diff --git a/ezdown b/ezdown
index 65941c91f..3ab1eda66 100755
--- a/ezdown
+++ b/ezdown
@@ -32,7 +32,7 @@ pauseVer=3.9
 
 # images not downloaded by default(only download  with '-X')
 ciliumVer=1.13.2
-flannelVer=v0.19.2
+flannelVer=v0.21.4
 nfsProvisionerVer=v4.0.2
 promChartVer=39.11.0
 
@@ -390,16 +390,16 @@ function get_extra_images() {
 
   # flannel
   if [[ ! -f "$imageDir/flannel_$flannelVer.tar" ]];then
-    docker pull "rancher/mirrored-flannelcni-flannel:$flannelVer" && \
-    docker pull "rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.0" && \
-    docker save -o "$imageDir/flannel_$flannelVer.tar" "rancher/mirrored-flannelcni-flannel:$flannelVer" "rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.0"
+    docker pull "flannel/flannel:$flannelVer" && \
+    docker pull "flannel/flannel-cni-plugin:v1.1.2" && \
+    docker save -o "$imageDir/flannel_$flannelVer.tar" "flannel/flannel:$flannelVer" "flannel/flannel-cni-plugin:v1.1.2"
   else
     docker load -i "$imageDir/flannel_$flannelVer.tar"
   fi
-  docker tag "rancher/mirrored-flannelcni-flannel:$flannelVer" "easzlab.io.local:5000/flannelcni/flannel:$flannelVer"
-  docker push "easzlab.io.local:5000/flannelcni/flannel:$flannelVer"
-  docker tag "rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.0" "easzlab.io.local:5000/flannelcni/flannel-cni-plugin:v1.1.0"
-  docker push "easzlab.io.local:5000/flannelcni/flannel-cni-plugin:v1.1.0"
+  docker tag "flannel/flannel:$flannelVer" "easzlab.io.local:5000/flannel/flannel:$flannelVer"
+  docker push "easzlab.io.local:5000/flannel/flannel:$flannelVer"
+  docker tag "flannel/flannel-cni-plugin:v1.1.2" "easzlab.io.local:5000/flannel/flannel-cni-plugin:v1.1.2"
+  docker push "easzlab.io.local:5000/flannel/flannel-cni-plugin:v1.1.2"
 
   # nfs-provisioner
   if [[ ! -f "$imageDir/nfs-provisioner_$nfsProvisionerVer.tar" ]];then
diff --git a/roles/flannel/templates/kube-flannel.yaml.j2 b/roles/flannel/templates/kube-flannel.yaml.j2
index df75c4359..72e93406b 100644
--- a/roles/flannel/templates/kube-flannel.yaml.j2
+++ b/roles/flannel/templates/kube-flannel.yaml.j2
@@ -1,7 +1,17 @@
 ---
-kind: ClusterRole
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    k8s-app: flannel
+  name: flannel
+  namespace: kube-system
+---
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
+  labels:
+    k8s-app: flannel
   name: flannel
 rules:
 - apiGroups:
@@ -15,6 +25,7 @@ rules:
   resources:
   - nodes
   verbs:
+  - get
   - list
   - watch
 - apiGroups:
@@ -23,10 +34,19 @@ rules:
   - nodes/status
   verbs:
   - patch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - clustercidrs
+  verbs:
+  - list
+  - watch
 ---
-kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
+  labels:
+    k8s-app: flannel
   name: flannel
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -38,19 +58,6 @@ subjects:
   namespace: kube-system
 ---
 apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: flannel
-  namespace: kube-system
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: kube-flannel-cfg
-  namespace: kube-system
-  labels:
-    tier: node
-    app: flannel
 data:
   cni-conf.json: |
     {
@@ -82,24 +89,35 @@ data:
         "Type": "{{ FLANNEL_BACKEND }}"
       }
     }
+kind: ConfigMap
+metadata:
+  labels:
+    app: flannel
+    k8s-app: flannel
+    tier: node
+  name: kube-flannel-cfg
+  namespace: kube-system
 ---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  name: kube-flannel-ds
-  namespace: kube-system
   labels:
-    tier: node
     app: flannel
+    k8s-app: flannel
+    tier: node
+  name: kube-flannel-ds
+  namespace: kube-system
 spec:
   selector:
     matchLabels:
       app: flannel
+      k8s-app: flannel
   template:
     metadata:
       labels:
-        tier: node
         app: flannel
+        k8s-app: flannel
+        tier: node
     spec:
       affinity:
         nodeAffinity:
@@ -110,56 +128,12 @@ spec:
                 operator: In
                 values:
                 - linux
-      hostNetwork: true
-      priorityClassName: system-node-critical
-      tolerations:
-      - operator: Exists
-        effect: NoSchedule
-      serviceAccountName: flannel
-      initContainers:
-      - name: install-cni-plugin
-        image: easzlab.io.local:5000/flannelcni/flannel-cni-plugin:v1.1.0
-        command:
-        - cp
-        args:
-        - -f
-        - /flannel
-        - /opt/cni/bin/flannel
-        volumeMounts:
-        - name: cni-plugin
-          mountPath: /opt/cni/bin
-      - name: install-cni
-        image: easzlab.io.local:5000/flannelcni/flannel:{{ flannel_ver }} 
-        command:
-        - cp
-        args:
-        - -f
-        - /etc/kube-flannel/cni-conf.json
-        - /etc/cni/net.d/10-flannel.conflist
-        volumeMounts:
-        - name: cni
-          mountPath: /etc/cni/net.d
-        - name: flannel-cfg
-          mountPath: /etc/kube-flannel/
       containers:
-      - name: kube-flannel
-        image: easzlab.io.local:5000/flannelcni/flannel:{{ flannel_ver }}
-        command:
-        - /opt/bin/flanneld
-        args:
+      - args:
         - --ip-masq
         - --kube-subnet-mgr
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "50Mi"
-          limits:
-            cpu: "100m"
-            memory: "50Mi"
-        securityContext:
-          privileged: false
-          capabilities:
-            add: ["NET_ADMIN", "NET_RAW"]
+        command:
+        - /opt/bin/flanneld
         env:
         - name: POD_NAME
           valueFrom:
@@ -171,27 +145,70 @@ spec:
               fieldPath: metadata.namespace
         - name: EVENT_QUEUE_DEPTH
           value: "5000"
+        image: easzlab.io.local:5000/flannel/flannel:{{ flannel_ver }}
+        name: kube-flannel
+        resources:
+          requests:
+            cpu: 100m
+            memory: 50Mi
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+          privileged: false
         volumeMounts:
-        - name: run
-          mountPath: /run/flannel
-        - name: flannel-cfg
-          mountPath: /etc/kube-flannel/
-        - name: xtables-lock
-          mountPath: /run/xtables.lock
+        - mountPath: /run/flannel
+          name: run
+        - mountPath: /etc/kube-flannel/
+          name: flannel-cfg
+        - mountPath: /run/xtables.lock
+          name: xtables-lock
+      hostNetwork: true
+      initContainers:
+      - args:
+        - -f
+        - /flannel
+        - /opt/cni/bin/flannel
+        command:
+        - cp
+        image: easzlab.io.local:5000/flannel/flannel-cni-plugin:v1.1.2
+        name: install-cni-plugin
+        volumeMounts:
+        - mountPath: /opt/cni/bin
+          name: cni-plugin
+      - args:
+        - -f
+        - /etc/kube-flannel/cni-conf.json
+        - /etc/cni/net.d/10-flannel.conflist
+        command:
+        - cp
+        image: easzlab.io.local:5000/flannel/flannel:{{ flannel_ver }}
+        name: install-cni
+        volumeMounts:
+        - mountPath: /etc/cni/net.d
+          name: cni
+        - mountPath: /etc/kube-flannel/
+          name: flannel-cfg
+      priorityClassName: system-node-critical
+      serviceAccountName: flannel
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
       volumes:
-      - name: run
-        hostPath:
+      - hostPath:
           path: /run/flannel
-      - name: cni-plugin
-        hostPath:
-          path: /opt/cni/bin 
-      - name: cni
-        hostPath:
+        name: run
+      - hostPath:
+          path: /opt/cni/bin
+        name: cni-plugin
+      - hostPath:
           path: /etc/cni/net.d
-      - name: flannel-cfg
-        configMap:
+        name: cni
+      - configMap:
           name: kube-flannel-cfg
-      - name: xtables-lock
-        hostPath:
+        name: flannel-cfg
+      - hostPath:
           path: /run/xtables.lock
           type: FileOrCreate
+        name: xtables-lock