diff --git a/down/offline_images b/down/offline_images
index a1b9601..3231639 100644
--- a/down/offline_images
+++ b/down/offline_images
@@ -10,15 +10,17 @@ mirrorgooglecontainers/metrics-server-amd64:v0.2.1
 calico/node:v3.1.3
 calico/cni:v3.1.3
 calico/kube-controllers:v3.1.3
+# cilium 网络插件
+cilium/cilium:v1.1.2
 # flannel 网络插件
 jmgao1983/flannel:v0.10.0-amd64
 # kube-router 网络插件
 cloudnativelabs/kube-router:v0.2.0-beta.9
-busybox:1.28.4
 # dashboard 插件
 mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.8.3
 # pause 基础容器镜像
 mirrorgooglecontainers/pause-amd64:3.1
+busybox:1.28.4
 # traefik ingress 镜像
 traefik:v1.6
 # heapster 插件
diff --git a/manifests/storage/test.yaml b/manifests/storage/test.yaml
index 0618c06..c1c361e 100644
--- a/manifests/storage/test.yaml
+++ b/manifests/storage/test.yaml
@@ -18,7 +18,7 @@ metadata:
 spec:
   containers:
   - name: test
-    image: busybox
+    image: busybox:1.28.4
     imagePullPolicy: IfNotPresent
     command:
       - "/bin/sh"
diff --git a/roles/calico/tasks/main.yml b/roles/calico/tasks/main.yml
index e47ba09..23a2a86 100644
--- a/roles/calico/tasks/main.yml
+++ b/roles/calico/tasks/main.yml
@@ -16,12 +16,18 @@
         -config={{ ca_dir }}/ca-config.json \
         -profile=kubernetes calico-csr.json | {{ bin_dir }}/cfssljson -bare calico"
 
+- name: get calico-etcd-secrets info
+  shell: "{{ bin_dir }}/kubectl get secrets -n kube-system"
+  register: secrets_info
+  run_once: true
+
 - name: 创建 calico-etcd-secrets
   shell: "cd /etc/calico/ssl && \
         {{ bin_dir }}/kubectl create secret generic -n kube-system calico-etcd-secrets \
         --from-file=etcd-ca={{ ca_dir }}/ca.pem \
         --from-file=etcd-key=calico-key.pem \
         --from-file=etcd-cert=calico.pem"
+  when: '"calico-etcd-secrets" not in secrets_info.stdout'
   ignore_errors: true
   run_once: true
 
@@ -45,14 +51,11 @@
 
 # 如果目录下有离线镜像，就把它导入到node节点上
 - name: 导入 calico的离线镜像（若执行失败，可忽略）
-  shell: "{{ bin_dir }}/docker load -i /opt/kube/images/{{ calico_offline }}"
-  when: 'calico_offline in image_info.stdout'
-  ignore_errors: true
-
-# 如果目录下有离线镜像，就把它导入到node节点上
-- name: 导入 pause的离线镜像（若执行失败，可忽略）
-  shell: "{{ bin_dir }}/docker load -i /opt/kube/images/pause_3.1.tar"
-  when: '"pause_3" in image_info.stdout'
+  shell: "{{ bin_dir }}/docker load -i /opt/kube/images/{{ item }}"
+  when: 'item in image_info.stdout'
+  with_items:
+  - "pause_3.1.tar"
+  - "{{ calico_offline }}"
   ignore_errors: true
 
 # 只需单节点执行一次
diff --git a/roles/cilium/tasks/main.yml b/roles/cilium/tasks/main.yml
index 112ac36..55e7640 100644
--- a/roles/cilium/tasks/main.yml
+++ b/roles/cilium/tasks/main.yml
@@ -24,12 +24,18 @@
         -config={{ ca_dir }}/ca-config.json \
         -profile=kubernetes cilium-csr.json | {{ bin_dir }}/cfssljson -bare cilium"
 
+- name: get cilium-etcd-secrets info
+  shell: "{{ bin_dir }}/kubectl get secrets -n kube-system"
+  register: secrets_info
+  run_once: true
+
 - name: 创建 cilium-etcd-secrets
   shell: "cd /etc/cilium/ssl && \
 	{{ bin_dir }}/kubectl create secret generic -n kube-system cilium-etcd-secrets \
 	--from-file=etcd-ca={{ ca_dir }}/ca.pem \
 	--from-file=etcd-client-key=cilium-key.pem \
 	--from-file=etcd-client-crt=cilium.pem"
+  when: '"cilium-etcd-secrets" not in secrets_info.stdout'
   ignore_errors: true
   run_once: true
 
@@ -52,18 +58,12 @@
 
 # 如果目录下有离线镜像，就把它导入到node节点上
 - name: 导入 cilium的离线镜像（若执行失败，可忽略）
-  shell: "{{ bin_dir }}/docker load -i /opt/kube/images/{{ cilium_offline }}"
-  when: 'cilium_offline in image_info.stdout'
-  ignore_errors: true
-
-- name: 导入 busybox的离线镜像（若执行失败，可忽略）
-  shell: "{{ bin_dir }}/docker load -i /opt/kube/images/{{ busybox_offline }}"
-  when: 'busybox_offline in image_info.stdout'
-  ignore_errors: true
-
-- name: 导入 pause的离线镜像（若执行失败，可忽略）
-  shell: "{{ bin_dir }}/docker load -i /opt/kube/images/pause_3.1.tar"
-  when: '"pause_3" in image_info.stdout'
+  shell: "{{ bin_dir }}/docker load -i /opt/kube/images/{{ item }}"
+  when: 'item in image_info.stdout'
+  with_items:
+  - "pause_3.1.tar"
+  - "{{ cilium_offline }}"
+  - "{{ busybox_offline }}"
   ignore_errors: true
 
 # 只需单节点执行一次
diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index 63ba289..a3412d3 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -31,14 +31,11 @@
 
 # 如果目录下有离线镜像，就把它导入到node节点上
 - name: 导入 flannel的离线镜像（若执行失败，可忽略）
-  shell: "{{ bin_dir }}/docker load -i /opt/kube/images/{{ flannel_offline }}"
-  when: 'flannel_offline in image_info.stdout'
-  ignore_errors: true
-
-# 如果目录下有离线镜像，就把它导入到node节点上
-- name: 导入 pause的离线镜像（若执行失败，可忽略）
-  shell: "{{ bin_dir }}/docker load -i /opt/kube/images/pause_3.1.tar"
-  when: '"pause_3" in image_info.stdout'
+  shell: "{{ bin_dir }}/docker load -i /opt/kube/images/{{ item }}"
+  when: 'item in image_info.stdout'
+  with_items:
+  - "pause_3.1.tar"
+  - "{{ flannel_offline }}"
   ignore_errors: true
 
 # 只需单节点执行一次