From 9728f96e31f9760dbb2e93cba428fc71a73caf32 Mon Sep 17 00:00:00 2001
From: Morten Torkildsen <mortent@google.com>
Date: Fri, 20 Jun 2025 21:20:42 +0000
Subject: [PATCH] Improve the resiliance of the nofile-infinity script

---
 .../containerd-nofile-infinity-allowlist.yaml        |  2 +-
 .../containerd-nofile-infinity.yaml                  | 12 ++++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/containerd-nofile-infinity/containerd-nofile-infinity-allowlist.yaml b/containerd-nofile-infinity/containerd-nofile-infinity-allowlist.yaml
index efda2a7..6df90ea 100644
--- a/containerd-nofile-infinity/containerd-nofile-infinity-allowlist.yaml
+++ b/containerd-nofile-infinity/containerd-nofile-infinity-allowlist.yaml
@@ -4,4 +4,4 @@ metadata:
   name: gke-org-nofile-infinity-synchronizer
 spec:
   allowlistPaths:
-  - "Gke-Org/nofile-infinity/gke-org-nofile-infinity-allowlist.yaml"
+  - "Gke-Org/nofile-infinity-v2/gke-org-nofile-infinity-v2-allowlist.yaml"
diff --git a/containerd-nofile-infinity/containerd-nofile-infinity.yaml b/containerd-nofile-infinity/containerd-nofile-infinity.yaml
index 36c7126..c355f94 100644
--- a/containerd-nofile-infinity/containerd-nofile-infinity.yaml
+++ b/containerd-nofile-infinity/containerd-nofile-infinity.yaml
@@ -45,9 +45,13 @@ spec:
           - |
             set -e
             set -u
-            echo "Generating containerd system drop in config for nofile limit"
-            nofile_limit_path="/host/etc/systemd/system/containerd.service.d/40-LimitNOFILE-infinity.conf"
-            cat >> "${nofile_limit_path}" <<EOF
+            echo "Checking if containerd system drop-in directory exists"
+            if [ ! -d "/host/etc/systemd/system/containerd.service.d" ]; then
+              echo "containerd drop-in directory does not exist. Skipping"
+              exit 0
+            fi
+            echo "Generating containerd system drop-in config for nofile limit"
+            cat > "/host/etc/systemd/system/containerd.service.d/40-LimitNOFILE-infinity.conf" <<EOF
             [Service]
             LimitNOFILE=infinity
             EOF
@@ -57,4 +61,4 @@ spec:
             chroot /host systemctl restart containerd
       containers:
         - name: pause
-          image: gke.gcr.io/pause:3.8
+          image: gke.gcr.io/pause:3.8
\ No newline at end of file