diff --git a/config/kubelet/patch/Kubefile b/config/kubelet/patch/Kubefile
new file mode 100644
index 000000000..a60e5a41d
--- /dev/null
+++ b/config/kubelet/patch/Kubefile
@@ -0,0 +1,4 @@
+FROM scratch
+LABEL sealos.io.type="patch"
+COPY . .
+
diff --git a/config/kubelet/patch/etc/10-kubeadm.conf b/config/kubelet/patch/etc/10-kubeadm.conf
new file mode 100644
index 000000000..122fc1b68
--- /dev/null
+++ b/config/kubelet/patch/etc/10-kubeadm.conf
@@ -0,0 +1,11 @@
+# Note: This dropin only works with kubeadm and kubelet v1.11+
+[Service]
+Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
+Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
+# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
+EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
+# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
+# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
+EnvironmentFile=-/var/lib/kubelet/kubelet-flags.env
+ExecStart=
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
diff --git a/config/kubelet/patch/etc/kubelet-flags.env b/config/kubelet/patch/etc/kubelet-flags.env
new file mode 100644
index 000000000..1e403c37e
--- /dev/null
+++ b/config/kubelet/patch/etc/kubelet-flags.env
@@ -0,0 +1 @@
+KUBELET_EXTRA_ARGS="--container-runtime=remote  --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock --image-service-endpoint=unix:///var/run/image-cri-shim.sock"
diff --git a/config/kubelet/patch/scripts/clean-kube.sh b/config/kubelet/patch/scripts/clean-kube.sh
new file mode 100644
index 000000000..429e8d934
--- /dev/null
+++ b/config/kubelet/patch/scripts/clean-kube.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+# Copyright © 2022 sealyun.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+source common.sh
+systemctl stop kubelet
+systemctl daemon-reload
+
+rm -f /usr/bin/conntrack
+rm -f /usr/bin/kubelet-pre-start.sh
+rm -f /usr/bin/kubelet-post-stop.sh
+rm -f /usr/bin/kubeadm
+rm -f /usr/bin/kubectl
+rm -f /usr/bin/kubelet
+
+rm -f /etc/sysctl.d/k8s.conf
+rm -f /etc/systemd/system/kubelet.service
+rm -rf /etc/systemd/system/kubelet.service.d
+rm -rf /var/lib/kubelet/
+logger "clean kube success"
diff --git a/config/kubelet/patch/scripts/init-kube.sh b/config/kubelet/patch/scripts/init-kube.sh
new file mode 100644
index 000000000..2afce6ea5
--- /dev/null
+++ b/config/kubelet/patch/scripts/init-kube.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+# Copyright © 2022 sealos.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+source common.sh
+# Open ipvs
+modprobe -- ip_vs
+modprobe -- ip_vs_rr
+modprobe -- ip_vs_wrr
+modprobe -- ip_vs_sh
+# 1.20 need open br_netfilter
+modprobe -- br_netfilter
+modprobe -- bridge
+
+kernel_version=$(uname -r | cut -d- -f1)
+if version_ge "${kernel_version}" 4.19; then
+  modprobe -- nf_conntrack
+else
+  modprobe -- nf_conntrack_ipv4
+fi
+
+cat <<EOF >  /etc/sysctl.d/k8s.conf
+net.bridge.bridge-nf-call-ip6tables = 1
+net.bridge.bridge-nf-call-iptables = 1
+net.ipv4.conf.all.rp_filter=0
+EOF
+sysctl --system
+sysctl -w net.ipv4.ip_forward=1
+disable_firewalld
+swapoff -a || true
+disable_selinux
+
+chmod -R 755 ../bin/*
+chmod 644 ../bin
+cp ../bin/* /usr/bin
+cp ../scripts/kubelet-pre-start.sh /usr/bin
+cp ../scripts/kubelet-post-stop.sh /usr/bin
+mkdir -p /etc/systemd/system
+cp ../etc/kubelet.service /etc/systemd/system/
+[ -d /etc/systemd/system/kubelet.service.d ] || mkdir /etc/systemd/system/kubelet.service.d
+cp ../etc/10-kubeadm.conf /etc/systemd/system/kubelet.service.d/
+[ -d /var/lib/kubelet ] || mkdir /var/lib/kubelet
+cp ../etc/kubelet-flags.env /var/lib/kubelet
+systemctl enable kubelet
+logger "init kube success"
diff --git a/config/kubelet/patch/scripts/init.sh b/config/kubelet/patch/scripts/init.sh
new file mode 100644
index 000000000..1ba1e11ff
--- /dev/null
+++ b/config/kubelet/patch/scripts/init.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# Copyright © 2022 sealos.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+source common.sh
+STORAGE=${1:-/var/lib/containerd}
+REGISTRY_DOMAIN=${2:-sealos.hub}
+REGISTRY_PORT=${3:-5000}
+REGISTRY_USERNAME=${4:-}
+REGISTRY_PASSWORD=${5:-}
+
+# Install containerd
+chmod a+x init-containerd.sh
+bash init-containerd.sh ${STORAGE} ${REGISTRY_DOMAIN} ${REGISTRY_PORT}  ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD}
+
+if [ $? != 0 ]; then
+   error "====init containerd failed!===="
+fi
+
+chmod a+x init-shim.sh
+bash init-shim.sh ${REGISTRY_DOMAIN} ${REGISTRY_PORT}
+
+if [ $? != 0 ]; then
+   error "====init image-cri-shim failed!===="
+fi
+
+chmod a+x init-kube.sh
+bash init-kube.sh
+
+logger "init containerd rootfs success"