diff --git a/ezdown b/ezdown
index 6f9aa01..dcb5fc9 100755
--- a/ezdown
+++ b/ezdown
@@ -20,29 +20,29 @@ K8S_BIN_VER=v1.31.2
 # https://github.com/easzlab/dockerfile-kubeasz-ext-bin
 EXT_BIN_VER=1.11.1
 # https://github.com/easzlab/dockerfile-kubeasz-sys-pkg
-SYS_PKG_VER=1.0.1
-HARBOR_VER=v2.10.2
+SYS_PKG_VER=1.0.2
+HARBOR_VER=v2.11.1
 REGISTRY_MIRROR=CN
 
 # images downloaded by default(with 'ezdown -D')
 # https://github.com/projectcalico/calico
 calicoVer=v3.28.2
 # https://github.com/coredns/coredns
-corednsVer=1.11.1
+corednsVer=1.11.3
 # https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/
-dnsNodeCacheVer=1.22.28
+dnsNodeCacheVer=1.23.1
 dashboardVer=v2.7.0
 dashboardMetricsScraperVer=v1.0.8
 # https://github.com/kubernetes-sigs/metrics-server
-metricsVer=v0.7.1
-pauseVer=3.9
+metricsVer=v0.7.2
+pauseVer=3.10
 
 # images not downloaded by default(only download  with 'ezdown -X ***')
 # https://github.com/cilium/cilium
 # https://docs.cilium.io/en/stable/installation/k8s-install-helm/
 ciliumVer=1.15.5
 # https://github.com/flannel-io/flannel
-flannelVer=v0.22.2
+flannelVer=v0.26.0
 # https://github.com/cloudnativelabs/kube-router
 kubeRouterVer=v1.5.4
 # https://github.com/kubeovn/kube-ovn
@@ -454,15 +454,15 @@ function get_extra_images() {
     flannel)
       if [[ ! -f "$imageDir/flannel_$flannelVer.tar" ]];then
         docker pull "flannel/flannel:$flannelVer" && \
-        docker pull "flannel/flannel-cni-plugin:v1.2.0" && \
-        docker save -o "$imageDir/flannel_$flannelVer.tar" "flannel/flannel:$flannelVer" "flannel/flannel-cni-plugin:v1.2.0"
+        docker pull "flannel/flannel-cni-plugin:v1.5.1-flannel2" && \
+        docker save -o "$imageDir/flannel_$flannelVer.tar" "flannel/flannel:$flannelVer" "flannel/flannel-cni-plugin:v1.5.1-flannel2"
       else
         docker load -i "$imageDir/flannel_$flannelVer.tar"
       fi
       docker tag "flannel/flannel:$flannelVer" "easzlab.io.local:5000/flannel/flannel:$flannelVer"
       docker push "easzlab.io.local:5000/flannel/flannel:$flannelVer"
-      docker tag "flannel/flannel-cni-plugin:v1.2.0" "easzlab.io.local:5000/flannel/flannel-cni-plugin:v1.2.0"
-      docker push "easzlab.io.local:5000/flannel/flannel-cni-plugin:v1.2.0"
+      docker tag "flannel/flannel-cni-plugin:v1.5.1-flannel2" "easzlab.io.local:5000/flannel/flannel-cni-plugin:v1.5.1-flannel2"
+      docker push "easzlab.io.local:5000/flannel/flannel-cni-plugin:v1.5.1-flannel2"
       ;;
 
     # kubeapps images
diff --git a/roles/cluster-addon/templates/dns/coredns.yaml.j2 b/roles/cluster-addon/templates/dns/coredns.yaml.j2
index df8a747..c191c03 100644
--- a/roles/cluster-addon/templates/dns/coredns.yaml.j2
+++ b/roles/cluster-addon/templates/dns/coredns.yaml.j2
@@ -1,3 +1,5 @@
+# https://github.com/kubernetes/kubernetes/blob/v1.31.2/cluster/addons/dns/coredns/coredns.yaml.base
+
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -25,12 +27,6 @@ rules:
   verbs:
   - list
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - nodes
-  verbs:
-  - get
 - apiGroups:
   - discovery.k8s.io
   resources:
@@ -137,7 +133,7 @@ spec:
         imagePullPolicy: IfNotPresent
         resources:
           limits:
-            memory: 300Mi
+            memory: 500Mi
           requests:
             cpu: 100m
             memory: 70Mi
@@ -176,7 +172,7 @@ spec:
             add:
             - NET_BIND_SERVICE
             drop:
-            - all
+            - ALL
           readOnlyRootFilesystem: true
       dnsPolicy: Default
       volumes:
diff --git a/roles/cluster-addon/templates/dns/nodelocaldns-iptables.yaml.j2 b/roles/cluster-addon/templates/dns/nodelocaldns-iptables.yaml.j2
index ff60cc1..00e983e 100644
--- a/roles/cluster-addon/templates/dns/nodelocaldns-iptables.yaml.j2
+++ b/roles/cluster-addon/templates/dns/nodelocaldns-iptables.yaml.j2
@@ -58,7 +58,7 @@ data:
         errors
         cache {
                 success 9984 30
-                denial 9984 5
+                denial 9984 15
         }
         reload
         loop
diff --git a/roles/cluster-addon/templates/dns/nodelocaldns-ipvs.yaml.j2 b/roles/cluster-addon/templates/dns/nodelocaldns-ipvs.yaml.j2
index 1448874..695e134 100644
--- a/roles/cluster-addon/templates/dns/nodelocaldns-ipvs.yaml.j2
+++ b/roles/cluster-addon/templates/dns/nodelocaldns-ipvs.yaml.j2
@@ -58,7 +58,7 @@ data:
         errors
         cache {
                 success 9984 30
-                denial 9984 5
+                denial 9984 15
         }
         reload
         loop
diff --git a/roles/flannel/templates/kube-flannel.yaml.j2 b/roles/flannel/templates/kube-flannel.yaml.j2
index 18f0904..0035012 100644
--- a/roles/flannel/templates/kube-flannel.yaml.j2
+++ b/roles/flannel/templates/kube-flannel.yaml.j2
@@ -1,3 +1,4 @@
+# https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -172,7 +173,7 @@ spec:
         - /opt/cni/bin/flannel
         command:
         - cp
-        image: easzlab.io.local:5000/flannel/flannel-cni-plugin:v1.2.0
+        image: easzlab.io.local:5000/flannel/flannel-cni-plugin:v1.5.1-flannel2
         name: install-cni-plugin
         volumeMounts:
         - mountPath: /opt/cni/bin