diff --git a/extraconfig/nova_metadata/krb-service-principals/role.role.j2.yaml b/extraconfig/nova_metadata/krb-service-principals/role.role.j2.yaml
index a101972eab..d8789f4eac 100644
--- a/extraconfig/nova_metadata/krb-service-principals/role.role.j2.yaml
+++ b/extraconfig/nova_metadata/krb-service-principals/role.role.j2.yaml
@@ -60,7 +60,7 @@ resources:
             role_data: {get_param: RoleData}
             role_networks:
               - ctlplane
-{%- for network in networks if network.vip|default(false) and network.name in role.networks %}
+{%- for network in networks if network.name in role.networks %}
   {%- if network.service_net_map_replace is defined %}
               - {{network.service_net_map_replace}}
   {%- else %}
diff --git a/releasenotes/notes/fix-krb-service-principals-do-not-filter-on-vip-in-jinja-c8f996ffed94d3cd.yaml b/releasenotes/notes/fix-krb-service-principals-do-not-filter-on-vip-in-jinja-c8f996ffed94d3cd.yaml
new file mode 100644
index 0000000000..aff47683d8
--- /dev/null
+++ b/releasenotes/notes/fix-krb-service-principals-do-not-filter-on-vip-in-jinja-c8f996ffed94d3cd.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixes an issue where filtering of networks for kerberos service principals
+    was too aggressive, causing deployment failure. See bug `1854846
+    <https://bugs.launchpad.net/tripleo/+bug/1854846>`_.
+