Mask docker.service to prevent socket activation

* Kubelet now uses `containerd` as the container runtime, but
`docker.service` still starts when `docker.sock` is probed bc
the service is socket activated. Prevent this by masking the
`docker.service` unit

CHANGES.md

@@ -7,6 +7,7 @@ Notable changes between versions.
 ### Fedora CoreOS
 
 * Switch Kubernetes Container Runtime from `docker` to `containerd` ([#1101](https://github.com/poseidon/typhoon/pull/1101))
+* Mask `docker.service` to prevent it from being socket activated
 
 ### Flatcar Linux
 

aws/fedora-coreos/kubernetes/fcc/controller.yaml

@@ -31,6 +31,8 @@ systemd:
         WantedBy=multi-user.target
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |

aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml

@@ -5,6 +5,8 @@ systemd:
   units:
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |

azure/fedora-coreos/kubernetes/fcc/controller.yaml

@@ -31,6 +31,8 @@ systemd:
         WantedBy=multi-user.target
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |

azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml

@@ -5,6 +5,8 @@ systemd:
   units:
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |

bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml

@@ -31,6 +31,8 @@ systemd:
         WantedBy=multi-user.target
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |

bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml

@@ -5,6 +5,8 @@ systemd:
   units:
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |

digital-ocean/fedora-coreos/kubernetes/fcc/controller.yaml

@@ -31,6 +31,8 @@ systemd:
         WantedBy=multi-user.target
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |

digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml

@@ -5,6 +5,8 @@ systemd:
   units:
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |

google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml

@@ -31,6 +31,8 @@ systemd:
         WantedBy=multi-user.target
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |

google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml

@@ -5,6 +5,8 @@ systemd:
   units:
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |