diff --git a/docs/releases/1.24-NOTES.md b/docs/releases/1.24-NOTES.md
index 246cbb9e79..e259fa51a8 100644
--- a/docs/releases/1.24-NOTES.md
+++ b/docs/releases/1.24-NOTES.md
@@ -14,6 +14,8 @@ This is a document to gather the release notes prior to the release.
 
 * Support for Aliyun/Alibaba Cloud has been removed.
 
+* Support for Docker has been removed for Kubernetes 1.24+. See https://kubernetes.io/blog/2020/12/02/dockershim-faq
+
 # Required actions
 
 # Deprecations
@@ -28,6 +30,8 @@ This is a document to gather the release notes prior to the release.
 
 * Due to lack of maintainers, the CloudFormation support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this target.
 
+* Support for Docker has been removed for Kubernetes 1.24+. See https://kubernetes.io/blog/2020/12/02/dockershim-faq
+
 # Other changes of note
 
 # Full change list since 1.23.0 release
diff --git a/pkg/apis/kops/validation/validation.go b/pkg/apis/kops/validation/validation.go
index a9cac6adc4..c84f11aac9 100644
--- a/pkg/apis/kops/validation/validation.go
+++ b/pkg/apis/kops/validation/validation.go
@@ -209,7 +209,7 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 	}
 
 	if spec.ContainerRuntime != "" {
-		allErrs = append(allErrs, validateContainerRuntime(&spec.ContainerRuntime, fieldPath.Child("containerRuntime"))...)
+		allErrs = append(allErrs, validateContainerRuntime(c, spec.ContainerRuntime, fieldPath.Child("containerRuntime"))...)
 	}
 
 	if spec.Containerd != nil {
@@ -1296,11 +1296,15 @@ func validateCalicoEncapsulationMode(mode string, fldPath *field.Path) field.Err
 	return allErrs
 }
 
-func validateContainerRuntime(runtime *string, fldPath *field.Path) field.ErrorList {
+func validateContainerRuntime(c *kops.Cluster, runtime string, fldPath *field.Path) field.ErrorList {
 	valid := []string{"containerd", "docker"}
 
 	allErrs := field.ErrorList{}
-	allErrs = append(allErrs, IsValidValue(fldPath, runtime, valid)...)
+	allErrs = append(allErrs, IsValidValue(fldPath, &runtime, valid)...)
+
+	if runtime == "docker" && c.IsKubernetesGTE("1.24") {
+		allErrs = append(allErrs, field.Forbidden(fldPath, "Docker CRI support was removed in Kubernetes 1.24: https://kubernetes.io/blog/2020/12/02/dockershim-faq"))
+	}
 
 	return allErrs
 }