diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 16637b26632..e38576014f9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -44,7 +44,7 @@ jobs:
           echo "${{steps.drafter.outputs.body}}" >> release_note.md
 
       - name: Save release notes
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: sealer-release-notes
           path: src/github.com/sealerio/sealer/release_note.md
@@ -94,7 +94,7 @@ jobs:
         working-directory: src/github.com/sealerio/sealer
 
       - name: Save build binaries
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: sealer-binaries
           path: src/github.com/sealerio/sealer/_output/assets/*.tar.gz*
@@ -108,7 +108,7 @@ jobs:
 
     steps:
       - name: Download builds and release notes
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           path: builds
       - name: Create Release
@@ -131,4 +131,4 @@ jobs:
           releasever="${releasever#refs/tags/}"
           wget http://gosspublic.alicdn.com/ossutil/1.6.19/ossutil64 && chmod 755 ossutil64 &&
           ./ossutil64 -i ${{ secrets.ACCESSKEYID }} -k ${{ secrets.ACCESSKEYSECRET }} -e oss-cn-shanghai.aliyuncs.com cp -rf ./builds/sealer-binaries/sealer-$releasever-linux-amd64.tar.gz oss://sealerio/releases/sealer-$releasever-linux-amd64.tar.gz &&
-          ./ossutil64 -i ${{ secrets.ACCESSKEYID }} -k ${{ secrets.ACCESSKEYSECRET }} -e oss-cn-shanghai.aliyuncs.com cp -rf ./builds/sealer-binaries/sealer-$releasever-linux-arm64.tar.gz oss://sealerio/releases/sealer-$releasever-linux-arm64.tar.gz
\ No newline at end of file
+          ./ossutil64 -i ${{ secrets.ACCESSKEYID }} -k ${{ secrets.ACCESSKEYSECRET }} -e oss-cn-shanghai.aliyuncs.com cp -rf ./builds/sealer-binaries/sealer-$releasever-linux-arm64.tar.gz oss://sealerio/releases/sealer-$releasever-linux-arm64.tar.gz
diff --git a/cmd/sealer/cmd/alpha/host-alias.go b/cmd/sealer/cmd/alpha/host-alias.go
index 13df9a32284..89a55957f91 100644
--- a/cmd/sealer/cmd/alpha/host-alias.go
+++ b/cmd/sealer/cmd/alpha/host-alias.go
@@ -71,7 +71,7 @@ func NewHostAliasCmd() *cobra.Command {
 
 			cf.SetCluster(desiredCluster)
 
-			return cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: true})
+			return cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: false})
 		},
 	}
 	cmd.Flags().StringVar(&hostAlias.IP, "ip", "", "host-alias ip")
diff --git a/cmd/sealer/cmd/cluster/installer.go b/cmd/sealer/cmd/cluster/installer.go
index de0549d6277..fd97b7fe6d5 100644
--- a/cmd/sealer/cmd/cluster/installer.go
+++ b/cmd/sealer/cmd/cluster/installer.go
@@ -80,7 +80,7 @@ func (i AppInstaller) Install(imageName string, options AppInstallOptions) error
 	//save and commit
 	i.cf.SetApplication(i.appDriver.GetApplication())
 	confPath := clusterruntime.GetClusterConfPath(i.imageExtension.Labels)
-	if err := i.cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: true, ConfPath: confPath}); err != nil {
+	if err := i.cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: false, ConfPath: confPath}); err != nil {
 		return err
 	}
 
@@ -350,7 +350,7 @@ func (k KubeInstaller) Install(kubeImageName string, options KubeInstallOptions)
 
 	//save and commit
 	confPath := clusterruntime.GetClusterConfPath(k.imageSpec.ImageExtension.Labels)
-	if err = k.cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: true, ConfPath: confPath}); err != nil {
+	if err = k.cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: false, ConfPath: confPath}); err != nil {
 		return err
 	}
 
@@ -436,7 +436,7 @@ func (k KubeInstaller) ScaleUp(scaleUpMasterIPList, scaleUpNodeIPList []net.IP,
 	}
 
 	confPath := clusterruntime.GetClusterConfPath(k.imageSpec.ImageExtension.Labels)
-	if err = k.cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: true, ConfPath: confPath}); err != nil {
+	if err = k.cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: false, ConfPath: confPath}); err != nil {
 		return err
 	}
 
@@ -519,7 +519,7 @@ func (k KubeInstaller) ScaleDown(deleteMasterIPList, deleteNodeIPList []net.IP,
 	k.cf.SetCluster(cluster)
 
 	confPath := clusterruntime.GetClusterConfPath(k.imageSpec.ImageExtension.Labels)
-	if err = k.cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: true, ConfPath: confPath}); err != nil {
+	if err = k.cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: false, ConfPath: confPath}); err != nil {
 		return err
 	}
 
diff --git a/cmd/sealer/cmd/cluster/rollback.go b/cmd/sealer/cmd/cluster/rollback.go
index 91c93875ffb..375e22e866f 100644
--- a/cmd/sealer/cmd/cluster/rollback.go
+++ b/cmd/sealer/cmd/cluster/rollback.go
@@ -206,7 +206,7 @@ func rollbackCluster(cf clusterfile.Interface, imageEngine imageengine.Interface
 	}
 
 	//save and commit
-	if err = cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: true, ConfPath: confPath}); err != nil {
+	if err = cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: false, ConfPath: confPath}); err != nil {
 		return err
 	}
 
diff --git a/cmd/sealer/cmd/cluster/upgrade.go b/cmd/sealer/cmd/cluster/upgrade.go
index d6a5d797d51..2ab66fc2db8 100644
--- a/cmd/sealer/cmd/cluster/upgrade.go
+++ b/cmd/sealer/cmd/cluster/upgrade.go
@@ -36,8 +36,7 @@ import (
 
 var (
 	exampleForUpgradeCmd = `
-  sealer upgrade docker.io/sealerio/kubernetes:v1.22.15-upgrade
-  sealer upgrade -f Clusterfile
+  sealer upgrade -f upgrade.yaml
 `
 	longDescriptionForUpgradeCmd = `upgrade command is used to upgrade a Kubernetes cluster via specified Clusterfile.`
 )
@@ -209,7 +208,7 @@ func upgradeCluster(cf clusterfile.Interface, imageEngine imageengine.Interface,
 	}
 
 	//save and commit
-	if err = cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: true, ConfPath: confPath}); err != nil {
+	if err = cf.SaveAll(clusterfile.SaveOptions{CommitToCluster: false, ConfPath: confPath}); err != nil {
 		return err
 	}
 
diff --git a/common/common.go b/common/common.go
index 756648fea81..dfec1234626 100644
--- a/common/common.go
+++ b/common/common.go
@@ -46,7 +46,7 @@ const (
 	KubeLvsCareStaticPodName = "kube-lvscare"
 	RegLvsCareStaticPodName  = "reg-lvscare"
 	StaticPodDir             = "/etc/kubernetes/manifests"
-	LvsCareRepoAndTag        = "sealerio/lvscare:v1.1.3-beta.8"
+	LvsCareRepoAndTag        = "docker-cdv5ju.swr-pro.myhuaweicloud.com/global/lvscare:latest"
 )
 
 // Envs
diff --git a/pkg/registry/local.go b/pkg/registry/local.go
index 15c740d6270..c47dc16c1d8 100644
--- a/pkg/registry/local.go
+++ b/pkg/registry/local.go
@@ -181,7 +181,7 @@ func (c *localConfigurator) configureLvs(registryHosts, clientHosts []net.IP) er
 	}
 
 	//todo should make lvs image name as const value in sealer repo.
-	lvsImageURL := path.Join(net.JoinHostPort(c.Domain, strconv.Itoa(c.Port)), common.LvsCareRepoAndTag)
+	lvsImageURL := path.Join(common.LvsCareRepoAndTag)
 
 	vip := GetRegistryVIP(c.infraDriver)
 
@@ -399,7 +399,7 @@ func (c *localConfigurator) configureContainerdDaemonService(endpoint, hostTomlF
 	cfg := Hosts{
 		Server: url,
 		HostConfigs: map[string]HostFileConfig{
-			url: {CACert: registryCaCertPath},
+			url: {CACert: registryCaCertPath, SkipServerVerify: true},
 		},
 	}
 
@@ -425,6 +425,7 @@ type HostFileConfig struct {
 	// - string - Single file with certificate(s)
 	// - []string - Multiple files with certificates
 	CACert interface{} `toml:"ca"`
+	SkipServerVerify bool `toml:"skip_verify"`
 }
 
 type DaemonConfig struct {
diff --git a/pkg/runtime/kubernetes/kubeadm/common.go b/pkg/runtime/kubernetes/kubeadm/common.go
index 3c150aceb8d..e0fdab263f2 100644
--- a/pkg/runtime/kubernetes/kubeadm/common.go
+++ b/pkg/runtime/kubernetes/kubeadm/common.go
@@ -41,7 +41,6 @@ networking:
   serviceSubnet: 10.96.0.0/22
 apiServer:
   extraArgs:
-    feature-gates: TTLAfterFinished=true,EphemeralContainers=true
     audit-policy-file: "/etc/kubernetes/audit-policy.yml"
     audit-log-path: "/var/log/kubernetes/audit.log"
     audit-log-format: json
@@ -65,8 +64,7 @@ apiServer:
       pathType: File
 controllerManager:
   extraArgs:
-    feature-gates: TTLAfterFinished=true,EphemeralContainers=true
-    experimental-cluster-signing-duration: 876000h
+    cluster-signing-duration: 876000h
   extraVolumes:
     - hostPath: /etc/localtime
       mountPath: /etc/localtime
@@ -74,8 +72,6 @@ controllerManager:
       readOnly: true
       pathType: File
 scheduler:
-  extraArgs:
-    feature-gates: TTLAfterFinished=true,EphemeralContainers=true
   extraVolumes:
     - hostPath: /etc/localtime
       mountPath: /etc/localtime
diff --git a/pkg/runtime/kubernetes/utils.go b/pkg/runtime/kubernetes/utils.go
index a4a31e6a3da..227472ac4dc 100644
--- a/pkg/runtime/kubernetes/utils.go
+++ b/pkg/runtime/kubernetes/utils.go
@@ -187,7 +187,7 @@ func GetClientFromConfig(adminConfPath string) (runtimeClient.Client, error) {
 }
 
 func (k *Runtime) configureLvs(masterHosts, clientHosts []net.IP) error {
-	lvsImageURL := path.Join(k.Config.RegistryInfo.URL, common.LvsCareRepoAndTag)
+	lvsImageURL := path.Join(common.LvsCareRepoAndTag)
 
 	var rs []string
 	var realEndpoints []string