diff --git a/.gitignore b/.gitignore
index 723ef36..d48c759 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
-.idea
\ No newline at end of file
+.idea
+.vscode
\ No newline at end of file
diff --git a/containerd/etc/containerd.service.tmpl b/containerd/etc/containerd.service.tmpl
index 0f45ad0..86f9218 100644
--- a/containerd/etc/containerd.service.tmpl
+++ b/containerd/etc/containerd.service.tmpl
@@ -5,7 +5,7 @@ After=network.target local-fs.target
 
 [Service]
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/bin/containerd
+ExecStart={{ default "/usr/bin" .BIN_DIR }}/containerd
 
 Type=notify
 Delegate=yes
diff --git a/containerd/scripts/clean-containerd.sh b/containerd/scripts/clean-containerd.sh
index 1daa909..5ec0ff8 100644
--- a/containerd/scripts/clean-containerd.sh
+++ b/containerd/scripts/clean-containerd.sh
@@ -15,6 +15,7 @@
 cd "$(dirname "$0")" >/dev/null 2>&1 || exit
 source common.sh
 storage=${1:-/var/lib/containerd}
+readonly BIN_DIR=${BIN_DIR:-/usr/bin}
 systemctl stop containerd
 systemctl disable containerd
 rm -rf /etc/containerd
@@ -24,17 +25,17 @@ rm -rf $storage
 rm -rf /run/containerd/containerd.sock
 rm -rf /var/lib/nerdctl
 
-rm -f /usr/bin/containerd
-rm -f /usr/bin/containerd-stress
-rm -f /usr/bin/containerd-shim
-rm -f /usr/bin/containerd-shim-runc-v1
-rm -f /usr/bin/containerd-shim-runc-v2
-rm -f /usr/bin/crictl
+rm -f ${BIN_DIR}/containerd
+rm -f ${BIN_DIR}/containerd-stress
+rm -f ${BIN_DIR}/containerd-shim
+rm -f ${BIN_DIR}/containerd-shim-runc-v1
+rm -f ${BIN_DIR}/containerd-shim-runc-v2
+rm -f ${BIN_DIR}/crictl
 rm -f /etc/crictl.yaml
-rm -f /usr/bin/ctr
-rm -f /usr/bin/ctd-decoder
-rm -f /usr/bin/runc
-rm -f /usr/bin/nerdctl
+rm -f ${BIN_DIR}/ctr
+rm -f ${BIN_DIR}/ctd-decoder
+rm -f ${BIN_DIR}/runc
+rm -f ${BIN_DIR}/nerdctl
 
 rm -rf /opt/containerd
 rm -rf /etc/ld.so.conf.d/containerd.conf
diff --git a/containerd/scripts/init-containerd.sh b/containerd/scripts/init-containerd.sh
index d22a9ad..823e55f 100755
--- a/containerd/scripts/init-containerd.sh
+++ b/containerd/scripts/init-containerd.sh
@@ -16,15 +16,16 @@ cd "$(dirname "$0")" >/dev/null 2>&1 || exit
 source common.sh
 registry_domain=${1:-sealos.hub}
 registry_port=${2:-5000}
+readonly BIN_DIR=${BIN_DIR:-/usr/bin}
 
 mkdir -p /opt/containerd && tar -zxf ../cri/libseccomp.tar.gz -C /opt/containerd
 echo "/opt/containerd/lib" >/etc/ld.so.conf.d/containerd.conf
 ldconfig
 [ -d /etc/containerd/certs.d/ ] || mkdir /etc/containerd/certs.d/ -p
 cp ../etc/containerd.service /etc/systemd/system/
-tar -zxf ../cri/cri-containerd.tar.gz -C /
+tar -zxf ../cri/cri-containerd.tar.gz --strip-components 2 -C ${BIN_DIR}
 # shellcheck disable=SC2046
-chmod a+x $(tar -tf ../cri/cri-containerd.tar.gz | while read -r binary; do echo "/usr/bin/${binary##*/}"; done | xargs)
+chmod a+x $(tar -tf ../cri/cri-containerd.tar.gz | while read -r binary; do echo "${BIN_DIR}/${binary##*/}"; done | xargs)
 systemctl enable containerd.service
 cp ../etc/config.toml /etc/containerd
 mkdir -p /etc/containerd/certs.d/$registry_domain:$registry_port
diff --git a/k8s/etc/10-kubeadm.conf.tmpl b/k8s/etc/10-kubeadm.conf.tmpl
index d4e8275..7941654 100644
--- a/k8s/etc/10-kubeadm.conf.tmpl
+++ b/k8s/etc/10-kubeadm.conf.tmpl
@@ -11,4 +11,4 @@ Environment="KUBELET_EXTRA_ARGS= \
               {{ if or (not .SEALOS_SYS_KUBE_VERSION) (eq .SEALOS_SYS_KUBE_VERSION "") (not (semverCompare "^1.27.0" .SEALOS_SYS_KUBE_VERSION)) }}--pod-infra-container-image={{ .registryDomain }}:{{ .registryPort }}/{{ .sandboxImage }}{{ end }} \
               --runtime-request-timeout=15m --container-runtime-endpoint=unix://{{ .SEALOS_SYS_CRI_ENDPOINT }} --image-service-endpoint=unix:///var/run/image-cri-shim.sock"
 ExecStart=
-ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
+ExecStart={{ default "/usr/bin" .BIN_DIR }}/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
diff --git a/k8s/etc/image-cri-shim.service b/k8s/etc/image-cri-shim.service.tmpl
similarity index 85%
rename from k8s/etc/image-cri-shim.service
rename to k8s/etc/image-cri-shim.service.tmpl
index 7b814a4..595c4e0 100644
--- a/k8s/etc/image-cri-shim.service
+++ b/k8s/etc/image-cri-shim.service.tmpl
@@ -2,7 +2,7 @@
 Description=image-cri-shim
 
 [Service]
-ExecStart=/usr/bin/image-cri-shim -f /etc/image-cri-shim.yaml
+ExecStart={{ default "/usr/bin" .BIN_DIR }}/image-cri-shim -f /etc/image-cri-shim.yaml
 Restart=always
 StartLimitInterval=0
 RestartSec=10
diff --git a/k8s/etc/kubelet.service b/k8s/etc/kubelet.service.tmpl
similarity index 50%
rename from k8s/etc/kubelet.service
rename to k8s/etc/kubelet.service.tmpl
index 0f3beee..5287567 100644
--- a/k8s/etc/kubelet.service
+++ b/k8s/etc/kubelet.service.tmpl
@@ -3,9 +3,9 @@ Description=kubelet: The Kubernetes Node Agent
 Documentation=http://kubernetes.io/docs/
 
 [Service]
-ExecStart=/usr/bin/kubelet
-ExecStartPre=-/usr/bin/kubelet-pre-start.sh
-ExecStopPost=-/usr/bin/kubelet-post-stop.sh
+ExecStart={{ default "/usr/bin" .BIN_DIR }}/kubelet
+ExecStartPre=-{{ default "/usr/bin" .BIN_DIR }}/kubelet-pre-start.sh
+ExecStopPost=-{{ default "/usr/bin" .BIN_DIR }}/kubelet-post-stop.sh
 Restart=always
 StartLimitInterval=0
 RestartSec=10
diff --git a/k8s/scripts/clean-kube.sh b/k8s/scripts/clean-kube.sh
index 8ceeab6..e4aefd3 100644
--- a/k8s/scripts/clean-kube.sh
+++ b/k8s/scripts/clean-kube.sh
@@ -14,16 +14,17 @@
 # limitations under the License.
 cd "$(dirname "$0")" >/dev/null 2>&1 || exit
 source common.sh
+readonly BIN_DIR=${BIN_DIR:-/usr/bin}
 systemctl stop kubelet
 systemctl disable kubelet
 systemctl daemon-reload
 
-rm -f /usr/bin/conntrack
-rm -f /usr/bin/kubelet-pre-start.sh
-rm -f /usr/bin/kubelet-post-stop.sh
-rm -f /usr/bin/kubeadm
-rm -f /usr/bin/kubectl
-rm -f /usr/bin/kubelet
+rm -f ${BIN_DIR}/conntrack
+rm -f ${BIN_DIR}/kubelet-pre-start.sh
+rm -f ${BIN_DIR}/kubelet-post-stop.sh
+rm -f ${BIN_DIR}/kubeadm
+rm -f ${BIN_DIR}/kubectl
+rm -f ${BIN_DIR}/kubelet
 
 sed -i '/ # sealos/d' /etc/sysctl.conf
 sealos_b='### sealos begin ###'
diff --git a/k8s/scripts/clean-shim.sh b/k8s/scripts/clean-shim.sh
index 90f22dd..99bb04b 100644
--- a/k8s/scripts/clean-shim.sh
+++ b/k8s/scripts/clean-shim.sh
@@ -14,11 +14,12 @@
 # limitations under the License.
 cd "$(dirname "$0")" >/dev/null 2>&1 || exit
 source common.sh
+readonly BIN_DIR=${BIN_DIR:-/usr/bin}
 systemctl stop image-cri-shim
 systemctl disable image-cri-shim
 rm -rf /etc/systemd/system/image-cri-shim.service
 systemctl daemon-reload
-rm -f /usr/bin/image-cri-shim
+rm -f ${BIN_DIR}/image-cri-shim
 rm -f /etc/image-cri-shim.yaml
 rm -f /var/lib/image-cri-shim
 logger "clean shim success"
diff --git a/k8s/scripts/common.sh b/k8s/scripts/common.sh
index 8524847..da5d8b0 100644
--- a/k8s/scripts/common.sh
+++ b/k8s/scripts/common.sh
@@ -134,8 +134,9 @@ check_file_exits() {
 }
 
 check_port_inuse() {
+  readonly BIN_DIR=${BIN_DIR:-/usr/bin}
   if ! command_exists lsof; then
-    cp -au ../opt/lsof /usr/bin
+    cp -au ../opt/lsof ${BIN_DIR}
   fi
   logger "Check port kubelet port 10249..10259, reserved port 5050..5054 inuse. Please wait..."
   for port in {10249..10259} {5050..5054}; do
diff --git a/k8s/scripts/init-kube.sh b/k8s/scripts/init-kube.sh
index b912abd..0774da1 100644
--- a/k8s/scripts/init-kube.sh
+++ b/k8s/scripts/init-kube.sh
@@ -13,13 +13,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 cd "$(dirname "$0")" >/dev/null 2>&1 || exit
+readonly BIN_DIR=${BIN_DIR:-/usr/bin}
 
 # localhost for hosts
 grep 127.0.0.1 <(grep localhost /etc/hosts) || echo "127.0.0.1 localhost" >>/etc/hosts
 grep ::1 <(grep localhost /etc/hosts) || echo "::1 localhost" >>/etc/hosts
 
-cp -a ../scripts/kubelet-pre-start.sh /usr/bin
-cp -a ../scripts/kubelet-post-stop.sh /usr/bin
+cp -a ../scripts/kubelet-pre-start.sh ${BIN_DIR}
+cp -a ../scripts/kubelet-post-stop.sh ${BIN_DIR}
 
 source common.sh
 disable_firewalld
@@ -30,7 +31,7 @@ cat ../etc/sysctl.d/*.conf | sort | uniq | while read -r str; do
   v=${str#*=}
   echo "$k=$v # sealos"
 done >>/etc/sysctl.conf
-bash /usr/bin/kubelet-pre-start.sh
+bash ${BIN_DIR}/kubelet-pre-start.sh
 sealos_b='### sealos begin ###'
 sealos_e='### sealos end ###'
 if ! grep -E "($sealos_b|$sealos_e)" /etc/security/limits.conf >/dev/null 2>&1; then
@@ -41,7 +42,7 @@ if ! grep -E "($sealos_b|$sealos_e)" /etc/security/limits.conf >/dev/null 2>&1;
   } >>/etc/security/limits.conf
 fi
 
-cp -a ../bin/* /usr/bin
+cp -a ../bin/* ${BIN_DIR}
 #need after cri-shim
 logger "pull pause image ${registryDomain}:${registryPort}/${sandboxImage}"
 crictl pull ${registryDomain}:${registryPort}/${sandboxImage}
diff --git a/k8s/scripts/init-shim.sh b/k8s/scripts/init-shim.sh
index b77f59a..498584c 100644
--- a/k8s/scripts/init-shim.sh
+++ b/k8s/scripts/init-shim.sh
@@ -14,9 +14,10 @@
 # limitations under the License.
 cd "$(dirname "$0")" >/dev/null 2>&1 || exit
 source common.sh
+readonly BIN_DIR=${BIN_DIR:-/usr/bin}
 cp -rf ../etc/image-cri-shim.service /etc/systemd/system/
 cp -rf ../etc/image-cri-shim.yaml /etc
-cp -rf ../cri/image-cri-shim /usr/bin
+cp -rf ../cri/image-cri-shim ${BIN_DIR}
 [ -f ../etc/crictl.yaml ] && cp -rf ../etc/crictl.yaml /etc
 systemctl enable image-cri-shim.service
 systemctl daemon-reload
diff --git a/registry/etc/registry.service.tmpl b/registry/etc/registry.service.tmpl
index 4e31aa7..3064222 100644
--- a/registry/etc/registry.service.tmpl
+++ b/registry/etc/registry.service.tmpl
@@ -3,7 +3,7 @@ Description=registry: The sealos registry
 Documentation=https://www.sealos.io/docs/Intro
 
 [Service]
-ExecStart=/usr/bin/registry serve {{ .registryConfig }}/registry_config.yml
+ExecStart={{ default "/usr/bin" .BIN_DIR }}/registry serve {{ .registryConfig }}/registry_config.yml
 Restart=always
 StartLimitInterval=0
 RestartSec=10
diff --git a/registry/scripts/clean-registry.sh b/registry/scripts/clean-registry.sh
index 2e1a546..aa1544d 100644
--- a/registry/scripts/clean-registry.sh
+++ b/registry/scripts/clean-registry.sh
@@ -14,6 +14,7 @@
 # limitations under the License.
 cd "$(dirname "$0")" >/dev/null 2>&1 || exit
 source common.sh
+readonly BIN_DIR=${BIN_DIR:-/usr/bin}
 # prepare registry storage as directory
 cd "$(dirname "$0")" || error "error for $0"
 
@@ -22,7 +23,7 @@ readonly CONFIG=${2:-/etc/registry}
 
 check_service stop registry
 rm -f /etc/systemd/system/registry.service
-rm -f /usr/bin/registry
+rm -f ${BIN_DIR}/registry
 
 rm -rf "$DATA"
 rm -rf "$CONFIG"
diff --git a/registry/scripts/init-registry.sh b/registry/scripts/init-registry.sh
index e1a99cb..bcfd2a2 100644
--- a/registry/scripts/init-registry.sh
+++ b/registry/scripts/init-registry.sh
@@ -17,11 +17,12 @@ source common.sh
 
 readonly DATA=${1:-/var/lib/registry}
 readonly CONFIG=${2:-/etc/registry}
+readonly BIN_DIR=${BIN_DIR:-/usr/bin}
 
 mkdir -p "$DATA" "$CONFIG"
 
 cp -a ../etc/registry.service /etc/systemd/system/
-cp -au ../cri/registry /usr/bin/
+cp -au ../cri/registry ${BIN_DIR}/
 
 cp -a ../etc/registry_config.yml "$CONFIG"
 cp -a ../etc/registry_htpasswd "$CONFIG"