Kubernetes supports the container engine Docker only up to a specific version (currently 17.03). For that it needs to be ensured that apt wouldn’t update Docker to any unsupported version.

The base installation of Docker 17.03 is pretty straight forward.

sudo apt install\
    apt-transport-https\
    ca-certificates\
    software-properties-common\
    curl
sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo apt update
sudo apt install docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}')

If we would apt upgrade now, apt would suggest an update for Docker. One approach would be to apt-mark hold the current version, but apt would still say there is an update available, only not install it. Also, we wouldn’t get any fixes within the 17.03 version.

A better approach is to use apt pinning.

sudo su -
cat <<EOF > /etc/apt/preferences.d/docker
Package: docker-ce
Pin: version 17.03.*
Pin-Priority: 1000
EOF

This way version 17.03 is ensured and with it any new release within version 17.03. apt now knows we want the package with a certain version and doesn’t show updates for higher versions anymore.

Of course this is not restricted to Ubuntu. Any Debian based system with the apt package manager will work.