url }}/containernetworking/plugins/releases/download/v{{ cni_version }}/cni-plugins-linux-{{ image_arch }}-v{{ cni_version }}.tgz"
+calicoctl_download_url: "{{ github_url }}/projectcalico/calico/releases/download/v{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
+calico_crds_download_url: "{{ github_url }}/projectcalico/calico/archive/v{{ calico_version }}.tar.gz"
+ciliumcli_download_url: "{{ github_url }}/cilium/cilium-cli/releases/download/v{{ cilium_cli_version }}/cilium-linux-{{ image_arch }}.tar.gz"
+crictl_download_url: "{{ github_url }}/kubernetes-sigs/cri-tools/releases/download/v{{ crictl_version }}/crictl-v{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
+crio_download_url: "{{ storage_googleapis_url }}/cri-o/artifacts/cri-o.{{ image_arch }}.v{{ crio_version }}.tar.gz"
+helm_download_url: "{{ get_helm_url }}/helm-v{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
+runc_download_url: "{{ github_url }}/opencontainers/runc/releases/download/v{{ runc_version }}/runc.{{ image_arch }}"
 crun_download_url: "{{ github_url }}/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
 youki_download_url: "{{ github_url }}/containers/youki/releases/download/v{{ youki_version }}/youki-{{ youki_version }}-{{ ansible_architecture }}-musl.tar.gz"
 kata_containers_download_url: "{{ github_url }}/kata-containers/kata-containers/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ image_arch }}.tar.xz"
@@ -188,8 +188,8 @@ gvisor_containerd_shim_runsc_download_url: "{{ storage_googleapis_url }}/gvisor/
 nerdctl_download_url: "{{ github_url }}/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
 containerd_download_url: "{{ github_url }}/containerd/containerd/releases/download/v{{ containerd_version }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz"
 cri_dockerd_download_url: "{{ github_url }}/Mirantis/cri-dockerd/releases/download/v{{ cri_dockerd_version }}/cri-dockerd-{{ cri_dockerd_version }}.{{ image_arch }}.tgz"
-skopeo_download_url: "{{ github_url }}/lework/skopeo-binary/releases/download/{{ skopeo_version }}/skopeo-linux-{{ image_arch }}"
-yq_download_url: "{{ github_url }}/mikefarah/yq/releases/download/{{ yq_version }}/yq_linux_{{ image_arch }}"
+skopeo_download_url: "{{ github_url }}/lework/skopeo-binary/releases/download/v{{ skopeo_version }}/skopeo-linux-{{ image_arch }}"
+yq_download_url: "{{ github_url }}/mikefarah/yq/releases/download/v{{ yq_version }}/yq_linux_{{ image_arch }}"

 etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch][etcd_version] }}"
 cni_binary_checksum: "{{ cni_binary_checksums[image_arch][cni_version] }}"
@@ -224,39 +224,39 @@ skopeo_binary_checksum: "{{ skopeo_binary_checksums[image_arch][skopeo_version]
 # And use --insecure-registry options for docker
 kube_proxy_image_repo: "{{ kube_image_repo }}/kube-proxy"
 etcd_image_repo: "{{ quay_image_repo }}/coreos/etcd"
-etcd_image_tag: "{{ etcd_version }}"
+etcd_image_tag: "v{{ etcd_version }}"
 flannel_image_repo: "{{ docker_image_repo }}/flannel/flannel"
-flannel_image_tag: "{{ flannel_version }}"
+flannel_image_tag: "v{{ flannel_version }}"
 flannel_init_image_repo: "{{ docker_image_repo }}/flannel/flannel-cni-plugin"
-flannel_init_image_tag: "{{ flannel_cni_version }}"
+flannel_init_image_tag: "v{{ flannel_cni_version }}"
 calico_node_image_repo: "{{ quay_image_repo }}/calico/node"
-calico_node_image_tag: "{{ calico_version }}"
+calico_node_image_tag: "v{{ calico_version }}"
 calico_cni_image_repo: "{{ quay_image_repo }}/calico/cni"
-calico_cni_image_tag: "{{ calico_cni_version }}"
+calico_cni_image_tag: "v{{ calico_cni_version }}"
 calico_policy_image_repo: "{{ quay_image_repo }}/calico/kube-controllers"
-calico_policy_image_tag: "{{ calico_policy_version }}"
+calico_policy_image_tag: "v{{ calico_policy_version }}"
 calico_typha_image_repo: "{{ quay_image_repo }}/calico/typha"
-calico_typha_image_tag: "{{ calico_typha_version }}"
+calico_typha_image_tag: "v{{ calico_typha_version }}"
 calico_apiserver_image_repo: "{{ quay_image_repo }}/calico/apiserver"
-calico_apiserver_image_tag: "{{ calico_apiserver_version }}"
+calico_apiserver_image_tag: "v{{ calico_apiserver_version }}"
 pod_infra_image_repo: "{{ kube_image_repo }}/pause"
 pod_infra_image_tag: "{{ pod_infra_version }}"
-netcheck_version: "v1.2.2"
+netcheck_version: "1.2.2"
 netcheck_agent_image_repo: "{{ docker_image_repo }}/mirantis/k8s-netchecker-agent"
-netcheck_agent_image_tag: "{{ netcheck_version }}"
+netcheck_agent_image_tag: "v{{ netcheck_version }}"
 netcheck_server_image_repo: "{{ docker_image_repo }}/mirantis/k8s-netchecker-server"
-netcheck_server_image_tag: "{{ netcheck_version }}"
+netcheck_server_image_tag: "v{{ netcheck_version }}"
 netcheck_etcd_image_tag: "v3.4.17"
 weave_kube_image_repo: "{{ docker_image_repo }}/rajchaudhuri/weave-kube"
 weave_kube_image_tag: "{{ weave_version }}"
 weave_npc_image_repo: "{{ docker_image_repo }}/rajchaudhuri/weave-npc"
 weave_npc_image_tag: "{{ weave_version }}"
 cilium_image_repo: "{{ quay_image_repo }}/cilium/cilium"
-cilium_image_tag: "{{ cilium_version }}"
+cilium_image_tag: "v{{ cilium_version }}"
 cilium_operator_image_repo: "{{ quay_image_repo }}/cilium/operator"
-cilium_operator_image_tag: "{{ cilium_version }}"
+cilium_operator_image_tag: "v{{ cilium_version }}"
 cilium_hubble_relay_image_repo: "{{ quay_image_repo }}/cilium/hubble-relay"
-cilium_hubble_relay_image_tag: "{{ cilium_version }}"
+cilium_hubble_relay_image_tag: "v{{ cilium_version }}"
 cilium_hubble_certgen_image_repo: "{{ quay_image_repo }}/cilium/certgen"
 cilium_hubble_certgen_image_tag: "v0.1.8"
 cilium_hubble_ui_image_repo: "{{ quay_image_repo }}/cilium/hubble-ui"
@@ -266,15 +266,15 @@ cilium_hubble_ui_backend_image_tag: "v0.11.0"
 cilium_hubble_envoy_image_repo: "{{ docker_image_repo }}/envoyproxy/envoy"
 cilium_hubble_envoy_image_tag: "v1.22.5"
 kube_ovn_container_image_repo: "{{ docker_image_repo }}/kubeovn/kube-ovn"
-kube_ovn_container_image_tag: "{{ kube_ovn_version }}"
+kube_ovn_container_image_tag: "v{{ kube_ovn_version }}"
 kube_ovn_vpc_container_image_repo: "{{ docker_image_repo }}/kubeovn/vpc-nat-gateway"
-kube_ovn_vpc_container_image_tag: "{{ kube_ovn_version }}"
+kube_ovn_vpc_container_image_tag: "v{{ kube_ovn_version }}"
 kube_ovn_dpdk_container_image_repo: "{{ docker_image_repo }}/kubeovn/kube-ovn-dpdk"
 kube_ovn_dpdk_container_image_tag: "{{ kube_ovn_dpdk_version }}"
 kube_router_image_repo: "{{ docker_image_repo }}/cloudnativelabs/kube-router"
-kube_router_image_tag: "{{ kube_router_version }}"
+kube_router_image_tag: "v{{ kube_router_version }}"
 multus_image_repo: "{{ github_image_repo }}/k8snetworkplumbingwg/multus-cni"
-multus_image_tag: "{{ multus_version }}"
+multus_image_tag: "v{{ multus_version }}"
 external_openstack_cloud_controller_image_repo: "{{ kube_image_repo }}/provider-os/openstack-cloud-controller-manager"
 external_openstack_cloud_controller_image_tag: "v1.31.1"

@@ -288,59 +288,57 @@ haproxy_image_tag: 3.1.3-alpine
 # Coredns version should be supported by corefile-migration (or at least work with)
 # bundle with kubeadm; if not 'basic' upgrade can sometimes fail

-coredns_version: "{{ 'v1.11.3' if (kube_version is version('v1.30.5', '>=')) else 'v1.11.1' }}"
-coredns_image_is_namespaced: "{{ (coredns_version is version('v1.7.1', '>=')) }}"
-
-coredns_image_repo: "{{ kube_image_repo }}{{ '/coredns/coredns' if (coredns_image_is_namespaced | bool) else '/coredns' }}"
-coredns_image_tag: "{{ coredns_version if (coredns_image_is_namespaced | bool) else (coredns_version | regex_replace('^v', '')) }}"
+coredns_version: "{{ '1.11.3' if (kube_version is version('1.30.5', '>=')) else '1.11.1' }}"
+coredns_image_repo: "{{ kube_image_repo }}{{ '/coredns' if coredns_version is version('1.7.1', '>=') else '' }}/coredns"
+coredns_image_tag: "{{ 'v' if coredns_version is version('1.7.1', '>=') else '' }}{{ coredns_version }}"

 nodelocaldns_version: "1.25.0"
 nodelocaldns_image_repo: "{{ kube_image_repo }}/dns/k8s-dns-node-cache"
 nodelocaldns_image_tag: "{{ nodelocaldns_version }}"

-dnsautoscaler_version: v1.8.8
+dnsautoscaler_version: 1.8.8
 dnsautoscaler_image_repo: "{{ kube_image_repo }}/cpa/cluster-proportional-autoscaler"
-dnsautoscaler_image_tag: "{{ dnsautoscaler_version }}"
+dnsautoscaler_image_tag: "v{{ dnsautoscaler_version }}"

 scheduler_plugins_controller_image_repo: "{{ kube_image_repo }}/scheduler-plugins/controller"
-scheduler_plugins_controller_image_tag: "{{ scheduler_plugins_version }}"
+scheduler_plugins_controller_image_tag: "v{{ scheduler_plugins_version }}"
 scheduler_plugins_scheduler_image_repo: "{{ kube_image_repo }}/scheduler-plugins/kube-scheduler"
-scheduler_plugins_scheduler_image_tag: "{{ scheduler_plugins_version }}"
+scheduler_plugins_scheduler_image_tag: "v{{ scheduler_plugins_version }}"

 registry_version: "2.8.1"
 registry_image_repo: "{{ docker_image_repo }}/library/registry"
 registry_image_tag: "{{ registry_version }}"
-metrics_server_version: "v0.7.0"
+metrics_server_version: "0.7.0"
 metrics_server_image_repo: "{{ kube_image_repo }}/metrics-server/metrics-server"
-metrics_server_image_tag: "{{ metrics_server_version }}"
-local_volume_provisioner_version: "v2.5.0"
+metrics_server_image_tag: "v{{ metrics_server_version }}"
+local_volume_provisioner_version: "2.5.0"
 local_volume_provisioner_image_repo: "{{ kube_image_repo }}/sig-storage/local-volume-provisioner"
-local_volume_provisioner_image_tag: "{{ local_volume_provisioner_version }}"
-cephfs_provisioner_version: "v2.1.0-k8s1.11"
+local_volume_provisioner_image_tag: "v{{ local_volume_provisioner_version }}"
+cephfs_provisioner_version: "2.1.0-k8s1.11"
 cephfs_provisioner_image_repo: "{{ quay_image_repo }}/external_storage/cephfs-provisioner"
-cephfs_provisioner_image_tag: "{{ cephfs_provisioner_version }}"
-rbd_provisioner_version: "v2.1.1-k8s1.11"
+cephfs_provisioner_image_tag: "v{{ cephfs_provisioner_version }}"
+rbd_provisioner_version: "2.1.1-k8s1.11"
 rbd_provisioner_image_repo: "{{ quay_image_repo }}/external_storage/rbd-provisioner"
-rbd_provisioner_image_tag: "{{ rbd_provisioner_version }}"
-local_path_provisioner_version: "v0.0.24"
+rbd_provisioner_image_tag: "v{{ rbd_provisioner_version }}"
+local_path_provisioner_version: "0.0.24"
 local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
-local_path_provisioner_image_tag: "{{ local_path_provisioner_version }}"
-ingress_nginx_version: "v1.12.0"
+local_path_provisioner_image_tag: "v{{ local_path_provisioner_version }}"
+ingress_nginx_version: "1.12.0"
 ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
 ingress_nginx_opentelemetry_image_repo: "{{ kube_image_repo }}/ingress-nginx/opentelemetry"
-ingress_nginx_controller_image_tag: "{{ ingress_nginx_version }}"
+ingress_nginx_controller_image_tag: "v{{ ingress_nginx_version }}"
 ingress_nginx_opentelemetry_image_tag: "v20230721-3e2062ee5"
 ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen"
 ingress_nginx_kube_webhook_certgen_image_tag: "v1.5.0"
 alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
 alb_ingress_image_tag: "v1.1.9"
-cert_manager_version: "v1.15.3"
+cert_manager_version: "1.15.3"
 cert_manager_controller_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-controller"
-cert_manager_controller_image_tag: "{{ cert_manager_version }}"
+cert_manager_controller_image_tag: "v{{ cert_manager_version }}"
 cert_manager_cainjector_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-cainjector"
-cert_manager_cainjector_image_tag: "{{ cert_manager_version }}"
+cert_manager_cainjector_image_tag: "v{{ cert_manager_version }}"
 cert_manager_webhook_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-webhook"
-cert_manager_webhook_image_tag: "{{ cert_manager_version }}"
+cert_manager_webhook_image_tag: "v{{ cert_manager_version }}"

 csi_attacher_image_repo: "{{ kube_image_repo }}/sig-storage/csi-attacher"
 csi_attacher_image_tag: "v3.3.0"
@@ -356,23 +354,23 @@ csi_livenessprobe_image_repo: "{{ kube_image_repo }}/sig-storage/livenessprobe"
 csi_livenessprobe_image_tag: "v2.5.0"

 snapshot_controller_supported_versions:
-  v1.32: "v7.0.2"
-  v1.31: "v7.0.2"
-  v1.30: "v7.0.2"
+  '1.32': "v7.0.2"
+  '1.31': "v7.0.2"
+  '1.30': "v7.0.2"
 snapshot_controller_image_repo: "{{ kube_image_repo }}/sig-storage/snapshot-controller"
 snapshot_controller_image_tag: "{{ snapshot_controller_supported_versions[kube_major_version] }}"

-cinder_csi_plugin_version: "v1.30.0"
+cinder_csi_plugin_version: "1.30.0"
 cinder_csi_plugin_image_repo: "{{ kube_image_repo }}/provider-os/cinder-csi-plugin"
-cinder_csi_plugin_image_tag: "{{ cinder_csi_plugin_version }}"
+cinder_csi_plugin_image_tag: "v{{ cinder_csi_plugin_version }}"

-aws_ebs_csi_plugin_version: "v0.5.0"
+aws_ebs_csi_plugin_version: "0.5.0"
 aws_ebs_csi_plugin_image_repo: "{{ docker_image_repo }}/amazon/aws-ebs-csi-driver"
-aws_ebs_csi_plugin_image_tag: "{{ aws_ebs_csi_plugin_version }}"
+aws_ebs_csi_plugin_image_tag: "v{{ aws_ebs_csi_plugin_version }}"

-gcp_pd_csi_plugin_version: "v1.9.2"
+gcp_pd_csi_plugin_version: "1.9.2"
 gcp_pd_csi_plugin_image_repo: "{{ kube_image_repo }}/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver"
-gcp_pd_csi_plugin_image_tag: "{{ gcp_pd_csi_plugin_version }}"
+gcp_pd_csi_plugin_image_tag: "v{{ gcp_pd_csi_plugin_version }}"

 azure_csi_image_repo: "mcr.microsoft.com/oss/kubernetes-csi"
 azure_csi_provisioner_image_tag: "v2.2.2"
@@ -381,9 +379,9 @@ azure_csi_resizer_image_tag: "v1.3.0"
 azure_csi_livenessprobe_image_tag: "v2.5.0"
 azure_csi_node_registrar_image_tag: "v2.4.0"
 azure_csi_snapshotter_image_tag: "v3.0.3"
-azure_csi_plugin_version: "v1.10.0"
+azure_csi_plugin_version: "1.10.0"
 azure_csi_plugin_image_repo: "mcr.microsoft.com/k8s/csi"
-azure_csi_plugin_image_tag: "{{ azure_csi_plugin_version }}"
+azure_csi_plugin_image_tag: "v{{ azure_csi_plugin_version }}"

 gcp_pd_csi_image_repo: "gke.gcr.io"
 gcp_pd_csi_driver_image_tag: "v0.7.0-gke.0"
@@ -399,11 +397,11 @@ dashboard_metrics_scraper_tag: "v1.0.8"

 metallb_speaker_image_repo: "{{ quay_image_repo }}/metallb/speaker"
 metallb_controller_image_repo: "{{ quay_image_repo }}/metallb/controller"
-metallb_version: v0.13.9
+metallb_version: 0.13.9

-node_feature_discovery_version: v0.16.4
+node_feature_discovery_version: 0.16.4
 node_feature_discovery_image_repo: "{{ kube_image_repo }}/nfd/node-feature-discovery"
-node_feature_discovery_image_tag: "{{ node_feature_discovery_version }}"
+node_feature_discovery_image_tag: "v{{ node_feature_discovery_version }}"

 downloads:
  netcheck_server:
@@ -411,7 +409,7 @@ downloads:
    container: true
    repo: "{{ netcheck_server_image_repo }}"
    tag: "{{ netcheck_server_image_tag }}"
-    sha256: "{{ netcheck_server_digest_checksum | default(None) }}"
+    checksum: "{{ netcheck_server_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -420,7 +418,7 @@ downloads:
    container: true
    repo: "{{ netcheck_agent_image_repo }}"
    tag: "{{ netcheck_agent_image_tag }}"
-    sha256: "{{ netcheck_agent_digest_checksum | default(None) }}"
+    checksum: "{{ netcheck_agent_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -428,11 +426,10 @@ downloads:
    container: "{{ etcd_deployment_type != 'host' }}"
    file: "{{ etcd_deployment_type == 'host' }}"
    enabled: true
-    version: "{{ etcd_version }}"
    dest: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ image_arch }}.tar.gz"
    repo: "{{ etcd_image_repo }}"
    tag: "{{ etcd_image_tag }}"
-    sha256: >-
+    checksum: >-
      {{ etcd_binary_checksum if (etcd_deployment_type == 'host')
      else etcd_digest_checksum | d(None) }}
    url: "{{ etcd_download_url }}"
@@ -445,9 +442,8 @@ downloads:
  cni:
    enabled: true
    file: true
-    version: "{{ cni_version }}"
    dest: "{{ local_release_dir }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
-    sha256: "{{ cni_binary_checksum }}"
+    checksum: "{{ cni_binary_checksum }}"
    url: "{{ cni_download_url }}"
    unarchive: false
    owner: "root"
@@ -458,9 +454,8 @@ downloads:
  kubeadm:
    enabled: true
    file: true
-    version: "{{ kube_version }}"
    dest: "{{ local_release_dir }}/kubeadm-{{ kube_version }}-{{ image_arch }}"
-    sha256: "{{ kubeadm_binary_checksum }}"
+    checksum: "{{ kubeadm_binary_checksum }}"
    url: "{{ kubeadm_download_url }}"
    unarchive: false
    owner: "root"
@@ -471,9 +466,8 @@ downloads:
  kubelet:
    enabled: true
    file: true
-    version: "{{ kube_version }}"
    dest: "{{ local_release_dir }}/kubelet-{{ kube_version }}-{{ image_arch }}"
-    sha256: "{{ kubelet_binary_checksum }}"
+    checksum: "{{ kubelet_binary_checksum }}"
    url: "{{ kubelet_download_url }}"
    unarchive: false
    owner: "root"
@@ -484,9 +478,8 @@ downloads:
  kubectl:
    enabled: true
    file: true
-    version: "{{ kube_version }}"
    dest: "{{ local_release_dir }}/kubectl-{{ kube_version }}-{{ image_arch }}"
-    sha256: "{{ kubectl_binary_checksum }}"
+    checksum: "{{ kubectl_binary_checksum }}"
    url: "{{ kubectl_download_url }}"
    unarchive: false
    owner: "root"
@@ -497,9 +490,8 @@ downloads:
  crictl:
    file: true
    enabled: true
-    version: "{{ crictl_version }}"
    dest: "{{ local_release_dir }}/crictl-{{ crictl_version }}-linux-{{ image_arch }}.tar.gz"
-    sha256: "{{ crictl_binary_checksum }}"
+    checksum: "{{ crictl_binary_checksum }}"
    url: "{{ crictl_download_url }}"
    unarchive: true
    owner: "root"
@@ -510,9 +502,8 @@ downloads:
  crio:
    file: true
    enabled: "{{ container_manager == 'crio' }}"
-    version: "{{ crio_version }}"
    dest: "{{ local_release_dir }}/cri-o.{{ image_arch }}.{{ crio_version }}.tar.gz"
-    sha256: "{{ crio_archive_checksum }}"
+    checksum: "{{ crio_archive_checksum }}"
    url: "{{ crio_download_url }}"
    unarchive: true
    owner: "root"
@@ -523,9 +514,8 @@ downloads:
  cri_dockerd:
    file: true
    enabled: "{{ container_manager == 'docker' }}"
-    version: "{{ cri_dockerd_version }}"
    dest: "{{ local_release_dir }}/cri-dockerd-{{ cri_dockerd_version }}.{{ image_arch }}.tar.gz"
-    sha256: "{{ cri_dockerd_archive_checksum }}"
+    checksum: "{{ cri_dockerd_archive_checksum }}"
    url: "{{ cri_dockerd_download_url }}"
    unarchive: true
    unarchive_extra_opts:
@@ -538,9 +528,8 @@ downloads:
  crun:
    file: true
    enabled: "{{ crun_enabled }}"
-    version: "{{ crun_version }}"
    dest: "{{ local_release_dir }}/crun-{{ crun_version }}-{{ image_arch }}"
-    sha256: "{{ crun_binary_checksum }}"
+    checksum: "{{ crun_binary_checksum }}"
    url: "{{ crun_download_url }}"
    unarchive: false
    owner: "root"
@@ -551,9 +540,8 @@ downloads:
  youki:
    file: true
    enabled: "{{ youki_enabled }}"
-    version: "{{ youki_version }}"
    dest: "{{ local_release_dir }}/youki-{{ youki_version }}-{{ ansible_architecture }}.tar.gz"
-    sha256: "{{ youki_archive_checksum }}"
+    checksum: "{{ youki_archive_checksum }}"
    url: "{{ youki_download_url }}"
    unarchive: true
    owner: "root"
@@ -564,9 +552,8 @@ downloads:
  runc:
    file: true
    enabled: "{{ container_manager == 'containerd' }}"
-    version: "{{ runc_version }}"
    dest: "{{ local_release_dir }}/runc-{{ runc_version }}.{{ image_arch }}"
-    sha256: "{{ runc_binary_checksum }}"
+    checksum: "{{ runc_binary_checksum }}"
    url: "{{ runc_download_url }}"
    unarchive: false
    owner: "root"
@@ -577,9 +564,8 @@ downloads:
  kata_containers:
    enabled: "{{ kata_containers_enabled }}"
    file: true
-    version: "{{ kata_containers_version }}"
    dest: "{{ local_release_dir }}/kata-static-{{ kata_containers_version }}-{{ image_arch }}.tar.xz"
-    sha256: "{{ kata_containers_binary_checksum }}"
+    checksum: "{{ kata_containers_binary_checksum }}"
    url: "{{ kata_containers_download_url }}"
    unarchive: false
    owner: "root"
@@ -590,9 +576,8 @@ downloads:
  containerd:
    enabled: "{{ container_manager == 'containerd' }}"
    file: true
-    version: "{{ containerd_version }}"
    dest: "{{ local_release_dir }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz"
-    sha256: "{{ containerd_archive_checksum }}"
+    checksum: "{{ containerd_archive_checksum }}"
    url: "{{ containerd_download_url }}"
    unarchive: false
    owner: "root"
@@ -603,9 +588,8 @@ downloads:
  gvisor_runsc:
    enabled: "{{ gvisor_enabled }}"
    file: true
-    version: "{{ gvisor_version }}"
    dest: "{{ local_release_dir }}/gvisor-runsc-{{ gvisor_version }}-{{ ansible_architecture }}"
-    sha256: "{{ gvisor_runsc_binary_checksum }}"
+    checksum: "{{ gvisor_runsc_binary_checksum }}"
    url: "{{ gvisor_runsc_download_url }}"
    unarchive: false
    owner: "root"
@@ -616,9 +600,8 @@ downloads:
  gvisor_containerd_shim:
    enabled: "{{ gvisor_enabled }}"
    file: true
-    version: "{{ gvisor_version }}"
    dest: "{{ local_release_dir }}/gvisor-containerd-shim-runsc-v1-{{ gvisor_version }}-{{ ansible_architecture }}"
-    sha256: "{{ gvisor_containerd_shim_binary_checksum }}"
+    checksum: "{{ gvisor_containerd_shim_binary_checksum }}"
    url: "{{ gvisor_containerd_shim_runsc_download_url }}"
    unarchive: false
    owner: "root"
@@ -629,9 +612,8 @@ downloads:
  nerdctl:
    file: true
    enabled: "{{ container_manager == 'containerd' }}"
-    version: "{{ nerdctl_version }}"
    dest: "{{ local_release_dir }}/nerdctl-{{ nerdctl_version }}-linux-{{ image_arch }}.tar.gz"
-    sha256: "{{ nerdctl_archive_checksum }}"
+    checksum: "{{ nerdctl_archive_checksum }}"
    url: "{{ nerdctl_download_url }}"
    unarchive: true
    owner: "root"
@@ -642,9 +624,8 @@ downloads:
  skopeo:
    file: true
    enabled: "{{ container_manager == 'crio' }}"
-    version: "{{ skopeo_version }}"
    dest: "{{ local_release_dir }}/skopeo-{{ skopeo_version }}-{{ image_arch }}"
-    sha256: "{{ skopeo_binary_checksum }}"
+    checksum: "{{ skopeo_binary_checksum }}"
    url: "{{ skopeo_download_url }}"
    unarchive: false
    owner: "root"
@@ -657,7 +638,7 @@ downloads:
    container: true
    repo: "{{ cilium_image_repo }}"
    tag: "{{ cilium_image_tag }}"
-    sha256: "{{ cilium_digest_checksum | default(None) }}"
+    checksum: "{{ cilium_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -666,7 +647,7 @@ downloads:
    container: true
    repo: "{{ cilium_operator_image_repo }}"
    tag: "{{ cilium_operator_image_tag }}"
-    sha256: "{{ cilium_operator_digest_checksum | default(None) }}"
+    checksum: "{{ cilium_operator_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -675,7 +656,7 @@ downloads:
    container: true
    repo: "{{ cilium_hubble_relay_image_repo }}"
    tag: "{{ cilium_hubble_relay_image_tag }}"
-    sha256: "{{ cilium_hubble_relay_digest_checksum | default(None) }}"
+    checksum: "{{ cilium_hubble_relay_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -684,7 +665,7 @@ downloads:
    container: true
    repo: "{{ cilium_hubble_certgen_image_repo }}"
    tag: "{{ cilium_hubble_certgen_image_tag }}"
-    sha256: "{{ cilium_hubble_certgen_digest_checksum | default(None) }}"
+    checksum: "{{ cilium_hubble_certgen_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -693,7 +674,7 @@ downloads:
    container: true
    repo: "{{ cilium_hubble_ui_image_repo }}"
    tag: "{{ cilium_hubble_ui_image_tag }}"
-    sha256: "{{ cilium_hubble_ui_digest_checksum | default(None) }}"
+    checksum: "{{ cilium_hubble_ui_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -702,7 +683,7 @@ downloads:
    container: true
    repo: "{{ cilium_hubble_ui_backend_image_repo }}"
    tag: "{{ cilium_hubble_ui_backend_image_tag }}"
-    sha256: "{{ cilium_hubble_ui_backend_digest_checksum | default(None) }}"
+    checksum: "{{ cilium_hubble_ui_backend_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -711,16 +692,15 @@ downloads:
    container: true
    repo: "{{ cilium_hubble_envoy_image_repo }}"
    tag: "{{ cilium_hubble_envoy_image_tag }}"
-    sha256: "{{ cilium_hubble_envoy_digest_checksum | default(None) }}"
+    checksum: "{{ cilium_hubble_envoy_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

  ciliumcli:
    enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
    file: true
-    version: "{{ cilium_cli_version }}"
    dest: "{{ local_release_dir }}/cilium-{{ cilium_cli_version }}-{{ image_arch }}.tar.gz"
-    sha256: "{{ ciliumcli_binary_checksum }}"
+    checksum: "{{ ciliumcli_binary_checksum }}"
    url: "{{ ciliumcli_download_url }}"
    unarchive: true
    owner: "root"
@@ -733,7 +713,7 @@ downloads:
    container: true
    repo: "{{ multus_image_repo }}"
    tag: "{{ multus_image_tag }}"
-    sha256: "{{ multus_digest_checksum | default(None) }}"
+    checksum: "{{ multus_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -742,7 +722,7 @@ downloads:
    container: true
    repo: "{{ flannel_image_repo }}"
    tag: "{{ flannel_image_tag }}"
-    sha256: "{{ flannel_digest_checksum | default(None) }}"
+    checksum: "{{ flannel_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -751,16 +731,15 @@ downloads:
    container: true
    repo: "{{ flannel_init_image_repo }}"
    tag: "{{ flannel_init_image_tag }}"
-    sha256: "{{ flannel_init_digest_checksum | default(None) }}"
+    checksum: "{{ flannel_init_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

  calicoctl:
    enabled: "{{ kube_network_plugin == 'calico' }}"
    file: true
-    version: "{{ calico_ctl_version }}"
    dest: "{{ local_release_dir }}/calicoctl-{{ calico_ctl_version }}-{{ image_arch }}"
-    sha256: "{{ calicoctl_binary_checksum }}"
+    checksum: "{{ calicoctl_binary_checksum }}"
    url: "{{ calicoctl_download_url }}"
    unarchive: false
    owner: "root"
@@ -773,7 +752,7 @@ downloads:
    container: true
    repo: "{{ calico_node_image_repo }}"
    tag: "{{ calico_node_image_tag }}"
-    sha256: "{{ calico_node_digest_checksum | default(None) }}"
+    checksum: "{{ calico_node_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -782,7 +761,7 @@ downloads:
    container: true
    repo: "{{ calico_cni_image_repo }}"
    tag: "{{ calico_cni_image_tag }}"
-    sha256: "{{ calico_cni_digest_checksum | default(None) }}"
+    checksum: "{{ calico_cni_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -791,7 +770,7 @@ downloads:
    container: true
    repo: "{{ calico_policy_image_repo }}"
    tag: "{{ calico_policy_image_tag }}"
-    sha256: "{{ calico_policy_digest_checksum | default(None) }}"
+    checksum: "{{ calico_policy_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -800,7 +779,7 @@ downloads:
    container: true
    repo: "{{ calico_typha_image_repo }}"
    tag: "{{ calico_typha_image_tag }}"
-    sha256: "{{ calico_typha_digest_checksum | default(None) }}"
+    checksum: "{{ calico_typha_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -809,22 +788,21 @@ downloads:
    container: true
    repo: "{{ calico_apiserver_image_repo }}"
    tag: "{{ calico_apiserver_image_tag }}"
-    sha256: "{{ calico_apiserver_digest_checksum | default(None) }}"
+    checksum: "{{ calico_apiserver_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

  calico_crds:
    file: true
    enabled: "{{ kube_network_plugin == 'calico' and calico_datastore == 'kdd' }}"
-    version: "{{ calico_version }}"
    dest: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/{{ calico_version }}.tar.gz"
-    sha256: "{{ calico_crds_archive_checksum }}"
+    checksum: "{{ calico_crds_archive_checksum }}"
    url: "{{ calico_crds_download_url }}"
    unarchive: true
    unarchive_extra_opts:
-      - "{{ '--strip=6' if (calico_version is version('v3.22.3', '<')) else '--strip=3' }}"
+      - "{{ '--strip=6' if (calico_version is version('3.22.3', '<')) else '--strip=3' }}"
      - "--wildcards"
-      - "{{ '*/_includes/charts/calico/crds/kdd/' if (calico_version is version('v3.22.3', '<')) else '*/libcalico-go/config/crd/' }}"
+      - "{{ '*/_includes/charts/calico/crds/kdd/' if (calico_version is version('3.22.3', '<')) else '*/libcalico-go/config/crd/' }}"
    owner: "root"
    mode: "0755"
    groups:
@@ -835,7 +813,7 @@ downloads:
    container: true
    repo: "{{ weave_kube_image_repo }}"
    tag: "{{ weave_kube_image_tag }}"
-    sha256: "{{ weave_kube_digest_checksum | default(None) }}"
+    checksum: "{{ weave_kube_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -844,7 +822,7 @@ downloads:
    container: true
    repo: "{{ weave_npc_image_repo }}"
    tag: "{{ weave_npc_image_tag }}"
-    sha256: "{{ weave_npc_digest_checksum | default(None) }}"
+    checksum: "{{ weave_npc_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -853,7 +831,7 @@ downloads:
    container: true
    repo: "{{ kube_ovn_container_image_repo }}"
    tag: "{{ kube_ovn_container_image_tag }}"
-    sha256: "{{ kube_ovn_digest_checksum | default(None) }}"
+    checksum: "{{ kube_ovn_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -862,7 +840,7 @@ downloads:
    container: true
    repo: "{{ kube_router_image_repo }}"
    tag: "{{ kube_router_image_tag }}"
-    sha256: "{{ kube_router_digest_checksum | default(None) }}"
+    checksum: "{{ kube_router_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -871,7 +849,7 @@ downloads:
    container: true
    repo: "{{ pod_infra_image_repo }}"
    tag: "{{ pod_infra_image_tag }}"
-    sha256: "{{ pod_infra_digest_checksum | default(None) }}"
+    checksum: "{{ pod_infra_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -880,7 +858,7 @@ downloads:
    container: true
    repo: "{{ kube_vip_image_repo }}"
    tag: "{{ kube_vip_image_tag }}"
-    sha256: "{{ kube_vip_digest_checksum | default(None) }}"
+    checksum: "{{ kube_vip_digest_checksum | default(None) }}"
    groups:
      - kube_control_plane

@@ -889,7 +867,7 @@ downloads:
    container: true
    repo: "{{ nginx_image_repo }}"
    tag: "{{ nginx_image_tag }}"
-    sha256: "{{ nginx_digest_checksum | default(None) }}"
+    checksum: "{{ nginx_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -898,7 +876,7 @@ downloads:
    container: true
    repo: "{{ haproxy_image_repo }}"
    tag: "{{ haproxy_image_tag }}"
-    sha256: "{{ haproxy_digest_checksum | default(None) }}"
+    checksum: "{{ haproxy_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -907,7 +885,7 @@ downloads:
    container: true
    repo: "{{ coredns_image_repo }}"
    tag: "{{ coredns_image_tag }}"
-    sha256: "{{ coredns_digest_checksum | default(None) }}"
+    checksum: "{{ coredns_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -916,7 +894,7 @@ downloads:
    container: true
    repo: "{{ nodelocaldns_image_repo }}"
    tag: "{{ nodelocaldns_image_tag }}"
-    sha256: "{{ nodelocaldns_digest_checksum | default(None) }}"
+    checksum: "{{ nodelocaldns_digest_checksum | default(None) }}"
    groups:
      - k8s_cluster

@@ -925,16 +903,15 @@ downloads:
    container: true
    repo: "{{ dnsautoscaler_image_repo }}"
    tag: "{{ dnsautoscaler_image_tag }}"
-    sha256: "{{ dnsautoscaler_digest_checksum | default(None) }}"
+    checksum: "{{ dnsautoscaler_digest_checksum | default(None) }}"
    groups:
      - kube_control_plane

  helm:
    enabled: "{{ helm_enabled }}"
    file: true
-    version: "{{ helm_version }}"
    dest: "{{ local_release_dir }}/helm-{{ helm_version }}/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
-    sha256: "{{ helm_archive_checksum }}"
+    checksum: "{{ helm_archive_checksum }}"
    url: "{{ helm_download_url }}"
    unarchive: true
    owner: "root"
@@ -947,7 +924,7 @@ downloads:
    container: true
    repo: "{{ registry_image_repo }}"
    tag: "{{ registry_image_tag }}"
-    sha256: "{{ registry_digest_checksum | default(None) }}"
+    checksum: "{{ registry_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -956,7 +933,7 @@ downloads:
    container: true
    repo: "{{ metrics_server_image_repo }}"
    tag: "{{ metrics_server_image_tag }}"
-    sha256: "{{ metrics_server_digest_checksum | default(None) }}"
+    checksum: "{{ metrics_server_digest_checksum | default(None) }}"
    groups:
      - kube_control_plane

@@ -965,7 +942,7 @@ downloads:
    container: true
    repo: "{{ local_volume_provisioner_image_repo }}"
    tag: "{{ local_volume_provisioner_image_tag }}"
-    sha256: "{{ local_volume_provisioner_digest_checksum | default(None) }}"
+    checksum: "{{ local_volume_provisioner_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -974,7 +951,7 @@ downloads:
    container: true
    repo: "{{ cephfs_provisioner_image_repo }}"
    tag: "{{ cephfs_provisioner_image_tag }}"
-    sha256: "{{ cephfs_provisioner_digest_checksum | default(None) }}"
+    checksum: "{{ cephfs_provisioner_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -983,7 +960,7 @@ downloads:
    container: true
    repo: "{{ rbd_provisioner_image_repo }}"
    tag: "{{ rbd_provisioner_image_tag }}"
-    sha256: "{{ rbd_provisioner_digest_checksum | default(None) }}"
+    checksum: "{{ rbd_provisioner_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -992,7 +969,7 @@ downloads:
    container: true
    repo: "{{ local_path_provisioner_image_repo }}"
    tag: "{{ local_path_provisioner_image_tag }}"
-    sha256: "{{ local_path_provisioner_digest_checksum | default(None) }}"
+    checksum: "{{ local_path_provisioner_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1001,7 +978,7 @@ downloads:
    container: true
    repo: "{{ ingress_nginx_controller_image_repo }}"
    tag: "{{ ingress_nginx_controller_image_tag }}"
-    sha256: "{{ ingress_nginx_controller_digest_checksum | default(None) }}"
+    checksum: "{{ ingress_nginx_controller_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1010,7 +987,7 @@ downloads:
    container: true
    repo: "{{ alb_ingress_image_repo }}"
    tag: "{{ alb_ingress_image_tag }}"
-    sha256: "{{ ingress_alb_controller_digest_checksum | default(None) }}"
+    checksum: "{{ ingress_alb_controller_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1019,7 +996,7 @@ downloads:
    container: true
    repo: "{{ cert_manager_controller_image_repo }}"
    tag: "{{ cert_manager_controller_image_tag }}"
-    sha256: "{{ cert_manager_controller_digest_checksum | default(None) }}"
+    checksum: "{{ cert_manager_controller_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1028,7 +1005,7 @@ downloads:
    container: true
    repo: "{{ cert_manager_cainjector_image_repo }}"
    tag: "{{ cert_manager_cainjector_image_tag }}"
-    sha256: "{{ cert_manager_cainjector_digest_checksum | default(None) }}"
+    checksum: "{{ cert_manager_cainjector_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1037,7 +1014,7 @@ downloads:
    container: true
    repo: "{{ cert_manager_webhook_image_repo }}"
    tag: "{{ cert_manager_webhook_image_tag }}"
-    sha256: "{{ cert_manager_webhook_digest_checksum | default(None) }}"
+    checksum: "{{ cert_manager_webhook_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1046,7 +1023,7 @@ downloads:
    container: true
    repo: "{{ csi_attacher_image_repo }}"
    tag: "{{ csi_attacher_image_tag }}"
-    sha256: "{{ csi_attacher_digest_checksum | default(None) }}"
+    checksum: "{{ csi_attacher_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1055,7 +1032,7 @@ downloads:
    container: true
    repo: "{{ csi_provisioner_image_repo }}"
    tag: "{{ csi_provisioner_image_tag }}"
-    sha256: "{{ csi_provisioner_digest_checksum | default(None) }}"
+    checksum: "{{ csi_provisioner_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1064,7 +1041,7 @@ downloads:
    container: true
    repo: "{{ csi_snapshotter_image_repo }}"
    tag: "{{ csi_snapshotter_image_tag }}"
-    sha256: "{{ csi_snapshotter_digest_checksum | default(None) }}"
+    checksum: "{{ csi_snapshotter_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1073,7 +1050,7 @@ downloads:
    container: true
    repo: "{{ snapshot_controller_image_repo }}"
    tag: "{{ snapshot_controller_image_tag }}"
-    sha256: "{{ snapshot_controller_digest_checksum | default(None) }}"
+    checksum: "{{ snapshot_controller_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1082,7 +1059,7 @@ downloads:
    container: true
    repo: "{{ csi_resizer_image_repo }}"
    tag: "{{ csi_resizer_image_tag }}"
-    sha256: "{{ csi_resizer_digest_checksum | default(None) }}"
+    checksum: "{{ csi_resizer_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1091,7 +1068,7 @@ downloads:
    container: true
    repo: "{{ csi_node_driver_registrar_image_repo }}"
    tag: "{{ csi_node_driver_registrar_image_tag }}"
-    sha256: "{{ csi_node_driver_registrar_digest_checksum | default(None) }}"
+    checksum: "{{ csi_node_driver_registrar_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1100,7 +1077,7 @@ downloads:
    container: true
    repo: "{{ cinder_csi_plugin_image_repo }}"
    tag: "{{ cinder_csi_plugin_image_tag }}"
-    sha256: "{{ cinder_csi_plugin_digest_checksum | default(None) }}"
+    checksum: "{{ cinder_csi_plugin_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1109,7 +1086,7 @@ downloads:
    container: true
    repo: "{{ aws_ebs_csi_plugin_image_repo }}"
    tag: "{{ aws_ebs_csi_plugin_image_tag }}"
-    sha256: "{{ aws_ebs_csi_plugin_digest_checksum | default(None) }}"
+    checksum: "{{ aws_ebs_csi_plugin_digest_checksum | default(None) }}"
    groups:
      - kube_node

@@ -1118,7 +1095,7 @@ downloads:
    container: true
    repo: "{{ dashboard_image_repo }}"
    tag: "{{ dashboard_image_tag }}"
-    sha256: "{{ dashboard_digest_checksum | default(None) }}"
+    checksum: "{{ dashboard_digest_checksum | default(None) }}"
    groups:
      - kube_control_plane

@@ -1127,7 +1104,7 @@ downloads:
    container: true
    repo: "{{ dashboard_metrics_scraper_repo }}"
    tag: "{{ dashboard_metrics_scraper_tag }}"
-    sha256: "{{ dashboard_digest_checksum | default(None) }}"
+    checksum: "{{ dashboard_digest_checksum | default(None) }}"
    groups:
      - kube_control_plane

@@ -1136,7 +1113,7 @@ downloads:
    container: true
    repo: "{{ metallb_speaker_image_repo }}"
    tag: "{{ metallb_version }}"
-    sha256: "{{ metallb_speaker_digest_checksum | default(None) }}"
+    checksum: "{{ metallb_speaker_digest_checksum | default(None) }}"
    groups:
      - kube_control_plane

@@ -1145,7 +1122,7 @@ downloads:
    container: true
    repo: "{{ metallb_controller_image_repo }}"
    tag: "{{ metallb_version }}"
-    sha256: "{{ metallb_controller_digest_checksum | default(None) }}"
+    checksum: "{{ metallb_controller_digest_checksum | default(None) }}"
    groups:
      - kube_control_plane

@@ -1154,7 +1131,7 @@ downloads:
    file: true
    version: "{{ yq_version }}"
    dest: "{{ local_release_dir }}/yq-{{ yq_version }}-{{ image_arch }}"
-    sha256: "{{ yq_binary_checksum | default(None) }}"
+    checksum: "{{ yq_binary_checksum }}"
    url: "{{ yq_download_url }}"
    unarchive: false
    owner: "root"
@@ -1169,7 +1146,6 @@ download_defaults:
  tag: None
  enabled: false
  dest: None
-  version: None
  url: None
  unarchive: false
  owner: "{{ kube_owner }}"
--- a/roles/kubespray-defaults/defaults/main/main.yml
+++ b/roles/kubespray-defaults/defaults/main/main.yml
@@ -28,7 +28,7 @@ kube_proxy_mode: ipvs

 # Kubeadm config api version
 # If kube_version is v1.31 or higher, it will be v1beta4, otherwise it will be v1beta3.
-kubeadm_config_api_version: "{{ 'v1beta4' if kube_version is version('v1.31.0', '>=') else 'v1beta3' }}"
+kubeadm_config_api_version: "{{ 'v1beta4' if kube_version is version('1.31.0', '>=') else 'v1beta3' }}"

 # Debugging option for the kubeadm config validate command
 # Set to false only for development and testing scenarios where validation is expected to fail (pre-release Kubernetes versions, etc.)
--- a/roles/kubespray-defaults/vars/main.yml
+++ b/roles/kubespray-defaults/vars/main.yml
@@ -4,7 +4,7 @@
 kube_proxy_deployed: "{{ 'addon/kube-proxy' not in kubeadm_init_phases_skip }}"

 # The lowest version allowed to upgrade from (same as calico_version in the previous branch)
-calico_min_version_required: "v3.19.4"
+calico_min_version_required: "3.27.0"

 containerd_min_version_required: "1.3.7"

--- a/roles/network_plugin/calico/tasks/check.yml
+++ b/roles/network_plugin/calico/tasks/check.yml
@@ -65,7 +65,7 @@
    - name: Assert that current calico version is enough for upgrade
      assert:
        that:
-          - calico_version_on_server.stdout is version(calico_min_version_required, '>=')
+          - calico_version_on_server.stdout.removeprefix('v') is version(calico_min_version_required, '>=')
        msg: >
          Your version of calico is not fresh enough for upgrade.
          Minimum version is {{ calico_min_version_required }} supported by the previous kubespray release.
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -128,18 +128,18 @@
  block:
    - name: Calico | Check if extra directory is needed
      stat:
-        path: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/{{ 'kdd' if (calico_version is version('v3.22.3', '<')) else 'crd' }}"
+        path: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/{{ 'kdd' if (calico_version is version('3.22.3', '<')) else 'crd' }}"
      register: kdd_path
    - name: Calico | Set kdd path when calico < v3.22.3
      set_fact:
        calico_kdd_path: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds{{ '/kdd' if kdd_path.stat.exists is defined and kdd_path.stat.exists }}"
      when:
-        - calico_version is version('v3.22.3', '<')
-    - name: Calico | Set kdd path when calico > v3.22.2
+        - calico_version is version('3.22.3', '<')
+    - name: Calico | Set kdd path when calico > 3.22.2
      set_fact:
        calico_kdd_path: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds{{ '/crd' if kdd_path.stat.exists is defined and kdd_path.stat.exists }}"
      when:
-        - calico_version is version('v3.22.2', '>')
+        - calico_version is version('3.22.2', '>')
    - name: Calico | Create calico manifests for kdd
      assemble:
        src: "{{ calico_kdd_path }}"
--- a/roles/network_plugin/calico/tasks/peer_with_router.yml
+++ b/roles/network_plugin/calico/tasks/peer_with_router.yml
@@ -97,10 +97,10 @@
        "asNumber": "{{ item.as }}",
        "node": "{{ inventory_hostname }}",
        "peerIP": "{{ item.router_id }}",
-        {% if calico_version is version('v3.26.0', '>=') and (item.filters | default([]) | length > 0) %}
+        {% if calico_version is version('3.26.0', '>=') and (item.filters | default([]) | length > 0) %}
        "filters": {{ item.filters }},
        {% endif %}
-        {% if calico_version is version('v3.23.0', '>=') and (item.numallowedlocalasnumbers | default(0) > 0) %}
+        {% if calico_version is version('3.23.0', '>=') and (item.numallowedlocalasnumbers | default(0) > 0) %}
        "numAllowedLocalASNumbers": {{ item.numallowedlocalasnumbers }},
        {% endif %}
        "sourceAddress": "{{ item.sourceaddress | default('UseNodeIP') }}"
--- a/roles/network_plugin/calico/templates/calico-apiserver.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-apiserver.yml.j2
@@ -72,7 +72,7 @@ spec:
          initialDelaySeconds: 90
          periodSeconds: 10
        name: calico-apiserver
-{% if calico_version is version('v3.28.0', '>=') %}
+{% if calico_version is version('3.28.0', '>=') %}
        readinessProbe:
          httpGet:
            path: /readyz
@@ -184,7 +184,7 @@ rules:
  - create
  - update
  - delete
-{% if calico_version is version('v3.28.0', '>=') %}
+{% if calico_version is version('3.28.0', '>=') %}
 - apiGroups:
  - policy
  resourceNames:
--- a/roles/network_plugin/cilium/defaults/main.yml
+++ b/roles/network_plugin/cilium/defaults/main.yml
@@ -11,7 +11,7 @@ cilium_enable_ipv6: "{{ ipv6_stack }}"
 cilium_l2announcements: false

 # Cilium agent health port
-cilium_agent_health_port: "{%- if cilium_version | regex_replace('v') is version('1.11.6', '>=') -%}9879{%- else -%}9876{%- endif -%}"
+cilium_agent_health_port: "{%- if cilium_version is version('1.11.6', '>=') -%}9879{%- else -%}9876{%- endif -%}"

 # Identity allocation mode selects how identities are shared between cilium
 # nodes by setting how they are stored. The options are "crd" or "kvstore".
@@ -307,9 +307,9 @@ cilium_rolling_restart_wait_retries_count: 30
 cilium_rolling_restart_wait_retries_delay_seconds: 10

 # Cilium changed the default metrics exporter ports in 1.12
-cilium_agent_scrape_port: "{{ cilium_version | regex_replace('v') is version('1.12', '>=') | ternary('9962', '9090') }}"
-cilium_operator_scrape_port: "{{ cilium_version | regex_replace('v') is version('1.12', '>=') | ternary('9963', '6942') }}"
-cilium_hubble_scrape_port: "{{ cilium_version | regex_replace('v') is version('1.12', '>=') | ternary('9965', '9091') }}"
+cilium_agent_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9962', '9090') }}"
+cilium_operator_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9963', '6942') }}"
+cilium_hubble_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9965', '9091') }}"

 # Cilium certgen args for generate certificate for hubble mTLS
 cilium_certgen_args:
--- a/roles/network_plugin/cilium/tasks/check.yml
+++ b/roles/network_plugin/cilium/tasks/check.yml
@@ -48,9 +48,9 @@
    msg: "cilium_encryption_type must be either 'ipsec' or 'wireguard'"
  when: cilium_encryption_enabled

- name: Stop if cilium_version is < v1.10.0
+- name: Stop if cilium_version is < 1.10.0
  assert:
-    that: cilium_version | regex_replace('v') is version(cilium_min_version_required, '>=')
+    that: cilium_version is version(cilium_min_version_required, '>=')
    msg: "cilium_version is too low. Minimum version {{ cilium_min_version_required }}"

 # TODO: Clean this task up when we drop backward compatibility support for `cilium_ipsec_enabled`
--- a/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2
@@ -88,22 +88,22 @@ rules:
  - ciliumlocalredirectpolicies
  - ciliumlocalredirectpolicies/status
  - ciliumlocalredirectpolicies/finalizers
-{% if cilium_version | regex_replace('v') is version('1.11', '>=') %}
+{% if cilium_version is version('1.11', '>=') %}
  - ciliumendpointslices
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
+{% if cilium_version is version('1.12', '>=') %}
  - ciliumbgploadbalancerippools
  - ciliumloadbalancerippools
  - ciliumloadbalancerippools/status
  - ciliumbgppeeringpolicies
  - ciliumenvoyconfigs
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.15', '>=') %}
+{% if cilium_version is version('1.15', '>=') %}
  - ciliumbgppeerconfigs
  - ciliumbgpadvertisements
  - ciliumbgpnodeconfigs
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.16', '>=') %}
+{% if cilium_version is version('1.16', '>=') %}
  - ciliumbgpclusterconfigs
  - ciliumbgpclusterconfigs/status
  - ciliumbgpnodeconfigoverrides
@@ -134,7 +134,7 @@ rules:
  - create
  - get
  - update
-{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
+{% if cilium_version is version('1.12', '>=') %}
 - apiGroups:
  - apiextensions.k8s.io
  resources:
@@ -156,14 +156,14 @@ rules:
  - ciliumlocalredirectpolicies.cilium.io
  - ciliumnetworkpolicies.cilium.io
  - ciliumnodes.cilium.io
-{% if cilium_version | regex_replace('v') is version('1.14', '>=') %}
+{% if cilium_version is version('1.14', '>=') %}
  - ciliumnodeconfigs.cilium.io
  - ciliumcidrgroups.cilium.io
  - ciliuml2announcementpolicies.cilium.io
  - ciliumpodippools.cilium.io
  - ciliumloadbalancerippools.cilium.io
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.15', '>=') %}
+{% if cilium_version is version('1.15', '>=') %}
  - ciliumbgpclusterconfigs.cilium.io
  - ciliumbgppeerconfigs.cilium.io
  - ciliumbgpadvertisements.cilium.io
--- a/roles/network_plugin/cilium/templates/cilium/config.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium/config.yml.j2
@@ -69,7 +69,7 @@ data:
  # custom-cni-conf to "true", otherwise Cilium may overwrite the configuration.
  custom-cni-conf: "false"

-{% if cilium_version | regex_replace('v') is version('1.14.0', '>=') %}
+{% if cilium_version is version('1.14.0', '>=') %}
  # Tell the agent to generate and write a CNI configuration file
  write-cni-conf-when-ready: /host/etc/cni/net.d/05-cilium.conflist
  cni-exclusive: "{{ cilium_cni_exclusive }}"
@@ -122,11 +122,11 @@ data:
  #   - disabled
  #   - vxlan (default)
  #   - geneve
-{% if cilium_version | regex_replace('v') is version('1.14.0', '<') %}
+{% if cilium_version is version('1.14.0', '<') %}
  tunnel: "{{ cilium_tunnel_mode }}"
-{% elif cilium_version | regex_replace('v') is version('1.14.0', '>=') and cilium_tunnel_mode == 'disabled' %}
+{% elif cilium_version is version('1.14.0', '>=') and cilium_tunnel_mode == 'disabled' %}
  routing-mode: 'native'
-{% elif cilium_version | regex_replace('v') is version('1.14.0', '>=') and cilium_tunnel_mode != 'disabled' %}
+{% elif cilium_version is version('1.14.0', '>=') and cilium_tunnel_mode != 'disabled' %}
  routing-mode: 'tunnel'
  tunnel-protocol: "{{ cilium_tunnel_mode }}"
 {% endif %}
@@ -162,7 +162,7 @@ data:

 # `wait-bpf-mount` is removed after v1.10.4
 # https://github.com/cilium/cilium/commit/d2217045cb3726a7f823174e086913b69b8090da
-{% if cilium_version | regex_replace('v') is version('1.10.4', '<') %}
+{% if cilium_version is version('1.10.4', '<') %}
  # wait-bpf-mount makes init container wait until bpf filesystem is mounted
  wait-bpf-mount: "false"
 {% endif %}
@@ -170,7 +170,7 @@ data:
 # `kube-proxy-replacement=partial|strict|disabled` is deprecated since january 2024 and unsupported in 1.16.
 # Replaced by `kube-proxy-replacement=true|false`
 # https://github.com/cilium/cilium/pull/31286
-{% if cilium_version | regex_replace('v') is version('1.16', '<') %}
+{% if cilium_version is version('1.16', '<') %}
  kube-proxy-replacement: "{{ cilium_kube_proxy_replacement }}"
 {% else %}
  kube-proxy-replacement: "{% if (cilium_kube_proxy_replacement == 'strict') or (cilium_kube_proxy_replacement | bool) or (cilium_kube_proxy_replacement | string | lower == 'true') %}true{% else %}false{% endif %}"
@@ -179,7 +179,7 @@ data:
 # `native-routing-cidr` is deprecated in 1.10, removed in 1.12.
 # Replaced by `ipv4-native-routing-cidr`
 # https://github.com/cilium/cilium/pull/16695
-{% if cilium_version | regex_replace('v') is version('1.12', '<') %}
+{% if cilium_version is version('1.12', '<') %}
  native-routing-cidr: "{{ cilium_native_routing_cidr }}"
 {% else %}
 {% if cilium_native_routing_cidr | length %}
@@ -253,7 +253,7 @@ data:

  agent-health-port: "{{ cilium_agent_health_port }}"

-{% if cilium_version | regex_replace('v') is version('1.11', '>=') and cilium_cgroup_host_root != '' %}
+{% if cilium_version is version('1.11', '>=') and cilium_cgroup_host_root != '' %}
  cgroup-root: "{{ cilium_cgroup_host_root }}"
 {% endif %}

--- a/roles/network_plugin/cilium/templates/cilium/cr.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium/cr.yml.j2
@@ -38,7 +38,7 @@ rules:
  - secrets
  verbs:
  - get
-{% if cilium_version | regex_replace('v') is version('1.12', '<') %}
+{% if cilium_version is version('1.12', '<') %}
 - apiGroups:
  - ""
  resources:
@@ -98,17 +98,17 @@ rules:
  - ciliumlocalredirectpolicies
  - ciliumlocalredirectpolicies/status
  - ciliumegressnatpolicies
-{% if cilium_version | regex_replace('v') is version('1.11', '>=') %}
+{% if cilium_version is version('1.11', '>=') %}
  - ciliumendpointslices
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
+{% if cilium_version is version('1.12', '>=') %}
  - ciliumbgploadbalancerippools
  - ciliumbgppeeringpolicies
-{% if cilium_version | regex_replace('v') is version('1.13', '>=') %}
+{% if cilium_version is version('1.13', '>=') %}
  - ciliumloadbalancerippools
 {% endif %}
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.11.5', '<') %}
+{% if cilium_version is version('1.11.5', '<') %}
  - ciliumnetworkpolicies/finalizers
  - ciliumclusterwidenetworkpolicies/finalizers
  - ciliumendpoints/finalizers
@@ -116,21 +116,21 @@ rules:
  - ciliumidentities/finalizers
  - ciliumlocalredirectpolicies/finalizers
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.14', '>=') %}
+{% if cilium_version is version('1.14', '>=') %}
  - ciliuml2announcementpolicies/status
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.15', '>=') %}
+{% if cilium_version is version('1.15', '>=') %}
  - ciliumbgpnodeconfigs
  - ciliumbgpnodeconfigs/status
  - ciliumbgpadvertisements
  - ciliumbgppeerconfigs
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.16', '>=') %}
+{% if cilium_version is version('1.16', '>=') %}
  - ciliumbgpclusterconfigs
 {% endif %}
  verbs:
  - '*'
-{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
+{% if cilium_version is version('1.12', '>=') %}
 - apiGroups:
  - cilium.io
  resources:
@@ -141,7 +141,7 @@ rules:
  - list
  - watch
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.14', '>=') %}
+{% if cilium_version is version('1.14', '>=') %}
 - apiGroups:
  - cilium.io
  resources:
@@ -153,7 +153,6 @@ rules:
  verbs:
  - list
  - watch
-{% if cilium_version %}
 - apiGroups:
  - coordination.k8s.io
  resources:
@@ -165,4 +164,3 @@ rules:
  - list
  - delete
 {% endif %}
-{% endif %}
--- a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2
@@ -106,13 +106,13 @@ spec:
        - {{ env_var | to_nice_yaml(indent=2) | indent(10) }}
 {% endfor %}
        lifecycle:
-{% if cilium_version | regex_replace('v') is version('1.14', '<') %}
+{% if cilium_version is version('1.14', '<') %}
          postStart:
            exec:
              command:
              - "/cni-install.sh"
              - "--cni-exclusive={{ cilium_cni_exclusive | string | lower }}"
-{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
+{% if cilium_version is version('1.12', '>=') %}
              - "--enable-debug={{ cilium_debug | string | lower }}"
              - "--log-file={{ cilium_cni_log_file }}"
 {% endif %}
@@ -151,7 +151,7 @@ spec:
          mountPropagation: Bidirectional
        - name: cilium-run
          mountPath: /var/run/cilium
-{% if cilium_version | regex_replace('v') is version('1.13.1', '<') %}
+{% if cilium_version is version('1.13.1', '<') %}
        - name: cni-path
          mountPath: /host/opt/cni/bin
 {% endif %}
@@ -201,7 +201,7 @@ spec:
 {% endif %}
      hostNetwork: true
      initContainers:
-{% if cilium_version | regex_replace('v') is version('1.11', '>=') and cilium_cgroup_auto_mount %}
+{% if cilium_version is version('1.11', '>=') and cilium_cgroup_auto_mount %}
      - name: mount-cgroup
        image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
        imagePullPolicy: {{ k8s_image_pull_policy }}
@@ -230,7 +230,7 @@ spec:
        securityContext:
          privileged: true
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.11.7', '>=') %}
+{% if cilium_version is version('1.11.7', '>=') %}
      - name: apply-sysctl-overwrites
        image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
        imagePullPolicy: {{ k8s_image_pull_policy }}
@@ -277,7 +277,7 @@ spec:
              optional: true
 # Removed in 1.11 and up.
 # https://github.com/cilium/cilium/commit/f7a3f59fd74983c600bfce9cac364b76d20849d9
-{% if cilium_version | regex_replace('v') is version('1.11', '<') %}
+{% if cilium_version is version('1.11', '<') %}
        - name: CILIUM_WAIT_BPF_MOUNT
          valueFrom:
            configMapKeyRef:
@@ -296,7 +296,7 @@ spec:
        volumeMounts:
        - name: bpf-maps
          mountPath: /sys/fs/bpf
-{% if cilium_version | regex_replace('v') is version('1.11', '>=') %}
+{% if cilium_version is version('1.11', '>=') %}
          # Required to mount cgroup filesystem from the host to cilium agent pod
        - name: cilium-cgroup
          mountPath: {{ cilium_cgroup_host_root }}
@@ -308,7 +308,7 @@ spec:
          requests:
            cpu: 100m
            memory: 100Mi
-{% if cilium_version | regex_replace('v') is version('1.13.1', '>=') %}
+{% if cilium_version is version('1.13.1', '>=') %}
      # Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent
      - name: install-cni-binaries
        image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
@@ -356,7 +356,7 @@ spec:
        hostPath:
          path: /sys/fs/bpf
          type: DirectoryOrCreate
-{% if cilium_version | regex_replace('v') is version('1.11', '>=') %}
+{% if cilium_version is version('1.11', '>=') %}
      # To mount cgroup2 filesystem on the host
      - name: hostproc
        hostPath:
--- a/scripts/Dockerfile.j2
+++ b/scripts/Dockerfile.j2
@@ -35,8 +35,8 @@ RUN --mount=type=bind,source=requirements.txt,target=requirements.txt \
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]

 RUN OS_ARCHITECTURE=$(dpkg --print-architecture) \
-    && curl -L "https://dl.k8s.io/release/{{ kube_version }}/bin/linux/${OS_ARCHITECTURE}/kubectl" -o /usr/local/bin/kubectl \
-    && echo "$(curl -L "https://dl.k8s.io/release/{{ kube_version }}/bin/linux/${OS_ARCHITECTURE}/kubectl.sha256")" /usr/local/bin/kubectl | sha256sum --check \
+    && curl -L "https://dl.k8s.io/release/v{{ kube_version }}/bin/linux/${OS_ARCHITECTURE}/kubectl" -o /usr/local/bin/kubectl \
+    && echo "$(curl -L "https://dl.k8s.io/release/v{{ kube_version }}/bin/linux/${OS_ARCHITECTURE}/kubectl.sha256")" /usr/local/bin/kubectl | sha256sum --check \
    && chmod a+x /usr/local/bin/kubectl

 COPY *.yml ./
--- a/scripts/pipeline.Dockerfile.j2
+++ b/scripts/pipeline.Dockerfile.j2
@@ -47,8 +47,8 @@ RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \
    && pip install --no-compile --no-cache-dir pip -U \
    && pip install --no-compile --no-cache-dir -r tests/requirements.txt \
    && pip install --no-compile --no-cache-dir -r requirements.txt \
-    && curl -L https://dl.k8s.io/release/{{ kube_version }}/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
-    && echo $(curl -L https://dl.k8s.io/release/{{ kube_version }}/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
+    && curl -L https://dl.k8s.io/release/v{{ kube_version }}/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
+    && echo $(curl -L https://dl.k8s.io/release/v{{ kube_version }}/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
    && chmod a+x /usr/local/bin/kubectl \
    # Install Vagrant
    && curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \
--- a/scripts/readme_versions.md.j2
+++ b/scripts/readme_versions.md.j2
@@ -1,8 +1,8 @@
 - Core
  - [kubernetes](https://github.com/kubernetes/kubernetes) {{ kube_version }}
  - [etcd](https://github.com/etcd-io/etcd) {{ etcd_version }}
-  - [docker](https://www.docker.com/) v{{ docker_version }}
-  - [containerd](https://containerd.io/) v{{ containerd_version }}
+  - [docker](https://www.docker.com/) {{ docker_version }}
+  - [containerd](https://containerd.io/) {{ containerd_version }}
  - [cri-o](http://cri-o.io/) {{ crio_version }} (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
 - Network Plugin
  - [cni-plugins](https://github.com/containernetworking/plugins) {{ cni_version }}
@@ -12,7 +12,7 @@
  - [kube-ovn](https://github.com/alauda/kube-ovn) {{ kube_ovn_version }}
  - [kube-router](https://github.com/cloudnativelabs/kube-router) {{ kube_router_version }}
  - [multus](https://github.com/k8snetworkplumbingwg/multus-cni) {{ multus_version }}
-  - [weave](https://github.com/rajch/weave) v{{ weave_version }}
+  - [weave](https://github.com/rajch/weave) {{ weave_version }}
  - [kube-vip](https://github.com/kube-vip/kube-vip) {{ kube_vip_version }}
 - Application
  - [cert-manager](https://github.com/jetstack/cert-manager) {{ cert_manager_version }}
@@ -20,8 +20,8 @@
  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) {{ ingress_nginx_version }}
  - [argocd](https://argoproj.github.io/) {{ argocd_version }}
  - [helm](https://helm.sh/) {{ helm_version }}
-  - [metallb](https://metallb.universe.tf/)  {{ metallb_version }}
-  - [registry](https://github.com/distribution/distribution) v{{ registry_version }}
+  - [metallb](https://metallb.universe.tf/) {{ metallb_version }}
+  - [registry](https://github.com/distribution/distribution) {{ registry_version }}
 - Storage Plugin
  - [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) {{ cephfs_provisioner_version }}
  - [rbd-provisioner](https://github.com/kubernetes-incubator/external-storage) {{ rbd_provisioner_version }}