diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/files/containerd.service b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/files/containerd.service
index 5af2182266..4a71b0736b 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/files/containerd.service
+++ b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/files/containerd.service
@@ -1,20 +1,24 @@
 [Unit]
-Description=Containerd Container Daemon
-Documentation=http://github.com/docker/containerd
+Description=containerd container runtime
+Documentation=https://containerd.io
+After=network.target local-fs.target
 
 [Service]
-Type=simple
+ExecStartPre=-/sbin/modprobe overlay
 ExecStart=/usr/bin/containerd --listen unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim /usr/bin/containerd-shim --state-dir /var/run/docker/libcontainerd/containerd --start-timeout 2m
-Restart=always
 
-# (lack of) limits from the upstream docker service unit
-LimitNOFILE=1048576
+Type=notify
+Delegate=yes
+KillMode=process
+Restart=always
+RestartSec=5
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
 LimitNPROC=infinity
 LimitCORE=infinity
+LimitNOFILE=infinity
 TasksMax=infinity
-
-# set delegate yes so that systemd does not reset the cgroups of containers
-Delegate=yes
+OOMScoreAdjust=-999
 
 [Install]
 WantedBy=multi-user.target early-docker.target