search

sassoftware / viya4-iac-k8s

This project contains Terraform scripts to provision cloud infrastructure resources, when using vSphere or bare-metal, and Ansible to apply the needed elements of a Kubernetes cluster that are required to deploy SAS Viya platform product offerings.
Apache License 2.0
26 stars 14 forks source link

(IAC-1042) Issue with the url used to download the kubernetes-xenial APT repo public key. #70

Closed raphaelpoumarede closed 1 year ago

raphaelpoumarede commented 1 year ago

Hi there

The following issue has been reported (bareos mode with Ubuntu 22.04). image

I was able to reproduce the problem and it appears to be a known issue with the GPG key used for the kubernetes APT repository, see Ubuntu kubernetes-xenial public key is not available: NO_PUBKEY B53DC80D13EDEF05

One solution seems to be to change the URL from where the GPG key is pulled.

I was able to recover with the following steps (where I pull the GPG key from https://dl.k8s.io instead of https://packages.cloud.google.com) :

# uninstall OSS
./oss-k8s.sh uninstall

# Remove the old apt GPG key
ansible -i ~/viya4-iac-k8s/inventory k8s -m shell -a "rm -Rf /usr/share/keyrings/kubernetes-archive-keyring.gpg" -b

# Download the apt GPG from an alternative location
ansible -i ~/viya4-iac-k8s/inventory k8s -m shell -a "curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://dl.k8s.io/apt/doc/apt-key.gpg" -b

# Re-install OSS
./oss-k8s.sh install

I don't know if it is a transient issue or if there are better ways to fix the issue, but the playbook might be currently broken and require a urgent fix to use the alternative URL.

AWSmith0216 commented 1 year ago

I hit the same issue. As best I can tell the official https://packages.cloud.google.com/apt/doc/apt-key.gpg key is still valid, the format has just changed. I had success with just changing the file extension during download. i.e.:

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg -o /usr/share/keyrings/kubernetes-archive-keyring.asc

And adjust the reference in /etc/apt/sources.list.d/kubernetes.list to use the asc extension rather than gpg

thpang commented 1 year ago

Need to update this line:

https://github.com/sassoftware/viya4-iac-k8s/blob/main/roles/kubernetes/toolbox/tasks/main.yaml#L24

with the following:

deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg trusted=yes] https://apt.kubernetes.io/ kubernetes-xenial main
jarpat commented 1 year ago

Closing, fixed in release 3.0.0