diff --git a/roles/cluster-addon/defaults/main.yml b/roles/cluster-addon/defaults/main.yml
index e109346..cc1d77a 100644
--- a/roles/cluster-addon/defaults/main.yml
+++ b/roles/cluster-addon/defaults/main.yml
@@ -1,8 +1,10 @@
 # dns 自动安装，可选"coredns"和“kubedns”
 dns_install: "yes"
 dns_backend: "coredns"
-kubedns_offline: "kubedns_1.14.13.tar"
-coredns_offline: "coredns_1.2.6.tar"
+kubednsVer: "1.14.13"
+corednsVer: "1.5.0"
+kubedns_offline: "kubedns_{{ kubednsVer }}.tar"
+coredns_offline: "coredns_{{ corednsVer }}.tar"
 dns_offline: "{%- if dns_backend == 'coredns' -%} \
                 {{ coredns_offline }} \
               {%- else -%} \
@@ -11,27 +13,33 @@ dns_offline: "{%- if dns_backend == 'coredns' -%} \
 
 # metric server 自动安装
 metricsserver_install: "yes"
-metricsserver_offline: "metrics-server_v0.3.1.tar"
+metricsVer: "v0.3.2"
+metricsserver_offline: "metrics-server_{{ metricsVer }}.tar"
 
 # dashboard 自动安装
 dashboard_install: "yes"
-dashboard_offline: "dashboard_v1.10.1.tar"
+dashboardVer: "v1.10.1"
+dashboard_offline: "dashboard_{{ dashboardVer }}.tar"
 
 # ingress 自动安装，可选 "traefik" 和 "nginx-ingress"
 ingress_install: "no"
 ingress_backend: "traefik"
-traefik_offline: "traefik_v1.7.4.tar"
-nginx_ingress_offline: "nginx_ingress_0.21.0.tar"
+traefikVer: "v1.7.4"
+nginxingVer: "0.21.0"
+traefik_offline: "traefik_{{ traefikVer }}.tar"
+nginx_ingress_offline: "nginx_ingress_{{ nginxingVer }}.tar"
 
 # heapster 自动安装
 heapster_install: "no"
-heapster_offline: "heapster_v1.5.4.tar"
+heapsterVer: "v1.5.4"
+heapster_offline: "heapster_{{ heapsterVer }}.tar"
 
 # metallb 自动安装
 metallb_install: "no"
+metallbVer: "v0.7.3"
 # 模式选择: 二层 "layer2" 或者三层 "bgp"
 metallb_protocol: "layer2"
-metallb_offline: "metallb_v0.7.3.tar"
+metallb_offline: "metallb_{{ metallbVer }}.tar"
 metallb_vip_pool: "192.168.1.240/29"
 
 # efk 自动安装
diff --git a/roles/cluster-addon/templates/coredns.yaml.j2 b/roles/cluster-addon/templates/coredns.yaml.j2
index bc22cee..c6e34e7 100644
--- a/roles/cluster-addon/templates/coredns.yaml.j2
+++ b/roles/cluster-addon/templates/coredns.yaml.j2
@@ -1,20 +1,14 @@
-# __MACHINE_GENERATED_WARNING__
-
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: coredns
   namespace: kube-system
-  labels:
-      kubernetes.io/cluster-service: "true"
-      addonmanager.kubernetes.io/mode: Reconcile
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
     kubernetes.io/bootstrapping: rbac-defaults
-    addonmanager.kubernetes.io/mode: Reconcile
   name: system:coredns
 rules:
 - apiGroups:
@@ -41,7 +35,6 @@ metadata:
     rbac.authorization.kubernetes.io/autoupdate: "true"
   labels:
     kubernetes.io/bootstrapping: rbac-defaults
-    addonmanager.kubernetes.io/mode: EnsureExists
   name: system:coredns
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -57,17 +50,15 @@ kind: ConfigMap
 metadata:
   name: coredns
   namespace: kube-system
-  labels:
-      addonmanager.kubernetes.io/mode: EnsureExists
 data:
   Corefile: |
     .:53 {
         errors
         health
+        ready
         kubernetes {{ CLUSTER_DNS_DOMAIN }} in-addr.arpa ip6.arpa {
-            pods insecure
-            upstream
-            fallthrough in-addr.arpa ip6.arpa
+          pods insecure
+          fallthrough in-addr.arpa ip6.arpa
         }
         prometheus :9153
         forward . /etc/resolv.conf
@@ -84,8 +75,6 @@ metadata:
   namespace: kube-system
   labels:
     k8s-app: kube-dns
-    kubernetes.io/cluster-service: "true"
-    addonmanager.kubernetes.io/mode: Reconcile
     kubernetes.io/name: "CoreDNS"
 spec:
   replicas: 2
@@ -100,8 +89,6 @@ spec:
     metadata:
       labels:
         k8s-app: kube-dns
-      annotations:
-        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
     spec:
       priorityClassName: system-cluster-critical
       serviceAccountName: coredns
@@ -112,7 +99,7 @@ spec:
         beta.kubernetes.io/os: linux
       containers:
       - name: coredns
-        image: coredns/coredns:1.4.0
+        image: coredns/coredns:{{ corednsVer }}
         imagePullPolicy: IfNotPresent
         resources:
           limits:
@@ -135,6 +122,14 @@ spec:
         - containerPort: 9153
           name: metrics
           protocol: TCP
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - all
+          readOnlyRootFilesystem: true
         livenessProbe:
           httpGet:
             path: /health
@@ -146,17 +141,9 @@ spec:
           failureThreshold: 5
         readinessProbe:
           httpGet:
-            path: /health
-            port: 8080
+            path: /ready
+            port: 8181
             scheme: HTTP
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            add:
-            - NET_BIND_SERVICE
-            drop:
-            - all
-          readOnlyRootFilesystem: true
       dnsPolicy: Default
       volumes:
         - name: config-volume
@@ -177,7 +164,6 @@ metadata:
   labels:
     k8s-app: kube-dns
     kubernetes.io/cluster-service: "true"
-    addonmanager.kubernetes.io/mode: Reconcile
     kubernetes.io/name: "CoreDNS"
 spec:
   selector: