diff --git a/roles/deploy/defaults/main.yml b/roles/deploy/defaults/main.yml
index 7107b25..b6e13b1 100644
--- a/roles/deploy/defaults/main.yml
+++ b/roles/deploy/defaults/main.yml
@@ -1,4 +1,9 @@
+# CA 证书相关参数
+CA_EXPIRY: "876000h"
+CERT_EXPIRY: "438000h"
+
 # kubeconfig 配置参数
 CLUSTER_NAME: "cluster1"
 USER_NAME: "user1"
 CONTEXT_NAME: "context1"
+
diff --git a/roles/deploy/templates/ca-config.json.j2 b/roles/deploy/templates/ca-config.json.j2
index 9f84cd3..f558359 100644
--- a/roles/deploy/templates/ca-config.json.j2
+++ b/roles/deploy/templates/ca-config.json.j2
@@ -1,7 +1,7 @@
 {
   "signing": {
     "default": {
-      "expiry": "87600h"
+      "expiry": "{{ CERT_EXPIRY }}"
     },
     "profiles": {
       "kubernetes": {
@@ -11,7 +11,7 @@
             "server auth",
             "client auth"
         ],
-        "expiry": "87600h"
+        "expiry": "{{ CERT_EXPIRY }}"
       }
     }
   }
diff --git a/roles/deploy/templates/ca-csr.json.j2 b/roles/deploy/templates/ca-csr.json.j2
index f91944a..7a257c6 100644
--- a/roles/deploy/templates/ca-csr.json.j2
+++ b/roles/deploy/templates/ca-csr.json.j2
@@ -14,6 +14,6 @@
     }
   ],
   "ca": {
-    "expiry": "131400h"
+    "expiry": "{{ CA_EXPIRY }}"
   }
 }
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 872a17a..81ef3e1 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -18,7 +18,6 @@
   with_items:
   - ca.pem
   - ca-key.pem
-  - ca.csr
   - ca-config.json
   delegate_to: "{{ groups.deploy[0] }}"
 
diff --git a/roles/harbor/tasks/main.yml b/roles/harbor/tasks/main.yml
index 4edb900..4ea8266 100644
--- a/roles/harbor/tasks/main.yml
+++ b/roles/harbor/tasks/main.yml
@@ -29,7 +29,6 @@
       with_items:
       - ca.pem
       - ca-key.pem
-      - ca.csr
       - ca-config.json
       delegate_to: "{{ groups.deploy[0] }}"
     
diff --git a/roles/kube-master/tasks/main.yml b/roles/kube-master/tasks/main.yml
index cc4de65..1d1ff6b 100644
--- a/roles/kube-master/tasks/main.yml
+++ b/roles/kube-master/tasks/main.yml
@@ -13,7 +13,6 @@
   - admin-key.pem
   - ca.pem
   - ca-key.pem
-  - ca.csr
   - ca-config.json
   delegate_to: "{{ groups.deploy[0] }}"
 
diff --git a/roles/kube-node/tasks/main.yml b/roles/kube-node/tasks/main.yml
index d40a229..0146506 100644
--- a/roles/kube-node/tasks/main.yml
+++ b/roles/kube-node/tasks/main.yml
@@ -44,7 +44,6 @@
   with_items:
   - ca.pem
   - ca-key.pem
-  - ca.csr
   - ca-config.json
   delegate_to: "{{ groups.deploy[0] }}"