diff --git a/files/bootstrap.sh b/files/bootstrap.sh
index 52bf5847d..545ddd1e3 100755
--- a/files/bootstrap.sh
+++ b/files/bootstrap.sh
@@ -490,12 +490,20 @@ if [[ "$CONTAINER_RUNTIME" = "containerd" ]]; then
 
   sudo mkdir -p /etc/containerd
   sudo mkdir -p /etc/cni/net.d
-  if [[ -n "$CONTAINERD_CONFIG_FILE" ]]; then
-    sudo cp -v $CONTAINERD_CONFIG_FILE /etc/eks/containerd/containerd-config.toml
+
+  sudo mkdir -p /etc/systemd/system/containerd.service.d
+  printf '[Service]\nSlice=runtime.slice\n' | sudo tee /etc/systemd/system/containerd.service.d/00-runtime-slice.conf
+
+  if [[ -n "${CONTAINERD_CONFIG_FILE}" ]]; then
+    sudo cp -v "${CONTAINERD_CONFIG_FILE}" /etc/eks/containerd/containerd-config.toml
   fi
-  echo "$(jq '.cgroupDriver="systemd"' $KUBELET_CONFIG)" > $KUBELET_CONFIG
+
   sudo sed -i s,SANDBOX_IMAGE,$PAUSE_CONTAINER,g /etc/eks/containerd/containerd-config.toml
 
+  echo "$(jq '.cgroupDriver="systemd"' "${KUBELET_CONFIG}")" > "${KUBELET_CONFIG}"
+  echo "$(jq '.systemReservedCgroup="/system"' "${KUBELET_CONFIG}")" > "${KUBELET_CONFIG}"
+  echo "$(jq '.kubeReservedCgroup="/runtime"' "${KUBELET_CONFIG}")" > "${KUBELET_CONFIG}"
+
   # Check if the containerd config file is the same as the one used in the image build.
   # If different, then restart containerd w/ proper config
   if ! cmp -s /etc/eks/containerd/containerd-config.toml /etc/containerd/config.toml; then
diff --git a/files/kubelet-containerd.service b/files/kubelet-containerd.service
index 74b30f70a..72b58f8b8 100644
--- a/files/kubelet-containerd.service
+++ b/files/kubelet-containerd.service
@@ -5,6 +5,7 @@ After=containerd.service sandbox-image.service
 Requires=containerd.service sandbox-image.service
 
 [Service]
+Slice=runtime.slice
 ExecStartPre=/sbin/iptables -P FORWARD ACCEPT -w 5
 ExecStart=/usr/bin/kubelet --cloud-provider $KUBELET_CLOUD_PROVIDER \
     --config /etc/kubernetes/kubelet/kubelet-config.json \
@@ -17,6 +18,8 @@ Restart=on-failure
 RestartForceExitStatus=SIGPIPE
 RestartSec=5
 KillMode=process
+CPUAccounting=true
+MemoryAccounting=true
 
 [Install]
 WantedBy=multi-user.target
diff --git a/files/runtime.slice b/files/runtime.slice
new file mode 100644
index 000000000..5e189639a
--- /dev/null
+++ b/files/runtime.slice
@@ -0,0 +1,4 @@
+[Unit]
+Description=Kubernetes and container runtime slice
+Documentation=man:systemd.special(7)
+Before=slices.target
diff --git a/scripts/install-worker.sh b/scripts/install-worker.sh
index cf1008410..ee59a90e4 100644
--- a/scripts/install-worker.sh
+++ b/scripts/install-worker.sh
@@ -141,6 +141,12 @@ else
   sudo yum install -y awscli
 fi
 
+################################################################################
+### systemd ####################################################################
+################################################################################
+
+sudo mv "${TEMPLATE_DIR}/runtime.slice" /etc/systemd/system/runtime.slice
+
 ###############################################################################
 ### Containerd setup ##########################################################
 ###############################################################################