Unable to Install kubectl due to GPG Key Issue

[guettli]

kubectl install instructions for Ubuntu are broken

https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#install-using-native-package-management

It is easy to reproduce:

docker run -it ubuntu:22.04 bash

apt update

sudo apt-get install -y ca-certificates curl

sudo curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg

echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

sudo apt-get update
Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:5 https://packages.cloud.google.com/apt kubernetes-xenial InRelease [8993 B]
Err:5 https://packages.cloud.google.com/apt kubernetes-xenial InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
Reading package lists... Done
W: GPG error: https://packages.cloud.google.com/apt kubernetes-xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
E: The repository 'https://apt.kubernetes.io kubernetes-xenial InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

[guettli]

This seems to work:

docker run -it ubuntu:22.04 bash

apt update; apt install gpg curl sudo

curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.

apt update

The gpg --dearmor was added.

A different solution would be to use apt-key, but apt-key is deprecated.

[niranjandarshann]

@guettli This issue is referring the same problem as in kubernetes/release#2862. I think this will be helpful.

[niranjandarshann]

/language en
/sig docs

[dipesh-rawat]

Page related to issue: https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/
/kind bug

[dipesh-rawat]

/retitle Unable to Install kubectl due to GPG Key Issue

[dipesh-rawat]

We have made recent revisions to the documentation regarding the Google signing key for the Kubeadm installation page, as reflected in the pull request found at #41307. In order to resolve this issue, it will be necessary to make corresponding updates to the Kubectl installation instructions.

[sftim]

/triage accepted
/priority important-soon

[sftim]

Please change:

 
 2. Download the Google Cloud public signing key: 

    ```shell
-   sudo curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
+   curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg

    ```

/help

[k8s-ci-robot]

@sftim:
This request has been marked as needing help from a contributor.

Guidelines

Please ensure that the issue body includes answers to the following questions:

• Why are we solving this issue?
• To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
• Does this issue have zero to low barrier of entry?
• How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

Please change:

2. Download the Google Cloud public signing key: 

   ```shell
-   sudo curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
+   curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg

/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[sftim]

@guettli, would you be willing to edit the initial description for this issue, to make it easy to find:

• Code changes: link to Unable to Install kubectl due to GPG Key Issue #41334 (comment))

[guettli]

@sftim I created a PR to update the docs.

[sftim]

I'd prefer a PR where the commit messages don't mention this issue. It's OK to mention the issue in the GitHub description of the change, but please don't mention the issue in commit messages.

If anyone would like to open a PR, similar to #41339, that doesn't mention this issue in the commit message, then we can accept and merge that PR. Also @guettli you are welcome you amend #41339 to make it acceptable.

[dipesh-rawat]

I have raised PR #41366 to assist in resolving this issue.

[VincentRavera]

If you followed the guideline and you still get a NO_PUBKEY error.
You can do:
sudo chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg
then retry updating.