diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
index c3686f7cd929a0cddf6ff1509d517e8f664e54d9..e55e90a5957d6762a52b067ca9db1d5a7ecfa87f 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
@@ -40,7 +40,6 @@ spec:
             requests:
               cpu: {{ calico_policy_controller_cpu_requests }}
               memory: {{ calico_policy_controller_memory_requests }}
-{% if calico_version is version('v3.19.0', '>=') %}
           livenessProbe:
             exec:
               command:
@@ -49,7 +48,6 @@ spec:
             periodSeconds: 10
             initialDelaySeconds: 10
             failureThreshold: 6
-{% endif %}
           readinessProbe:
             exec:
               command:
diff --git a/roles/kubernetes-apps/policy_controller/meta/main.yml b/roles/kubernetes-apps/policy_controller/meta/main.yml
index 5a3a489f70ebc5833bfdce6f7375c7e246eeae4f..a1050cc197ca67242f844432d30996b3cbe80858 100644
--- a/roles/kubernetes-apps/policy_controller/meta/main.yml
+++ b/roles/kubernetes-apps/policy_controller/meta/main.yml
@@ -4,13 +4,13 @@ dependencies:
     when:
       - kube_network_plugin == 'calico'
       - enable_network_policy
-      - calico_datastore != "kdd" or calico_policy_version is version('v3.6.0', '>=')
+      - calico_datastore != "kdd"
     tags:
       - policy-controller
 
   - role: policy_controller/calico
     when:
       - kube_network_plugin == 'canal'
-      - calico_datastore != "kdd" or calico_policy_version is version('v3.6.0', '>=')
+      - calico_datastore != "kdd"
     tags:
       - policy-controller
diff --git a/roles/kubespray-defaults/vars/main.yml b/roles/kubespray-defaults/vars/main.yml
index a6157d2f8ca1a3ac64b79a9194aee8a6767985d1..c79edf50b38c6a841ccd37ae8180978cdfa68e00 100644
--- a/roles/kubespray-defaults/vars/main.yml
+++ b/roles/kubespray-defaults/vars/main.yml
@@ -4,6 +4,6 @@
 kube_proxy_deployed: "{{ 'addon/kube-proxy' not in kubeadm_init_phases_skip }}"
 
 # The lowest version allowed to upgrade from (same as calico_version in the previous branch)
-calico_min_version_required: "v3.17.5"
+calico_min_version_required: "v3.19.4"
 
 containerd_min_version_required: "1.3.7"
diff --git a/roles/network_plugin/calico/templates/calico-cr.yml.j2 b/roles/network_plugin/calico/templates/calico-cr.yml.j2
index 826f441005301cecb0b082eadf6f1525167025c7..0149badd6ede702e3825963e4ab4b689fe8c0c2b 100644
--- a/roles/network_plugin/calico/templates/calico-cr.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-cr.yml.j2
@@ -13,7 +13,6 @@ rules:
       - configmaps
     verbs:
       - get
-{% if calico_version is version("v3.20.0", ">=") %}
   # EndpointSlices are used for Service-based network policy rule
   # enforcement.
   - apiGroups: ["discovery.k8s.io"]
@@ -22,7 +21,6 @@ rules:
     verbs:
       - watch
       - list
-{% endif %}
   - apiGroups: [""]
     resources:
       - endpoints
diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index 489fccd60ab5632584d6fad98a4d796558ba235f..cc461516b1f811765f2077ae984ba75f1409655c 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -310,14 +310,12 @@ spec:
             requests:
               cpu: {{ calico_node_cpu_requests }}
               memory: {{ calico_node_memory_requests }}
-{% if calico_version is version('v3.21.0', '>=') %}
           lifecycle:
             preStop:
               exec:
                 command:
                 - /bin/calico-node
                 - -shutdown
-{% endif %}
           livenessProbe:
             exec:
               command:
diff --git a/roles/network_plugin/calico/templates/calicoctl.etcd.sh.j2 b/roles/network_plugin/calico/templates/calicoctl.etcd.sh.j2
index 2dbdfa1243686bcc3ad08facc1bb5909dab1d2b7..fcde4a5e35edd3cc8cfa407a5d22fd09dafedae6 100644
--- a/roles/network_plugin/calico/templates/calicoctl.etcd.sh.j2
+++ b/roles/network_plugin/calico/templates/calicoctl.etcd.sh.j2
@@ -3,4 +3,4 @@ ETCD_ENDPOINTS={{ etcd_access_addresses }} \
 ETCD_CA_CERT_FILE={{ calico_cert_dir }}/ca_cert.crt \
 ETCD_CERT_FILE={{ calico_cert_dir }}/cert.crt \
 ETCD_KEY_FILE={{ calico_cert_dir }}/key.pem \
-{{ bin_dir }}/calicoctl {% if calico_version is version('v3.20.0', '>=') %}--allow-version-mismatch{% endif %} "$@"
+{{ bin_dir }}/calicoctl --allow-version-mismatch "$@"
diff --git a/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2 b/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2
index 3af5bed1a0fdc1f77e222f21c057b54d3e471084..ef89f3986cf4e7eb1faf2c38bf76732f74125cc8 100644
--- a/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2
+++ b/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2
@@ -5,4 +5,4 @@ KUBECONFIG=/etc/kubernetes/admin.conf \
 {% else %}
 KUBECONFIG=/etc/cni/net.d/calico-kubeconfig \
 {% endif %}
-{{ bin_dir }}/calicoctl {% if calico_version is version('v3.20.0', '>=') %}--allow-version-mismatch{% endif %} "$@"
+{{ bin_dir }}/calicoctl --allow-version-mismatch "$@"