diff --git a/cmd/kk/apis/kubekey/v1alpha2/network_types.go b/cmd/kk/apis/kubekey/v1alpha2/network_types.go
index add48da3..3403e5c5 100644
--- a/cmd/kk/apis/kubekey/v1alpha2/network_types.go
+++ b/cmd/kk/apis/kubekey/v1alpha2/network_types.go
@@ -27,9 +27,10 @@ type NetworkConfig struct {
 }
 
 type CalicoCfg struct {
-	IPIPMode  string `yaml:"ipipMode" json:"ipipMode,omitempty"`
-	VXLANMode string `yaml:"vxlanMode" json:"vxlanMode,omitempty"`
-	VethMTU   int    `yaml:"vethMTU" json:"vethMTU,omitempty"`
+	IPIPMode        string `yaml:"ipipMode" json:"ipipMode,omitempty"`
+	VXLANMode       string `yaml:"vxlanMode" json:"vxlanMode,omitempty"`
+	VethMTU         int    `yaml:"vethMTU" json:"vethMTU,omitempty"`
+	Ipv4NatOutgoing *bool  `yaml:"ipv4NatOutgoing" json:"ipv4NatOutgoing,omitempty"`
 }
 
 type FlannelCfg struct {
@@ -133,3 +134,11 @@ func (n *NetworkConfig) EnableMultusCNI() bool {
 	}
 	return *n.MultusCNI.Enabled
 }
+
+// EnableIPV4POOL_NAT_OUTGOING is used to determine whether to enable CALICO_IPV4POOL_NAT_OUTGOING.
+func (c *CalicoCfg) EnableIPV4POOL_NAT_OUTGOING() bool {
+	if c.Ipv4NatOutgoing == nil {
+		return true
+	}
+	return *c.Ipv4NatOutgoing
+}
diff --git a/cmd/kk/pkg/bootstrap/os/templates/init_script.go b/cmd/kk/pkg/bootstrap/os/templates/init_script.go
index 30d9f018..5bceb208 100644
--- a/cmd/kk/pkg/bootstrap/os/templates/init_script.go
+++ b/cmd/kk/pkg/bootstrap/os/templates/init_script.go
@@ -87,7 +87,7 @@ echo 'vm.max_map_count = 262144' >> /etc/sysctl.conf
 echo 'vm.swappiness = 0' >> /etc/sysctl.conf
 echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf
 echo 'fs.inotify.max_user_instances = 524288' >> /etc/sysctl.conf
-echo 'fs.inotify.max_user_watches = 524288' >> /etc/sysctl.conf
+echo 'fs.inotify.max_user_watches = 10240001' >> /etc/sysctl.conf
 echo 'fs.pipe-max-size = 4194304' >> /etc/sysctl.conf
 echo 'fs.aio-max-nr = 262144' >> /etc/sysctl.conf
 echo 'kernel.pid_max = 65535' >> /etc/sysctl.conf
diff --git a/cmd/kk/pkg/kubernetes/kubernetes_status.go b/cmd/kk/pkg/kubernetes/kubernetes_status.go
index 80fda101..be6448b1 100644
--- a/cmd/kk/pkg/kubernetes/kubernetes_status.go
+++ b/cmd/kk/pkg/kubernetes/kubernetes_status.go
@@ -142,6 +142,9 @@ func (k *KubernetesStatus) LoadKubeConfig(runtime connector.Runtime, kubeConf *c
 	kubeConfigStr := k.KubeConfig
 
 	oldServer := fmt.Sprintf("server: https://%s:%d", kubeConf.Cluster.ControlPlaneEndpoint.Domain, kubeConf.Cluster.ControlPlaneEndpoint.Port)
+	if kubeConf.Cluster.ControlPlaneEndpoint.Address == "" {
+		kubeConf.Cluster.ControlPlaneEndpoint.Address = runtime.GetHostsByRole(common.Master)[0].GetAddress()
+	}
 	newServer := fmt.Sprintf("server: https://%s:%d", kubeConf.Cluster.ControlPlaneEndpoint.Address, kubeConf.Cluster.ControlPlaneEndpoint.Port)
 	newKubeConfigStr := strings.Replace(kubeConfigStr, oldServer, newServer, -1)
 
diff --git a/cmd/kk/pkg/plugins/network/modules.go b/cmd/kk/pkg/plugins/network/modules.go
index 08e8be8a..2314e83b 100644
--- a/cmd/kk/pkg/plugins/network/modules.go
+++ b/cmd/kk/pkg/plugins/network/modules.go
@@ -141,6 +141,7 @@ func deployCalico(d *DeployNetworkPluginModule) []task.Interface {
 				"IPIPMode":                d.KubeConf.Cluster.Network.Calico.IPIPMode,
 				"VXLANMode":               d.KubeConf.Cluster.Network.Calico.VXLANMode,
 				"ConatinerManagerIsIsula": d.KubeConf.Cluster.Kubernetes.ContainerManager == "isula",
+				"IPV4POOLNATOUTGOING":     d.KubeConf.Cluster.Network.Calico.EnableIPV4POOL_NAT_OUTGOING(),
 			},
 		},
 		Parallel: true,
@@ -179,10 +180,10 @@ func deployFlannel(d *DeployNetworkPluginModule) []task.Interface {
 			Template: templates.Flannel,
 			Dst:      filepath.Join(common.KubeConfigDir, templates.Flannel.Name()),
 			Data: util.Data{
-				"KubePodsCIDR": d.KubeConf.Cluster.Network.KubePodsCIDR,
-				"FlannelImage": images.GetImage(d.Runtime, d.KubeConf, "flannel").ImageName(),
+				"KubePodsCIDR":       d.KubeConf.Cluster.Network.KubePodsCIDR,
+				"FlannelImage":       images.GetImage(d.Runtime, d.KubeConf, "flannel").ImageName(),
 				"FlannelPluginImage": images.GetImage(d.Runtime, d.KubeConf, "flannel-cni-plugin").ImageName(),
-				"BackendMode":  d.KubeConf.Cluster.Network.Flannel.BackendMode,
+				"BackendMode":        d.KubeConf.Cluster.Network.Flannel.BackendMode,
 			},
 		},
 		Parallel: true,
diff --git a/cmd/kk/pkg/plugins/network/templates/calico_v1.16+.go b/cmd/kk/pkg/plugins/network/templates/calico_v1.16+.go
index b585d62f..e792fbf9 100644
--- a/cmd/kk/pkg/plugins/network/templates/calico_v1.16+.go
+++ b/cmd/kk/pkg/plugins/network/templates/calico_v1.16+.go
@@ -4594,6 +4594,13 @@ spec:
             # Enable or Disable VXLAN on the default IP pool.
             - name: CALICO_IPV4POOL_VXLAN
               value: "{{ .VXLANMode }}"
+{{- if .IPV4POOLNATOUTGOING }}
+            - name: CALICO_IPV4POOL_NAT_OUTGOING
+              value: "true"
+{{- else }}
+            - name: CALICO_IPV4POOL_NAT_OUTGOING
+              value: "false"
+{{- end }}
             # Enable or Disable VXLAN on the default IPv6 IP pool.
             - name: CALICO_IPV6POOL_VXLAN
               value: "Never"
@@ -4834,5 +4841,4 @@ spec:
 ---
 # Source: calico/templates/configure-canal.yaml
 
-
     `)))