diff --git a/pkg/apis/kubeone/helpers.go b/pkg/apis/kubeone/helpers.go
index c03d60158..b838c671d 100644
--- a/pkg/apis/kubeone/helpers.go
+++ b/pkg/apis/kubeone/helpers.go
@@ -108,6 +108,17 @@ func (crc *ContainerRuntimeConfig) UnmarshalText(text []byte) error {
 	return nil
 }
 
+func (crc ContainerRuntimeConfig) ConfigPath() string {
+	switch {
+	case crc.Containerd != nil:
+		return "/etc/containerd/config.toml"
+	case crc.Docker != nil:
+		return "/etc/docker/daemon.json"
+	}
+
+	return ""
+}
+
 func (crc ContainerRuntimeConfig) CRISocket() string {
 	switch {
 	case crc.Containerd != nil:
diff --git a/pkg/containerruntime/containerd_config.go b/pkg/containerruntime/containerd_config.go
new file mode 100644
index 000000000..cf6ba7f63
--- /dev/null
+++ b/pkg/containerruntime/containerd_config.go
@@ -0,0 +1,110 @@
+/*
+Copyright 2021 The KubeOne Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package containerruntime
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/BurntSushi/toml"
+
+	"k8c.io/kubeone/pkg/apis/kubeone"
+)
+
+type containerdConfig struct {
+	Version int                    `toml:"version"`
+	Metrics *containerdMetrics     `toml:"metrics"`
+	Plugins map[string]interface{} `toml:"plugins"`
+}
+
+type containerdMetrics struct {
+	Address string `toml:"address"`
+}
+
+type containerdCRIPlugin struct {
+	Containerd *containerdCRISettings `toml:"containerd"`
+	Registry   *containerdCRIRegistry `toml:"registry"`
+}
+
+type containerdCRISettings struct {
+	Runtimes map[string]containerdCRIRuntime `toml:"runtimes"`
+}
+
+type containerdCRIRuntime struct {
+	RuntimeType string      `toml:"runtime_type"`
+	Options     interface{} `toml:"options"`
+}
+
+type containerdCRIRuncOptions struct {
+	SystemdCgroup bool
+}
+
+type containerdCRIRegistry struct {
+	Mirrors map[string]containerdMirror `toml:"mirrors"`
+}
+
+type containerdMirror struct {
+	Endpoint []string `toml:"endpoint"`
+}
+
+func marshalContainerdConfig(cluster *kubeone.KubeOneCluster) (string, error) {
+	criPlugin := containerdCRIPlugin{
+		Containerd: &containerdCRISettings{
+			Runtimes: map[string]containerdCRIRuntime{
+				"runc": {
+					RuntimeType: "io.containerd.runc.v2",
+					Options: containerdCRIRuncOptions{
+						SystemdCgroup: true,
+					},
+				},
+			},
+		},
+		Registry: &containerdCRIRegistry{
+			Mirrors: map[string]containerdMirror{
+				"docker.io": {
+					Endpoint: []string{"https://registry-1.docker.io"},
+				},
+			},
+		},
+	}
+
+	insecureRegistry := cluster.RegistryConfiguration.InsecureRegistryAddress()
+	if insecureRegistry != "" {
+		criPlugin.Registry.Mirrors[insecureRegistry] = containerdMirror{
+			Endpoint: []string{fmt.Sprintf("http://%s", insecureRegistry)},
+		}
+	}
+
+	cfg := containerdConfig{
+		Version: 2,
+		Metrics: &containerdMetrics{
+			// metrics available at http://127.0.0.1:1338/v1/metrics
+			Address: "127.0.0.1:1338",
+		},
+
+		Plugins: map[string]interface{}{
+			"io.containerd.grpc.v1.cri": criPlugin,
+		},
+	}
+
+	var buf strings.Builder
+	enc := toml.NewEncoder(&buf)
+	enc.Indent = ""
+	err := enc.Encode(cfg)
+
+	return buf.String(), err
+}
diff --git a/pkg/containerruntime/docker_config.go b/pkg/containerruntime/docker_config.go
new file mode 100644
index 000000000..539f60d22
--- /dev/null
+++ b/pkg/containerruntime/docker_config.go
@@ -0,0 +1,55 @@
+/*
+Copyright 2021 The KubeOne Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package containerruntime
+
+import (
+	"encoding/json"
+
+	"k8c.io/kubeone/pkg/apis/kubeone"
+)
+
+type dockerConfig struct {
+	ExecOpts           []string          `json:"exec-opts,omitempty"`
+	StorageDriver      string            `json:"storage-driver,omitempty"`
+	LogDriver          string            `json:"log-driver,omitempty"`
+	LogOpts            map[string]string `json:"log-opts,omitempty"`
+	InsecureRegistries []string          `json:"insecure-registries,omitempty"`
+	RegistryMirrors    []string          `json:"registry-mirrors,omitempty"`
+}
+
+func marshalDockerConfig(cluster *kubeone.KubeOneCluster) (string, error) {
+	cfg := dockerConfig{
+		ExecOpts:      []string{"native.cgroupdriver=systemd"},
+		StorageDriver: "overlay2",
+		LogDriver:     "json-file",
+		LogOpts: map[string]string{
+			"max-size": "100m",
+		},
+	}
+
+	insecureRegistry := cluster.RegistryConfiguration.InsecureRegistryAddress()
+	if insecureRegistry != "" {
+		cfg.InsecureRegistries = []string{insecureRegistry}
+	}
+
+	b, err := json.MarshalIndent(cfg, "", "	")
+	if err != nil {
+		return "", err
+	}
+
+	return string(b), nil
+}
diff --git a/pkg/containerruntime/map.go b/pkg/containerruntime/map.go
new file mode 100644
index 000000000..8d1c85958
--- /dev/null
+++ b/pkg/containerruntime/map.go
@@ -0,0 +1,43 @@
+/*
+Copyright 2021 The KubeOne Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package containerruntime
+
+import "k8c.io/kubeone/pkg/apis/kubeone"
+
+func UpdateDataMap(cluster *kubeone.KubeOneCluster, inputMap map[string]interface{}) error {
+	var (
+		crConfig string
+		err      error
+	)
+
+	switch {
+	case cluster.ContainerRuntime.Containerd != nil:
+		crConfig, err = marshalContainerdConfig(cluster)
+	case cluster.ContainerRuntime.Docker != nil:
+		crConfig, err = marshalDockerConfig(cluster)
+	}
+
+	if err != nil {
+		return err
+	}
+
+	inputMap["CONTAINER_RUNTIME_CONFIG_PATH"] = cluster.ContainerRuntime.ConfigPath()
+	inputMap["CONTAINER_RUNTIME_CONFIG"] = crConfig
+	inputMap["CONTAINER_RUNTIME_SOCKET"] = cluster.ContainerRuntime.CRISocket()
+
+	return nil
+}
diff --git a/pkg/scripts/funcs.go b/pkg/scripts/funcs.go
index be8738944..9a9275ed1 100644
--- a/pkg/scripts/funcs.go
+++ b/pkg/scripts/funcs.go
@@ -17,11 +17,6 @@ limitations under the License.
 package scripts
 
 import (
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	"github.com/BurntSushi/toml"
 	"github.com/MakeNowJust/heredoc/v2"
 )
 
@@ -43,13 +38,6 @@ var (
 		esac
 		{{ end }}
 
-		{{ define "docker-daemon-config" }}
-		sudo mkdir -p /etc/docker
-		cat <<EOF | sudo tee /etc/docker/daemon.json
-		{{ dockerCfg .INSECURE_REGISTRY }}
-		EOF
-		{{ end }}
-
 		{{ define "sysctl-k8s" }}
 		cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
 		overlay
@@ -92,115 +80,3 @@ const (
 	defaultAmazonContainerdVersion = "1.4.*"
 	defaultAmazonCrictlVersion     = "1.13.0"
 )
-
-type dockerConfig struct {
-	ExecOpts           []string          `json:"exec-opts,omitempty"`
-	StorageDriver      string            `json:"storage-driver,omitempty"`
-	LogDriver          string            `json:"log-driver,omitempty"`
-	LogOpts            map[string]string `json:"log-opts,omitempty"`
-	InsecureRegistries []string          `json:"insecure-registries,omitempty"`
-}
-
-func dockerCfg(insecureRegistry string) (string, error) {
-	cfg := dockerConfig{
-		ExecOpts:      []string{"native.cgroupdriver=systemd"},
-		StorageDriver: "overlay2",
-		LogDriver:     "json-file",
-		LogOpts: map[string]string{
-			"max-size": "100m",
-		},
-	}
-	if insecureRegistry != "" {
-		cfg.InsecureRegistries = []string{insecureRegistry}
-	}
-
-	b, err := json.MarshalIndent(cfg, "", "	")
-	if err != nil {
-		return "", err
-	}
-
-	return string(b), nil
-}
-
-type containerdConfig struct {
-	Version int                    `toml:"version"`
-	Metrics *containerdMetrics     `toml:"metrics"`
-	Plugins map[string]interface{} `toml:"plugins"`
-}
-
-type containerdMetrics struct {
-	Address string `toml:"address"`
-}
-
-type containerdCRIPlugin struct {
-	Containerd *containerdCRISettings `toml:"containerd"`
-	Registry   *containerdCRIRegistry `toml:"registry"`
-}
-
-type containerdCRISettings struct {
-	Runtimes map[string]containerdCRIRuntime `toml:"runtimes"`
-}
-
-type containerdCRIRuntime struct {
-	RuntimeType string      `toml:"runtime_type"`
-	Options     interface{} `toml:"options"`
-}
-
-type containerdCRIRuncOptions struct {
-	SystemdCgroup bool
-}
-
-type containerdCRIRegistry struct {
-	Mirrors map[string]containerdMirror `toml:"mirrors"`
-}
-
-type containerdMirror struct {
-	Endpoint []string `toml:"endpoint"`
-}
-
-func containerdCfg(insecureRegistry string) (string, error) {
-	criPlugin := containerdCRIPlugin{
-		Containerd: &containerdCRISettings{
-			Runtimes: map[string]containerdCRIRuntime{
-				"runc": {
-					RuntimeType: "io.containerd.runc.v2",
-					Options: containerdCRIRuncOptions{
-						SystemdCgroup: true,
-					},
-				},
-			},
-		},
-		Registry: &containerdCRIRegistry{
-			Mirrors: map[string]containerdMirror{
-				"docker.io": {
-					Endpoint: []string{"https://registry-1.docker.io"},
-				},
-			},
-		},
-	}
-
-	if insecureRegistry != "" {
-		criPlugin.Registry.Mirrors[insecureRegistry] = containerdMirror{
-			Endpoint: []string{fmt.Sprintf("http://%s", insecureRegistry)},
-		}
-	}
-
-	cfg := containerdConfig{
-		Version: 2,
-		Metrics: &containerdMetrics{
-			// metrics available at http://127.0.0.1:1338/v1/metrics
-			Address: "127.0.0.1:1338",
-		},
-
-		Plugins: map[string]interface{}{
-			"io.containerd.grpc.v1.cri": criPlugin,
-		},
-	}
-
-	var buf strings.Builder
-	enc := toml.NewEncoder(&buf)
-	enc.Indent = ""
-	err := enc.Encode(cfg)
-
-	return buf.String(), err
-}
diff --git a/pkg/scripts/os.go b/pkg/scripts/os.go
index d1a6c208f..3f70a2a61 100644
--- a/pkg/scripts/os.go
+++ b/pkg/scripts/os.go
@@ -18,6 +18,9 @@ package scripts
 
 import (
 	"github.com/MakeNowJust/heredoc/v2"
+
+	"k8c.io/kubeone/pkg/apis/kubeone"
+	"k8c.io/kubeone/pkg/containerruntime"
 )
 
 const (
@@ -30,9 +33,7 @@ var migrateToContainerdScriptTemplate = heredoc.Doc(`
 	sudo docker ps -q | xargs sudo docker stop || true
 	sudo docker ps -qa | xargs sudo docker rm || true
 
-	{{ if .GENERATE_CONTAINERD_CONFIG -}}
-	{{ template "containerd-config" . }}
-	{{- end }}
+	{{ template "flatcar-containerd" . }}
 
 	{{- /*
 		/var/lib/kubelet/kubeadm-flags.env should be modified by the caller of
@@ -44,9 +45,12 @@ var migrateToContainerdScriptTemplate = heredoc.Doc(`
 	sudo systemctl restart kubelet
 `)
 
-func MigrateToContainerd(insecureRegistry string, generateContainerdConfig bool) (string, error) {
-	return Render(migrateToContainerdScriptTemplate, Data{
-		"INSECURE_REGISTRY":          insecureRegistry,
-		"GENERATE_CONTAINERD_CONFIG": generateContainerdConfig,
-	})
+func MigrateToContainerd(cluster *kubeone.KubeOneCluster) (string, error) {
+	data := Data{}
+
+	if err := containerruntime.UpdateDataMap(cluster, data); err != nil {
+		return "", err
+	}
+
+	return Render(migrateToContainerdScriptTemplate, data)
 }
diff --git a/pkg/scripts/os_amzn.go b/pkg/scripts/os_amzn.go
index 9c46b121a..000a9cb1f 100644
--- a/pkg/scripts/os_amzn.go
+++ b/pkg/scripts/os_amzn.go
@@ -16,7 +16,10 @@ limitations under the License.
 
 package scripts
 
-import "k8c.io/kubeone/pkg/apis/kubeone"
+import (
+	"k8c.io/kubeone/pkg/apis/kubeone"
+	"k8c.io/kubeone/pkg/containerruntime"
+)
 
 const (
 	kubeadmAmazonLinuxTemplate = `
@@ -62,7 +65,6 @@ sudo yum install -y \
 	rsync
 
 {{ if .INSTALL_DOCKER }}
-{{ template "docker-daemon-config" . }}
 {{ template "yum-docker-ce-amzn" . }}
 {{ end }}
 
@@ -192,9 +194,7 @@ func KubeadmAmazonLinux(cluster *kubeone.KubeOneCluster, force bool) (string, er
 		proxy = cluster.Proxy.HTTP
 	}
 
-	useKubernetesRepo := cluster.AssetConfiguration.NodeBinaries.URL == ""
-
-	return Render(kubeadmAmazonLinuxTemplate, Data{
+	data := Data{
 		"KUBELET":                true,
 		"KUBEADM":                true,
 		"KUBECTL":                true,
@@ -204,13 +204,18 @@ func KubeadmAmazonLinux(cluster *kubeone.KubeOneCluster, force bool) (string, er
 		"KUBERNETES_VERSION":     cluster.Versions.Kubernetes,
 		"KUBERNETES_CNI_VERSION": defaultKubernetesCNIVersion,
 		"CONFIGURE_REPOSITORIES": cluster.SystemPackages.ConfigureRepositories,
-		"INSECURE_REGISTRY":      cluster.RegistryConfiguration.InsecureRegistryAddress(),
 		"PROXY":                  proxy,
 		"FORCE":                  force,
 		"INSTALL_DOCKER":         cluster.ContainerRuntime.Docker,
 		"INSTALL_CONTAINERD":     cluster.ContainerRuntime.Containerd,
-		"USE_KUBERNETES_REPO":    useKubernetesRepo,
-	})
+		"USE_KUBERNETES_REPO":    cluster.AssetConfiguration.NodeBinaries.URL == "",
+	}
+
+	if err := containerruntime.UpdateDataMap(cluster, data); err != nil {
+		return "", err
+	}
+
+	return Render(kubeadmAmazonLinuxTemplate, data)
 }
 
 func RemoveBinariesAmazonLinux() (string, error) {
@@ -223,9 +228,7 @@ func UpgradeKubeadmAndCNIAmazonLinux(cluster *kubeone.KubeOneCluster) (string, e
 		proxy = cluster.Proxy.HTTP
 	}
 
-	useKubernetesRepo := cluster.AssetConfiguration.NodeBinaries.URL == ""
-
-	return Render(kubeadmAmazonLinuxTemplate, Data{
+	data := Data{
 		"UPGRADE":                true,
 		"KUBEADM":                true,
 		"NODE_BINARIES_URL":      cluster.AssetConfiguration.NodeBinaries.URL,
@@ -233,12 +236,17 @@ func UpgradeKubeadmAndCNIAmazonLinux(cluster *kubeone.KubeOneCluster) (string, e
 		"KUBERNETES_VERSION":     cluster.Versions.Kubernetes,
 		"KUBERNETES_CNI_VERSION": defaultKubernetesCNIVersion,
 		"CONFIGURE_REPOSITORIES": cluster.SystemPackages.ConfigureRepositories,
-		"INSECURE_REGISTRY":      cluster.RegistryConfiguration.InsecureRegistryAddress(),
 		"PROXY":                  proxy,
 		"INSTALL_DOCKER":         cluster.ContainerRuntime.Docker,
 		"INSTALL_CONTAINERD":     cluster.ContainerRuntime.Containerd,
-		"USE_KUBERNETES_REPO":    useKubernetesRepo,
-	})
+		"USE_KUBERNETES_REPO":    cluster.AssetConfiguration.NodeBinaries.URL == "",
+	}
+
+	if err := containerruntime.UpdateDataMap(cluster, data); err != nil {
+		return "", err
+	}
+
+	return Render(kubeadmAmazonLinuxTemplate, data)
 }
 
 func UpgradeKubeletAndKubectlAmazonLinux(cluster *kubeone.KubeOneCluster) (string, error) {
@@ -247,9 +255,7 @@ func UpgradeKubeletAndKubectlAmazonLinux(cluster *kubeone.KubeOneCluster) (strin
 		proxy = cluster.Proxy.HTTP
 	}
 
-	useKubernetesRepo := cluster.AssetConfiguration.NodeBinaries.URL == ""
-
-	return Render(kubeadmAmazonLinuxTemplate, Data{
+	data := Data{
 		"UPGRADE":                true,
 		"KUBELET":                true,
 		"KUBECTL":                true,
@@ -258,10 +264,15 @@ func UpgradeKubeletAndKubectlAmazonLinux(cluster *kubeone.KubeOneCluster) (strin
 		"KUBERNETES_VERSION":     cluster.Versions.Kubernetes,
 		"KUBERNETES_CNI_VERSION": defaultKubernetesCNIVersion,
 		"CONFIGURE_REPOSITORIES": cluster.SystemPackages.ConfigureRepositories,
-		"INSECURE_REGISTRY":      cluster.RegistryConfiguration.InsecureRegistryAddress(),
 		"PROXY":                  proxy,
 		"INSTALL_DOCKER":         cluster.ContainerRuntime.Docker,
 		"INSTALL_CONTAINERD":     cluster.ContainerRuntime.Containerd,
-		"USE_KUBERNETES_REPO":    useKubernetesRepo,
-	})
+		"USE_KUBERNETES_REPO":    cluster.AssetConfiguration.NodeBinaries.URL == "",
+	}
+
+	if err := containerruntime.UpdateDataMap(cluster, data); err != nil {
+		return "", err
+	}
+
+	return Render(kubeadmAmazonLinuxTemplate, data)
 }
diff --git a/pkg/scripts/os_centos.go b/pkg/scripts/os_centos.go
index 8b4479e86..321feceb3 100644
--- a/pkg/scripts/os_centos.go
+++ b/pkg/scripts/os_centos.go
@@ -16,7 +16,10 @@ limitations under the License.
 
 package scripts
 
-import "k8c.io/kubeone/pkg/apis/kubeone"
+import (
+	"k8c.io/kubeone/pkg/apis/kubeone"
+	"k8c.io/kubeone/pkg/containerruntime"
+)
 
 const (
 	kubeadmCentOSTemplate = `
@@ -62,7 +65,6 @@ sudo yum install -y \
 	rsync
 
 {{ if .INSTALL_DOCKER }}
-{{ template "docker-daemon-config" . }}
 {{ template "yum-docker-ce" . }}
 {{ end }}
 
@@ -117,19 +119,24 @@ func KubeadmCentOS(cluster *kubeone.KubeOneCluster, force bool) (string, error)
 		proxy = cluster.Proxy.HTTP
 	}
 
-	return Render(kubeadmCentOSTemplate, Data{
+	data := Data{
 		"KUBELET":                true,
 		"KUBEADM":                true,
 		"KUBECTL":                true,
 		"KUBERNETES_VERSION":     cluster.Versions.Kubernetes,
 		"KUBERNETES_CNI_VERSION": defaultKubernetesCNIVersion,
 		"CONFIGURE_REPOSITORIES": cluster.SystemPackages.ConfigureRepositories,
-		"INSECURE_REGISTRY":      cluster.RegistryConfiguration.InsecureRegistryAddress(),
 		"PROXY":                  proxy,
 		"FORCE":                  force,
 		"INSTALL_DOCKER":         cluster.ContainerRuntime.Docker,
 		"INSTALL_CONTAINERD":     cluster.ContainerRuntime.Containerd,
-	})
+	}
+
+	if err := containerruntime.UpdateDataMap(cluster, data); err != nil {
+		return "", err
+	}
+
+	return Render(kubeadmCentOSTemplate, data)
 }
 
 func RemoveBinariesCentOS() (string, error) {
@@ -142,17 +149,22 @@ func UpgradeKubeadmAndCNICentOS(cluster *kubeone.KubeOneCluster) (string, error)
 		proxy = cluster.Proxy.HTTP
 	}
 
-	return Render(kubeadmCentOSTemplate, Data{
+	data := Data{
 		"UPGRADE":                true,
 		"KUBEADM":                true,
 		"KUBERNETES_VERSION":     cluster.Versions.Kubernetes,
 		"KUBERNETES_CNI_VERSION": defaultKubernetesCNIVersion,
 		"CONFIGURE_REPOSITORIES": cluster.SystemPackages.ConfigureRepositories,
-		"INSECURE_REGISTRY":      cluster.RegistryConfiguration.InsecureRegistryAddress(),
 		"PROXY":                  proxy,
 		"INSTALL_DOCKER":         cluster.ContainerRuntime.Docker,
 		"INSTALL_CONTAINERD":     cluster.ContainerRuntime.Containerd,
-	})
+	}
+
+	if err := containerruntime.UpdateDataMap(cluster, data); err != nil {
+		return "", err
+	}
+
+	return Render(kubeadmCentOSTemplate, data)
 }
 
 func UpgradeKubeletAndKubectlCentOS(cluster *kubeone.KubeOneCluster) (string, error) {
@@ -161,18 +173,23 @@ func UpgradeKubeletAndKubectlCentOS(cluster *kubeone.KubeOneCluster) (string, er
 		proxy = cluster.Proxy.HTTP
 	}
 
-	return Render(kubeadmCentOSTemplate, Data{
+	data := Data{
 		"UPGRADE":                true,
 		"KUBELET":                true,
 		"KUBECTL":                true,
 		"KUBERNETES_VERSION":     cluster.Versions.Kubernetes,
 		"KUBERNETES_CNI_VERSION": defaultKubernetesCNIVersion,
 		"CONFIGURE_REPOSITORIES": cluster.SystemPackages.ConfigureRepositories,
-		"INSECURE_REGISTRY":      cluster.RegistryConfiguration.InsecureRegistryAddress(),
 		"PROXY":                  proxy,
 		"INSTALL_DOCKER":         cluster.ContainerRuntime.Docker,
 		"INSTALL_CONTAINERD":     cluster.ContainerRuntime.Containerd,
-	})
+	}
+
+	if err := containerruntime.UpdateDataMap(cluster, data); err != nil {
+		return "", err
+	}
+
+	return Render(kubeadmCentOSTemplate, data)
 }
 
 func DisableNMCloudSetup() (string, error) {
diff --git a/pkg/scripts/os_debian.go b/pkg/scripts/os_debian.go
index d938f732b..d62a7cea1 100644
--- a/pkg/scripts/os_debian.go
+++ b/pkg/scripts/os_debian.go
@@ -16,7 +16,10 @@ limitations under the License.
 
 package scripts
 
-import "k8c.io/kubeone/pkg/apis/kubeone"
+import (
+	"k8c.io/kubeone/pkg/apis/kubeone"
+	"k8c.io/kubeone/pkg/containerruntime"
+)
 
 const (
 	kubeadmDebianTemplate = `
@@ -66,7 +69,6 @@ sudo apt-mark unhold kubelet kubeadm kubectl kubernetes-cni
 {{- end }}
 
 {{ if .INSTALL_DOCKER }}
-{{ template "docker-daemon-config" . }}
 {{ template "apt-docker-ce" . }}
 {{ end }}
 
@@ -113,20 +115,25 @@ sudo apt-get remove --purge -y kubernetes-cni || true
 )
 
 func KubeadmDebian(cluster *kubeone.KubeOneCluster, force bool) (string, error) {
-	return Render(kubeadmDebianTemplate, Data{
+	data := Data{
 		"KUBELET":                true,
 		"KUBEADM":                true,
 		"KUBECTL":                true,
 		"KUBERNETES_VERSION":     cluster.Versions.Kubernetes,
 		"KUBERNETES_CNI_VERSION": defaultKubernetesCNIVersion,
 		"CONFIGURE_REPOSITORIES": cluster.SystemPackages.ConfigureRepositories,
-		"INSECURE_REGISTRY":      cluster.RegistryConfiguration.InsecureRegistryAddress(),
 		"HTTP_PROXY":             cluster.Proxy.HTTP,
 		"HTTPS_PROXY":            cluster.Proxy.HTTPS,
 		"FORCE":                  force,
 		"INSTALL_DOCKER":         cluster.ContainerRuntime.Docker,
 		"INSTALL_CONTAINERD":     cluster.ContainerRuntime.Containerd,
-	})
+	}
+
+	if err := containerruntime.UpdateDataMap(cluster, data); err != nil {
+		return "", err
+	}
+
+	return Render(kubeadmDebianTemplate, data)
 }
 
 func RemoveBinariesDebian() (string, error) {
@@ -134,32 +141,42 @@ func RemoveBinariesDebian() (string, error) {
 }
 
 func UpgradeKubeadmAndCNIDebian(cluster *kubeone.KubeOneCluster) (string, error) {
-	return Render(kubeadmDebianTemplate, Data{
+	data := Data{
 		"UPGRADE":                true,
 		"KUBEADM":                true,
 		"KUBERNETES_VERSION":     cluster.Versions.Kubernetes,
 		"KUBERNETES_CNI_VERSION": defaultKubernetesCNIVersion,
 		"CONFIGURE_REPOSITORIES": cluster.SystemPackages.ConfigureRepositories,
-		"INSECURE_REGISTRY":      cluster.RegistryConfiguration.InsecureRegistryAddress(),
 		"HTTP_PROXY":             cluster.Proxy.HTTP,
 		"HTTPS_PROXY":            cluster.Proxy.HTTPS,
 		"INSTALL_DOCKER":         cluster.ContainerRuntime.Docker,
 		"INSTALL_CONTAINERD":     cluster.ContainerRuntime.Containerd,
-	})
+	}
+
+	if err := containerruntime.UpdateDataMap(cluster, data); err != nil {
+		return "", err
+	}
+
+	return Render(kubeadmDebianTemplate, data)
 }
 
 func UpgradeKubeletAndKubectlDebian(cluster *kubeone.KubeOneCluster) (string, error) {
-	return Render(kubeadmDebianTemplate, Data{
+	data := Data{
 		"UPGRADE":                true,
 		"KUBELET":                true,
 		"KUBECTL":                true,
 		"KUBERNETES_VERSION":     cluster.Versions.Kubernetes,
 		"KUBERNETES_CNI_VERSION": defaultKubernetesCNIVersion,
 		"CONFIGURE_REPOSITORIES": cluster.SystemPackages.ConfigureRepositories,
-		"INSECURE_REGISTRY":      cluster.RegistryConfiguration.InsecureRegistryAddress(),
 		"HTTP_PROXY":             cluster.Proxy.HTTP,
 		"HTTPS_PROXY":            cluster.Proxy.HTTPS,
 		"INSTALL_DOCKER":         cluster.ContainerRuntime.Docker,
 		"INSTALL_CONTAINERD":     cluster.ContainerRuntime.Containerd,
-	})
+	}
+
+	if err := containerruntime.UpdateDataMap(cluster, data); err != nil {
+		return "", err
+	}
+
+	return Render(kubeadmDebianTemplate, data)
 }
diff --git a/pkg/scripts/os_flatcar.go b/pkg/scripts/os_flatcar.go
index 9d2ad99d2..2b2632eeb 100644
--- a/pkg/scripts/os_flatcar.go
+++ b/pkg/scripts/os_flatcar.go
@@ -16,7 +16,10 @@ limitations under the License.
 
 package scripts
 
-import "k8c.io/kubeone/pkg/apis/kubeone"
+import (
+	"k8c.io/kubeone/pkg/apis/kubeone"
+	"k8c.io/kubeone/pkg/containerruntime"
+)
 
 const (
 	kubeadmFlatcarTemplate = `
@@ -37,12 +40,11 @@ curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOO
 	sudo tar -C /opt/bin -xz
 
 {{ if .INSTALL_DOCKER }}
-{{ template "docker-daemon-config" . }}
-{{ template "flatcar-docker" }}
+{{ template "flatcar-docker" . }}
 {{ end }}
 
 {{ if .INSTALL_CONTAINERD }}
-{{ template "flatcar-containerd" }}
+{{ template "flatcar-containerd" . }}
 {{ end }}
 
 sudo mkdir -p /opt/bin
@@ -176,14 +178,19 @@ sudo systemctl start kubelet
 )
 
 func KubeadmFlatcar(cluster *kubeone.KubeOneCluster) (string, error) {
-	return Render(kubeadmFlatcarTemplate, Data{
+	data := Data{
 		"KUBERNETES_VERSION":     cluster.Versions.Kubernetes,
 		"KUBERNETES_CNI_VERSION": defaultKubernetesCNIVersion,
 		"CRITOOLS_VERSION":       defaultCriToolsVersion,
-		"INSECURE_REGISTRY":      cluster.RegistryConfiguration.InsecureRegistryAddress(),
 		"INSTALL_DOCKER":         cluster.ContainerRuntime.Docker,
 		"INSTALL_CONTAINERD":     cluster.ContainerRuntime.Containerd,
-	})
+	}
+
+	if err := containerruntime.UpdateDataMap(cluster, data); err != nil {
+		return "", err
+	}
+
+	return Render(kubeadmFlatcarTemplate, data)
 }
 
 func RemoveBinariesFlatcar() (string, error) {
diff --git a/pkg/scripts/os_test.go b/pkg/scripts/os_test.go
index c8f24013e..87e7b7609 100644
--- a/pkg/scripts/os_test.go
+++ b/pkg/scripts/os_test.go
@@ -165,30 +165,32 @@ func TestMigrateToContainerd(t *testing.T) {
 	t.Parallel()
 
 	tests := []struct {
-		name                     string
-		insecureRegistry         string
-		generateContainerdConfig bool
-		err                      error
+		name             string
+		insecureRegistry string
+		mirrors          []string
+		err              error
 	}{
 		{
-			name:                     "simple",
-			generateContainerdConfig: true,
+			name: "simple",
 		},
 		{
-			name:                     "flatcat",
-			generateContainerdConfig: false,
+			name: "flatcat",
 		},
 		{
-			name:                     "insecureRegistry",
-			insecureRegistry:         "some.registry",
-			generateContainerdConfig: true,
+			name:             "insecureRegistry",
+			insecureRegistry: "some.registry",
 		},
 	}
 
 	for _, tt := range tests {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := MigrateToContainerd(tt.insecureRegistry, tt.generateContainerdConfig)
+			cls := genCluster(
+				withInsecureRegistry(tt.insecureRegistry),
+				withContainerd,
+			)
+
+			got, err := MigrateToContainerd(&cls)
 			if err != tt.err {
 				t.Errorf("MigrateToContainerd() error = %v, wantErr %v", err, tt.err)
 				return
diff --git a/pkg/scripts/render.go b/pkg/scripts/render.go
index d4e68b0b0..bd3231f3c 100644
--- a/pkg/scripts/render.go
+++ b/pkg/scripts/render.go
@@ -28,28 +28,39 @@ import (
 
 var (
 	containerRuntimeTemplates = map[string]string{
-		"containerd-config": heredoc.Doc(`
-			cat <<EOF | sudo tee /etc/containerd/config.toml
-			{{ containerdCfg .INSECURE_REGISTRY -}}
+		"container-runtime-daemon-config": heredoc.Doc(`
+			{{- if .CONTAINER_RUNTIME_CONFIG_PATH }}
+			sudo mkdir -p $(dirname {{ .CONTAINER_RUNTIME_CONFIG_PATH }})
+			cat <<EOF | sudo tee {{ .CONTAINER_RUNTIME_CONFIG_PATH }}
+			{{ .CONTAINER_RUNTIME_CONFIG }}
 			EOF
+			{{- end }}
 
+			{{- if .CONTAINER_RUNTIME_SOCKET }}
 			cat <<EOF | sudo tee /etc/crictl.yaml
-			runtime-endpoint: unix:///run/containerd/containerd.sock
+			runtime-endpoint: unix://{{ .CONTAINER_RUNTIME_SOCKET }}
 			EOF
+			{{- end }}
+		`),
 
+		"containerd-systemd-environment": heredoc.Doc(`
 			sudo mkdir -p /etc/systemd/system/containerd.service.d
 			cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
 			[Service]
 			Restart=always
 			EnvironmentFile=-/etc/environment
 			EOF
+		`),
 
+		"containerd-systemd-setup": heredoc.Doc(`
+			{{ template "containerd-systemd-environment" . }}
 			sudo systemctl daemon-reload
-			sudo systemctl enable --now containerd
+			sudo systemctl enable containerd
 			sudo systemctl restart containerd
 		`),
 
 		"apt-docker-ce": heredoc.Docf(`
+			{{ template "container-runtime-daemon-config" . }}
 			{{ if .CONFIGURE_REPOSITORIES }}
 			curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
 			# Docker provides two different apt repos for ubuntu, bionic and focal. The focal repo currently
@@ -82,8 +93,7 @@ var (
 				containerd.io=%s
 			sudo apt-mark hold docker-ce docker-ce-cli containerd.io
 
-			sudo systemctl daemon-reload
-			sudo systemctl enable --now containerd
+			{{ template "containerd-systemd-setup" . -}}
 			sudo systemctl enable --now docker
 			`,
 			defaultDockerVersion,
@@ -93,6 +103,7 @@ var (
 		),
 
 		"yum-docker-ce-amzn": heredoc.Docf(`
+			{{ template "container-runtime-daemon-config" . }}
 			sudo yum versionlock delete docker cri-tools containerd || true
 
 			{{- $CRICTL_VERSION_TO_INSTALL := "%s" }}
@@ -110,13 +121,7 @@ var (
 				containerd.io-%s \
 				cri-tools-{{ $CRICTL_VERSION_TO_INSTALL }}
 			sudo yum versionlock add docker cri-tools containerd
-
-			cat <<EOF | sudo tee /etc/crictl.yaml
-			runtime-endpoint: unix:///var/run/dockershim.sock
-			EOF
-
-			sudo systemctl daemon-reload
-			sudo systemctl enable --now containerd
+			{{ template "containerd-systemd-setup" . -}}
 			sudo systemctl enable --now docker
 		`,
 			defaultAmazonCrictlVersion,
@@ -127,6 +132,7 @@ var (
 		),
 
 		"yum-docker-ce": heredoc.Docf(`
+			{{ template "container-runtime-daemon-config" . }}
 			{{- if .CONFIGURE_REPOSITORIES }}
 			sudo yum install -y yum-utils
 			sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
@@ -156,8 +162,7 @@ var (
 				containerd.io-%s
 			sudo yum versionlock add docker-ce docker-ce-cli containerd.io
 
-			sudo systemctl daemon-reload
-			sudo systemctl enable --now containerd
+			{{ template "containerd-systemd-setup" . -}}
 			sudo systemctl enable --now docker
 			`,
 			defaultDockerVersion,
@@ -166,18 +171,8 @@ var (
 			defaultContainerdVersion,
 		),
 
-		"flatcar-docker": heredoc.Doc(`
-			cat <<EOF | sudo tee /etc/crictl.yaml
-			runtime-endpoint: unix:///var/run/dockershim.sock
-			EOF
-
-			sudo systemctl daemon-reload
-			sudo systemctl enable --now docker
-			sudo systemctl restart docker
-			`,
-		),
-
 		"apt-containerd": heredoc.Docf(`
+			{{ template "container-runtime-daemon-config" . }}
 			{{ if .CONFIGURE_REPOSITORIES }}
 			sudo apt-get update
 			sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
@@ -190,12 +185,13 @@ var (
 			sudo apt-get install -y containerd.io=%s
 			sudo apt-mark hold containerd.io
 
-			{{ template "containerd-config" . -}}
+			{{ template "containerd-systemd-setup" . -}}
 			`,
 			defaultContainerdVersion,
 		),
 
 		"yum-containerd": heredoc.Docf(`
+			{{ template "container-runtime-daemon-config" . }}
 			{{ if .CONFIGURE_REPOSITORIES }}
 			sudo yum install -y yum-utils
 			sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
@@ -210,37 +206,43 @@ var (
 			sudo yum install -y containerd.io-%s
 			sudo yum versionlock add containerd.io
 
-			{{ template "containerd-config" . -}}
+			{{ template "containerd-systemd-setup" . -}}
 			`,
 			defaultContainerdVersion,
 		),
 
 		"yum-containerd-amzn": heredoc.Docf(`
+			{{ template "container-runtime-daemon-config" . }}
 			sudo yum versionlock delete containerd cri-tools || true
 			sudo yum install -y containerd-%s cri-tools-%s
 			sudo yum versionlock add containerd cri-tools
 
-			{{ template "containerd-config" . -}}
+			{{ template "containerd-systemd-setup" . -}}
 			`,
 			defaultAmazonContainerdVersion,
 			defaultAmazonCrictlVersion,
 		),
 
 		"flatcar-containerd": heredoc.Doc(`
-			cat <<EOF | sudo tee /etc/crictl.yaml
-			runtime-endpoint: unix:///run/containerd/containerd.sock
-			EOF
-
+			{{ template "container-runtime-daemon-config" . }}
 			sudo mkdir -p /etc/systemd/system/containerd.service.d
-			cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+			cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/10-kubeone.conf
 			[Service]
 			Restart=always
-			EnvironmentFile=-/etc/environment
+			Environment=CONTAINERD_CONFIG=/etc/containerd/config.toml
+			ExecStart=
+			ExecStart=/usr/bin/env PATH=\${TORCX_BINDIR}:\${PATH} \${TORCX_BINDIR}/containerd --config \${CONTAINERD_CONFIG}
 			EOF
+			{{ template "containerd-systemd-setup" . }}
+			`,
+		),
 
+		"flatcar-docker": heredoc.Doc(`
+			{{ template "container-runtime-daemon-config" . }}
+			{{ template "containerd-systemd-environment" . }}
 			sudo systemctl daemon-reload
-			sudo systemctl enable --now containerd
-			sudo systemctl restart containerd
+			sudo systemctl enable --now docker
+			sudo systemctl restart docker
 			`,
 		),
 	}
@@ -253,10 +255,9 @@ func Render(cmd string, variables map[string]interface{}) (string, error) {
 	tpl := template.New("base").
 		Funcs(sprig.TxtFuncMap()).
 		Funcs(template.FuncMap{
-			"required":      requiredTemplateFunc,
-			"dockerCfg":     dockerCfg,
-			"containerdCfg": containerdCfg,
-		})
+			"required": requiredTemplateFunc,
+		}).
+		Funcs(sprig.TxtFuncMap())
 
 	_, err := tpl.New("library").Parse(libraryTemplate)
 	if err != nil {
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-force.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-force.golden
index 816bbcbbc..b6eb2e51a 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-force.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-force.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,6 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum versionlock delete docker cri-tools containerd || true
 
@@ -92,13 +95,16 @@ sudo yum install -y \
 	containerd.io-1.4.* \
 	cri-tools-1.13.0
 sudo yum versionlock add docker cri-tools containerd
-
-cat <<EOF | sudo tee /etc/crictl.yaml
-runtime-endpoint: unix:///var/run/dockershim.sock
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry.golden
index 816bbcbbc..b6eb2e51a 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,6 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum versionlock delete docker cri-tools containerd || true
 
@@ -92,13 +95,16 @@ sudo yum install -y \
 	containerd.io-1.4.* \
 	cri-tools-1.13.0
 sudo yum versionlock add docker cri-tools containerd
-
-cat <<EOF | sudo tee /etc/crictl.yaml
-runtime-endpoint: unix:///var/run/dockershim.sock
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry_insecure.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry_insecure.golden
index 96f536723..afcaa5ed3 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry_insecure.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry_insecure.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -87,6 +87,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	]
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum versionlock delete docker cri-tools containerd || true
 
@@ -95,13 +98,16 @@ sudo yum install -y \
 	containerd.io-1.4.* \
 	cri-tools-1.13.0
 sudo yum versionlock add docker cri-tools containerd
-
-cat <<EOF | sudo tee /etc/crictl.yaml
-runtime-endpoint: unix:///var/run/dockershim.sock
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-proxy.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-proxy.golden
index b799d148f..cb507cb82 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-proxy.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-proxy.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,6 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum versionlock delete docker cri-tools containerd || true
 
@@ -92,13 +95,16 @@ sudo yum install -y \
 	containerd.io-1.4.* \
 	cri-tools-1.13.0
 sudo yum versionlock add docker cri-tools containerd
-
-cat <<EOF | sudo tee /etc/crictl.yaml
-runtime-endpoint: unix:///var/run/dockershim.sock
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-simple.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-simple.golden
index 816bbcbbc..b6eb2e51a 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-simple.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-simple.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,6 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum versionlock delete docker cri-tools containerd || true
 
@@ -92,13 +95,16 @@ sudo yum install -y \
 	containerd.io-1.4.* \
 	cri-tools-1.13.0
 sudo yum versionlock add docker cri-tools containerd
-
-cat <<EOF | sudo tee /etc/crictl.yaml
-runtime-endpoint: unix:///var/run/dockershim.sock
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-v1.16.1.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-v1.16.1.golden
index e8c711d54..4fd26cda1 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-v1.16.1.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-v1.16.1.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,6 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum versionlock delete docker cri-tools containerd || true
 
@@ -93,13 +96,16 @@ sudo yum install -y \
 	containerd.io-1.4.* \
 	cri-tools-1.13.0
 sudo yum versionlock add docker cri-tools containerd
-
-cat <<EOF | sudo tee /etc/crictl.yaml
-runtime-endpoint: unix:///var/run/dockershim.sock
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd.golden
index b2e4d0da1..51dc0a623 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd.golden
@@ -72,10 +72,8 @@ sudo yum install -y \
 
 
 
-sudo yum versionlock delete containerd cri-tools || true
-sudo yum install -y containerd-1.4.* cri-tools-1.13.0
-sudo yum versionlock add containerd cri-tools
 
+sudo mkdir -p $(dirname /etc/containerd/config.toml)
 cat <<EOF | sudo tee /etc/containerd/config.toml
 version = 2
 
@@ -94,12 +92,16 @@ SystemdCgroup = true
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
 endpoint = ["https://registry-1.docker.io"]
-EOF
 
+EOF
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
+sudo yum versionlock delete containerd cri-tools || true
+sudo yum install -y containerd-1.4.* cri-tools-1.13.0
+sudo yum versionlock add containerd cri-tools
+
 sudo mkdir -p /etc/systemd/system/containerd.service.d
 cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
 [Service]
@@ -108,7 +110,7 @@ EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
 sudo systemctl restart containerd
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd_with_insecure_registry.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd_with_insecure_registry.golden
index bfdb8e731..7c550d28f 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd_with_insecure_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd_with_insecure_registry.golden
@@ -72,10 +72,8 @@ sudo yum install -y \
 
 
 
-sudo yum versionlock delete containerd cri-tools || true
-sudo yum install -y containerd-1.4.* cri-tools-1.13.0
-sudo yum versionlock add containerd cri-tools
 
+sudo mkdir -p $(dirname /etc/containerd/config.toml)
 cat <<EOF | sudo tee /etc/containerd/config.toml
 version = 2
 
@@ -96,12 +94,16 @@ SystemdCgroup = true
 endpoint = ["http://127.0.0.1:5000"]
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
 endpoint = ["https://registry-1.docker.io"]
-EOF
 
+EOF
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
+sudo yum versionlock delete containerd cri-tools || true
+sudo yum install -y containerd-1.4.* cri-tools-1.13.0
+sudo yum versionlock add containerd cri-tools
+
 sudo mkdir -p /etc/systemd/system/containerd.service.d
 cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
 [Service]
@@ -110,7 +112,7 @@ EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
 sudo systemctl restart containerd
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-force.golden b/pkg/scripts/testdata/TestKubeadmCentOS-force.golden
index bea3deb65..a53e2ec2e 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-force.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-force.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,7 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
-
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum install -y yum-utils
 sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
@@ -98,8 +100,16 @@ sudo yum install -y \
 	containerd.io-1.4.*
 sudo yum versionlock add docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry.golden b/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry.golden
index eb046d5c9..129b841d2 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,7 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
-
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum install -y yum-utils
 sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
@@ -98,8 +100,16 @@ sudo yum install -y \
 	containerd.io-1.4.*
 sudo yum versionlock add docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry_insecure.golden b/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry_insecure.golden
index 407cdc7a9..c01e73c6a 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry_insecure.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry_insecure.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -87,7 +87,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	]
 }
 EOF
-
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum install -y yum-utils
 sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
@@ -101,8 +103,16 @@ sudo yum install -y \
 	containerd.io-1.4.*
 sudo yum versionlock add docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-proxy.golden b/pkg/scripts/testdata/TestKubeadmCentOS-proxy.golden
index 1e21a0962..277308395 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-proxy.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-proxy.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,7 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
-
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum install -y yum-utils
 sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
@@ -98,8 +100,16 @@ sudo yum install -y \
 	containerd.io-1.4.*
 sudo yum versionlock add docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-simple.golden b/pkg/scripts/testdata/TestKubeadmCentOS-simple.golden
index eb046d5c9..129b841d2 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-simple.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-simple.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,7 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
-
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum install -y yum-utils
 sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
@@ -98,8 +100,16 @@ sudo yum install -y \
 	containerd.io-1.4.*
 sudo yum versionlock add docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-v1.16.1.golden b/pkg/scripts/testdata/TestKubeadmCentOS-v1.16.1.golden
index f3bf03943..9de25be9f 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-v1.16.1.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-v1.16.1.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,7 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
-
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum install -y yum-utils
 sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
@@ -103,8 +105,16 @@ sudo yum install -y \
 	containerd.io-1.4.*
 sudo yum versionlock add docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd.golden b/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd.golden
index 7e2adcd9c..c692084c3 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd.golden
@@ -73,15 +73,7 @@ sudo yum install -y \
 
 
 
-sudo yum install -y yum-utils
-sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-sudo yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-
-sudo yum versionlock delete containerd.io || true
-sudo yum install -y containerd.io-1.4.*
-sudo yum versionlock add containerd.io
-
+sudo mkdir -p $(dirname /etc/containerd/config.toml)
 cat <<EOF | sudo tee /etc/containerd/config.toml
 version = 2
 
@@ -100,12 +92,22 @@ SystemdCgroup = true
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
 endpoint = ["https://registry-1.docker.io"]
-EOF
 
+EOF
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
+
+sudo yum install -y yum-utils
+sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
+sudo yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
+
+
+sudo yum versionlock delete containerd.io || true
+sudo yum install -y containerd.io-1.4.*
+sudo yum versionlock add containerd.io
+
 sudo mkdir -p /etc/systemd/system/containerd.service.d
 cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
 [Service]
@@ -114,7 +116,7 @@ EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
 sudo systemctl restart containerd
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd_with_insecure_registry.golden b/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd_with_insecure_registry.golden
index b6bf51b66..6b976f0c3 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd_with_insecure_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd_with_insecure_registry.golden
@@ -73,15 +73,7 @@ sudo yum install -y \
 
 
 
-sudo yum install -y yum-utils
-sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-sudo yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-
-sudo yum versionlock delete containerd.io || true
-sudo yum install -y containerd.io-1.4.*
-sudo yum versionlock add containerd.io
-
+sudo mkdir -p $(dirname /etc/containerd/config.toml)
 cat <<EOF | sudo tee /etc/containerd/config.toml
 version = 2
 
@@ -102,12 +94,22 @@ SystemdCgroup = true
 endpoint = ["http://127.0.0.1:5000"]
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
 endpoint = ["https://registry-1.docker.io"]
-EOF
 
+EOF
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
+
+sudo yum install -y yum-utils
+sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
+sudo yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
+
+
+sudo yum versionlock delete containerd.io || true
+sudo yum install -y containerd.io-1.4.*
+sudo yum versionlock add containerd.io
+
 sudo mkdir -p /etc/systemd/system/containerd.service.d
 cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
 [Service]
@@ -116,7 +118,7 @@ EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
 sudo systemctl restart containerd
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry.golden b/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry.golden
index c6396d85f..7b62c8378 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry.golden
@@ -65,7 +65,7 @@ cni_ver="0.8.7*"
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -78,6 +78,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
@@ -100,8 +103,16 @@ sudo DEBIAN_FRONTEND=noninteractive apt-get install \
 	containerd.io=1.4.*
 sudo apt-mark hold docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry_insecure.golden b/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry_insecure.golden
index 45ef0ee64..8d869c314 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry_insecure.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry_insecure.golden
@@ -65,7 +65,7 @@ cni_ver="0.8.7*"
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -81,6 +81,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	]
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
@@ -103,8 +106,16 @@ sudo DEBIAN_FRONTEND=noninteractive apt-get install \
 	containerd.io=1.4.*
 sudo apt-mark hold docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-simple.golden b/pkg/scripts/testdata/TestKubeadmDebian-simple.golden
index c6396d85f..7b62c8378 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-simple.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-simple.golden
@@ -65,7 +65,7 @@ cni_ver="0.8.7*"
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -78,6 +78,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
@@ -100,8 +103,16 @@ sudo DEBIAN_FRONTEND=noninteractive apt-get install \
 	containerd.io=1.4.*
 sudo apt-mark hold docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden
index b8aa376fa..c85cf13ac 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden
@@ -67,17 +67,7 @@ cni_ver="0.8.7*"
 
 
 
-sudo apt-get update
-sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-
-
-sudo apt-mark unhold containerd.io || true
-sudo apt-get install -y containerd.io=1.4.*
-sudo apt-mark hold containerd.io
-
+sudo mkdir -p $(dirname /etc/containerd/config.toml)
 cat <<EOF | sudo tee /etc/containerd/config.toml
 version = 2
 
@@ -96,12 +86,24 @@ SystemdCgroup = true
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
 endpoint = ["https://registry-1.docker.io"]
-EOF
 
+EOF
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
+
+sudo apt-get update
+sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
+	sudo apt-key add -
+sudo add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+
+
+sudo apt-mark unhold containerd.io || true
+sudo apt-get install -y containerd.io=1.4.*
+sudo apt-mark hold containerd.io
+
 sudo mkdir -p /etc/systemd/system/containerd.service.d
 cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
 [Service]
@@ -110,7 +112,7 @@ EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
 sudo systemctl restart containerd
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden
index a4423fe69..ab5daac42 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden
@@ -67,17 +67,7 @@ cni_ver="0.8.7*"
 
 
 
-sudo apt-get update
-sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-
-
-sudo apt-mark unhold containerd.io || true
-sudo apt-get install -y containerd.io=1.4.*
-sudo apt-mark hold containerd.io
-
+sudo mkdir -p $(dirname /etc/containerd/config.toml)
 cat <<EOF | sudo tee /etc/containerd/config.toml
 version = 2
 
@@ -98,12 +88,24 @@ SystemdCgroup = true
 endpoint = ["http://127.0.0.1:5000"]
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
 endpoint = ["https://registry-1.docker.io"]
-EOF
 
+EOF
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
+
+sudo apt-get update
+sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
+	sudo apt-key add -
+sudo add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+
+
+sudo apt-mark unhold containerd.io || true
+sudo apt-get install -y containerd.io=1.4.*
+sudo apt-mark hold containerd.io
+
 sudo mkdir -p /etc/systemd/system/containerd.service.d
 cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
 [Service]
@@ -112,7 +114,7 @@ EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
 sudo systemctl restart containerd
 
 
diff --git a/pkg/scripts/testdata/TestKubeadmFlatcar-force.golden b/pkg/scripts/testdata/TestKubeadmFlatcar-force.golden
index ed616fc8f..0ffcb7cce 100644
--- a/pkg/scripts/testdata/TestKubeadmFlatcar-force.golden
+++ b/pkg/scripts/testdata/TestKubeadmFlatcar-force.golden
@@ -61,7 +61,7 @@ curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOO
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -74,11 +74,17 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
-
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
 sudo systemctl enable --now docker
 sudo systemctl restart docker
diff --git a/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry.golden b/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry.golden
index ed616fc8f..0ffcb7cce 100644
--- a/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry.golden
@@ -61,7 +61,7 @@ curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOO
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -74,11 +74,17 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
-
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
 sudo systemctl enable --now docker
 sudo systemctl restart docker
diff --git a/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry_insecure.golden b/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry_insecure.golden
index f9a9b830d..5aaae6c07 100644
--- a/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry_insecure.golden
+++ b/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry_insecure.golden
@@ -61,7 +61,7 @@ curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOO
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -77,11 +77,17 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	]
 }
 EOF
-
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
 sudo systemctl enable --now docker
 sudo systemctl restart docker
diff --git a/pkg/scripts/testdata/TestKubeadmFlatcar-simple.golden b/pkg/scripts/testdata/TestKubeadmFlatcar-simple.golden
index ed616fc8f..0ffcb7cce 100644
--- a/pkg/scripts/testdata/TestKubeadmFlatcar-simple.golden
+++ b/pkg/scripts/testdata/TestKubeadmFlatcar-simple.golden
@@ -61,7 +61,7 @@ curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOO
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -74,11 +74,17 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
-
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
 sudo systemctl enable --now docker
 sudo systemctl restart docker
diff --git a/pkg/scripts/testdata/TestKubeadmFlatcar-with_containerd.golden b/pkg/scripts/testdata/TestKubeadmFlatcar-with_containerd.golden
index afa57e14d..d724d00dd 100644
--- a/pkg/scripts/testdata/TestKubeadmFlatcar-with_containerd.golden
+++ b/pkg/scripts/testdata/TestKubeadmFlatcar-with_containerd.golden
@@ -62,10 +62,40 @@ curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOO
 
 
 
+
+sudo mkdir -p $(dirname /etc/containerd/config.toml)
+cat <<EOF | sudo tee /etc/containerd/config.toml
+version = 2
+
+[metrics]
+address = "127.0.0.1:1338"
+
+[plugins]
+[plugins."io.containerd.grpc.v1.cri"]
+[plugins."io.containerd.grpc.v1.cri".containerd]
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+runtime_type = "io.containerd.runc.v2"
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+SystemdCgroup = true
+[plugins."io.containerd.grpc.v1.cri".registry]
+[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
+[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
+endpoint = ["https://registry-1.docker.io"]
+
+EOF
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/10-kubeone.conf
+[Service]
+Restart=always
+Environment=CONTAINERD_CONFIG=/etc/containerd/config.toml
+ExecStart=
+ExecStart=/usr/bin/env PATH=\${TORCX_BINDIR}:\${PATH} \${TORCX_BINDIR}/containerd --config \${CONTAINERD_CONFIG}
+EOF
 sudo mkdir -p /etc/systemd/system/containerd.service.d
 cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
 [Service]
@@ -74,11 +104,12 @@ EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
 sudo systemctl restart containerd
 
 
 
+
 sudo mkdir -p /opt/bin
 cd /opt/bin
 k8s_rel_baseurl=https://storage.googleapis.com/kubernetes-release/release
diff --git a/pkg/scripts/testdata/TestMigrateToContainerd-flatcat.golden b/pkg/scripts/testdata/TestMigrateToContainerd-flatcat.golden
index 35073299b..dcd87d591 100644
--- a/pkg/scripts/testdata/TestMigrateToContainerd-flatcat.golden
+++ b/pkg/scripts/testdata/TestMigrateToContainerd-flatcat.golden
@@ -4,4 +4,49 @@ sudo systemctl stop kubelet
 sudo docker ps -q | xargs sudo docker stop || true
 sudo docker ps -qa | xargs sudo docker rm || true
 
+
+sudo mkdir -p $(dirname /etc/containerd/config.toml)
+cat <<EOF | sudo tee /etc/containerd/config.toml
+version = 2
+
+[metrics]
+address = "127.0.0.1:1338"
+
+[plugins]
+[plugins."io.containerd.grpc.v1.cri"]
+[plugins."io.containerd.grpc.v1.cri".containerd]
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+runtime_type = "io.containerd.runc.v2"
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+SystemdCgroup = true
+[plugins."io.containerd.grpc.v1.cri".registry]
+[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
+[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
+endpoint = ["https://registry-1.docker.io"]
+
+EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///run/containerd/containerd.sock
+EOF
+
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/10-kubeone.conf
+[Service]
+Restart=always
+Environment=CONTAINERD_CONFIG=/etc/containerd/config.toml
+ExecStart=
+ExecStart=/usr/bin/env PATH=\${TORCX_BINDIR}:\${PATH} \${TORCX_BINDIR}/containerd --config \${CONTAINERD_CONFIG}
+EOF
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
+sudo systemctl daemon-reload
+sudo systemctl enable containerd
+sudo systemctl restart containerd
+
 sudo systemctl restart kubelet
diff --git a/pkg/scripts/testdata/TestMigrateToContainerd-insecureRegistry.golden b/pkg/scripts/testdata/TestMigrateToContainerd-insecureRegistry.golden
index 1c2a2ad54..f0ee6d3da 100644
--- a/pkg/scripts/testdata/TestMigrateToContainerd-insecureRegistry.golden
+++ b/pkg/scripts/testdata/TestMigrateToContainerd-insecureRegistry.golden
@@ -4,6 +4,8 @@ sudo systemctl stop kubelet
 sudo docker ps -q | xargs sudo docker stop || true
 sudo docker ps -qa | xargs sudo docker rm || true
 
+
+sudo mkdir -p $(dirname /etc/containerd/config.toml)
 cat <<EOF | sudo tee /etc/containerd/config.toml
 version = 2
 
@@ -24,12 +26,20 @@ SystemdCgroup = true
 endpoint = ["https://registry-1.docker.io"]
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."some.registry"]
 endpoint = ["http://some.registry"]
-EOF
 
+EOF
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/10-kubeone.conf
+[Service]
+Restart=always
+Environment=CONTAINERD_CONFIG=/etc/containerd/config.toml
+ExecStart=
+ExecStart=/usr/bin/env PATH=\${TORCX_BINDIR}:\${PATH} \${TORCX_BINDIR}/containerd --config \${CONTAINERD_CONFIG}
+EOF
 sudo mkdir -p /etc/systemd/system/containerd.service.d
 cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
 [Service]
@@ -38,6 +48,7 @@ EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
 sudo systemctl restart containerd
+
 sudo systemctl restart kubelet
diff --git a/pkg/scripts/testdata/TestMigrateToContainerd-simple.golden b/pkg/scripts/testdata/TestMigrateToContainerd-simple.golden
index 18f5eec7e..dcd87d591 100644
--- a/pkg/scripts/testdata/TestMigrateToContainerd-simple.golden
+++ b/pkg/scripts/testdata/TestMigrateToContainerd-simple.golden
@@ -4,6 +4,8 @@ sudo systemctl stop kubelet
 sudo docker ps -q | xargs sudo docker stop || true
 sudo docker ps -qa | xargs sudo docker rm || true
 
+
+sudo mkdir -p $(dirname /etc/containerd/config.toml)
 cat <<EOF | sudo tee /etc/containerd/config.toml
 version = 2
 
@@ -22,12 +24,20 @@ SystemdCgroup = true
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
 endpoint = ["https://registry-1.docker.io"]
-EOF
 
+EOF
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/10-kubeone.conf
+[Service]
+Restart=always
+Environment=CONTAINERD_CONFIG=/etc/containerd/config.toml
+ExecStart=
+ExecStart=/usr/bin/env PATH=\${TORCX_BINDIR}:\${PATH} \${TORCX_BINDIR}/containerd --config \${CONTAINERD_CONFIG}
+EOF
 sudo mkdir -p /etc/systemd/system/containerd.service.d
 cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
 [Service]
@@ -36,6 +46,7 @@ EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
 sudo systemctl restart containerd
+
 sudo systemctl restart kubelet
diff --git a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIAmazonLinux.golden b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIAmazonLinux.golden
index 8092ac40f..81b2f85c3 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIAmazonLinux.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIAmazonLinux.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,6 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum versionlock delete docker cri-tools containerd || true
 
@@ -92,13 +95,16 @@ sudo yum install -y \
 	containerd.io-1.4.* \
 	cri-tools-1.13.0
 sudo yum versionlock add docker cri-tools containerd
-
-cat <<EOF | sudo tee /etc/crictl.yaml
-runtime-endpoint: unix:///var/run/dockershim.sock
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNICentOS.golden b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNICentOS.golden
index bd49a9a48..2f0a56c19 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNICentOS.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNICentOS.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,7 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
-
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum install -y yum-utils
 sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
@@ -98,8 +100,16 @@ sudo yum install -y \
 	containerd.io-1.4.*
 sudo yum versionlock add docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden
index 5ee75a22f..c6e6281e2 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden
@@ -66,7 +66,7 @@ sudo apt-mark unhold kubelet kubeadm kubectl kubernetes-cni
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -79,6 +79,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
@@ -101,8 +104,16 @@ sudo DEBIAN_FRONTEND=noninteractive apt-get install \
 	containerd.io=1.4.*
 sudo apt-mark hold docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlAmazonLinux.golden b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlAmazonLinux.golden
index ca964a751..6f3debee4 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlAmazonLinux.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlAmazonLinux.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,6 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum versionlock delete docker cri-tools containerd || true
 
@@ -92,13 +95,16 @@ sudo yum install -y \
 	containerd.io-1.4.* \
 	cri-tools-1.13.0
 sudo yum versionlock add docker cri-tools containerd
-
-cat <<EOF | sudo tee /etc/crictl.yaml
-runtime-endpoint: unix:///var/run/dockershim.sock
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
 EOF
 
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlCentOS.golden b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlCentOS.golden
index affd744ad..1b844bec5 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlCentOS.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlCentOS.golden
@@ -71,7 +71,7 @@ sudo yum install -y \
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -84,7 +84,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
-
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 sudo yum install -y yum-utils
 sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
@@ -98,8 +100,16 @@ sudo yum install -y \
 	containerd.io-1.4.*
 sudo yum versionlock add docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden
index 437de2809..e6e974c2d 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden
@@ -66,7 +66,7 @@ sudo apt-mark unhold kubelet kubeadm kubectl kubernetes-cni
 
 
 
-sudo mkdir -p /etc/docker
+sudo mkdir -p $(dirname /etc/docker/daemon.json)
 cat <<EOF | sudo tee /etc/docker/daemon.json
 {
 	"exec-opts": [
@@ -79,6 +79,9 @@ cat <<EOF | sudo tee /etc/docker/daemon.json
 	}
 }
 EOF
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+EOF
 
 
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
@@ -101,8 +104,16 @@ sudo DEBIAN_FRONTEND=noninteractive apt-get install \
 	containerd.io=1.4.*
 sudo apt-mark hold docker-ce docker-ce-cli containerd.io
 
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
+[Service]
+Restart=always
+EnvironmentFile=-/etc/environment
+EOF
+
 sudo systemctl daemon-reload
-sudo systemctl enable --now containerd
+sudo systemctl enable containerd
+sudo systemctl restart containerd
 sudo systemctl enable --now docker
 
 
diff --git a/pkg/tasks/containerd.go b/pkg/tasks/containerd.go
index 623d1b822..85c6b7b4c 100644
--- a/pkg/tasks/containerd.go
+++ b/pkg/tasks/containerd.go
@@ -100,8 +100,7 @@ func migrateToContainerdTask(s *state.State, node *kubeone.HostConfig, conn ssh.
 		return err
 	}
 
-	generateContainerdConfig := node.OperatingSystem != kubeone.OperatingSystemNameFlatcar
-	migrateScript, err := scripts.MigrateToContainerd(s.Cluster.RegistryConfiguration.InsecureRegistryAddress(), generateContainerdConfig)
+	migrateScript, err := scripts.MigrateToContainerd(s.Cluster)
 	if err != nil {
 		return err
 	}