diff --git a/builtin/roles/install/kubernetes/defaults/main.yaml b/builtin/roles/install/kubernetes/defaults/main.yaml
index 2055a0028..0157fff05 100644
--- a/builtin/roles/install/kubernetes/defaults/main.yaml
+++ b/builtin/roles/install/kubernetes/defaults/main.yaml
@@ -19,7 +19,7 @@ kubernetes:
     service_cidr: 10.233.0.0/18
     dns_image: "{{ k8s_registry }}/coredns/coredns:v1.8.6"
     dns_cache_image: "{{ dockerio_registry }}/kubesphere/k8s-dns-node-cache:1.22.20"
-    dns_service_ip: "{{ kubernetes.networking.service_cidr|ip_range|slice:':3'|last }}"
+    dns_service_ip: "{{ kubernetes.networking.service_cidr|ip_range:2 }}"
   # Specify a stable IP address or DNS name for the control plane.
 #  control_plane_endpoint: lb.kubesphere.local
   apiserver:
diff --git a/builtin/roles/install/kubernetes/tasks/deploy_cluster_dns.yaml b/builtin/roles/install/kubernetes/tasks/deploy_cluster_dns.yaml
index 67ea871e4..8ed126327 100644
--- a/builtin/roles/install/kubernetes/tasks/deploy_cluster_dns.yaml
+++ b/builtin/roles/install/kubernetes/tasks/deploy_cluster_dns.yaml
@@ -9,15 +9,11 @@
     kubectl delete svc kube-dns -n kube-system
     kubectl apply -f /etc/kubernetes/coredns.yaml
 
-- name: Get cluster api
-  command: |
-    /usr/local/bin/kubectl get svc -n kube-system coredns -o jsonpath='{.spec.clusterIP}'
-  register: core_dns_ip
-
 - name: Generate nodelocaldns deployment
   template:
-    src: dns/coredns.deployment
+    src: dns/nodelocaldns.daemonset
     dest: /etc/kubernetes/nodelocaldns.yaml
 
 - name: Apply coredns deployment
-  command: "kubectl apply -f /etc/kubernetes/nodelocaldns.yaml"
+  command: |
+    kubectl apply -f /etc/kubernetes/nodelocaldns.yaml
diff --git a/builtin/roles/install/kubernetes/templates/dns/nodelocaldns.daemonset b/builtin/roles/install/kubernetes/templates/dns/nodelocaldns.daemonset
index ddfa774d6..6fa29496e 100644
--- a/builtin/roles/install/kubernetes/templates/dns/nodelocaldns.daemonset
+++ b/builtin/roles/install/kubernetes/templates/dns/nodelocaldns.daemonset
@@ -90,13 +90,6 @@ spec:
         - name: config-volume
           configMap:
             name: nodelocaldns
-            items:
-            - key: Corefile
-              path: Corefile
-{{- if .DNSEtcHosts }}
-            - key: hosts
-              path: hosts
-{{ end }}
         - name: xtables-lock
           hostPath:
             path: /run/xtables.lock
@@ -117,7 +110,6 @@ metadata:
   namespace: kube-system
   labels:
     addonmanager.kubernetes.io/mode: EnsureExists
-
 data:
   Corefile: |
 {% for ez in kubernetes.coredns.external_zones %}
@@ -187,7 +179,7 @@ data:
         reload
         loop
         bind 169.254.25.10
-        forward . {% if (core_dns_ip.stdout!='') %}core_dns_ip.stdout{% else %}{{ kubernetes.networking.service_cidr|ip_range|slice:":3"|last }}{% endif %} {
+        forward . {{ kubernetes.networking.dns_service_ip }} {
             force_tcp
         }
         prometheus :9253
@@ -199,7 +191,7 @@ data:
         reload
         loop
         bind 169.254.25.10
-        forward . {% if (core_dns_ip.stdout!='') %}core_dns_ip.stdout{% else %}{{ kubernetes.networking.service_cidr|ip_range|slice:":3"|last }}{% endif %} {
+        forward . {{ kubernetes.networking.dns_service_ip }} {
             force_tcp
         }
         prometheus :9253
@@ -210,7 +202,7 @@ data:
         reload
         loop
         bind 169.254.25.10
-        forward . {% if (core_dns_ip.stdout!='') %}core_dns_ip.stdout{% else %}{{ kubernetes.networking.service_cidr|ip_range|slice:":3"|last }}{% endif %} {
+        forward . {{ kubernetes.networking.dns_service_ip }} {
             force_tcp
         }
         prometheus :9253
diff --git a/builtin/roles/install/kubernetes/templates/kubeadm/kubeadm-init.v1beta2 b/builtin/roles/install/kubernetes/templates/kubeadm/kubeadm-init.v1beta2
index c7cb76d56..f4f8ce5ba 100644
--- a/builtin/roles/install/kubernetes/templates/kubeadm/kubeadm-init.v1beta2
+++ b/builtin/roles/install/kubernetes/templates/kubeadm/kubeadm-init.v1beta2
@@ -60,7 +60,7 @@ apiServer:
     - kubernetes.default.svc
     - localhost
     - 127.0.0.1
-    - {{ kubernetes.networking.service_cidr|ip_range|slice:":1"|last }}
+    - {{ kubernetes.networking.service_cidr|ip_range:0 }}
     - {%if kubernetes.control_plane_endpoint %}{{ kubernetes.control_plane_endpoint }}{% else %}{{ init_kubernetes_node }}{% endif %}
     - {%if kubernetes.control_plane_endpoint %}{{ kubernetes.control_plane_endpoint|stringformat:"kubernetes.default.svc.%s" }}{% else %}{{ init_kubernetes_node|stringformat:"kubernetes.default.svc.%s" }}{% endif %}
     - {{ kubernetes.networking.dns_domain|stringformat:"kubernetes.default.svc.%s" }}
diff --git a/builtin/roles/install/kubernetes/templates/kubeadm/kubeadm-init.v1beta3 b/builtin/roles/install/kubernetes/templates/kubeadm/kubeadm-init.v1beta3
index a37eed3b7..38b82b15a 100644
--- a/builtin/roles/install/kubernetes/templates/kubeadm/kubeadm-init.v1beta3
+++ b/builtin/roles/install/kubernetes/templates/kubeadm/kubeadm-init.v1beta3
@@ -59,7 +59,7 @@ apiServer:
     - kubernetes.default.svc
     - localhost
     - 127.0.0.1
-    - {{ kubernetes.networking.service_cidr|ip_range|slice:":1"|last }}
+    - {{ kubernetes.networking.service_cidr|ip_range:0 }}
     - {%if kubernetes.control_plane_endpoint %}{{ kubernetes.control_plane_endpoint }}{% else %}{{ init_kubernetes_node }}{% endif %}
     - {%if kubernetes.control_plane_endpoint %}{{ kubernetes.control_plane_endpoint|stringformat:"kubernetes.default.svc.%s" }}{% else %}{{ init_kubernetes_node|stringformat:"kubernetes.default.svc.%s" }}{% endif %}
     - {{ kubernetes.networking.dns_domain|stringformat:"kubernetes.default.svc.%s" }}
diff --git a/docs/zh/101-syntax.md b/docs/zh/101-syntax.md
index 482b3edb2..9568781c6 100644
--- a/docs/zh/101-syntax.md
+++ b/docs/zh/101-syntax.md
@@ -46,7 +46,15 @@
 将ip范围(cidr)转换成可用的ip数组, 值为字符串数组
 ```yaml
 {{ string_variable | ip_range }}
-```
+{{ string_variable | ip_range:1 }}
+{{ string_variable | ip_range:"-1" }}
+{{ string_variable | ip_range:"1:2" }}
+```
+无参数: 返回一整个可用ip列表
+参数为数字: 返回对应下标的ip(负数从最大的开始, 即-1表示返回ip列表最后一个ip)
+参数为字符串形数字: 返回对应下标的ip(负数从最大的开始, 即-1表示返回ip列表最后一个ip)
+参数为"数字:数字": 返回对应范围的ip列表(负数从最大的开始, 即-1表示返回ip列表最后一个ip)
+
 ## get
 获取map类型的variable中某个key值对应的value, 参数为key, 值为任意类型
 ```yaml
diff --git a/pkg/converter/tmpl/filter_extension.go b/pkg/converter/tmpl/filter_extension.go
index 56804b9f4..457bdb4b4 100644
--- a/pkg/converter/tmpl/filter_extension.go
+++ b/pkg/converter/tmpl/filter_extension.go
@@ -176,6 +176,52 @@ func filterIpRange(in *pongo2.Value, param *pongo2.Value) (*pongo2.Value, *pongo
 	for _, s := range strings.Split(in.String(), ",") {
 		ipRange = append(ipRange, ParseIp(s)...)
 	}
+	// if param is integer. return a single value
+	if param.IsInteger() {
+		index := param.Integer()
+		// handle negative number
+		if index < 0 {
+			index = max(len(ipRange)+index, 0)
+		}
+		index = max(index, 0)
+		index = min(index, len(ipRange)-1)
+		return pongo2.AsValue(ipRange[index]), nil
+	}
+	if param.IsString() {
+		comp := strings.Split(param.String(), ":")
+		switch len(comp) {
+		case 1: //  return a single value
+			index := pongo2.AsValue(comp[0]).Integer()
+			// handle negative number
+			if index < 0 {
+				index = max(len(ipRange)+index, 0)
+			}
+			index = max(index, 0)
+			index = min(index, len(ipRange)-1)
+			return pongo2.AsValue(ipRange[index]), nil
+		case 2: // return a slice
+			// start with [x:len]
+			from := pongo2.AsValue(comp[0]).Integer()
+			from = max(from, 0)
+			from = min(from, len(ipRange)-1)
+
+			to := pongo2.AsValue(comp[1]).Integer()
+			// handle missing y
+			if strings.TrimSpace(comp[1]) == "" {
+				to = len(ipRange) - 1
+			}
+			to = max(to, from)
+			to = min(to, len(ipRange)-1)
+
+			return pongo2.AsValue(ipRange[from:to]), nil
+		default:
+			return nil, &pongo2.Error{
+				Sender:    "filter:ip_range",
+				OrigError: fmt.Errorf("ip_range string must have the format 'from:to' or a single number format 'index'"),
+			}
+		}
+	}
+
 	return pongo2.AsValue(ipRange), nil
 }
 
diff --git a/pkg/converter/tmpl/filter_extension_test.go b/pkg/converter/tmpl/filter_extension_test.go
index b4261ca5e..a81714ccc 100644
--- a/pkg/converter/tmpl/filter_extension_test.go
+++ b/pkg/converter/tmpl/filter_extension_test.go
@@ -152,6 +152,38 @@ func TestFilter(t *testing.T) {
 			},
 			except: "10",
 		},
+		{
+			name:  "get index from ip_range",
+			input: "{{ test|ip_range:0 }}",
+			ctx: map[string]any{
+				"test": "10.233.0.0/18",
+			},
+			except: "10.233.0.1",
+		},
+		{
+			name:  "get index string from ip_range",
+			input: "{{ test|ip_range:'1' }}",
+			ctx: map[string]any{
+				"test": "10.233.0.0/18",
+			},
+			except: "10.233.0.2",
+		},
+		{
+			name:  "get negative number from ip_range",
+			input: "{{ test|ip_range:'-1' }}",
+			ctx: map[string]any{
+				"test": "10.233.0.0/18",
+			},
+			except: "10.233.63.254",
+		},
+		{
+			name:  "get range from ip_range",
+			input: "{{ test|ip_range:':1'|last }}",
+			ctx: map[string]any{
+				"test": "10.233.0.0/18",
+			},
+			except: "10.233.0.1",
+		},
 	}
 
 	for _, tc := range testcases {