diff --git a/buildchain/buildchain/salt_tree.py b/buildchain/buildchain/salt_tree.py
index fce9d147d6..9efe81048f 100644
--- a/buildchain/buildchain/salt_tree.py
+++ b/buildchain/buildchain/salt_tree.py
@@ -283,7 +283,7 @@ def _get_parts(self) -> Iterator[str]:
          'tls-secret.sls'),
 
     Path('salt/metalk8s/container-engine/containerd/configured.sls'),
-    Path('salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf'),
+    Path('salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf.j2'),
     Path('salt/metalk8s/container-engine/containerd/init.sls'),
     Path('salt/metalk8s/container-engine/containerd/installed.sls'),
     Path('salt/metalk8s/container-engine/init.sls'),
diff --git a/salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf b/salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf.j2
similarity index 82%
rename from salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf
rename to salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf.j2
index 3cdd037a6a..6966d22e77 100644
--- a/salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf
+++ b/salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf.j2
@@ -2,3 +2,4 @@
 # See https://github.com/containerd/containerd/issues/3201
 # See https://github.com/containerd/containerd/pull/3202
 LimitNOFILE=1048576
+Environment="{{ environment }}"
diff --git a/salt/metalk8s/container-engine/containerd/installed.sls b/salt/metalk8s/container-engine/containerd/installed.sls
index 9951096677..144c3a7f91 100644
--- a/salt/metalk8s/container-engine/containerd/installed.sls
+++ b/salt/metalk8s/container-engine/containerd/installed.sls
@@ -2,6 +2,8 @@
 {%- from "metalk8s/map.jinja" import metalk8s with context %}
 {%- from "metalk8s/map.jinja" import kubelet with context %}
 {%- from "metalk8s/map.jinja" import repo with context %}
+{%- from "metalk8s/map.jinja" import networks with context %}
+{%- from "metalk8s/map.jinja" import proxies with context %}
 
 {%- set registry_ip = metalk8s.endpoints['repositories'].ip %}
 {%- set registry_port = metalk8s.endpoints['repositories'].ports.http %}
@@ -36,12 +38,24 @@ Install containerd:
 Create containerd service drop-in:
   file.managed:
     - name: /etc/systemd/system/containerd.service.d/50-metalk8s.conf
-    - source: salt://{{ slspath }}/files/50-metalk8s.conf
+    - source: salt://{{ slspath }}/files/50-metalk8s.conf.j2
+    - template: jinja
     - user: root
     - group: root
     - mode: 0644
     - makedirs: true
     - dir_mode: 0755
+    - context:
+      environment: >-
+      {%- if proxies %}
+        NO_PROXY={{ networks.values() | join(",") }}
+        {%- if 'http' in proxies %}
+        HTTP_PROXY={{ proxies.http }}
+        {%- endif %}
+        {%- if 'https' in proxies %}
+        HTTPS_PROXY={{ proxies.https }}
+        {%- endif %}
+      {%- endif %}
     - require:
       - metalk8s_package_manager: Install containerd