diff --git a/.gitlab-ci/terraform.yml b/.gitlab-ci/terraform.yml
index d96704a46..57c0f4b4e 100644
--- a/.gitlab-ci/terraform.yml
+++ b/.gitlab-ci/terraform.yml
@@ -93,7 +93,6 @@ tf-elastx_ubuntu20-calico:
   extends: .terraform_apply
   stage: deploy-part1
   when: on_success
-  allow_failure: true
   variables:
     <<: *elastx_variables
     PROVIDER: openstack
diff --git a/roles/etcd/templates/openssl.conf.j2 b/roles/etcd/templates/openssl.conf.j2
index 4186aaa5e..9e99086fd 100644
--- a/roles/etcd/templates/openssl.conf.j2
+++ b/roles/etcd/templates/openssl.conf.j2
@@ -39,16 +39,12 @@ DNS.{{ counter["dns"] }} = {{ apiserver_loadbalancer_domain_name }}{{ increment(
 DNS.{{ counter["dns"] }} = {{ etcd_alt_name }}{{ increment(counter, 'dns') }}
 {% endfor %}
 {% for host in groups['etcd'] %}
-{% if hostvars[host]['access_ip'] is defined  %}
-IP.{{ counter["ip"] }} = {{ hostvars[host]['access_ip'] }}{{ increment(counter, 'ip') }}
-{% endif %}
-{% if hostvars[host]['access_ip6'] is defined  %}
-IP.{{ counter["ip"] }} = {{ hostvars[host]['access_ip6'] }}{{ increment(counter, 'ip') }}
-{% endif %}
-{% if ipv6_stack  %}
-IP.{{ counter["ip"] }} = {{ hostvars[host]['ip6'] | default(hostvars[host]['fallback_ip6']) }}{{ increment(counter, 'ip') }}
-{% endif %}
-IP.{{ counter["ip"] }} = {{ hostvars[host]['main_ip'] }}{{ increment(counter, 'ip') }}
+{% for address in hostvars[host]['main_access_ips'] %}
+IP.{{ counter["ip"] }} = {{ address }}{{ increment(counter, 'ip') }}
+{% endfor %}
+{% for address in hostvars[host]['main_ips'] %}
+IP.{{ counter["ip"] }} = {{ address }}{{ increment(counter, 'ip') }}
+{% endfor %}
 {% endfor %}
 {% for cert_alt_ip in etcd_cert_alt_ips %}
 IP.{{ counter["ip"] }} = {{ cert_alt_ip }}{{ increment(counter, 'ip') }}
diff --git a/roles/kubernetes/control-plane/tasks/check-api.yml b/roles/kubernetes/control-plane/tasks/check-api.yml
index 592bcec22..daf5f16e4 100644
--- a/roles/kubernetes/control-plane/tasks/check-api.yml
+++ b/roles/kubernetes/control-plane/tasks/check-api.yml
@@ -1,7 +1,7 @@
 ---
 - name: Kubeadm | Check api is up
   uri:
-    url: "https://{{ ip | default(fallback_ip) }}:{{ kube_apiserver_port }}/healthz"
+    url: "https://{{ main_ip | ansible.utils.ipwrap }}:{{ kube_apiserver_port }}/healthz"
     validate_certs: false
   when: ('kube_control_plane' in group_names)
   register: _result
diff --git a/roles/network_facts/tasks/main.yaml b/roles/network_facts/tasks/main.yaml
index 829b509f7..2460a982e 100644
--- a/roles/network_facts/tasks/main.yaml
+++ b/roles/network_facts/tasks/main.yaml
@@ -3,54 +3,36 @@
   tags:
     - always
   block:
-    - name: Gather ansible_default_ipv4
+    - name: Gather node IPs
       setup:
-        gather_subset: '!all,network'
-        filter: "ansible_default_ipv4"
-      when: ansible_default_ipv4 is not defined
+        gather_subset: '!all,!min,network'
+        filter: "ansible_default_ip*"
+      when: ansible_default_ipv4 is not defined or ansible_default_ipv6 is not defined
       ignore_unreachable: true
-      # Set 127.0.0.1 as fallback IP if we do not have host facts for host
-      # ansible_default_ipv4 isn't what you think.
-      # https://medium.com/opsops/ansible-default-ipv4-is-not-what-you-think-edb8ab154b10
-      # TODO: discard this and update all the location relying on it in "looping on hostvars" templates
-    - name: Set fallback_ip
-      set_fact:
+
+    - name: Set computed IPs varables
+      vars:
         fallback_ip: "{{ ansible_default_ipv4.address | d('127.0.0.1') }}"
-      when: fallback_ip is not defined
-
-    - name: Gather ansible_default_ipv6
-      setup:
-        gather_subset: '!all,network'
-        filter: "ansible_default_ipv6"
-      when: ansible_default_ipv6 is not defined
-      ignore_unreachable: true
-    - name: Set fallback_ip6
-      set_fact:
         fallback_ip6: "{{ ansible_default_ipv6.address | d('::1') }}"
-      when: fallback_ip6 is not defined
-
-    - name: Set main access ip(access_ip based on ipv4_stack/ipv6_stack options).
+        # Set 127.0.0.1 as fallback IP if we do not have host facts for host
+        # ansible_default_ipv4 isn't what you think.
+        _ipv4: "{{ ip | default(fallback_ip) }}"
+        _access_ipv4: "{{ access_ip | default(_ipv4) }}"
+        _ipv6: "{{ ip6 | default(fallback_ip6) }}"
+        _access_ipv6: "{{ access_ip6 | default(_ipv6) }}"
+        _access_ips:
+          - "{{ _access_ipv4 if ipv4_stack }}"
+          - "{{ _access_ipv6 if ipv6_stack }}"
+        _ips:
+          - "{{ _ipv4 if ipv4_stack }}"
+          - "{{ _ipv6 if ipv6_stack }}"
       set_fact:
         cacheable: true
-        main_access_ip: >-
-          {%- if ipv4_stack -%}
-          {{ access_ip | default(ip | default(fallback_ip)) }}
-          {%- else -%}
-          {{ access_ip6 | default(ip6 | default(fallback_ip6)) }}
-          {%- endif -%}
-
-    - name: Set main ip(ip based on ipv4_stack/ipv6_stack options).
-      set_fact:
-        cacheable: true
-        main_ip: "{{ (ip | default(fallback_ip)) if ipv4_stack else (ip6 | default(fallback_ip6)) }}"
-
-    - name: Set main access ips(mixed ips for dualstack).
-      set_fact:
-        main_access_ips: ["{{ (main_access_ip + ',' + (access_ip6 | default(ip6 | default(fallback_ip6)))) if (ipv4_stack and ipv6_stack) else main_access_ip }}"]
-
-    - name: Set main ips(mixed ips for dualstack).
-      set_fact:
-        main_ips: ["{{ (main_ip + ',' + (ip6 | default(fallback_ip6))) if (ipv4_stack and ipv6_stack) else main_ip }}"]
+        main_access_ip: "{{ _access_ipv4 if ipv4_stack else _access_ipv6 }}"
+        main_ip: "{{ _ipv4 if ipv4_stack else _ipv6  }}"
+        # Mixed IPs - for dualstack
+        main_access_ips: "{{ _access_ips | select }}"
+        main_ips: "{{ _ips | select }}"
 
     - name: Set no_proxy
       import_tasks: no_proxy.yml