Propagate v-less version everywhere

roles/container-engine/cri-o/defaults/main.yml

@@ -37,7 +37,7 @@ crio_signature_policy: "{% if ansible_os_family == 'ClearLinux' %}/usr/share/def
 
 crio_stream_port: "10010"
 
-crio_required_version: "{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"
+crio_required_version: "{{ kube_version | regex_replace('^(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"
 
 crio_root: "/var/lib/containers/storage"
 

roles/container-engine/cri-o/tasks/load_vars.yml

@@ -1,8 +1,8 @@
 ---
 - name: Cri-o | include vars/v1.29.yml
   include_vars: v1.29.yml
-  when: crio_version is version("v1.29.0", operator=">=")
+  when: crio_version is version("1.29.0", operator=">=")
 
 - name: Cri-o | include vars/v1.31.yml
   include_vars: v1.31.yml
-  when: crio_version is version("v1.31.0", operator=">=")
+  when: crio_version is version("1.31.0", operator=">=")

roles/container-engine/cri-o/tasks/reset.yml

@@ -19,7 +19,7 @@
 
 - name: CRI-O | Remove cri-o apt repo
   apt_repository:
-    repo: "deb {{ crio_download_crio }}{{ crio_version }}/{{ crio_kubic_debian_repo_name }}/ /"
+    repo: "deb {{ crio_download_crio }}v{{ crio_version }}/{{ crio_kubic_debian_repo_name }}/ /"
     state: absent
     filename: devel-kubic-libcontainers-stable-cri-o
   when: crio_kubic_debian_repo_name is defined
@@ -36,7 +36,7 @@
 
 - name: CRI-O | Remove CRI-O kubic yum repo
   yum_repository:
-    name: "devel_kubic_libcontainers_stable_cri-o_{{ crio_version }}"
+    name: "devel_kubic_libcontainers_stable_cri-o_v{{ crio_version }}"
     state: absent
   when:
     - ansible_os_family == "RedHat"

roles/container-engine/cri-o/templates/crio.conf.j2

@@ -374,7 +374,7 @@ enable_metrics = {{ crio_enable_metrics | bool | lower }}
 # The port on which the metrics server will listen.
 metrics_port = {{ crio_metrics_port }}
 
-{% if nri_enabled and crio_version is version('v1.26.0', operator='>=') %}
+{% if nri_enabled and crio_version is version('1.26.0', operator='>=') %}
 [crio.nri]
 
 enable_nri=true

roles/download/templates/kubeadm-images.yaml.j2

@@ -6,7 +6,7 @@ nodeRegistration:
 apiVersion: kubeadm.k8s.io/{{ kubeadm_config_api_version }}
 kind: ClusterConfiguration
 imageRepository: {{ kube_image_repo }}
-kubernetesVersion: {{ kube_version }}
+kubernetesVersion: v{{ kube_version }}
 etcd:
 {% if etcd_deployment_type == "kubeadm" %}
   local:

roles/etcd/tasks/install_host.yml

@@ -3,6 +3,7 @@
   command: "{{ bin_dir }}/etcd --version"
   register: etcd_current_host_version
   # There's a chance this play could run before etcd is installed at all
+  # TODO: figure out whether this happens. "A chance" is not enough information
   ignore_errors: true
   when: etcd_cluster_setup
 
@@ -11,18 +12,18 @@
   notify: Restart etcd
   when:
     - etcd_cluster_setup
-    - etcd_version.lstrip('v') not in etcd_current_host_version.stdout | default('')
+    - etcd_version not in etcd_current_host_version.stdout | default('')
 
 - name: Restart etcd-events if necessary
   command: /bin/true
   notify: Restart etcd-events
   when:
     - etcd_events_cluster_setup
-    - etcd_version.lstrip('v') not in etcd_current_host_version.stdout | default('')
+    - etcd_version not in etcd_current_host_version.stdout | default('')
 
 - name: Install | Copy etcd binary from download dir
   copy:
-    src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
+    src: "{{ local_release_dir }}/etcd-v{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
     dest: "{{ bin_dir }}/{{ item }}"
     mode: "0755"
     remote_src: true

roles/etcdctl_etcdutl/tasks/main.yml

@@ -29,7 +29,7 @@
 
 - name: Copy etcdctl and etcdutl binary from download dir
   copy:
-    src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
+    src: "{{ local_release_dir }}/etcd-v{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
     dest: "{{ bin_dir }}/{{ item }}"
     mode: "0755"
     remote_src: true

roles/kubernetes-apps/argocd/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 argocd_enabled: false
-argocd_version: v2.11.0
+argocd_version: 2.11.0
 argocd_namespace: argocd
 # argocd_admin_password:
-argocd_install_url: "https://raw.githubusercontent.com/argoproj/argo-cd/{{ argocd_version }}/manifests/install.yaml"
+argocd_install_url: "https://raw.githubusercontent.com/argoproj/argo-cd/v{{ argocd_version }}/manifests/install.yaml"

roles/kubernetes-apps/gateway_api/defaults/main.yml

@@ -1,4 +1,4 @@
 ---
 gateway_api_enabled: false
-gateway_api_version: v1.1.0
+gateway_api_version: 1.1.0
 gateway_api_experimental_channel: false

roles/kubernetes-apps/meta/main.yml

@@ -121,7 +121,7 @@ dependencies:
   - role: kubernetes-apps/scheduler_plugins
     when:
       - scheduler_plugins_enabled
-      - kube_major_version is version('v1.29', '<')
+      - kube_major_version is version('1.29', '<')
       - inventory_hostname == groups['kube_control_plane'][0]
     tags:
       - scheduler_plugins

roles/kubernetes-apps/metallb/templates/metallb.yaml.j2

@@ -1716,7 +1716,7 @@ spec:
           value: memberlist
         - name: METALLB_DEPLOYMENT
           value: controller
-        image: "{{ metallb_controller_image_repo }}:{{ metallb_version }}"
+        image: "{{ metallb_controller_image_repo }}:v{{ metallb_version }}"
         livenessProbe:
           failureThreshold: 3
           httpGet:
@@ -1824,7 +1824,7 @@ spec:
             secretKeyRef:
               key: secretkey
               name: memberlist
-        image: "{{ metallb_speaker_image_repo }}:{{ metallb_version }}"
+        image: "{{ metallb_speaker_image_repo }}:v{{ metallb_version }}"
         livenessProbe:
           failureThreshold: 3
           httpGet:

roles/kubernetes/control-plane/defaults/main/main.yml

@@ -110,11 +110,11 @@ kube_apiserver_admission_event_rate_limits: {}
 ## PodSecurityAdmission plugin configuration
 kube_pod_security_use_default: false
 kube_pod_security_default_enforce: baseline
-kube_pod_security_default_enforce_version: "{{ kube_major_version }}"
+kube_pod_security_default_enforce_version: "v{{ kube_major_version }}"
 kube_pod_security_default_audit: restricted
-kube_pod_security_default_audit_version: "{{ kube_major_version }}"
+kube_pod_security_default_audit_version: "v{{ kube_major_version }}"
 kube_pod_security_default_warn: restricted
-kube_pod_security_default_warn_version: "{{ kube_major_version }}"
+kube_pod_security_default_warn_version: "v{{ kube_major_version }}"
 kube_pod_security_exemptions_usernames: []
 kube_pod_security_exemptions_runtime_class_names: []
 kube_pod_security_exemptions_namespaces:

roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml

@@ -13,7 +13,7 @@
   command: >-
     timeout -k 600s 600s
     {{ bin_dir }}/kubeadm
-    upgrade apply -y {{ kube_version }}
+    upgrade apply -y v{{ kube_version }}
     --certificate-renewal={{ kubeadm_upgrade_auto_cert_renewal }}
     --ignore-preflight-errors={{ kubeadm_ignore_preflight_errors | join(',') }}
     --allow-experimental-upgrades
@@ -34,7 +34,7 @@
   command: >-
     timeout -k 600s 600s
     {{ bin_dir }}/kubeadm
-    upgrade apply -y {{ kube_version }}
+    upgrade apply -y v{{ kube_version }}
     --certificate-renewal={{ kubeadm_upgrade_auto_cert_renewal }}
     --ignore-preflight-errors={{ kubeadm_ignore_preflight_errors | join(',') }}
     --allow-experimental-upgrades

roles/kubernetes/control-plane/tasks/main.yml

@@ -25,7 +25,7 @@
     mode: "0640"
   vars:
     authz_config:
-      apiVersion: apiserver.config.k8s.io/{{ 'v1alpha1' if kube_version is version('v1.30.0', '<') else 'v1beta1' if kube_version is version('v1.32.0', '<') else 'v1' }}
+      apiVersion: apiserver.config.k8s.io/{{ 'v1alpha1' if kube_version is version('1.30.0', '<') else 'v1beta1' if kube_version is version('1.32.0', '<') else 'v1' }}
       kind: AuthorizationConfiguration
       authorizers: "{{ kube_apiserver_authorization_config_authorizers }}"
   when: kube_apiserver_use_authorization_config_file

roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2

@@ -104,7 +104,7 @@ featureGates:
   {{ feature | replace("=", ": ") }}
 {%   endfor %}
 {% endif %}
-kubernetesVersion: {{ kube_version }}
+kubernetesVersion: v{{ kube_version }}
 {% if kubeadm_config_api_fqdn is defined %}
 controlPlaneEndpoint: "{{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}"
 {% else %}

roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2

@@ -116,7 +116,7 @@ featureGates:
   {{ feature | replace("=", ": ") }}
 {%   endfor %}
 {% endif %}
-kubernetesVersion: {{ kube_version }}
+kubernetesVersion: v{{ kube_version }}
 {% if kubeadm_config_api_fqdn is defined %}
 controlPlaneEndpoint: "{{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}"
 {% else %}

roles/kubernetes/node/defaults/main.yml

@@ -61,7 +61,7 @@ eviction_hard_control_plane: {}
 kubelet_status_update_frequency: 10s
 
 # kube-vip
-kube_vip_version: v0.8.0
+kube_vip_version: 0.8.0
 
 kube_vip_arp_enabled: false
 kube_vip_interface:

roles/kubespray-defaults/vars/main.yml

@@ -4,7 +4,7 @@
 kube_proxy_deployed: "{{ 'addon/kube-proxy' not in kubeadm_init_phases_skip }}"
 
 # The lowest version allowed to upgrade from (same as calico_version in the previous branch)
-calico_min_version_required: "v3.19.4"
+calico_min_version_required: "3.27.0"
 
 containerd_min_version_required: "1.3.7"
 

roles/network_plugin/calico/tasks/check.yml

@@ -65,7 +65,7 @@
     - name: Assert that current calico version is enough for upgrade
       assert:
         that:
-          - calico_version_on_server.stdout is version(calico_min_version_required, '>=')
+          - calico_version_on_server.stdout.removeprefix('v') is version(calico_min_version_required, '>=')
         msg: >
           Your version of calico is not fresh enough for upgrade.
           Minimum version is {{ calico_min_version_required }} supported by the previous kubespray release.

roles/network_plugin/calico/tasks/install.yml

@@ -128,18 +128,18 @@
   block:
     - name: Calico | Check if extra directory is needed
       stat:
-        path: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/{{ 'kdd' if (calico_version is version('v3.22.3', '<')) else 'crd' }}"
+        path: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/{{ 'kdd' if (calico_version is version('3.22.3', '<')) else 'crd' }}"
       register: kdd_path
     - name: Calico | Set kdd path when calico < v3.22.3
       set_fact:
         calico_kdd_path: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds{{ '/kdd' if kdd_path.stat.exists is defined and kdd_path.stat.exists }}"
       when:
-        - calico_version is version('v3.22.3', '<')
+        - calico_version is version('3.22.3', '<')
-    - name: Calico | Set kdd path when calico > v3.22.2
+    - name: Calico | Set kdd path when calico > 3.22.2
       set_fact:
         calico_kdd_path: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds{{ '/crd' if kdd_path.stat.exists is defined and kdd_path.stat.exists }}"
       when:
-        - calico_version is version('v3.22.2', '>')
+        - calico_version is version('3.22.2', '>')
     - name: Calico | Create calico manifests for kdd
       assemble:
         src: "{{ calico_kdd_path }}"

roles/network_plugin/calico/tasks/peer_with_router.yml

@@ -97,10 +97,10 @@
         "asNumber": "{{ item.as }}",
         "node": "{{ inventory_hostname }}",
         "peerIP": "{{ item.router_id }}",
-        {% if calico_version is version('v3.26.0', '>=') and (item.filters | default([]) | length > 0) %}
+        {% if calico_version is version('3.26.0', '>=') and (item.filters | default([]) | length > 0) %}
         "filters": {{ item.filters }},
         {% endif %}
-        {% if calico_version is version('v3.23.0', '>=') and (item.numallowedlocalasnumbers | default(0) > 0) %}
+        {% if calico_version is version('3.23.0', '>=') and (item.numallowedlocalasnumbers | default(0) > 0) %}
         "numAllowedLocalASNumbers": {{ item.numallowedlocalasnumbers }},
         {% endif %}
         "sourceAddress": "{{ item.sourceaddress | default('UseNodeIP') }}"

roles/network_plugin/calico/templates/calico-apiserver.yml.j2

@@ -72,7 +72,7 @@ spec:
           initialDelaySeconds: 90
           periodSeconds: 10
         name: calico-apiserver
-{% if calico_version is version('v3.28.0', '>=') %}
+{% if calico_version is version('3.28.0', '>=') %}
         readinessProbe:
           httpGet:
             path: /readyz
@@ -184,7 +184,7 @@ rules:
   - create
   - update
   - delete
-{% if calico_version is version('v3.28.0', '>=') %}
+{% if calico_version is version('3.28.0', '>=') %}
 - apiGroups:
   - policy
   resourceNames:

roles/network_plugin/cilium/defaults/main.yml

@@ -11,7 +11,7 @@ cilium_enable_ipv6: "{{ ipv6_stack }}"
 cilium_l2announcements: false
 
 # Cilium agent health port
-cilium_agent_health_port: "{%- if cilium_version | regex_replace('v') is version('1.11.6', '>=') -%}9879{%- else -%}9876{%- endif -%}"
+cilium_agent_health_port: "{%- if cilium_version is version('1.11.6', '>=') -%}9879{%- else -%}9876{%- endif -%}"
 
 # Identity allocation mode selects how identities are shared between cilium
 # nodes by setting how they are stored. The options are "crd" or "kvstore".
@@ -307,9 +307,9 @@ cilium_rolling_restart_wait_retries_count: 30
 cilium_rolling_restart_wait_retries_delay_seconds: 10
 
 # Cilium changed the default metrics exporter ports in 1.12
-cilium_agent_scrape_port: "{{ cilium_version | regex_replace('v') is version('1.12', '>=') | ternary('9962', '9090') }}"
+cilium_agent_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9962', '9090') }}"
-cilium_operator_scrape_port: "{{ cilium_version | regex_replace('v') is version('1.12', '>=') | ternary('9963', '6942') }}"
+cilium_operator_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9963', '6942') }}"
-cilium_hubble_scrape_port: "{{ cilium_version | regex_replace('v') is version('1.12', '>=') | ternary('9965', '9091') }}"
+cilium_hubble_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9965', '9091') }}"
 
 # Cilium certgen args for generate certificate for hubble mTLS
 cilium_certgen_args:

roles/network_plugin/cilium/tasks/check.yml

@@ -48,9 +48,9 @@
     msg: "cilium_encryption_type must be either 'ipsec' or 'wireguard'"
   when: cilium_encryption_enabled
 
-- name: Stop if cilium_version is < v1.10.0
+- name: Stop if cilium_version is < 1.10.0
   assert:
-    that: cilium_version | regex_replace('v') is version(cilium_min_version_required, '>=')
+    that: cilium_version is version(cilium_min_version_required, '>=')
     msg: "cilium_version is too low. Minimum version {{ cilium_min_version_required }}"
 
 # TODO: Clean this task up when we drop backward compatibility support for `cilium_ipsec_enabled`

roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2

@@ -88,22 +88,22 @@ rules:
   - ciliumlocalredirectpolicies
   - ciliumlocalredirectpolicies/status
   - ciliumlocalredirectpolicies/finalizers
-{% if cilium_version | regex_replace('v') is version('1.11', '>=') %}
+{% if cilium_version is version('1.11', '>=') %}
   - ciliumendpointslices
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
+{% if cilium_version is version('1.12', '>=') %}
   - ciliumbgploadbalancerippools
   - ciliumloadbalancerippools
   - ciliumloadbalancerippools/status
   - ciliumbgppeeringpolicies
   - ciliumenvoyconfigs
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.15', '>=') %}
+{% if cilium_version is version('1.15', '>=') %}
   - ciliumbgppeerconfigs
   - ciliumbgpadvertisements
   - ciliumbgpnodeconfigs
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.16', '>=') %}
+{% if cilium_version is version('1.16', '>=') %}
   - ciliumbgpclusterconfigs
   - ciliumbgpclusterconfigs/status
   - ciliumbgpnodeconfigoverrides
@@ -134,7 +134,7 @@ rules:
   - create
   - get
   - update
-{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
+{% if cilium_version is version('1.12', '>=') %}
 - apiGroups:
   - apiextensions.k8s.io
   resources:
@@ -156,14 +156,14 @@ rules:
   - ciliumlocalredirectpolicies.cilium.io
   - ciliumnetworkpolicies.cilium.io
   - ciliumnodes.cilium.io
-{% if cilium_version | regex_replace('v') is version('1.14', '>=') %}
+{% if cilium_version is version('1.14', '>=') %}
   - ciliumnodeconfigs.cilium.io
   - ciliumcidrgroups.cilium.io
   - ciliuml2announcementpolicies.cilium.io
   - ciliumpodippools.cilium.io
   - ciliumloadbalancerippools.cilium.io
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.15', '>=') %}
+{% if cilium_version is version('1.15', '>=') %}
   - ciliumbgpclusterconfigs.cilium.io
   - ciliumbgppeerconfigs.cilium.io
   - ciliumbgpadvertisements.cilium.io

roles/network_plugin/cilium/templates/cilium/config.yml.j2

@@ -69,7 +69,7 @@ data:
   # custom-cni-conf to "true", otherwise Cilium may overwrite the configuration.
   custom-cni-conf: "false"
 
-{% if cilium_version | regex_replace('v') is version('1.14.0', '>=') %}
+{% if cilium_version is version('1.14.0', '>=') %}
   # Tell the agent to generate and write a CNI configuration file
   write-cni-conf-when-ready: /host/etc/cni/net.d/05-cilium.conflist
   cni-exclusive: "{{ cilium_cni_exclusive }}"
@@ -122,11 +122,11 @@ data:
   #   - disabled
   #   - vxlan (default)
   #   - geneve
-{% if cilium_version | regex_replace('v') is version('1.14.0', '<') %}
+{% if cilium_version is version('1.14.0', '<') %}
   tunnel: "{{ cilium_tunnel_mode }}"
-{% elif cilium_version | regex_replace('v') is version('1.14.0', '>=') and cilium_tunnel_mode == 'disabled' %}
+{% elif cilium_version is version('1.14.0', '>=') and cilium_tunnel_mode == 'disabled' %}
   routing-mode: 'native'
-{% elif cilium_version | regex_replace('v') is version('1.14.0', '>=') and cilium_tunnel_mode != 'disabled' %}
+{% elif cilium_version is version('1.14.0', '>=') and cilium_tunnel_mode != 'disabled' %}
   routing-mode: 'tunnel'
   tunnel-protocol: "{{ cilium_tunnel_mode }}"
 {% endif %}
@@ -162,7 +162,7 @@ data:
 
 # `wait-bpf-mount` is removed after v1.10.4
 # https://github.com/cilium/cilium/commit/d2217045cb3726a7f823174e086913b69b8090da
-{% if cilium_version | regex_replace('v') is version('1.10.4', '<') %}
+{% if cilium_version is version('1.10.4', '<') %}
   # wait-bpf-mount makes init container wait until bpf filesystem is mounted
   wait-bpf-mount: "false"
 {% endif %}
@@ -170,7 +170,7 @@ data:
 # `kube-proxy-replacement=partial|strict|disabled` is deprecated since january 2024 and unsupported in 1.16.
 # Replaced by `kube-proxy-replacement=true|false`
 # https://github.com/cilium/cilium/pull/31286
-{% if cilium_version | regex_replace('v') is version('1.16', '<') %}
+{% if cilium_version is version('1.16', '<') %}
   kube-proxy-replacement: "{{ cilium_kube_proxy_replacement }}"
 {% else %}
   kube-proxy-replacement: "{% if (cilium_kube_proxy_replacement == 'strict') or (cilium_kube_proxy_replacement | bool) or (cilium_kube_proxy_replacement | string | lower == 'true') %}true{% else %}false{% endif %}"
@@ -179,7 +179,7 @@ data:
 # `native-routing-cidr` is deprecated in 1.10, removed in 1.12.
 # Replaced by `ipv4-native-routing-cidr`
 # https://github.com/cilium/cilium/pull/16695
-{% if cilium_version | regex_replace('v') is version('1.12', '<') %}
+{% if cilium_version is version('1.12', '<') %}
   native-routing-cidr: "{{ cilium_native_routing_cidr }}"
 {% else %}
 {% if cilium_native_routing_cidr | length %}
@@ -253,7 +253,7 @@ data:
 
   agent-health-port: "{{ cilium_agent_health_port }}"
 
-{% if cilium_version | regex_replace('v') is version('1.11', '>=') and cilium_cgroup_host_root != '' %}
+{% if cilium_version is version('1.11', '>=') and cilium_cgroup_host_root != '' %}
   cgroup-root: "{{ cilium_cgroup_host_root }}"
 {% endif %}
 

roles/network_plugin/cilium/templates/cilium/cr.yml.j2

@@ -38,7 +38,7 @@ rules:
   - secrets
   verbs:
   - get
-{% if cilium_version | regex_replace('v') is version('1.12', '<') %}
+{% if cilium_version is version('1.12', '<') %}
 - apiGroups:
   - ""
   resources:
@@ -98,17 +98,17 @@ rules:
   - ciliumlocalredirectpolicies
   - ciliumlocalredirectpolicies/status
   - ciliumegressnatpolicies
-{% if cilium_version | regex_replace('v') is version('1.11', '>=') %}
+{% if cilium_version is version('1.11', '>=') %}
   - ciliumendpointslices
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
+{% if cilium_version is version('1.12', '>=') %}
   - ciliumbgploadbalancerippools
   - ciliumbgppeeringpolicies
-{% if cilium_version | regex_replace('v') is version('1.13', '>=') %}
+{% if cilium_version is version('1.13', '>=') %}
   - ciliumloadbalancerippools
 {% endif %}
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.11.5', '<') %}
+{% if cilium_version is version('1.11.5', '<') %}
   - ciliumnetworkpolicies/finalizers
   - ciliumclusterwidenetworkpolicies/finalizers
   - ciliumendpoints/finalizers
@@ -116,21 +116,21 @@ rules:
   - ciliumidentities/finalizers
   - ciliumlocalredirectpolicies/finalizers
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.14', '>=') %}
+{% if cilium_version is version('1.14', '>=') %}
   - ciliuml2announcementpolicies/status
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.15', '>=') %}
+{% if cilium_version is version('1.15', '>=') %}
   - ciliumbgpnodeconfigs
   - ciliumbgpnodeconfigs/status
   - ciliumbgpadvertisements
   - ciliumbgppeerconfigs
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.16', '>=') %}
+{% if cilium_version is version('1.16', '>=') %}
   - ciliumbgpclusterconfigs
 {% endif %}
   verbs:
   - '*'
-{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
+{% if cilium_version is version('1.12', '>=') %}
 - apiGroups:
   - cilium.io
   resources:
@@ -141,7 +141,7 @@ rules:
   - list
   - watch
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.14', '>=') %}
+{% if cilium_version is version('1.14', '>=') %}
 - apiGroups:
   - cilium.io
   resources:
@@ -153,7 +153,6 @@ rules:
   verbs:
   - list
   - watch
-{% if cilium_version %}
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -165,4 +164,3 @@ rules:
   - list
   - delete
 {% endif %}
-{% endif %}

roles/network_plugin/cilium/templates/cilium/ds.yml.j2

@@ -106,13 +106,13 @@ spec:
         - {{ env_var | to_nice_yaml(indent=2) | indent(10) }}
 {% endfor %}
         lifecycle:
-{% if cilium_version | regex_replace('v') is version('1.14', '<') %}
+{% if cilium_version is version('1.14', '<') %}
           postStart:
             exec:
               command:
               - "/cni-install.sh"
               - "--cni-exclusive={{ cilium_cni_exclusive | string | lower }}"
-{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
+{% if cilium_version is version('1.12', '>=') %}
               - "--enable-debug={{ cilium_debug | string | lower }}"
               - "--log-file={{ cilium_cni_log_file }}"
 {% endif %}
@@ -151,7 +151,7 @@ spec:
           mountPropagation: Bidirectional
         - name: cilium-run
           mountPath: /var/run/cilium
-{% if cilium_version | regex_replace('v') is version('1.13.1', '<') %}
+{% if cilium_version is version('1.13.1', '<') %}
         - name: cni-path
           mountPath: /host/opt/cni/bin
 {% endif %}
@@ -201,7 +201,7 @@ spec:
 {% endif %}
       hostNetwork: true
       initContainers:
-{% if cilium_version | regex_replace('v') is version('1.11', '>=') and cilium_cgroup_auto_mount %}
+{% if cilium_version is version('1.11', '>=') and cilium_cgroup_auto_mount %}
       - name: mount-cgroup
         image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
         imagePullPolicy: {{ k8s_image_pull_policy }}
@@ -230,7 +230,7 @@ spec:
         securityContext:
           privileged: true
 {% endif %}
-{% if cilium_version | regex_replace('v') is version('1.11.7', '>=') %}
+{% if cilium_version is version('1.11.7', '>=') %}
       - name: apply-sysctl-overwrites
         image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
         imagePullPolicy: {{ k8s_image_pull_policy }}
@@ -277,7 +277,7 @@ spec:
               optional: true
 # Removed in 1.11 and up.
 # https://github.com/cilium/cilium/commit/f7a3f59fd74983c600bfce9cac364b76d20849d9
-{% if cilium_version | regex_replace('v') is version('1.11', '<') %}
+{% if cilium_version is version('1.11', '<') %}
         - name: CILIUM_WAIT_BPF_MOUNT
           valueFrom:
             configMapKeyRef:
@@ -296,7 +296,7 @@ spec:
         volumeMounts:
         - name: bpf-maps
           mountPath: /sys/fs/bpf
-{% if cilium_version | regex_replace('v') is version('1.11', '>=') %}
+{% if cilium_version is version('1.11', '>=') %}
           # Required to mount cgroup filesystem from the host to cilium agent pod
         - name: cilium-cgroup
           mountPath: {{ cilium_cgroup_host_root }}
@@ -308,7 +308,7 @@ spec:
           requests:
             cpu: 100m
             memory: 100Mi
-{% if cilium_version | regex_replace('v') is version('1.13.1', '>=') %}
+{% if cilium_version is version('1.13.1', '>=') %}
       # Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent
       - name: install-cni-binaries
         image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
@@ -356,7 +356,7 @@ spec:
         hostPath:
           path: /sys/fs/bpf
           type: DirectoryOrCreate
-{% if cilium_version | regex_replace('v') is version('1.11', '>=') %}
+{% if cilium_version is version('1.11', '>=') %}
       # To mount cgroup2 filesystem on the host
       - name: hostproc
         hostPath:

scripts/Dockerfile.j2

@@ -35,8 +35,8 @@ RUN --mount=type=bind,source=requirements.txt,target=requirements.txt \
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 RUN OS_ARCHITECTURE=$(dpkg --print-architecture) \
-    && curl -L "https://dl.k8s.io/release/{{ kube_version }}/bin/linux/${OS_ARCHITECTURE}/kubectl" -o /usr/local/bin/kubectl \
+    && curl -L "https://dl.k8s.io/release/v{{ kube_version }}/bin/linux/${OS_ARCHITECTURE}/kubectl" -o /usr/local/bin/kubectl \
-    && echo "$(curl -L "https://dl.k8s.io/release/{{ kube_version }}/bin/linux/${OS_ARCHITECTURE}/kubectl.sha256")" /usr/local/bin/kubectl | sha256sum --check \
+    && echo "$(curl -L "https://dl.k8s.io/release/v{{ kube_version }}/bin/linux/${OS_ARCHITECTURE}/kubectl.sha256")" /usr/local/bin/kubectl | sha256sum --check \
     && chmod a+x /usr/local/bin/kubectl
 
 COPY *.yml ./

scripts/pipeline.Dockerfile.j2

@@ -47,8 +47,8 @@ RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \
     && pip install --no-compile --no-cache-dir pip -U \
     && pip install --no-compile --no-cache-dir -r tests/requirements.txt \
     && pip install --no-compile --no-cache-dir -r requirements.txt \
-    && curl -L https://dl.k8s.io/release/{{ kube_version }}/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
+    && curl -L https://dl.k8s.io/release/v{{ kube_version }}/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
-    && echo $(curl -L https://dl.k8s.io/release/{{ kube_version }}/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
+    && echo $(curl -L https://dl.k8s.io/release/v{{ kube_version }}/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
     && chmod a+x /usr/local/bin/kubectl \
     # Install Vagrant
     && curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \