diff --git a/contrib/systemd-units/containerd.service b/contrib/systemd-units/containerd.service
index cbf2cb41a..bdb2447f9 100644
--- a/contrib/systemd-units/containerd.service
+++ b/contrib/systemd-units/containerd.service
@@ -11,6 +11,11 @@ RestartSec=5
 Delegate=yes
 KillMode=process
 OOMScoreAdjust=-999
+LimitNOFILE=1048576
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNPROC=infinity
+LimitCORE=infinity
 
 [Install]
 WantedBy=multi-user.target
diff --git a/contrib/systemd-units/cri-containerd.service b/contrib/systemd-units/cri-containerd.service
index 1c66fca21..65e247e6d 100644
--- a/contrib/systemd-units/cri-containerd.service
+++ b/contrib/systemd-units/cri-containerd.service
@@ -6,6 +6,11 @@ After=containerd.service
 [Service]
 Restart=always
 RestartSec=5
+LimitNOFILE=1048576
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNPROC=infinity
+LimitCORE=infinity
 ExecStart=/usr/local/bin/cri-containerd --logtostderr
 
 [Install]
diff --git a/test/e2e/master.yaml b/test/e2e/master.yaml
index 97fe0305a..c26a6bd38 100644
--- a/test/e2e/master.yaml
+++ b/test/e2e/master.yaml
@@ -51,6 +51,11 @@ write_files:
       RestartSec=5
       Delegate=yes
       KillMode=process
+      LimitNOFILE=1048576
+      # Having non-zero Limit*s causes performance problems due to accounting overhead
+      # in the kernel. We recommend using cgroups to do container-local accounting.
+      LimitNPROC=infinity
+      LimitCORE=infinity
       ExecStartPre=/sbin/modprobe overlay
       ExecStart=/home/cri-containerd/usr/local/bin/containerd --log-level debug
 
@@ -70,6 +75,11 @@ write_files:
       [Service]
       Restart=always
       RestartSec=5
+      LimitNOFILE=1048576
+      # Having non-zero Limit*s causes performance problems due to accounting overhead
+      # in the kernel. We recommend using cgroups to do container-local accounting.
+      LimitNPROC=infinity
+      LimitCORE=infinity
       # cri-containerd on master uses the cni binary and config in the
       # release tarball.
       ExecStart=/home/cri-containerd/usr/local/bin/cri-containerd \
diff --git a/test/e2e/node.yaml b/test/e2e/node.yaml
index 7e265ce26..2ac06ee81 100644
--- a/test/e2e/node.yaml
+++ b/test/e2e/node.yaml
@@ -54,6 +54,11 @@ write_files:
       RestartSec=5
       Delegate=yes
       KillMode=process
+      LimitNOFILE=1048576
+      # Having non-zero Limit*s causes performance problems due to accounting overhead
+      # in the kernel. We recommend using cgroups to do container-local accounting.
+      LimitNPROC=infinity
+      LimitCORE=infinity
       ExecStartPre=/sbin/modprobe overlay
       ExecStart=/home/cri-containerd/usr/local/bin/containerd --log-level debug
 
@@ -73,6 +78,11 @@ write_files:
       [Service]
       Restart=always
       RestartSec=5
+      LimitNOFILE=1048576
+      # Having non-zero Limit*s causes performance problems due to accounting overhead
+      # in the kernel. We recommend using cgroups to do container-local accounting.
+      LimitNPROC=infinity
+      LimitCORE=infinity
       # Point to /home/kubernetes/bin where calico setup cni binary in kube-up.sh.
       # Point to /etc/cni/net.d where calico put cni config in kube-up.sh.
       ExecStart=/home/cri-containerd/usr/local/bin/cri-containerd \
diff --git a/test/e2e_node/init.yaml b/test/e2e_node/init.yaml
index 88a7023e0..b92bae74b 100644
--- a/test/e2e_node/init.yaml
+++ b/test/e2e_node/init.yaml
@@ -49,6 +49,11 @@ write_files:
       RestartSec=5
       Delegate=yes
       KillMode=process
+      LimitNOFILE=1048576
+      # Having non-zero Limit*s causes performance problems due to accounting overhead
+      # in the kernel. We recommend using cgroups to do container-local accounting.
+      LimitNPROC=infinity
+      LimitCORE=infinity
       ExecStartPre=/sbin/modprobe overlay
       ExecStart=/home/cri-containerd/usr/local/bin/containerd --log-level debug
 
@@ -68,6 +73,11 @@ write_files:
       [Service]
       Restart=always
       RestartSec=5
+      LimitNOFILE=1048576
+      # Having non-zero Limit*s causes performance problems due to accounting overhead
+      # in the kernel. We recommend using cgroups to do container-local accounting.
+      LimitNPROC=infinity
+      LimitCORE=infinity
       ExecStart=/home/cri-containerd/usr/local/bin/cri-containerd \
         --logtostderr --v=4 \
         --network-bin-dir=/home/cri-containerd/opt/cni/bin \