diff --git a/roles/cluster-addon/tasks/main.yml b/roles/cluster-addon/tasks/main.yml
index 3dbeb74..5d1a939 100644
--- a/roles/cluster-addon/tasks/main.yml
+++ b/roles/cluster-addon/tasks/main.yml
@@ -3,15 +3,6 @@
   register: pod_info
   tags: force_change_certs
 
-- name: 注册变量 DNS_SVC_IP
-  shell: echo {{ SERVICE_CIDR }}|cut -d/ -f1|awk -F. '{print $1"."$2"."$3"."$4+2}'
-  register: DNS_SVC_IP
-
-- name: 设置变量 CLUSTER_DNS_SVC_IP
-  set_fact: CLUSTER_DNS_SVC_IP={{ DNS_SVC_IP.stdout }}
-
-- debug: var="CLUSTER_DNS_SVC_IP"
-
 - import_tasks: coredns.yml
   when: '"coredns" not in pod_info.stdout or CHANGE_CA|bool'
 
diff --git a/roles/cluster-addon/vars/main.yml b/roles/cluster-addon/vars/main.yml
index d6c93d3..f2a995c 100644
--- a/roles/cluster-addon/vars/main.yml
+++ b/roles/cluster-addon/vars/main.yml
@@ -1 +1,4 @@
 # default values
+
+# coredns 服务地址，根据SERVICE_CIDR 设置，默认选择网段第二个地址
+CLUSTER_DNS_SVC_IP: "{{ SERVICE_CIDR.split('.')[0] }}.{{ SERVICE_CIDR.split('.')[1] }}.{{ SERVICE_CIDR.split('.')[2] }}.{{ SERVICE_CIDR.split('.')[3]|int + 2 }}"
diff --git a/roles/kube-master/tasks/main.yml b/roles/kube-master/tasks/main.yml
index 893f0d1..0c16726 100644
--- a/roles/kube-master/tasks/main.yml
+++ b/roles/kube-master/tasks/main.yml
@@ -14,15 +14,6 @@
   - kube-scheduler.kubeconfig
   tags: force_change_certs 
 
-- name: 注册变量 KUBERNETES_SVC_IP
-  shell: echo {{ SERVICE_CIDR }}|cut -d/ -f1|awk -F. '{print $1"."$2"."$3"."$4+1}'
-  register: KUBERNETES_SVC_IP
-  tags: change_cert, force_change_certs
-
-- name: 设置变量 CLUSTER_KUBERNETES_SVC_IP
-  set_fact: CLUSTER_KUBERNETES_SVC_IP={{ KUBERNETES_SVC_IP.stdout }}
-  tags: change_cert, force_change_certs
-
 - name: 创建 kubernetes 证书签名请求
   template: src=kubernetes-csr.json.j2 dest={{ cluster_dir }}/ssl/kubernetes-csr.json
   tags: change_cert, force_change_certs
diff --git a/roles/kube-master/vars/main.yml b/roles/kube-master/vars/main.yml
index da3d3b8..06a8065 100644
--- a/roles/kube-master/vars/main.yml
+++ b/roles/kube-master/vars/main.yml
@@ -1,3 +1,6 @@
 # etcd 集群服务地址列表, 根据etcd组成员自动生成
 TMP_ENDPOINTS: "{% for h in groups['etcd'] %}https://{{ h }}:2379,{% endfor %}"
 ETCD_ENDPOINTS: "{{ TMP_ENDPOINTS.rstrip(',') }}"
+
+# kubernetes.default.svc 地址根据SERVICE_CIDR 设置为网段的第一个地址
+CLUSTER_KUBERNETES_SVC_IP: "{{ SERVICE_CIDR.split('.')[0] }}.{{ SERVICE_CIDR.split('.')[1] }}.{{ SERVICE_CIDR.split('.')[2] }}.{{ SERVICE_CIDR.split('.')[3]|int + 1 }}"
diff --git a/roles/kube-node/tasks/main.yml b/roles/kube-node/tasks/main.yml
index 40784f3..234f8ee 100644
--- a/roles/kube-node/tasks/main.yml
+++ b/roles/kube-node/tasks/main.yml
@@ -23,13 +23,6 @@
 - name: 准备 cni配置文件
   template: src=cni-default.conf.j2 dest=/etc/cni/net.d/10-default.conf
 
-- name: 注册变量 DNS_SVC_IP
-  shell: echo {{ SERVICE_CIDR }}|cut -d/ -f1|awk -F. '{print $1"."$2"."$3"."$4+2}'
-  register: DNS_SVC_IP
-
-- name: 设置变量 CLUSTER_DNS_SVC_IP
-  set_fact: CLUSTER_DNS_SVC_IP={{ DNS_SVC_IP.stdout }}
-
 - name: 创建kubelet的配置文件
   template: src=kubelet-config.yaml.j2 dest=/var/lib/kubelet/config.yaml
   tags: upgrade_k8s, restart_node
diff --git a/roles/kube-node/vars/main.yml b/roles/kube-node/vars/main.yml
index b6ca52f..0ce653f 100644
--- a/roles/kube-node/vars/main.yml
+++ b/roles/kube-node/vars/main.yml
@@ -3,3 +3,6 @@ KUBE_APISERVER: "https://127.0.0.1:{{ SECURE_PORT }}"
 
 # cgroup driver
 CGROUP_DRIVER: "systemd"
+
+# coredns 服务地址，根据SERVICE_CIDR 设置，默认选择网段第二个地址
+CLUSTER_DNS_SVC_IP: "{{ SERVICE_CIDR.split('.')[0] }}.{{ SERVICE_CIDR.split('.')[1] }}.{{ SERVICE_CIDR.split('.')[2] }}.{{ SERVICE_CIDR.split('.')[3]|int + 2 }}"