diff --git a/CHANGELOG.md b/CHANGELOG.md
index a1953fa..9e439a9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,17 @@
 # Changelog
 
+## 27.1.0+1.32.9
+
+- **UPDATE**
+  - update `k8s_ctl_release` to `1.32.9`
+
+- **OTHER CHANGES**
+  - fix for Ansible 2.19 in `kube-apiserver.service.j2`: remove `cluster_hosts()` macro and adjust `combine k8s_apiserver_settings and k8s_apiserver_settings_user` task accordingly
+  - `defaults/main.yml`: `k8s_ctl_api_endpoint_host`/`k8s_admin_api_endpoint_host` - simplify the complex default variables for endpoint hosts to avoid nested template construction
+
+- **MOLECULE**
+  - install `python3-kubernetes` package instead `kubernetes` Pip in `prepare.yml`
+
 ## 27.0.0+1.32.8
 
 - **BREAKING**
diff --git a/README.md b/README.md
index 9c8a47a..f8ddec3 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ This role is used in [Kubernetes the not so hard way with Ansible - Control plan
 
 ## Versions
 
-I tag every release and try to stay with [semantic versioning](http://semver.org). If you want to use the role I recommend to checkout the latest tag. The master branch is basically development while the tags mark stable releases. But in general I try to keep master in good shape too. A tag `27.0.0+1.32.8` means this is release `27.0.0` of this role and it's meant to be used with Kubernetes version `1.32.8` (but should work with any K8s 1.32.x release of course). If the role itself changes `X.Y.Z` before `+` will increase. If the Kubernetes version changes `X.Y.Z` after `+` will increase too. This allows to tag bugfixes and new major versions of the role while it's still developed for a specific Kubernetes release. That's especially useful for Kubernetes major releases with breaking changes.
+I tag every release and try to stay with [semantic versioning](http://semver.org). If you want to use the role I recommend to checkout the latest tag. The master branch is basically development while the tags mark stable releases. But in general I try to keep master in good shape too. A tag `27.1.0+1.32.9` means this is release `27.1.0` of this role and it's meant to be used with Kubernetes version `1.32.9` (but should work with any K8s 1.32.x release of course). If the role itself changes `X.Y.Z` before `+` will increase. If the Kubernetes version changes `X.Y.Z` after `+` will increase too. This allows to tag bugfixes and new major versions of the role while it's still developed for a specific Kubernetes release. That's especially useful for Kubernetes major releases with breaking changes.
 
 ## Requirements
 
@@ -74,7 +74,7 @@ See full [CHANGELOG.md](https://github.com/githubixx/ansible-role-kubernetes-con
 roles:
   - name: githubixx.kubernetes_controller
     src: https://github.com/githubixx/ansible-role-kubernetes-controller.git
-    version: 27.0.0+1.32.8
+    version: 27.1.0+1.32.9
 ```
 
 ## Role (default) variables
@@ -104,7 +104,7 @@ k8s_ctl_pki_dir: "{{ k8s_ctl_conf_dir }}/pki"
 k8s_ctl_bin_dir: "/usr/local/bin"
 
 # The Kubernetes release.
-k8s_ctl_release: "1.32.8"
+k8s_ctl_release: "1.32.9"
 
 # The interface on which the Kubernetes services should listen on. As all cluster
 # communication should use a VPN interface the interface name is
diff --git a/defaults/main.yml b/defaults/main.yml
index f5ecfa2..53cf064 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -23,7 +23,7 @@ k8s_ctl_pki_dir: "{{ k8s_ctl_conf_dir }}/pki"
 k8s_ctl_bin_dir: "/usr/local/bin"
 
 # The Kubernetes release.
-k8s_ctl_release: "1.32.8"
+k8s_ctl_release: "1.32.9"
 
 # The interface on which the Kubernetes services should listen on. As all cluster
 # communication should use a VPN interface the interface name is
@@ -113,7 +113,7 @@ k8s_ctl_delegate_to: "127.0.0.1"
 # variable of https://github.com/githubixx/ansible-role-kubernetes-ca
 # role). If it's not specified you'll get certificate errors in the
 # logs of the services mentioned above.
-k8s_ctl_api_endpoint_host: "{% set controller_host = groups['k8s_controller'][0] %}{{ hostvars[controller_host]['ansible_' + hostvars[controller_host]['k8s_interface']].ipv4.address }}"
+k8s_ctl_api_endpoint_host: "{{ hostvars[groups['k8s_controller'] | first]['ansible_' + hostvars[groups['k8s_controller'] | first]['k8s_interface']].ipv4.address }}"
 
 # As above just for the port. It specifies on which port the
 # Kubernetes API servers are listening. Again if there is a loadbalancer
@@ -178,7 +178,7 @@ k8s_admin_conf_group: "root"
 #
 # Besides that basically the same comments as for "k8s_ctl_api_endpoint_host"
 # variable apply.
-k8s_admin_api_endpoint_host: "{% set controller_host = groups['k8s_controller'][0] %}{{ hostvars[controller_host]['ansible_' + hostvars[controller_host]['k8s_interface']].ipv4.address }}"
+k8s_admin_api_endpoint_host: "{{ hostvars[groups['k8s_controller'] | first]['ansible_' + hostvars[groups['k8s_controller'] | first]['k8s_interface']].ipv4.address }}"
 
 # As above just for the port.
 k8s_admin_api_endpoint_port: "6443"
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
index 2ab0d81..187b9eb 100644
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@@ -85,8 +85,8 @@
           - python3-pip
 
     - name: Install kubernetes Python package
-      ansible.builtin.pip:
-        name: kubernetes
+      ansible.builtin.package:
+        name: python3-kubernetes
         state: present
 
 - name: Setup HAProxy
diff --git a/tasks/main.yml b/tasks/main.yml
index bd35de2..4466381 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -203,7 +203,9 @@
 
 - name: Combine k8s_apiserver_settings and k8s_apiserver_settings_user (if defined)
   ansible.builtin.set_fact:
-    k8s_apiserver_settings: "{{ k8s_apiserver_settings | combine(k8s_apiserver_settings_user | default({})) }}"
+    k8s_apiserver_settings: "{{ k8s_apiserver_settings | combine(k8s_apiserver_settings_user | default({})) | combine({'etcd-servers': k8s_ctl__etcd_servers}) }}"
+  vars:
+    k8s_ctl__etcd_servers: "{% for host in groups['k8s_etcd'] %}https://{{ hostvars[host]['ansible_' + k8s_ctl_etcd_interface].ipv4.address }}:{{ k8s_ctl_etcd_client_port }}{% if not loop.last %},{% endif %}{% endfor %}"
   tags:
     - k8s-controller
 
diff --git a/templates/etc/systemd/system/kube-apiserver.service.j2 b/templates/etc/systemd/system/kube-apiserver.service.j2
index 3bda8a8..ee2f7f6 100644
--- a/templates/etc/systemd/system/kube-apiserver.service.j2
+++ b/templates/etc/systemd/system/kube-apiserver.service.j2
@@ -1,12 +1,4 @@
 #jinja2: trim_blocks:False
-{%- macro cluster_hosts() -%}
-{%- for host in groups['k8s_etcd'] -%}
-https://{{ hostvars[host]['ansible_' + k8s_ctl_etcd_interface].ipv4.address }}:{{ k8s_ctl_etcd_client_port }}{% if not loop.last %},{% endif %}
-{%- endfor -%}
-{%- endmacro -%}
-
-{%- set x=k8s_apiserver_settings.__setitem__('etcd-servers',cluster_hosts()) -%}
-
 [Unit]
 Description=Kubernetes API Server
 Documentation=https://github.com/GoogleCloudPlatform/kubernetes