Use systemd service cgroup and oom score adj.

Signed-off-by: Lantao Liu <lantaol@google.com>

contrib/gce/cloud-init/master.yaml

@@ -30,12 +30,6 @@ write_files:
     permissions: 0644
     owner: root
     content: |
-      # installed by cloud-init
-      oom_score = -999
-
-      [cgroup]
-        path = "/runtime"
-
       [plugins.linux]
         shim = "/home/containerd/usr/local/bin/containerd-shim"
         runtime = "/home/containerd/usr/local/sbin/runc"
@@ -61,6 +55,7 @@ write_files:
       RestartSec=5
       Delegate=yes
       KillMode=process
+      OOMScoreAdjust=-999
       LimitNOFILE=1048576
       # Having non-zero Limit*s causes performance problems due to accounting overhead
       # in the kernel. We recommend using cgroups to do container-local accounting.

contrib/gce/cloud-init/node.yaml

@@ -28,12 +28,6 @@ write_files:
     permissions: 0644
     owner: root
     content: |
-      # installed by cloud-init
-      oom_score = -999
-
-      [cgroup]
-        path = "/runtime"
-
       [plugins.linux]
         shim = "/home/containerd/usr/local/bin/containerd-shim"
         runtime = "/home/containerd/usr/local/sbin/runc"
@@ -59,6 +53,7 @@ write_files:
       RestartSec=5
       Delegate=yes
       KillMode=process
+      OOMScoreAdjust=-999
       LimitNOFILE=1048576
       # Having non-zero Limit*s causes performance problems due to accounting overhead
       # in the kernel. We recommend using cgroups to do container-local accounting.

contrib/gce/env

@@ -15,5 +15,5 @@ export KUBE_CONTAINER_RUNTIME_ENDPOINT="/run/containerd/containerd.sock"
 export KUBE_LOAD_IMAGE_COMMAND="/home/containerd/usr/local/bin/ctr cri load"
 export NETWORK_POLICY_PROVIDER="calico"
 export NON_MASQUERADE_CIDR="0.0.0.0/0"
-export KUBE_KUBELET_EXTRA_ARGS="--runtime-cgroups=/runtime"
+export KUBE_KUBELET_EXTRA_ARGS="--runtime-cgroups=/system.slice/containerd.service"
 export KUBE_FEATURE_GATES="ExperimentalCriticalPodAnnotation=true,CRIContainerLogRotation=true"