diff --git a/CHANGES.md b/CHANGES.md
index 92519acaa..c5a5cb1f5 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -7,6 +7,7 @@ Notable changes between versions.
 ### Fedora CoreOS
 
 * Switch Kubernetes Container Runtime from `docker` to `containerd` ([#1101](https://github.com/poseidon/typhoon/pull/1101))
+* Mask `docker.service` to prevent it from being socket activated
 
 ### Flatcar Linux
 
diff --git a/aws/fedora-coreos/kubernetes/fcc/controller.yaml b/aws/fedora-coreos/kubernetes/fcc/controller.yaml
index 109875885..1ab49d5b2 100644
--- a/aws/fedora-coreos/kubernetes/fcc/controller.yaml
+++ b/aws/fedora-coreos/kubernetes/fcc/controller.yaml
@@ -31,6 +31,8 @@ systemd:
         WantedBy=multi-user.target
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |
diff --git a/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml
index 51f6f58b1..cd6f7ece0 100644
--- a/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml
+++ b/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml
@@ -5,6 +5,8 @@ systemd:
   units:
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |
diff --git a/azure/fedora-coreos/kubernetes/fcc/controller.yaml b/azure/fedora-coreos/kubernetes/fcc/controller.yaml
index b963c4a64..428199830 100644
--- a/azure/fedora-coreos/kubernetes/fcc/controller.yaml
+++ b/azure/fedora-coreos/kubernetes/fcc/controller.yaml
@@ -31,6 +31,8 @@ systemd:
         WantedBy=multi-user.target
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |
diff --git a/azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml
index 6ddd64eb1..a15d09d66 100644
--- a/azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml
+++ b/azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml
@@ -5,6 +5,8 @@ systemd:
   units:
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |
diff --git a/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml b/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml
index dd08795ab..450d304ca 100644
--- a/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml
+++ b/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml
@@ -31,6 +31,8 @@ systemd:
         WantedBy=multi-user.target
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |
diff --git a/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml b/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml
index aa83d7c5c..6245bfc58 100644
--- a/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml
+++ b/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml
@@ -5,6 +5,8 @@ systemd:
   units:
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |
diff --git a/digital-ocean/fedora-coreos/kubernetes/fcc/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/fcc/controller.yaml
index fbd268ede..199b34d20 100644
--- a/digital-ocean/fedora-coreos/kubernetes/fcc/controller.yaml
+++ b/digital-ocean/fedora-coreos/kubernetes/fcc/controller.yaml
@@ -31,6 +31,8 @@ systemd:
         WantedBy=multi-user.target
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |
diff --git a/digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml
index 38fd02fb9..b787d914a 100644
--- a/digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml
+++ b/digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml
@@ -5,6 +5,8 @@ systemd:
   units:
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |
diff --git a/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml b/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml
index 4b3d2da60..a9e8f0db6 100644
--- a/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml
+++ b/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml
@@ -31,6 +31,8 @@ systemd:
         WantedBy=multi-user.target
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |
diff --git a/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml
index 6ddd64eb1..a15d09d66 100644
--- a/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml
+++ b/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml
@@ -5,6 +5,8 @@ systemd:
   units:
     - name: containerd.service
       enabled: true
+    - name: docker.service
+      mask: true
     - name: wait-for-dns.service
       enabled: true
       contents: |