diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go
index 55bda13eb1..0f5293d5c6 100644
--- a/pkg/agent/config/config.go
+++ b/pkg/agent/config/config.go
@@ -29,6 +29,10 @@ import (
 	"k8s.io/apimachinery/pkg/util/net"
 )
 
+const (
+	DefaultPodManifestPath = "pod-manifests"
+)
+
 func Get(ctx context.Context, agent cmds.Agent) *config.Node {
 	for {
 		agentConfig, err := get(&agent)
@@ -476,6 +480,7 @@ func get(envInfo *cmds.Agent) (*config.Node, error) {
 	nodeConfig.AgentConfig.DisableNPC = controlConfig.DisableNPC
 	nodeConfig.AgentConfig.DisableKubeProxy = controlConfig.DisableKubeProxy
 	nodeConfig.AgentConfig.Rootless = envInfo.Rootless
+	nodeConfig.AgentConfig.PodManifests = filepath.Join(envInfo.DataDir, DefaultPodManifestPath)
 	nodeConfig.DisableSELinux = envInfo.DisableSELinux
 
 	return nodeConfig, nil
diff --git a/pkg/daemons/agent/agent.go b/pkg/daemons/agent/agent.go
index fa25b7d471..2e7811ee31 100644
--- a/pkg/daemons/agent/agent.go
+++ b/pkg/daemons/agent/agent.go
@@ -75,6 +75,12 @@ func startKubelet(cfg *config.Agent) {
 		"anonymous-auth":               "false",
 		"authorization-mode":           modes.ModeWebhook,
 	}
+	if cfg.PodManifests != "" && argsMap["pod-manifest-path"] == "" {
+		argsMap["pod-manifest-path"] = cfg.PodManifests
+	}
+	if err := os.MkdirAll(argsMap["pod-manifest-path"], 0755); err != nil {
+		logrus.Errorf("Failed to mkdir %s: %v", argsMap["pod-manifest-path"], err)
+	}
 	if cfg.RootDir != "" {
 		argsMap["root-dir"] = cfg.RootDir
 		argsMap["cert-dir"] = filepath.Join(cfg.RootDir, "pki")
diff --git a/pkg/daemons/config/types.go b/pkg/daemons/config/types.go
index 3d4abe26b3..f4dddb6d95 100644
--- a/pkg/daemons/config/types.go
+++ b/pkg/daemons/config/types.go
@@ -49,6 +49,7 @@ type Containerd struct {
 }
 
 type Agent struct {
+	PodManifests            string
 	NodeName                string
 	NodeConfigPath          string
 	ServingKubeletCert      string