diff --git a/playbooks/install_etcd.yml b/playbooks/install_etcd.yml
index 9bd13dfcd6e..07735a28139 100644
--- a/playbooks/install_etcd.yml
+++ b/playbooks/install_etcd.yml
@@ -1,20 +1,21 @@
 ---
-- name: Install etcd
-  hosts: etcd:kube_control_plane
-  gather_facts: False
-  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
-  environment: "{{ proxy_disable_env }}"
+- name: Add worker nodes to the etcd play if needed
+  hosts: k8s_node
   roles:
     - { role: kubespray-defaults }
-    - role: etcd
+  tasks:
+    - name: Check if nodes needs etcd client certs (depends on network_plugin)
+      group_by:
+        key: "_kubespray_needs_etcd"
+      when:
+        - kube_network_plugin in ["flannel", "canal", "cilium"] or
+          (cilium_deploy_additionnaly | default(false)) or
+          (kube_network_plugin == "calico" and calico_datastore == "etcd")
+        - etcd_deployment_type != "kubeadm"
       tags: etcd
-      vars:
-        etcd_cluster_setup: true
-        etcd_events_cluster_setup: "{{ etcd_events_cluster_enabled }}"
-      when: etcd_deployment_type != "kubeadm"
 
-- name: Install etcd certs on nodes if required
-  hosts: k8s_cluster
+- name: Install etcd
+  hosts: etcd:kube_control_plane:_kubespray_needs_etcd
   gather_facts: False
   any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
   environment: "{{ proxy_disable_env }}"
@@ -23,9 +24,6 @@
     - role: etcd
       tags: etcd
       vars:
-        etcd_cluster_setup: false
-        etcd_events_cluster_setup: false
-      when:
-        - etcd_deployment_type != "kubeadm"
-        - kube_network_plugin in ["calico", "flannel", "canal", "cilium"] or cilium_deploy_additionally | default(false) | bool
-        - kube_network_plugin != "calico" or calico_datastore == "etcd"
+        etcd_cluster_setup: true
+        etcd_events_cluster_setup: "{{ etcd_events_cluster_enabled }}"
+      when: etcd_deployment_type != "kubeadm"