Ubuntu kubernetes-xenial public key is not available: NO_PUBKEY B53DC80D13EDEF05 #2862
Comments
khteh
added
area/release-eng
|
xref: #2860 |
|
Might this be a transient failure? I'm not able to reproduce with plain Ubuntu:22.10: podman run -it ubuntu:22.10 sh -c '\
apt-get update && \
apt-get install -y apt-transport-https ca-certificates curl && \
curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg && \
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list && \
apt-get update && \
apt-get install -y kubelet'
…
Setting up kubelet (1.26.0-00) ... |
|
I'm seeing the same issue on my Ubuntu 20.04.5 machine: |
This works for me. |
|
@lukeweller could you provide us a reproducer here? |
|
I think the reproducer would be running apt update in an existing installation without manually updating the key. I ran into the same problem and just curling the new key fixed it for me. @khteh I can reproduce the apt-key behaviour, but it might be unrelated to the Kubernetes key. If you manually put the key in /etc/apt/trusted.gpg.d/ apt-key list shows it correctly and the apt update works. |
|
@saschagrunert This line is failing on my machine: The recommendation from @aronneberg worked for me. After running |
|
@lukeweller @aronneberg thank you for the clarification! I don't see much we can do here from the project perspective since we don't own the keys. If they changed, then on purpose I assume. 🤔 |
|
I used the information provided here: https://cloud.google.com/compute/docs/troubleshooting/known-issues#keyexpired-2 Specifically: Command (Ubuntu): Command (Debian): Worked fine on the latest Debian Bullseye + Ubuntu 22.04.5 releases. Cheers |
|
I'm on a Ubuntu 20.04.5 machine and the @aronneberg workaround worked for me while @N3X14 workaround don't. |
Thanks, this worked for me. The error I was getting was (Linux Mint 20.3 / Ubuntu 20.04): |
|
I have the same issue and none of the workarounds are working. I've tried all the commands listed here and in the Kubectl installation. I am still getting this error upon running apt-get update: |
|
@jtele2 thanks for reference for for the kubectl installation. After these commands: |
|
The provided url, https://packages.cloud.google.com/apt/doc/apt-key.gpg, produces a 500 error |
|
Please see the email thread - https://groups.google.com/a/kubernetes.io/g/dev/c/gR5xDzzIcW8/m/SK5ARWkGAQAJ and the work around in that thread or here - kubernetes/k8s.io#4837 (comment) /close |
|
@dims: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
I keep getting |
sudo mkdir -p /etc/apt/keyrings
echo "deb [signed-by=/etc/apt/keyrings/kubernetes.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes.gpgFrom below
|
|
FIXED!
It seems |
|
I was also successful following the advice here with one small adjustment, per my specific circumstances. extra step that I needed: chmod 0644 /etc/apt/keyrings/kubernetes-archive-keyring.gpgfour posterity :) |
As kubernetes/release#2862 (comment), public key release of kubernetes have been changed. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
The GPG used in the official documentation is expired. However, there is another official source with a new GPG key available. This commit changes the source to fetch the new GPG key. kubernetes/release#2862
The current method has been failing every now and then, and was reported on kubernetes/release#2862. Ding poked me and suggested to do this change here, so here we go. :-) Fixes: kata-containers#7006 Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
As kubernetes/release#2862 (comment), public key release of kubernetes have been changed. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
|
Ran into this issue today while making a debian container image. |
|
The error I saw: The fix was almost the same as the debian comment above: |
… (comment)) 2. Fixed prowler v3 3. Fixed Azure CLI build issues 4. Updated scripts and source files 5. Disabled aws-list-all for the time being
was using the google url and worked fine, suddenly failed recently. changed to this k8s url, back to work |
The current method has been failing every now and then, and was reported on kubernetes/release#2862. Ding poked me and suggested to do this change here, so here we go. :-) Fixes: kata-containers#7006 Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com> (cherry picked from commit 26f7520)
|
The following solution worked for me: |
|
This script worked for me on Ubuntu 22.04.2 LTS using WSL
|
Relates: kubernetes/release#2862
This is the only thing that worked for me on Ubuntu 23.04 on an AWS EC2 instance. It looks like I was only missing the arch option. |
|
Note that: after long googling, it turns out curl doesn't recognise the host with 'https://' specified. instead below worked (Ubuntu 22.04): |
|
@mfhaln your issue is more likely due to this bug shipped in a recent Ubuntu package update https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170 |
The k8s_kubeadm role now processes the Kubernetes's (Google's) GPG key by dearmoring the file before installing it onto the system. This was done because before this, I was getting an error much like kubernetes/release#2862. This solution follows the recommendations from the PR that derived from that issue. Dearmoring was not done originally because Kubernetes v1.24 documentation (at the time and as of now) for installing kubeadm does not instruct this when downloading the key.
The k8s_kubeadm role now processes the Kubernetes's (Google's) GPG key by dearmoring the file before installing it onto the system. This was done because before this, I was getting an error much like kubernetes/release#2862. This solution follows the recommendations from the PR that derived from this issue. Dearmoring was not done originally because Kubernetes v1.24 documentation (at the time and as of now) for installing kubeadm does not instruct this when downloading the key.
|
following command also worked for me (having same issue trying to install google-cloud-cli): |
|
In my case, the guides I had used in the past (https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/) defined the APT repository similarly to the following: However, the instructions I read to fix this issue said to download the new key and import it to APT as follows: This makes no difference since APT has been told to fetch the key from /etc/apt/keyrings/kubernetes-apt-keyring.gpg explicitly. To fix this, delete (maybe make a backup first) /etc/apt/keyrings/kubernetes-apt-keyring.gpg and change /etc/apt/sources.list.d/kubernetes.list to the following: Then run the following to have APT update the repository: |
|
Hello folks, The legacy repositories (
Given that there's nothing else we can do here, I'm going to lock this issue. If you encounter any issue with the new community-owned repositories, please open a new issue. |
and others
What happened:
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
cat /etc/os-release): Ubuntu 22.10uname -a): Linux khteh-p17-2i 5.19.0-29-generic Move release::gcs::ensure_release_bucket() up into check_prerequisites(). #30-Ubuntu SMP PREEMPT_DYNAMIC Wed Jan 4 12:14:09 UTC 2023 x86_64 x86_64 x86_64 GNU/LinuxThe text was updated successfully, but these errors were encountered: